tyo0/murmur: use ssl certificate

This commit is contained in:
Guanran Wang 2024-10-02 15:25:23 +08:00
parent 97f94d43d4
commit 280edb17f7
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF

View file

@ -1,8 +1,25 @@
{ config, ... }:
let
inherit (config.networking) fqdn;
in
{
# `journalctl -u murmur.service | grep Password`
services.murmur = {
enable = true;
openFirewall = true;
bandwidth = 256 * 1024; # 256 Kbit/s
sslCert = "/run/credentials/murmur.service/cert";
sslKey = "/run/credentials/murmur.service/key";
};
systemd.services."murmur".serviceConfig.LoadCredential =
let
# FIXME: remove somewhat hardcoded path
path = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory";
in
[
"cert:${path}/${fqdn}/${fqdn}.crt"
"key:${path}/${fqdn}/${fqdn}.key"
];
}