summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--lass/1systems/prism/config.nix14
-rw-r--r--lass/2configs/murmur.nix39
3 files changed, 41 insertions, 13 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b19e2e6f..7ad725cd 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -47,6 +47,7 @@ in {
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6ce4332d..3a6ab25a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -276,19 +276,7 @@ with import <stockholm/lib>;
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
- {
- services.murmur = {
- enable = true;
- bandwidth = 10000000;
- registerName = "lassul.us";
- autobanTime = 30;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
- ];
-
- }
+ <stockholm/lass/2configs/murmur.nix>
{
systemd.services."container@yellow".reloadIfChanged = mkForce false;
containers.yellow = {
diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix
new file mode 100644
index 00000000..9f325d0a
--- /dev/null
+++ b/lass/2configs/murmur.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+{
+ services.murmur = {
+ enable = true;
+ bandwidth = 10000000;
+ registerName = "lassul.us";
+ autobanTime = 30;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
+ ];
+
+ systemd.services.docker-mumble-web.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ virtualisation.oci-containers.containers.mumble-web = {
+ image = "rankenstein/mumble-web";
+ environment = {
+ MUMBLE_SERVER = "lassul.us:64738";
+ };
+ ports = [
+ "64739:8080"
+ ];
+ };
+
+ services.nginx.virtualHosts."mumble.lassul.us" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:64739/;
+ proxy_set_header Accept-Encoding "";
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ '';
+ };
+}