yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'clanModules/murmur: improve secret loading logic' (#2174) from kenji/clan-core:kenji-mumble-improvements into main

Browse Source
This commit is contained in:
clan-bot
2024-09-26 14:45:00 +00:00
parent 71d8d01fdd 74c0d1dd08
commit 2311f9b88e
2 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
checks/mumble/default.nix
View File

@@ -11,8 +11,6 @@
{
clan.core.clanDir = ./.;
environment.systemPackages = [ pkgs.killall ];
services.murmur.sslKey = "/etc/mumble-key";
services.murmur.sslCert = "/etc/mumble-cert";
clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key";
clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert";
}
@@ -37,14 +35,14 @@
"mumble-cert".source = ./peer_1/peer_1_test_cert;
};
systemd.tmpfiles.settings."vmsecrets" = {
"/etc/secrets/mumble-key" = {
"/var/lib/murmur/sslKey" = {
C.argument = "${./peer_1/peer_1_test_key}";
z = {
mode = "0400";
user = "murmur";
};
};
"/etc/secrets/mumble-cert" = {
"/var/lib/murmur/sslCert" = {
C.argument = "${./peer_1/peer_1_test_cert}";
z = {
mode = "0400";
@@ -52,8 +50,6 @@
};
};
};
services.murmur.sslKey = "/etc/mumble-key";
services.murmur.sslCert = "/etc/mumble-cert";
clan.core.facts.services.mumble.secret."mumble-key".path = "/etc/mumble-key";
clan.core.facts.services.mumble.public."mumble-cert".path = "/etc/mumble-cert";
}
@@ -71,14 +67,14 @@
"mumble-cert".source = ./peer_2/peer_2_test_cert;
};
systemd.tmpfiles.settings."vmsecrets" = {
"/etc/secrets/mumble-key" = {
"/var/lib/murmur/sslKey" = {
C.argument = "${./peer_2/peer_2_test_key}";
z = {
mode = "0400";
user = "murmur";
};
};
"/etc/secrets/mumble-cert" = {
"/var/lib/murmur/sslCert" = {
C.argument = "${./peer_2/peer_2_test_cert}";
z = {
mode = "0400";

21
clanModules/mumble/default.nix
View File

@@ -41,8 +41,8 @@ in
registerName = config.clan.core.machineName;
openFirewall = true;
bonjour = true;
sslKey = config.clan.core.facts.services.mumble.secret.mumble-key.path;
sslCert = config.clan.core.facts.services.mumble.public.mumble-cert.path;
sslKey = "/var/lib/murmur/sslKey";
sslCert = "/var/lib/murmur/sslCert";
};
clan.core.state.mumble.folders = [
@@ -54,6 +54,23 @@ in
"d '/var/lib/mumble' 0770 '${config.clan.services.mumble.user}' 'users' - -"
];
systemd.tmpfiles.settings."murmur" = {
"/var/lib/murmur/sslKey" = {
C.argument = config.clan.core.facts.services.mumble.secret.mumble-key.path;
Z = {
mode = "0400";
user = "murmur";
};
};
"/var/lib/murmur/sslCert" = {
C.argument = config.clan.core.facts.services.mumble.public.mumble-cert.path;
Z = {
mode = "0400";
user = "murmur";
};
};
};
environment.systemPackages =
let
mumbleCfgDir = "/var/lib/mumble";