]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/murmur.nix
nix: update input secrets
[sourcephile-nix.git] / hosts / mermet / murmur.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.users) users;
4 domain = config.networking.domain;
5 in
6 {
7 networking.nftables.ruleset = ''
8 table inet filter {
9 chain input-net {
10 meta l4proto { udp, tcp } th dport 64738 counter accept comment "Murmur"
11 }
12 }
13 '';
14 users.groups.acme.members = [ users."murmur".name ];
15 security.acme.certs."${domain}" = {
16 postRun = "systemctl try-restart --no-block murmur";
17 };
18 systemd.services.murmur = {
19 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
20 after = [ "acme-selfsigned-${domain}.service" ];
21 };
22 services.murmur = {
23 enable = true;
24 welcometext = ''
25 Bienvenue sur mumble.sourcephile.fr
26 Avant de commencer à parler, rejoignez un salon ou bien créez en un nouveau !
27 '';
28 bonjour = false;
29 registerName = "sourcephile";
30 registerHostname = "mumble.${domain}";
31 #registerUrl = "https://${domain}";
32 #registerLocation = "FR";
33 allowHtml = true;
34 users = 42;
35 sslKey = "/var/lib/acme/${domain}/full.pem";
36 extraConfig = ''
37 username = "[A-Za-z0-9_-]{2,12}"
38 channelnestinglimit = 10
39 opusthreshold = 50
40 '';
41 };
42 }