36 lines
999 B
Nix
36 lines
999 B
Nix
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
||
#
|
||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
||
{ config, ... }:
|
||
|
||
{
|
||
sops.secrets.murmur-superuser = {
|
||
owner = config.users.users.murmur.name;
|
||
sopsFile = ../secrets.yaml;
|
||
};
|
||
|
||
users.users.murmur.isSystemUser = true; # Infinisil’s module does not set that
|
||
services.murmur = {
|
||
enable = true;
|
||
openFirewall = true;
|
||
superuserPasswordFile = config.sops.secrets.murmur-superuser.path;
|
||
acmeDomain = "mumble.sbruder.de";
|
||
config = {
|
||
bandwidth = "128000";
|
||
obfuscate = true;
|
||
logfile = ""; # log to stdout
|
||
|
||
username = ''[ \\-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+'';
|
||
channelname = ''[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+'';
|
||
};
|
||
};
|
||
# upstream (out-of-tree) does not define this, but nixpkgs wants (🥁) it
|
||
systemd.services.murmur.wants = [ "network-online.target" ];
|
||
|
||
services.nginx.virtualHosts."mumble.sbruder.de" = {
|
||
enableACME = true;
|
||
forceSSL = true;
|
||
};
|
||
}
|