alpha: mumble murmur

2024-04-10 01:52:08 +02:00 · 2024-04-10 01:52:08 +02:00 · b1af7487d5
parent e116632bc4
commit b1af7487d5
3 changed files with 67 additions and 0 deletions
--- a/hosts/alpha/acme.nix
+++ b/hosts/alpha/acme.nix
@ -0,0 +1,11 @@
+{...}: {
+  security.acme.certs."caspervk.net" = {
+    domain = "*.caspervk.net";
+    reloadServices = [
+      "murmur.service"
+    ];
+  };
+  users.groups.acme.members = [
+    "murmur"
+  ];
+}
--- a/hosts/alpha/default.nix
+++ b/hosts/alpha/default.nix
@ -3,8 +3,10 @@
    ../../overlays
    ../../modules/base
    ../../modules/server
+    ./acme.nix
    ./hardware.nix
    ./knot-dns.nix
+    ./mumble.nix
    ./network.nix
  ];

--- a/hosts/alpha/mumble.nix
+++ b/hosts/alpha/mumble.nix
@ -0,0 +1,54 @@
+{
+  config,
+  secrets,
+  ...
+}: {
+  # Mumble is a free, open source, low latency, high quality voice chat
+  # application.
+  # https://www.mumble.info/
+  # https://www.mumble.info/blog/ (changelog)
+  services.murmur = {
+    enable = true;
+    openFirewall = true;
+    # https://wiki.mumble.info/wiki/Murmur.ini
+    welcometext = "<b>Welcome!</b> Feel free to use <i>Temporary Channels</i> to create a password-protected channel.";
+    users = 9001;
+    bandwidth = 320000;
+    # Explicitly bind on addresses to ensure UDP doesn't break with multiple
+    # interfaces.
+    hostName = "116.203.179.206 2a01:4f8:c2c:71c0::";
+    # https://wiki.mumble.info/wiki/Obtaining_a_Let's_Encrypt_Murmur_Certificate
+    sslCert = "${config.security.acme.certs."caspervk.net".directory}/fullchain.pem";
+    sslKey = "${config.security.acme.certs."caspervk.net".directory}/key.pem";
+    # Register server in the public server registry
+    registerName = "Caspervk's Public Mumble";
+    registerPassword = "$REGISTER_PASSWORD";
+    registerUrl = "https://mumble.caspervk.net";
+    registerHostname = "mumble.caspervk.net";
+    extraConfig = ''
+      # Connect clients to the lobby instead of the root channel the first time
+      # they connect.
+      defaultchannel=1
+    '';
+    environmentFile = config.age.secrets.mumble-environment-file.path;
+  };
+
+  # Persist database
+  environment.persistence."/nix/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/murmur/";
+        user = "murmur";
+        group = "murmur";
+        mode = "0700";
+      }
+    ];
+  };
+
+  age.secrets.mumble-environment-file = {
+    file = "${secrets}/secrets/mumble-environment-file.age";
+    mode = "400";
+    owner = "root";
+    group = "root";
+  };
+}