diff --git a/hosts/plover/config/wezterm/config.lua b/hosts/plover/config/wezterm/config.lua index cb00a9fd..ea9d53bd 100644 --- a/hosts/plover/config/wezterm/config.lua +++ b/hosts/plover/config/wezterm/config.lua @@ -3,5 +3,6 @@ return { pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem", pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem", pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem", + bind_address = "@host_address@:@port@", } } diff --git a/hosts/plover/modules/services/wezterm-mux-server.nix b/hosts/plover/modules/services/wezterm-mux-server.nix index 0d61f969..b10e6ba5 100644 --- a/hosts/plover/modules/services/wezterm-mux-server.nix +++ b/hosts/plover/modules/services/wezterm-mux-server.nix @@ -3,23 +3,35 @@ # We're setting up Wezterm mux server with TLS domains. let weztermDomain = "mux.${config.networking.domain}"; + + configFile = pkgs.substituteAll { + src = ../../config/wezterm/config.lua; + domain = weztermDomain; + port = 9801; + }; in { services.wezterm-mux-server = { enable = true; - configFile = ../../config/wezterm/config.lua; + inherit configFile; + user = "plover"; + group = "users"; }; - systemd.services.wezterm-mux-server.serviceConfig = { - LoadCredential = let - certDir = config.security.acme.certs."${weztermDomain}".directory; - credentialCertPath = path: "${path}:${certDir}/${path}"; - in - [ - (credentialCertPath "key.pem") - (credentialCertPath "cert.pem") - (credentialCertPath "fullchain.pem") - ]; + systemd.services.wezterm-mux-server = { + requires = [ "acme-finished-${weztermDomain}.target" ]; + environment.WEZTERM_LOG = "info"; + serviceConfig = { + LoadCredential = let + certDir = config.security.acme.certs."${weztermDomain}".directory; + credentialCertPath = path: "${path}:${certDir}/${path}"; + in + [ + (credentialCertPath "key.pem") + (credentialCertPath "cert.pem") + (credentialCertPath "fullchain.pem") + ]; + }; }; security.acme.certs."${weztermDomain}".postRun = ''