From c154fa39a7f68a17713eff260c45c4d23835feb1 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 3 Oct 2023 17:29:00 +0200 Subject: fix(system/services/murmur): Allow murmur's user to read certs --- system/services/murmur/default.nix | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'system/services/murmur/default.nix') diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix index 9c04db0..1dcd781 100644 --- a/system/services/murmur/default.nix +++ b/system/services/murmur/default.nix @@ -1,23 +1,41 @@ -{config, ...}: { +{...}: let + murmurStore = "/var/lib/murmur"; +in { services.murmur = { enable = true; openFirewall = true; welcometext = '' - You never get a second chance to make a first impression + You never get a second chance to make a first impression
The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! ''; - sslKey = "${config.security.acme.certs.murmur.directory}/key.pem"; - sslCert = "${config.security.acme.certs.murmur.directory}/fullchain.pem"; + sslKey = "${murmurStore}/key.pem"; + sslCert = "${murmurStore}/fullchain.pem"; registerUrl = "vhack.eu"; registerName = "vhack"; registerHostname = "mumble.vhack.eu"; hostName = "mumble.vhack.eu"; clientCertRequired = true; + bandwidth = 7200000; }; security.acme.certs.murmur = { domain = "mumble.vhack.eu"; + postRun = + /* + bash + */ + '' + set -x + rm "${murmurStore}/key.pem" + rm "${murmurStore}/fullchain.pem" + + cp key.pem "${murmurStore}"; + cp fullchain.pem "${murmurStore}"; + + chown murmur:murmur "${murmurStore}/key.pem" + chown murmur:murmur "${murmurStore}/fullchain.pem" + ''; }; } -- cgit 1.4.1