alpha: mumble murmur
All checks were successful
Update flake.lock / update (push) Successful in 1m5s
All checks were successful
Update flake.lock / update (push) Successful in 1m5s
This commit is contained in:
parent
e116632bc4
commit
b1af7487d5
11
hosts/alpha/acme.nix
Normal file
11
hosts/alpha/acme.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
{...}: {
|
||||||
|
security.acme.certs."caspervk.net" = {
|
||||||
|
domain = "*.caspervk.net";
|
||||||
|
reloadServices = [
|
||||||
|
"murmur.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.groups.acme.members = [
|
||||||
|
"murmur"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
@ -3,8 +3,10 @@
|
||||||
../../overlays
|
../../overlays
|
||||||
../../modules/base
|
../../modules/base
|
||||||
../../modules/server
|
../../modules/server
|
||||||
|
./acme.nix
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
./knot-dns.nix
|
./knot-dns.nix
|
||||||
|
./mumble.nix
|
||||||
./network.nix
|
./network.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
54
hosts/alpha/mumble.nix
Normal file
54
hosts/alpha/mumble.nix
Normal file
|
|
@ -0,0 +1,54 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
secrets,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# Mumble is a free, open source, low latency, high quality voice chat
|
||||||
|
# application.
|
||||||
|
# https://www.mumble.info/
|
||||||
|
# https://www.mumble.info/blog/ (changelog)
|
||||||
|
services.murmur = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
# https://wiki.mumble.info/wiki/Murmur.ini
|
||||||
|
welcometext = "<b>Welcome!</b> Feel free to use <i>Temporary Channels</i> to create a password-protected channel.";
|
||||||
|
users = 9001;
|
||||||
|
bandwidth = 320000;
|
||||||
|
# Explicitly bind on addresses to ensure UDP doesn't break with multiple
|
||||||
|
# interfaces.
|
||||||
|
hostName = "116.203.179.206 2a01:4f8:c2c:71c0::";
|
||||||
|
# https://wiki.mumble.info/wiki/Obtaining_a_Let's_Encrypt_Murmur_Certificate
|
||||||
|
sslCert = "${config.security.acme.certs."caspervk.net".directory}/fullchain.pem";
|
||||||
|
sslKey = "${config.security.acme.certs."caspervk.net".directory}/key.pem";
|
||||||
|
# Register server in the public server registry
|
||||||
|
registerName = "Caspervk's Public Mumble";
|
||||||
|
registerPassword = "$REGISTER_PASSWORD";
|
||||||
|
registerUrl = "https://mumble.caspervk.net";
|
||||||
|
registerHostname = "mumble.caspervk.net";
|
||||||
|
extraConfig = ''
|
||||||
|
# Connect clients to the lobby instead of the root channel the first time
|
||||||
|
# they connect.
|
||||||
|
defaultchannel=1
|
||||||
|
'';
|
||||||
|
environmentFile = config.age.secrets.mumble-environment-file.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Persist database
|
||||||
|
environment.persistence."/nix/persist" = {
|
||||||
|
directories = [
|
||||||
|
{
|
||||||
|
directory = "/var/lib/murmur/";
|
||||||
|
user = "murmur";
|
||||||
|
group = "murmur";
|
||||||
|
mode = "0700";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mumble-environment-file = {
|
||||||
|
file = "${secrets}/secrets/mumble-environment-file.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue