{ fqdn }: { pkgs, config, self, ... }: let certs = config.security.acme.certs; certDirectory = "${certs.${fqdn}.directory}"; port = config.services.murmur.port; dbfolder = "/persist/replicable/murmur/murmur.sqlite"; in { secrix.services.murmur = { additionalRuntimeDirNames = [ "murmur" ]; forceRuntimeDirs = true; secrets.murmursupass.encrypted.file = "${self}/secrets/murmursupass"; }; systemd.services.create-murmur-database = { description = "Create cache directory for cgit"; enable = true; wantedBy = [ "murmur.service" ]; serviceConfig = { type = "oneshot"; }; script = '' mkdir -p /persist/replicable/murmur/ chmod -R 755 /persist/replicable/murmur/ chown -R murmur:murmur /persist/replicable/murmur/ ''; }; services.murmur = { enable = true; openFirewall = true; welcometext = ''crashoverburn.com Mumble''; users = 50; textMsgLength = 10000; imgMsgLength = 12000000; bandwidth = 64000000; clientCertRequired = true; hostName = "10.0.1.30"; # registerHostname = "${fqdn}"; #registerName = "crashoverburn.com"; sslCert = "${certDirectory}/fullchain.pem"; sslKey = "${certDirectory}/key.pem"; sslCa = "${certDirectory}/full.pem"; extraConfig = '' database=${dbfolder} ''; }; systemd.services.murmur.postStart = '' ${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -supw "$(cat ${config.secrix.services.murmur.secrets.murmursupass.decrypted.path})" ''; security.acme.certs.${fqdn} = { group = "murmur-cert"; postRun = "systemctl restart murmur.service"; webroot = "/var/lib/acme/acme-challenge/"; }; users.groups.murmur-cert.members = [ "murmur" "nginx" ]; # services.nginx = { # enable = true; # virtualHosts.${fqdn} = { # listenAddresses = [ # "10.0.1.30" # ]; # useACMEHost = "crashoverburn.com"; # #enableACME = true; # forceSSL = true; # locations."/".return = "301 https://crashoverburn.com/mumble"; # }; # }; }