tyo0/murmur: use ssl certificate

2024-10-02 15:25:23 +08:00 · 2024-10-02 15:25:23 +08:00 · 280edb17f7
commit 280edb17f7
parent 97f94d43d4
1 changed files with 17 additions and 0 deletions
--- a/hosts/aws/tyo0/services/murmur.nix
+++ b/hosts/aws/tyo0/services/murmur.nix
@ -1,8 +1,25 @@
+{ config, ... }:
+let
+  inherit (config.networking) fqdn;
+in
 {
  # `journalctl -u murmur.service | grep Password`
  services.murmur = {
    enable = true;
    openFirewall = true;
    bandwidth = 256 * 1024; # 256 Kbit/s
+    sslCert = "/run/credentials/murmur.service/cert";
+    sslKey = "/run/credentials/murmur.service/key";
  };
+
+  systemd.services."murmur".serviceConfig.LoadCredential =
+    let
+      # FIXME: remove somewhat hardcoded path
+      path = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory";
+    in
+    [
+      "cert:${path}/${fqdn}/${fqdn}.crt"
+      "key:${path}/${fqdn}/${fqdn}.key"
+    ];
+
 }