25 lines
651 B
Nix
25 lines
651 B
Nix
{ config, ... }:
|
|
let
|
|
inherit (config.networking) fqdn;
|
|
in
|
|
{
|
|
# `journalctl -u murmur.service | grep Password`
|
|
services.murmur = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
bandwidth = 256 * 1024; # 256 Kbit/s
|
|
sslCert = "/run/credentials/murmur.service/cert";
|
|
sslKey = "/run/credentials/murmur.service/key";
|
|
};
|
|
|
|
systemd.services."murmur".serviceConfig.LoadCredential =
|
|
let
|
|
# FIXME: remove somewhat hardcoded path
|
|
path = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory";
|
|
in
|
|
[
|
|
"cert:${path}/${fqdn}/${fqdn}.crt"
|
|
"key:${path}/${fqdn}/${fqdn}.key"
|
|
];
|
|
|
|
}
|