simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

vueko/murmur: Migrate to okarin

Browse source
This commit is contained in:
Simon Bruder 2022-03-18 17:00:44 +01:00
parent a0946951e8
commit 50ed985671
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
6 changed files with 37 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/default.nix
View file

@ -12,9 +12,6 @@ in
}; };
vueko = { vueko = {
system = "x86_64-linux"; system = "x86_64-linux";
extraModules = [
"${inputs.infinisilSystem}/config/new-modules/murmur.nix"
];
targetHost = "vueko.sbruder.de"; targetHost = "vueko.sbruder.de";
}; };
@ -43,6 +40,9 @@ in
}; };
okarin = { okarin = {
system = "x86_64-linux"; system = "x86_64-linux";
extraModules = [
"${inputs.infinisilSystem}/config/new-modules/murmur.nix"
];
targetHost = "okarin.sbruder.de"; targetHost = "okarin.sbruder.de";
}; };

1
machines/okarin/configuration.nix
View file

@ -10,6 +10,7 @@
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/invidious ./services/invidious
./services/libreddit.nix ./services/libreddit.nix
./services/mumble.nix
./services/nitter.nix ./services/nitter.nix
./services/sbruder.xyz ./services/sbruder.xyz
]; ];

5
machines/okarin/secrets.yaml
View file

@ -1,14 +1,15 @@
wg-home-private-key: ENC[AES256_GCM,data:UMNY28f8D4VN86s8RqhBbfCgBzLWOmAu1Id7RyIfp1Ta/BvgtfOz70Y3hvs=,iv:ph2O/wBwwThHnNQ5sHIc9ZOC6EXHM3fv4z3esTpJuj0=,tag:pROjuUte4+OZxPlhppceWA==,type:str] wg-home-private-key: ENC[AES256_GCM,data:UMNY28f8D4VN86s8RqhBbfCgBzLWOmAu1Id7RyIfp1Ta/BvgtfOz70Y3hvs=,iv:ph2O/wBwwThHnNQ5sHIc9ZOC6EXHM3fv4z3esTpJuj0=,tag:pROjuUte4+OZxPlhppceWA==,type:str]
gitea-mail: ENC[AES256_GCM,data:7pW7M9SVkdhGD1I/WQW2K/C/HQHBWGP+S0cXlo5rTaQ=,iv:fj3ercPsBhTZnGZFPVxd2wQ2wNmA3IYNz7xnf3P1Tjc=,tag:BJxcUoa+ZezGLKfHmXJJVg==,type:str] gitea-mail: ENC[AES256_GCM,data:7pW7M9SVkdhGD1I/WQW2K/C/HQHBWGP+S0cXlo5rTaQ=,iv:fj3ercPsBhTZnGZFPVxd2wQ2wNmA3IYNz7xnf3P1Tjc=,tag:BJxcUoa+ZezGLKfHmXJJVg==,type:str]
invidious-extra-settings: ENC[AES256_GCM,data:PVdEqmWBvz72Knq0K/oZMfC4f4ygib7QJ4tMua4CeeSFchQirD3bhHKEPxfzJ5KxIZwH3otLjB8wAFJ+fDCQsrf5owJwP+4gxPFjlpk3nFiB,iv:Q0Lmr9ZO5ijIZ4sDNo5YollD6DaHN56RyV8MJgNctHI=,tag:5W3euSI7OPJ0BYvrEZjH+g==,type:str] invidious-extra-settings: ENC[AES256_GCM,data:PVdEqmWBvz72Knq0K/oZMfC4f4ygib7QJ4tMua4CeeSFchQirD3bhHKEPxfzJ5KxIZwH3otLjB8wAFJ+fDCQsrf5owJwP+4gxPFjlpk3nFiB,iv:Q0Lmr9ZO5ijIZ4sDNo5YollD6DaHN56RyV8MJgNctHI=,tag:5W3euSI7OPJ0BYvrEZjH+g==,type:str]
murmur-superuser: ENC[AES256_GCM,data:yPiP2Vh6Zf9OSy0hlP0DsNykbhR2VvCLzA==,iv:+GEChmJtE2bnQ35uke4QXRDO3vY3MVPz2rWDwN6EUYI=,tag:paqTIe97dF83ExwAoQnSlQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2022-03-18T15:01:50Z" lastmodified: "2022-03-18T15:51:55Z"
mac: ENC[AES256_GCM,data:6yBbtg+JYpMuYpE4kq0pHxl6j3P03LyHTQBdYrw/rFaTHhL3IC0AN/IHfui+0uwrCeSQdl6KiFU48r0IL5RtB1XCWPC40OshFOdq64CzUpRpgMPh9K5SI0AxVfNvhGV3q2d99zRJGakxnYMpJuBk8TyYSH8S5+dU6jCnKfE4HA8=,iv:Vk7cYrRBphTdmBQoY1GaCcary6dq4/jV0fKBATFeNGg=,tag:U/xZTkm4ipfvBknUDtryJg==,type:str] mac: ENC[AES256_GCM,data:hRzUVAjVSz0bbdvSU4QxMwAL57Wi9qBZLOnIeSOO7laVSC0JM0XlBau6t9hnLJRG4G8GPG32hAJ2E3lAFev6JLhEfVT7YurU8jVG5pazTUfWsKDn/Oo5sxsQG8oNAkzAYpkd7VqBl/l25g4JPeDtOpTO5FdktKfXqG886DKJER8=,iv:H1i3pwyTGMAH7xy6uIA2Cz/V9ZtHxqoBiAidLiQ8zNc=,tag:RzqzKNUQGhZv7Rzkc30ebg==,type:str]
pgp: pgp:
- created_at: "2022-03-03T09:13:41Z" - created_at: "2022-03-03T09:13:41Z"
enc: | enc: |

