-{ pkgs, lib, config, ... }:
+{ config, ... }:
let
inherit (config.users) users;
domain = config.networking.domain;
in
{
-networking.nftables.ruleset = ''
- add rule inet filter net2fw udp dport 64738 counter accept comment "Murmur"
- add rule inet filter net2fw tcp dport 64738 counter accept comment "Murmur"
-'';
-users.groups.acme.members = [ users."murmur".name ];
-security.acme.certs."${domain}" = {
- postRun = "systemctl reload murmur";
-};
-systemd.services.postgresql = {
- wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
- after = [ "acme-selfsigned-${domain}.service" ];
-};
-services.murmur = {
- enable = true;
- welcometext = ''
- Bienvenue sur mumble.sourcephile.fr
- Avant de commencer à parler, rejoignez un salon ou bien créez en un nouveau !
+ networking.nftables.ruleset = ''
+ table inet filter {
+ chain input-net {
+ meta l4proto { udp, tcp } th dport 64738 counter accept comment "Murmur"
+ }
+ }
'';
- bonjour = false;
- registerName = "sourcephile";
- registerHostname = "mumble.${domain}";
- #registerUrl = "https://${domain}";
- #registerLocation = "FR";
- allowHtml = true;
- users = 42;
- sslKey = "/var/lib/acme/${domain}/full.pem";
- extraConfig = ''
- username = "[A-Za-z0-9_-]{2,12}"
- channelnestinglimit = 10
- opusthreshold = 50
- '';
-};
+ users.groups.acme.members = [ users."murmur".name ];
+ security.acme.certs."${domain}" = {
+ postRun = "systemctl try-restart --no-block murmur";
+ };
+ systemd.services.murmur = {
+ wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
+ after = [ "acme-selfsigned-${domain}.service" ];
+ };
+ services.murmur = {
+ enable = true;
+ welcometext = ''
+ Bienvenue sur mumble.sourcephile.fr
+ Avant de commencer à parler, rejoignez un salon ou bien créez en un nouveau !
+ '';
+ bonjour = false;
+ registerName = "sourcephile";
+ registerHostname = "mumble.${domain}";
+ #registerUrl = "https://${domain}";
+ #registerLocation = "FR";
+ allowHtml = true;
+ users = 42;
+ sslKey = "/var/lib/acme/${domain}/full.pem";
+ extraConfig = ''
+ username = "[A-Za-z0-9_-]{2,12}"
+ channelnestinglimit = 10
+ opusthreshold = 50
+ '';
+ };
}