stockholm/lass/2configs/murmur.nix
2022-01-27 20:54:46 +01:00

43 lines
1.1 KiB
Nix

{ config, lib, pkgs, ... }:
{
services.murmur = {
enable = true;
allowHtml = false;
bandwidth = 10000000;
registerName = "lassul.us";
autobanTime = 30;
sslCert = "/var/lib/acme/lassul.us/cert.pem";
sslKey = "/var/lib/acme/lassul.us/key.pem";
};
users.groups.lasscert.members = [
"murmur"
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
{ predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
systemd.services.docker-mumble-web.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
virtualisation.oci-containers.containers.mumble-web = {
image = "rankenstein/mumble-web:0.5";
environment = {
MUMBLE_SERVER = "lassul.us:64738";
};
ports = [
"64739:8080"
];
};
services.nginx.virtualHosts."mumble.lassul.us" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:64739";
proxyWebsockets = true;
};
};
}