summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/prism/config.nix14
-rw-r--r--lass/2configs/murmur.nix39
2 files changed, 40 insertions, 13 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 6ce4332da..3a6ab25a4 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -276,19 +276,7 @@ with import <stockholm/lib>;
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
- {
- services.murmur = {
- enable = true;
- bandwidth = 10000000;
- registerName = "lassul.us";
- autobanTime = 30;
- };
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
- ];
-
- }
+ <stockholm/lass/2configs/murmur.nix>
{
systemd.services."container@yellow".reloadIfChanged = mkForce false;
containers.yellow = {
diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix
new file mode 100644
index 000000000..9f325d0af
--- /dev/null
+++ b/lass/2configs/murmur.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+{
+ services.murmur = {
+ enable = true;
+ bandwidth = 10000000;
+ registerName = "lassul.us";
+ autobanTime = 30;
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
+ ];
+
+ systemd.services.docker-mumble-web.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ virtualisation.oci-containers.containers.mumble-web = {
+ image = "rankenstein/mumble-web";
+ environment = {
+ MUMBLE_SERVER = "lassul.us:64738";
+ };
+ ports = [
+ "64739:8080"
+ ];
+ };
+
+ services.nginx.virtualHosts."mumble.lassul.us" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:64739/;
+ proxy_set_header Accept-Encoding "";
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ '';
+ };
+}