diff --git a/.forgejo/workflows/cachix.yml b/.forgejo/workflows/cachix.yml index 751f6033..8bbdf9dd 100644 --- a/.forgejo/workflows/cachix.yml +++ b/.forgejo/workflows/cachix.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v4 - run: apt update && apt install -y sudo - - uses: https://github.com/cachix/install-nix-action@v30 + - uses: https://github.com/cachix/install-nix-action@v31 with: enable_kvm: false github_access_token: '${{ secrets.ACCESS_TOKEN_GITHUB }}' diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index ddc38c72..d91cc6f4 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v4 - run: apt update && apt install -y sudo - - uses: https://github.com/cachix/install-nix-action@v30 + - uses: https://github.com/cachix/install-nix-action@v31 with: enable_kvm: false github_access_token: '${{ secrets.ACCESS_TOKEN_GITHUB }}' @@ -40,7 +40,7 @@ jobs: with: name: flake.lock - run: apt update && apt install -y sudo - - uses: https://github.com/cachix/install-nix-action@v30 + - uses: https://github.com/cachix/install-nix-action@v31 with: enable_kvm: false github_access_token: '${{ secrets.ACCESS_TOKEN_GITHUB }}' diff --git a/flake.lock b/flake.lock index a0815531..a1cf2034 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1742633756, - "narHash": "sha256-sZW/LHBFev9b2BZljlAKKb88JsDx0ebtd+hSZHCxY+4=", + "lastModified": 1742985972, + "narHash": "sha256-RQ283gaz2bxCNaY+8CJZURYL0gJSLT+da7wSYmxYR10=", "owner": "accentor", "repo": "api", - "rev": "12844b427f1c2f8a1b92adba51bae84530b7fcd0", + "rev": "37f102a1a7792aaf3b61165ca169e8a16792c7c1", "type": "github" }, "original": { @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1742633842, - "narHash": "sha256-0LjEDL0HMgZ0vwqL0JEwPX1lTVVenzEsbBEr5oCbz7s=", + "lastModified": 1742986115, + "narHash": "sha256-zOijWG+HRfg4okuwvgulTgqS6OosD/jqmqmQOfLGou0=", "owner": "accentor", "repo": "web", - "rev": "3c63be693318dff9a2e0d9bdf686b604e9160d43", + "rev": "204b53502032355dbdea0adbc3ddb601863fe3c5", "type": "github" }, "original": { @@ -139,11 +139,11 @@ ] }, "locked": { - "lastModified": 1742595055, - "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", + "lastModified": 1742869675, + "narHash": "sha256-rgwUZJZVztaNYPTsf6MIqirPL5r2JTMMyHuzk1ezyYk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "e9f41de2a81f04390afd106959adf352a207628f", + "rev": "bb81755a3674951724d79b8cba6bbff01409d44d", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1742721191, - "narHash": "sha256-TPIHB+dW1SXBkL/KBVdgzOWz59CGYcX/yKk1/tEmxdE=", + "lastModified": 1743063724, + "narHash": "sha256-Rc0+3NxNeVcU1uOppQa5lGuVQQNPSKEqGN051iILccc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f42d70c2f52e2e1da8e6cdd0fb1a5a1485e51a5e", + "rev": "616ec6ce6e0df878a95ad6884452fd728e8e9386", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1742740113, - "narHash": "sha256-0FpSJtQ6rlBg/5ywpXw4CFzE+27rlZWj3GSx8QvyONM=", + "lastModified": 1742996658, + "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b61ae3b677a07c30cf6be5233e772b97a3a8b2fb", + "rev": "693840c01b9bef9e54100239cef937e53d4661bf", "type": "github" }, "original": { @@ -361,25 +361,24 @@ "locked": { "lastModified": 1742413977, "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", - "owner": "yu-re-ka", + "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", "rev": "b4fbffe79c00f19be94b86b4144ff67541613659", "type": "gitlab" }, "original": { - "owner": "yu-re-ka", - "ref": "dovecot2-modules", + "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", "type": "gitlab" } }, "nixpkgs": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1742889210, + "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "698214a32beb4f4c8e3942372c694f40848b360d", "type": "github" }, "original": { @@ -422,11 +421,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1742512142, - "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -445,11 +444,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1742740271, - "narHash": "sha256-lvHGAYLICWYt7yLTZYtN7zXsanTYl8G/npxcwe3UPNw=", + "lastModified": 1743058919, + "narHash": "sha256-o8Uh5+5DbEuwoaYo1d9G0mLyIQ6LcN4GcWpOvdoZIMY=", "owner": "nix-community", "repo": "NUR", - "rev": "d5e510e8b40bc20a1082a1f419161310bead3238", + "rev": "28d3daa92d92a61134fba2cddcd85e80d83fc0ad", "type": "github" }, "original": { @@ -508,11 +507,11 @@ ] }, "locked": { - "lastModified": 1742523106, - "narHash": "sha256-MC2qdq9wp+MKNzIJ+wc3w6dhFZ1CWV8oo1FArjcb9TQ=", + "lastModified": 