modules.services.murmur: init

2026-01-12 04:39:23 +08:00 · 2024-11-16 19:46:08 +08:00
parent 69f0f5efd2
commit 6b5c2e0e7e
4 changed files with 43 additions and 4 deletions
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -84,6 +84,7 @@ inputs:
          lighthouse = true;
        };
        beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
+        murmur = {};
      };
    };
    specialisation.generic.configuration =
--- a/devices/vps6/secrets.yaml
+++ b/devices/vps6/secrets.yaml
@@ -67,6 +67,8 @@ wireguard:
 telegram:
    token: ENC[AES256_GCM,data:LskBPmXZk3hRZ2bChXZjmRzzGd2A2GKrUZMknCDXTpTzOdP/RDibRvgI75HLWg==,iv:9lJKuGLD5HuQinWvvAvwWFAvEJofUGkJsxKNpqZrGmI=,tag:pTmTOlsYIY6Uqd69AtrnBA==,type:str]
    chat: ENC[AES256_GCM,data:0ehCIvd7sBFc,iv:OwdiIoPrt/e1YgsCrYcqqMYhsJuEtKW2pSKNVxahMV4=,tag:ig2CfQxwzv2ppIutU6371w==,type:str]
+murmur:
+    password: ENC[AES256_GCM,data:QsI2hFbXtYZID97gqUaXzp0=,iv:RWotwhDa5zPwRU++UrWzaxGtte2JvdZgGI/dvekAwDg=,tag:b5h5LkjpUAXMgCWQ4X12lw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -91,8 +93,8 @@ sops:
            ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
            ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-26T04:24:17Z"
-    mac: ENC[AES256_GCM,data:AXhLmyZWGD6KvMkyHqmCERE6eNE3pD5Pa/9mRBWZe4hiXL4mKTzCn5C/ODGQ1ZeQjDdP+awjJRvLRjMiYFhVlU8rKpg/f2G1gDr4cIbr61sCdzXKX8wFW0G7bJWxxpAC4X59+u9EJ3sNcyf7bJrMdkTzTYpgXh29mtl2bprcdJQ=,iv:pK4hYexcWng3GwOmWGqgyMsmATnXgcwR3NH4UxCwpvE=,tag:zpv64JWoXc5cDCukDuW51g==,type:str]
+    lastmodified: "2024-11-16T11:46:05Z"
+    mac: ENC[AES256_GCM,data:gZWF5999ls0up966glng6+SiKi0pk+/68nhhWilf2QUObJdPOTTXgHZ5Z7dLr+6wJxYhqLGtWlPDreG13HQoaEjjm1vV1+5scheBg+FO7CrrnvR93ykIgncUZGbxPaQnbmhG1lBJV5hDVggv+5bRtCR0QrGWfeY2OeaH8j92GJM=,iv:Xj7o3x4B9C0ScIGpkVX2W/EVjbaxtfTDS48ucxeKo6o=,tag:NnNX/At61T9GeYwJrd6qtw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1
--- a/modules/packages/desktop/default.nix
+++ b/modules/packages/desktop/default.nix
@@ -34,7 +34,7 @@ inputs:
          remmina putty mtr-gui
          # media
          mpv nomacs yesplaymusic simplescreenrecorder imagemagick gimp netease-cloud-music-gtk qcm
-          waifu2x-converter-cpp inkscape blender paraview vlc whalebird spotify obs-studio
+          waifu2x-converter-cpp inkscape blender paraview vlc whalebird spotify obs-studio mumble
          # themes
          klassy localPackages.slate localPackages.blurred-wallpaper tela-circle-icon-theme
          catppuccin catppuccin-sddm catppuccin-cursors catppuccinifier-gui catppuccinifier-cli catppuccin-plymouth
--- a/modules/services/murmur.nix
+++ b/modules/services/murmur.nix
@@ -0,0 +1,36 @@
+inputs:
+{
+  options.nixos.services.murmur = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule
+    {
+      options =
+      {
+        hostname = mkOption { type = types.nonEmptyStr; default = "murmur.chn.moe"; };
+      };
+    });
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) murmur; in inputs.lib.mkIf (murmur != null)
+  {
+    services.murmur =
+    {
+      enable = true;
+      openFirewall = true;
+      password = "$MURMURD_PASSWORD";
+      sslKey = "${inputs.config.security.acme.certs.${murmur.hostname}.directory}/key.pem";
+      sslCert = "${inputs.config.security.acme.certs.${murmur.hostname}.directory}/fullchain.pem";
+      environmentFile = inputs.config.sops.templates."murmur/env".path;
+    };
+    sops =
+    {
+      templates."murmur/env" =
+      {
+        content = "MURMURD_PASSWORD=${inputs.config.sops.placeholder."murmur/password"}";
+        owner = "murmur";
+      };
+      secrets."murmur/password" = {};
+    };
+    nixos.services.acme.cert.${murmur.hostname}.group = "murmur";
+  };
+}