nixos-config/machines/vueko/services/murmur.nix

36 lines
999 B
Nix
Raw Normal View History

# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
2022-03-23 18:07:16 +01:00
{ config, ... }:
{
sops.secrets.murmur-superuser = {
owner = config.users.users.murmur.name;
sopsFile = ../secrets.yaml;
};
users.users.murmur.isSystemUser = true; # Infinisils module does not set that
services.murmur = {
enable = true;
openFirewall = true;
superuserPasswordFile = config.sops.secrets.murmur-superuser.path;
acmeDomain = "mumble.sbruder.de";
config = {
bandwidth = "128000";
obfuscate = true;
logfile = ""; # log to stdout
username = ''[ \\-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+'';
2022-03-23 18:07:16 +01:00
channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+'';
};
};
# upstream (out-of-tree) does not define this, but nixpkgs wants (🥁) it
systemd.services.murmur.wants = [ "network-online.target" ];
2022-03-23 18:07:16 +01:00
services.nginx.virtualHosts."mumble.sbruder.de" = {
enableACME = true;
forceSSL = true;
};
}