From 20e771d908d5eeae0909ad049d7058ad9f4a0177 Mon Sep 17 00:00:00 2001 From: teidesu Date: Fri, 8 Nov 2024 22:22:47 +0300 Subject: [PATCH] feat(arumi): mumble server --- hosts/arumi/configuration.nix | 1 + hosts/arumi/services/mumble.nix | 47 +++++++++++++++++++++++++++++++++ secrets/arumi-mumble-env.age | 6 +++++ 3 files changed, 54 insertions(+) create mode 100644 hosts/arumi/services/mumble.nix create mode 100644 secrets/arumi-mumble-env.age diff --git a/hosts/arumi/configuration.nix b/hosts/arumi/configuration.nix index 3c45211..c20e7d0 100644 --- a/hosts/arumi/configuration.nix +++ b/hosts/arumi/configuration.nix @@ -8,6 +8,7 @@ ./services/sing-box.nix ./services/uptime-kuma.nix + ./services/mumble.nix ]; boot.loader.grub = { diff --git a/hosts/arumi/services/mumble.nix b/hosts/arumi/services/mumble.nix new file mode 100644 index 0000000..9522ddf --- /dev/null +++ b/hosts/arumi/services/mumble.nix @@ -0,0 +1,47 @@ +{ abs, config, ... }: + +let + secrets = import (abs "lib/secrets.nix"); + + UID = 1101; +in { + imports = [ + (secrets.declare [{ + name = "arumi-mumble-env"; + owner = "mumble"; + }]) + ]; + + users.users.mumble = { + isNormalUser = true; + uid = UID; + }; + users.groups.mumble = {}; + + virtualisation.oci-containers.containers.mumble = { + image = "mumblevoip/mumble-server:v1.5.634-0"; + volumes = [ + "/srv/mumble:/data" + ]; + environment = { + MUMBLE_CONFIG_WELCOME_TEXT = ""; + MUMBLE_CONFIG_ALLOW_HTML = "true"; + MUMBLE_CONFIG_LOG_ACL_CHANGES = "true"; + }; + ports = [ + "64738:64738/tcp" + "64738:64738/udp" + ]; + environmentFiles = [ + (secrets.file config "arumi-mumble-env") + ]; + user = builtins.toString UID; + }; + + networking.firewall.allowedTCPPorts = [ 64738 ]; + networking.firewall.allowedUDPPorts = [ 64738 ]; + + systemd.tmpfiles.rules = [ + "d /srv/mumble 0700 ${builtins.toString UID} ${builtins.toString UID} -" + ]; +} \ No newline at end of file diff --git a/secrets/arumi-mumble-env.age b/secrets/arumi-mumble-env.age new file mode 100644 index 0000000..1065b8c --- /dev/null +++ b/secrets/arumi-mumble-env.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 sj88Xw Wp9ozkQMQuLC7B86Xv0AnKPJvLzZkfC29RYFivCU8SM +y+0TPghrRYrvVenoYyBDA0s852T7Ef4HOc3O5S1cXOg +--- IQC+Ff7DtWlDRO+DmQAg2AgFhcSvGV41I/Ny3PbmSVs +wÍé_ž1Uzá1¤eêÓCwðW±˜š°@}-.o°Z&jQ×UL?ÌÜ[2GD5ø[Ql<ÿª13±mƒ÷ÔòÇZIº«l~‡ÓóOâA«2 ­.pñüè~±š&ÒÀŽ]º `6ÑÌü$ý 3h¯w«Úçòðˆ‹£ˆ}‡¿ê +ŒL¾§´þ¬’WöÜDÃS°“º©­Y-w$Aè \ No newline at end of file