diff --git a/machines/default.nix b/machines/default.nix index 7d4e5cd..75585d5 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -12,9 +12,6 @@ in }; vueko = { system = "x86_64-linux"; - extraModules = [ - "${inputs.infinisilSystem}/config/new-modules/murmur.nix" - ]; targetHost = "vueko.sbruder.de"; }; @@ -43,6 +40,9 @@ in }; okarin = { system = "x86_64-linux"; + extraModules = [ + "${inputs.infinisilSystem}/config/new-modules/murmur.nix" + ]; targetHost = "okarin.sbruder.de"; }; diff --git a/machines/okarin/configuration.nix b/machines/okarin/configuration.nix index 1b28c35..3029d73 100644 --- a/machines/okarin/configuration.nix +++ b/machines/okarin/configuration.nix @@ -10,6 +10,7 @@ ./services/hedgedoc.nix ./services/invidious ./services/libreddit.nix + ./services/mumble.nix ./services/nitter.nix ./services/sbruder.xyz ]; diff --git a/machines/okarin/secrets.yaml b/machines/okarin/secrets.yaml index 5cdc74b..a4692e1 100644 --- a/machines/okarin/secrets.yaml +++ b/machines/okarin/secrets.yaml @@ -1,14 +1,15 @@ wg-home-private-key: ENC[AES256_GCM,data:UMNY28f8D4VN86s8RqhBbfCgBzLWOmAu1Id7RyIfp1Ta/BvgtfOz70Y3hvs=,iv:ph2O/wBwwThHnNQ5sHIc9ZOC6EXHM3fv4z3esTpJuj0=,tag:pROjuUte4+OZxPlhppceWA==,type:str] gitea-mail: ENC[AES256_GCM,data:7pW7M9SVkdhGD1I/WQW2K/C/HQHBWGP+S0cXlo5rTaQ=,iv:fj3ercPsBhTZnGZFPVxd2wQ2wNmA3IYNz7xnf3P1Tjc=,tag:BJxcUoa+ZezGLKfHmXJJVg==,type:str] invidious-extra-settings: ENC[AES256_GCM,data:PVdEqmWBvz72Knq0K/oZMfC4f4ygib7QJ4tMua4CeeSFchQirD3bhHKEPxfzJ5KxIZwH3otLjB8wAFJ+fDCQsrf5owJwP+4gxPFjlpk3nFiB,iv:Q0Lmr9ZO5ijIZ4sDNo5YollD6DaHN56RyV8MJgNctHI=,tag:5W3euSI7OPJ0BYvrEZjH+g==,type:str] +murmur-superuser: ENC[AES256_GCM,data:yPiP2Vh6Zf9OSy0hlP0DsNykbhR2VvCLzA==,iv:+GEChmJtE2bnQ35uke4QXRDO3vY3MVPz2rWDwN6EUYI=,tag:paqTIe97dF83ExwAoQnSlQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-03-18T15:01:50Z" - mac: ENC[AES256_GCM,data:6yBbtg+JYpMuYpE4kq0pHxl6j3P03LyHTQBdYrw/rFaTHhL3IC0AN/IHfui+0uwrCeSQdl6KiFU48r0IL5RtB1XCWPC40OshFOdq64CzUpRpgMPh9K5SI0AxVfNvhGV3q2d99zRJGakxnYMpJuBk8TyYSH8S5+dU6jCnKfE4HA8=,iv:Vk7cYrRBphTdmBQoY1GaCcary6dq4/jV0fKBATFeNGg=,tag:U/xZTkm4ipfvBknUDtryJg==,type:str] + lastmodified: "2022-03-18T15:51:55Z" + mac: ENC[AES256_GCM,data:hRzUVAjVSz0bbdvSU4QxMwAL57Wi9qBZLOnIeSOO7laVSC0JM0XlBau6t9hnLJRG4G8GPG32hAJ2E3lAFev6JLhEfVT7YurU8jVG5pazTUfWsKDn/Oo5sxsQG8oNAkzAYpkd7VqBl/l25g4JPeDtOpTO5FdktKfXqG886DKJER8=,iv:H1i3pwyTGMAH7xy6uIA2Cz/V9ZtHxqoBiAidLiQ8zNc=,tag:RzqzKNUQGhZv7Rzkc30ebg==,type:str] pgp: - created_at: "2022-03-03T09:13:41Z" enc: | diff --git a/machines/okarin/services/mumble.nix b/machines/okarin/services/mumble.nix new file mode 100644 index 0000000..5a41e76 --- /dev/null +++ b/machines/okarin/services/mumble.nix @@ -0,0 +1,28 @@ +{ config, ... }: + +{ + sops.secrets.murmur-superuser = { + owner = config.users.users.murmur.name; + sopsFile = ../secrets.yaml; + }; + + users.users.murmur.isSystemUser = true; # Infinisil’s module does not set that + services.murmur = { + enable = true; + openFirewall = true; + superuserPasswordFile = config.sops.secrets.murmur-superuser.path; + acmeDomain = "mumble.sbruder.de"; + config = { + bandwidth = "128000"; + obfuscate = true; + logfile = ""; # log to stdout + + channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+''; + }; + }; + + services.nginx.virtualHosts."mumble.sbruder.de" = { + enableACME = true; + forceSSL = true; + }; +} diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix index a126f2f..83b4b5d 100644 --- a/machines/vueko/configuration.nix +++ b/machines/vueko/configuration.nix @@ -58,10 +58,6 @@ locations."/".proxyPass = "http://localhost:5232"; }; - "mumble.sbruder.de" = { - enableACME = true; - forceSSL = true; - }; "bangs.sbruder.de" = { enableACME = true; forceSSL = true; @@ -91,26 +87,6 @@ }; }; - sops.secrets.murmur-superuser = { - owner = config.users.users.murmur.name; - sopsFile = ./secrets.yaml; - }; - - users.users.murmur.isSystemUser = true; # Infinisil’s module does not set that - services.murmur = { - enable = true; - openFirewall = true; - superuserPasswordFile = config.sops.secrets.murmur-superuser.path; - acmeDomain = "mumble.sbruder.de"; - config = { - bandwidth = "128000"; - obfuscate = true; - logfile = ""; # log to stdout - - channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+''; - }; - }; - services.bang-evaluator = { enable = true; listenAddress = ":8000"; diff --git a/machines/vueko/secrets.yaml b/machines/vueko/secrets.yaml index 7bdda36..6321091 100644 --- a/machines/vueko/secrets.yaml +++ b/machines/vueko/secrets.yaml @@ -1,4 +1,3 @@ -murmur-superuser: ENC[AES256_GCM,data:jTVEa1KmbGAIxxFS2/uIlDCnnJTtGmKFZQ==,iv:YJIfcXlgKEwIRzFEY94dgReNjWZqLAqL0Rb6TG4IHIE=,tag:MVzaRkb24QyyNyFCEMwmzQ==,type:str] wg-home-private-key: ENC[AES256_GCM,data:/RHNF6Zw6CTWa9ahUhGWRfkR8KIj+HdqUIojA1w6HQBFbZ/+Vo+CcYTYO5I=,iv:2sDH1P3VRjmLw6Ilkq0rw/hossHrNWP5uRvX9yr5fLE=,tag:KIT5GCfXuhg6RjA8+Nmtnw==,type:str] turn-static-auth-secret: ENC[AES256_GCM,data:Nz94xw5sBuAgEqVpwiV44Rd3km16H46X6jVf2gzE+mbbVt2TXExv/7yegQtXI++eBo6q4wbpOfxwl0b1Pvsa/A==,iv:HSdqj43Vmq5McWAbMoxeNUa38UD75Xe4PJEwY5mKjOQ=,tag:cFpFsVwhisWt7JMMzJemCA==,type:str] sops: @@ -7,8 +6,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-12-01T16:49:21Z" - mac: ENC[AES256_GCM,data:wLy9If4/YdAVILwz1vSzCQsjG0U8Z2GvpME/+xW9pS/xmKoXTwaxP2QQpy8ReTmtikpbKS327j5pz2dSMiweqaUFSVb1nIEvUFxV4PKnxf5ubJalPZAGa82Cw0aassMKz0IAd8rDF/xK9RoB3ayRluYKAP/qnbEcFrys0BokGE0=,iv:Yw3tG1J135QImJqXEGrpSq3k8Lo++uUXfEKmCCNCpDg=,tag:FChnsJ1qIzalpVypMIilrg==,type:str] + lastmodified: "2022-03-18T15:51:43Z" + mac: ENC[AES256_GCM,data:YRZGoW0PxHTkdXp7/Af+evicxbOYD9YRL6Sze5YkZ3Bcc396aEHp8lc7Ix/Z9lX2AKLcHP5S84xP2oomq79ayeFwpomNbxQJJgiA7WJn3WD29Mw5s/tSe1cIBNBimbc11nip5Zqq4sAtb48mg8O1/CXNqaYtnJE2Hfq+3hG0tcg=,iv:qzs7Bq0va7Nr8e20LGJtdBRJ/4UlNCOiYrM0yy1z6JM=,tag:z59Q8SafZ1i8IB/E8rIu2Q==,type:str] pgp: - created_at: "2021-04-06T11:13:54Z" enc: |