]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/freeciv.nix
apparmor: update to upstream nixpkgs#101071
[sourcephile-nix.git] / machines / losurdo / freeciv.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.users) users;
4 domain = config.networking.domain;
5 inherit (config.services) freeciv;
6 in
7 {
8 networking.nftables.ruleset = ''
9 add rule inet filter net2fw tcp dport ${toString freeciv.settings.port} counter accept comment "Freeciv"
10 '';
11 users.users.freeciv.isSystemUser = true;
12 users.groups.acme.members = [ users."freeciv".name ];
13 security.acme.certs."${domain}" = {
14 postRun = "systemctl reload freeciv";
15 };
16 systemd.services.postgresql = {
17 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
18 after = [ "acme-selfsigned-${domain}.service" ];
19 };
20 services.upnpc.redirections = [
21 { port = freeciv.settings.port; protocol = "TCP"; }
22 ];
23 services.freeciv = {
24 enable = true;
25 settings = {
26 Announce = "none";
27 Guests = true;
28 Newusers = true;
29 auth = true;
30 debug = 3;
31 };
32 };
33 }