forked from hacc/haccfiles
30 lines
1.1 KiB
Nix
30 lines
1.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
hexchen.bindmounts."/var/lib/murmur" = "/persist/var/lib/murmur";
|
|
|
|
services.murmur = {
|
|
enable = true;
|
|
logDays = -1;
|
|
registerName = "hackers against climate change";
|
|
welcometext = ''
|
|
<br>Welcome to <b>mumble4future</b>!<br>Brought to you by <b style="color:red">infra4future</b>.<br>On <a href=https://mumble.hacc.space>mumble.hacc.space</a><br>Not confusing at all!
|
|
'';
|
|
sslKey = "/var/lib/acme/mumble.hacc.space/key.pem";
|
|
sslCert = "/var/lib/acme/mumble.hacc.space/fullchain.pem";
|
|
bandwidth = 128000;
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
|
|
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
|
|
|
|
# the mumble cert has its own group so that both nginx and murmur can read it
|
|
users.groups.mumblecert = { };
|
|
security.acme.certs."mumble.hacc.space" = {
|
|
group = "mumblecert";
|
|
extraDomainNames = [ "mumble.infra4future.de" ];
|
|
reloadServices = [ "murmur" ];
|
|
};
|
|
users.users.nginx.extraGroups = [ "mumblecert" ];
|
|
users.users.murmur.extraGroups = [ "mumblecert" ];
|
|
}
|