1742985818, + "narHash": "sha256-32n52OiAuf40VtjqKAUtWlIkE6O7zMVMiCJRFu1QXi4=", "owner": "chvp", "repo": "tetris", - "rev": "5d3ef8c91cd1dc8bf5e33f8ed47c7f75c05b2548", + "rev": "e7ab5cd51385ad09807fbc44f519d6045b7ec76c", "type": "github" }, "original": { @@ -558,11 +557,11 @@ ] }, "locked": { - "lastModified": 1742520959, - "narHash": "sha256-XI8tnbuFR+ZHGcqBQxyerb/M4pzoXgtp4Qoc2RXSUzg=", + "lastModified": 1742985351, + "narHash": "sha256-Fgy7qd1QxVL2nse9WUvhTgLmtDdsT25lGVntsrQ+YCo=", "ref": "refs/heads/main", - "rev": "e209c92e435232e3d6e23917df17ffb9cbd2492b", - "revCount": 98, + "rev": "0ba0f88a6e3613c7dd776ab31bd62dc107dc3a0e", + "revCount": 100, "type": "git", "url": "https://git.chvp.be/chvp/www.chvp.be" }, diff --git a/flake.nix b/flake.nix index f90d5d3b..387edaca 100644 --- a/flake.nix +++ b/flake.nix @@ -69,7 +69,7 @@ }; }; nixos-mailserver = { - url = "gitlab:yu-re-ka/nixos-mailserver/dovecot2-modules"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; inputs.nixpkgs.follows = "nixpkgs"; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -129,7 +129,7 @@ www-chvp-be.overlays.default ]; commonModules = [ - lix-module.nixosModules.default # Even though it's a "nixosModule" it's actually compatible with Darwin as well + lix-module.nixosModules.lixFromNixpkgs # Even though it's a "nixosModule" it's actually compatible with Darwin as well ./modules/shared ]; nixosModules = [ diff --git a/machines/marabethia/default.nix b/machines/marabethia/default.nix index db92865e..562ddcaf 100644 --- a/machines/marabethia/default.nix +++ b/machines/marabethia/default.nix @@ -91,6 +91,7 @@ git.enable = true; mail.enable = true; matrix.enable = true; + mumble.enable = true; nextcloud.enable = true; nginx.hosts = [ { diff --git a/machines/marabethia/hardware.nix b/machines/marabethia/hardware.nix index f7fe8faf..a8e541b9 100644 --- a/machines/marabethia/hardware.nix +++ b/machines/marabethia/hardware.nix @@ -65,6 +65,10 @@ device = "zroot/safe/services/forgejo"; fsType = "zfs"; }; + "/var/lib/murmur" = { + device = "zroot/local/services/murmur"; + fsType = "zfs"; + }; "/var/vmail" = { device = "zroot/safe/services/mail"; fsType = "zfs"; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 8c23dda0..d52b4cae 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -8,6 +8,7 @@ ./git ./mail ./matrix + ./mumble ./nextcloud ./nginx ./torrents diff --git a/modules/nixos/services/mumble/default.nix b/modules/nixos/services/mumble/default.nix new file mode 100644 index 00000000..4410b3b2 --- /dev/null +++ b/modules/nixos/services/mumble/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +{ + options.chvp.services.mumble.enable = lib.mkOption { + default = false; + example = true; + }; + + + config = lib.mkIf config.chvp.services.mumble.enable { + services.murmur = { + enable = true; + environmentFile = config.age.secrets."passwords/services/murmur".path; + openFirewall = true; + password = "$MURMURD_PASSWORD"; + sslKey = "${config.security.acme.certs."vanpetegem.me".directory}/key.pem"; + sslCert = "${config.security.acme.certs."vanpetegem.me".directory}/cert.pem"; + sslCa = "${config.security.acme.certs."vanpetegem.me".directory}/chain.pem"; + }; + users.users.murmur.extraGroups = [ "acme" ]; + age.secrets."passwords/services/murmur" = { + file = ../../../../secrets/passwords/services/murmur.age; + owner = "murmur"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index b2af858e..a82ecdca 100644 --- a/secrets.nix +++ b/secrets.nix @@ -66,6 +66,8 @@ in "secrets/passwords/services/git/mail-password.age".publicKeys = [ marabethia ] ++ users; "secrets/passwords/services/git/token-file.age".publicKeys = [ elendel ] ++ users; + "secrets/passwords/services/murmur.age".publicKeys = [ marabethia ] ++ users; + "secrets/passwords/services/nextcloud-admin.age".publicKeys = [ marabethia ] ++ users; "secrets/passwords/services/data-basic-auth.age".publicKeys = [ elendel ] ++ users; diff --git a/secrets/passwords/services/murmur.age b/secrets/passwords/services/murmur.age new file mode 100644 index 00000000..8d4b6db9 --- /dev/null +++ b/secrets/passwords/services/murmur.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 9+Fe5A XyJjsUUO2h7f++xRBDG49iHLxFxuR9acUOwa9+/1DBU +RRgrX0Vzyvah+bZXIvyYJizEx6YoAn2IahJlTqRjCYc +-> ssh-ed25519 s9rb8g D9Pms7pInTp1a2XzkjnxM1YX9hM+yDfHGfn2vrbIPDs +SLG08eiFDMSO2hegu/aSrWdUW6FfIp3AIY3i0oy9CBE +-> ssh-ed25519 +xxExQ MziN/GpIcgNK8kI8ZXvmLBY7kEhG/JJu9zxv1Aj/mx4 +qgwxeoeXNTvTXiJ9niZg6xbbZ2GspyCZTgTYpN7zkL0 +--- v9mX4yRYWvCIj/tIfM6i3gLmZUWpm+Yj+ks1ecasgDM +eGO*K^ˣ)t1f +ՒRVDR*n6|EE4)IY \ No newline at end of file