]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/freeciv.nix
losurdo: docker: enable service
[sourcephile-nix.git] / hosts / losurdo / freeciv.nix
1 { config, ... }:
2 let
3 inherit (config.users) users;
4 domain = config.networking.domain;
5 inherit (config.services) freeciv;
6 in
7 {
8 networking.nftables.ruleset = ''
9 table inet filter {
10 chain input-net {
11 tcp dport ${toString freeciv.settings.port} counter accept comment "Freeciv"
12 }
13 }
14 '';
15 users.users.freeciv.isSystemUser = true;
16 users.groups.acme.members = [ users."freeciv".name ];
17 security.acme.certs."${domain}" = {
18 # Not supported
19 #postRun = "systemctl reload freeciv";
20 };
21 systemd.services.freeciv = {
22 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
23 after = [ "acme-selfsigned-${domain}.service" ];
24 };
25 services.upnpc.enable = true;
26 services.upnpc.redirections = [
27 {
28 description = "";
29 externalPort = freeciv.settings.port;
30 protocol = "TCP";
31 service.wantedBy = [ "freeciv.service" ];
32 service.partOf = [ "freeciv.service" ];
33 }
34 ];
35 services.freeciv = {
36 enable = true;
37 settings = {
38 Announce = "none";
39 Guests = true;
40 Newusers = true;
41 auth = true;
42 debug = 3;
43 };
44 };
45 }