servo: deploy a mumble service
is this permissioned correctly? i don't really know
This commit is contained in:
@@ -17,6 +17,7 @@
|
|||||||
./komga.nix
|
./komga.nix
|
||||||
./lemmy.nix
|
./lemmy.nix
|
||||||
./matrix
|
./matrix
|
||||||
|
./mumble.nix
|
||||||
./navidrome.nix
|
./navidrome.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./nixos-prebuild.nix
|
./nixos-prebuild.nix
|
||||||
|
|||||||
52
hosts/by-name/servo/services/mumble.nix
Normal file
52
hosts/by-name/servo/services/mumble.nix
Normal file
@@ -0,0 +1,52 @@
|
|||||||
|
# murmur is the server component of mumble.
|
||||||
|
# - docs: <https://www.mumble.info/documentation/>
|
||||||
|
# - config docs: <https://www.mumble.info/documentation/administration/config-file/>
|
||||||
|
#
|
||||||
|
# default port is 64738 (UDP and TCP)
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
sane.persist.sys.byStore.private = [
|
||||||
|
{ user = "murmur"; group = "murmurm"; mode = "0700"; path = "/var/lib/murmur"; method = "bind" }
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
services.murmur.enable = true;
|
||||||
|
services.murmur.welcometext = "welcome to Colin's mumble voice chat server";
|
||||||
|
# max bandwidth (bps) **per user**. i believe this affects both voice and uploads?
|
||||||
|
# mumble defaults to 558000, but nixos service defaults to 72000.
|
||||||
|
services.murmur.bandwidth = 558000;
|
||||||
|
services.murmur.imgMsgLength = 8 * 1024 * 1024;
|
||||||
|
|
||||||
|
services.murmur.sslCert = "/var/lib/acme/mumble.uninsane.org/fullchain.pem";
|
||||||
|
services.murmur.sslKey = "/var/lib/acme/mumble.uninsane.org/key.pem";
|
||||||
|
services.murmur.sslCa = "/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
|
# allow clients on the LAN to discover this server
|
||||||
|
services.murmur.bonjour = true;
|
||||||
|
|
||||||
|
# mumble has a public server listing.
|
||||||
|
# my server doesn't associate with that registry (unless i specify registerPassword).
|
||||||
|
# however these settings appear to affect how the server presents itself to clients, regardless of registration.
|
||||||
|
services.murmur.registerName = "mumble.uninsane.org";
|
||||||
|
services.murmur.registerUrl = "https://mumble.uninsane.org";
|
||||||
|
services.murmur.registerHostname = "mumble.uninsane.org";
|
||||||
|
|
||||||
|
users.users.murmur.extraGroups = [
|
||||||
|
"nginx" # provide access to certs
|
||||||
|
];
|
||||||
|
services.nginx.virtualHosts."mumble.uninsane.org" = {
|
||||||
|
# allow ACME to procure a cert via nginx for this domain
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
sane.dns.zones."uninsane.org".inet = {
|
||||||
|
CNAME."mumble" = "native";
|
||||||
|
};
|
||||||
|
|
||||||
|
sane.ports.ports."64738" = {
|
||||||
|
protocol = [ "tcp" "udp" ];
|
||||||
|
visibleTo.lan = true;
|
||||||
|
visibleTo.doof = true;
|
||||||
|
description = "colin-mumble";
|
||||||
|
};
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user