diff options
| author | Soispha <soispha@vhack.eu> | 2023-10-03 17:29:00 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-10-03 18:08:45 +0200 |
| commit | c154fa39a7f68a17713eff260c45c4d23835feb1 (patch) | |
| tree | 723ceae9d305fc0bb4056bf1d521355709654515 | |
| parent | feat(system/services/murmur): Initialize (diff) | |
| download | nixos-server-c154fa39a7f68a17713eff260c45c4d23835feb1.tar.gz nixos-server-c154fa39a7f68a17713eff260c45c4d23835feb1.zip | |
fix(system/services/murmur): Allow murmur's user to read certs
| -rw-r--r-- | system/impermanence/default.nix | 1 | ||||
| -rw-r--r-- | system/impermanence/mods/murmur.nix | 10 | ||||
| -rw-r--r-- | system/services/murmur/default.nix | 26 |
3 files changed, 33 insertions, 4 deletions
diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index 6e977b5..f3d792d 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -5,6 +5,7 @@ ./mods/mail.nix ./mods/matrix.nix ./mods/minecraft.nix + ./mods/murmur.nix ./mods/nix-sync.nix ./mods/openssh.nix ./mods/postgresql.nix diff --git a/system/impermanence/mods/murmur.nix b/system/impermanence/mods/murmur.nix new file mode 100644 index 0000000..48912e1 --- /dev/null +++ b/system/impermanence/mods/murmur.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/murmur"; + user = "murmur"; + group = "murmur"; + mode = "0700"; + } + ]; +} diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix index 9c04db0..1dcd781 100644 --- a/system/services/murmur/default.nix +++ b/system/services/murmur/default.nix @@ -1,23 +1,41 @@ -{config, ...}: { +{...}: let + murmurStore = "/var/lib/murmur"; +in { services.murmur = { enable = true; openFirewall = true; welcometext = '' - <b>You never get a second chance to make a first impression</b> + <b>You never get a second chance to make a first impression</b><br> The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! ''; - sslKey = "${config.security.acme.certs.murmur.directory}/key.pem"; - sslCert = "${config.security.acme.certs.murmur.directory}/fullchain.pem"; + sslKey = "${murmurStore}/key.pem"; + sslCert = "${murmurStore}/fullchain.pem"; registerUrl = "vhack.eu"; registerName = "vhack"; registerHostname = "mumble.vhack.eu"; hostName = "mumble.vhack.eu"; clientCertRequired = true; + bandwidth = 7200000; }; security.acme.certs.murmur = { domain = "mumble.vhack.eu"; + postRun = + /* + bash + */ + '' + set -x + rm "${murmurStore}/key.pem" + rm "${murmurStore}/fullchain.pem" + + cp key.pem "${murmurStore}"; + cp fullchain.pem "${murmurStore}"; + + chown murmur:murmur "${murmurStore}/key.pem" + chown murmur:murmur "${murmurStore}/fullchain.pem" + ''; }; } |