hosts/plover: update Wezterm mux server configuration

hosts/plover/config/wezterm/config.lua

@@ -3,5 +3,6 @@ return {
     pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem",
     pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem",
     pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem",
+    bind_address = "@host_address@:@port@",
   }
 }

hosts/plover/modules/services/wezterm-mux-server.nix

@@ -3,14 +3,25 @@
 # We're setting up Wezterm mux server with TLS domains.
 let
   weztermDomain = "mux.${config.networking.domain}";
+
+  configFile = pkgs.substituteAll {
+    src = ../../config/wezterm/config.lua;
+    domain = weztermDomain;
+    port = 9801;
+  };
 in
 {
   services.wezterm-mux-server = {
     enable = true;
-    configFile = ../../config/wezterm/config.lua;
+    inherit configFile;
+    user = "plover";
+    group = "users";
   };
 
-  systemd.services.wezterm-mux-server.serviceConfig = {
+  systemd.services.wezterm-mux-server = {
+    requires = [ "acme-finished-${weztermDomain}.target" ];
+    environment.WEZTERM_LOG = "info";
+    serviceConfig = {
       LoadCredential = let
         certDir = config.security.acme.certs."${weztermDomain}".directory;
         credentialCertPath = path: "${path}:${certDir}/${path}";
@@ -21,6 +32,7 @@ in
         (credentialCertPath "fullchain.pem")
       ];
     };
+  };
 
   security.acme.certs."${weztermDomain}".postRun = ''
     systemctl restart wezterm-mux-server.service