From b1072a437ba52832ebf2b55dc2b7c553aca738ab Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Thu, 20 Jul 2023 10:40:45 +0800
Subject: [PATCH] hosts/plover: add and configure Wezterm mux server

Not yet fully configured though so we'll have to update the Wezterm
server configuration.
---
 hosts/plover/config/wezterm/config.lua        |  7 ++++++
 hosts/plover/default.nix                      |  1 +
 .../modules/services/wezterm-mux-server.nix   | 23 +++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 hosts/plover/config/wezterm/config.lua
 create mode 100644 hosts/plover/modules/services/wezterm-mux-server.nix

diff --git a/hosts/plover/config/wezterm/config.lua b/hosts/plover/config/wezterm/config.lua
new file mode 100644
index 00000000..6c475549
--- /dev/null
+++ b/hosts/plover/config/wezterm/config.lua
@@ -0,0 +1,7 @@
+return {
+  tls_servers = {
+    pem_private_key = "@CERT_DIR@/key.pem",
+    pem_cert = "@CERT_DIR@/cert.pem",
+    pem_ca = "@CERT_DIR@/fullchain.pem",
+  }
+}
diff --git a/hosts/plover/default.nix b/hosts/plover/default.nix
index e3622504..33f2af15 100644
--- a/hosts/plover/default.nix
+++ b/hosts/plover/default.nix
@@ -40,6 +40,7 @@ in
     ./modules/services/portunus.nix
     ./modules/services/vaultwarden.nix
     ./modules/services/wireguard.nix
+    ./modules/services/wezterm-mux-server.nix
   ];
 
   # Automatic format and partitioning.
diff --git a/hosts/plover/modules/services/wezterm-mux-server.nix b/hosts/plover/modules/services/wezterm-mux-server.nix
new file mode 100644
index 00000000..8f7a7d3e
--- /dev/null
+++ b/hosts/plover/modules/services/wezterm-mux-server.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+# We're setting up Wezterm mux server with TLS domains.
+let
+  weztermDomain = "mux.${config.networking.domain}";
+  configFile = pkgs.substituteAll {
+    src = ../../config/wezterm/config.lua;
+    CERT_DIR = config.security.acme.certs."${weztermDomain}".directory;
+  };
+in
+{
+  services.wezterm-mux-server = {
+    inherit configFile;
+    enable = true;
+  };
+
+  security.acme.certs."${weztermDomain}" = {
+    group = "wezterm";
+    postRun = ''
+      systemctl restart wezterm-mux-server.service
+    '';
+  };
+}