28
machines/okarin/services/mumble.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, ... }:
{
sops.secrets.murmur-superuser = {
owner = config.users.users.murmur.name;
sopsFile = ../secrets.yaml;
};
users.users.murmur.isSystemUser = true; # Infinisils module does not set that
services.murmur = {
enable = true;
openFirewall = true;
superuserPasswordFile = config.sops.secrets.murmur-superuser.path;
acmeDomain = "mumble.sbruder.de";
config = {
bandwidth = "128000";
obfuscate = true;
logfile = ""; # log to stdout
channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+'';
};
};
services.nginx.virtualHosts."mumble.sbruder.de" = {
enableACME = true;
forceSSL = true;
};
}

24
machines/vueko/configuration.nix
View file

@ -58,10 +58,6 @@
locations."/".proxyPass = "http://localhost:5232"; locations."/".proxyPass = "http://localhost:5232";
}; };
"mumble.sbruder.de" = {
enableACME = true;
forceSSL = true;
};
"bangs.sbruder.de" = { "bangs.sbruder.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -91,26 +87,6 @@
}; };
}; };
sops.secrets.murmur-superuser = {
owner = config.users.users.murmur.name;
sopsFile = ./secrets.yaml;
};
users.users.murmur.isSystemUser = true; # Infinisils module does not set that
services.murmur = {
enable = true;
openFirewall = true;
superuserPasswordFile = config.sops.secrets.murmur-superuser.path;
acmeDomain = "mumble.sbruder.de";
config = {
bandwidth = "128000";
obfuscate = true;
logfile = ""; # log to stdout
channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+'';
};
};
services.bang-evaluator = { services.bang-evaluator = {
enable = true; enable = true;
listenAddress = ":8000"; listenAddress = ":8000";

5
machines/vueko/secrets.yaml
View file

@ -1,4 +1,3 @@
murmur-superuser: ENC[AES256_GCM,data:jTVEa1KmbGAIxxFS2/uIlDCnnJTtGmKFZQ==,iv:YJIfcXlgKEwIRzFEY94dgReNjWZqLAqL0Rb6TG4IHIE=,tag:MVzaRkb24QyyNyFCEMwmzQ==,type:str]
wg-home-private-key: ENC[AES256_GCM,data:/RHNF6Zw6CTWa9ahUhGWRfkR8KIj+HdqUIojA1w6HQBFbZ/+Vo+CcYTYO5I=,iv:2sDH1P3VRjmLw6Ilkq0rw/hossHrNWP5uRvX9yr5fLE=,tag:KIT5GCfXuhg6RjA8+Nmtnw==,type:str] wg-home-private-key: ENC[AES256_GCM,data:/RHNF6Zw6CTWa9ahUhGWRfkR8KIj+HdqUIojA1w6HQBFbZ/+Vo+CcYTYO5I=,iv:2sDH1P3VRjmLw6Ilkq0rw/hossHrNWP5uRvX9yr5fLE=,tag:KIT5GCfXuhg6RjA8+Nmtnw==,type:str]
turn-static-auth-secret: ENC[AES256_GCM,data:Nz94xw5sBuAgEqVpwiV44Rd3km16H46X6jVf2gzE+mbbVt2TXExv/7yegQtXI++eBo6q4wbpOfxwl0b1Pvsa/A==,iv:HSdqj43Vmq5McWAbMoxeNUa38UD75Xe4PJEwY5mKjOQ=,tag:cFpFsVwhisWt7JMMzJemCA==,type:str] turn-static-auth-secret: ENC[AES256_GCM,data:Nz94xw5sBuAgEqVpwiV44Rd3km16H46X6jVf2gzE+mbbVt2TXExv/7yegQtXI++eBo6q4wbpOfxwl0b1Pvsa/A==,iv:HSdqj43Vmq5McWAbMoxeNUa38UD75Xe4PJEwY5mKjOQ=,tag:cFpFsVwhisWt7JMMzJemCA==,type:str]
sops: sops:
@ -7,8 +6,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2021-12-01T16:49:21Z" lastmodified: "2022-03-18T15:51:43Z"
mac: ENC[AES256_GCM,data:wLy9If4/YdAVILwz1vSzCQsjG0U8Z2GvpME/+xW9pS/xmKoXTwaxP2QQpy8ReTmtikpbKS327j5pz2dSMiweqaUFSVb1nIEvUFxV4PKnxf5ubJalPZAGa82Cw0aassMKz0IAd8rDF/xK9RoB3ayRluYKAP/qnbEcFrys0BokGE0=,iv:Yw3tG1J135QImJqXEGrpSq3k8Lo++uUXfEKmCCNCpDg=,tag:FChnsJ1qIzalpVypMIilrg==,type:str] mac: ENC[AES256_GCM,data:YRZGoW0PxHTkdXp7/Af+evicxbOYD9YRL6Sze5YkZ3Bcc396aEHp8lc7Ix/Z9lX2AKLcHP5S84xP2oomq79ayeFwpomNbxQJJgiA7WJn3WD29Mw5s/tSe1cIBNBimbc11nip5Zqq4sAtb48mg8O1/CXNqaYtnJE2Hfq+3hG0tcg=,iv:qzs7Bq0va7Nr8e20LGJtdBRJ/4UlNCOiYrM0yy1z6JM=,tag:z59Q8SafZ1i8IB/E8rIu2Q==,type:str]
pgp: pgp:
- created_at: "2021-04-06T11:13:54Z" - created_at: "2021-04-06T11:13:54Z"
enc: | enc: |