43 lines
1.1 KiB
Nix
43 lines
1.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
services.murmur = {
|
|
enable = true;
|
|
allowHtml = false;
|
|
bandwidth = 10000000;
|
|
registerName = "lassul.us";
|
|
autobanTime = 30;
|
|
sslCert = "/var/lib/acme/lassul.us/cert.pem";
|
|
sslKey = "/var/lib/acme/lassul.us/key.pem";
|
|
};
|
|
users.groups.lasscert.members = [
|
|
"murmur"
|
|
];
|
|
krebs.iptables.tables.filter.INPUT.rules = [
|
|
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
|
|
{ predicate = "-p udp --dport 64738"; target = "ACCEPT";}
|
|
];
|
|
|
|
systemd.services.docker-mumble-web.serviceConfig = {
|
|
StandardOutput = lib.mkForce "journal";
|
|
StandardError = lib.mkForce "journal";
|
|
};
|
|
virtualisation.oci-containers.containers.mumble-web = {
|
|
image = "rankenstein/mumble-web:0.5";
|
|
environment = {
|
|
MUMBLE_SERVER = "lassul.us:64738";
|
|
};
|
|
ports = [
|
|
"64739:8080"
|
|
];
|
|
};
|
|
|
|
services.nginx.virtualHosts."mumble.lassul.us" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:64739";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
}
|