hosts/plover: add and configure Wezterm mux server

Not yet fully configured though so we'll have to update the Wezterm
server configuration.

hosts/plover/config/wezterm/config.lua

@@ -0,0 +1,7 @@
+return {
+  tls_servers = {
+    pem_private_key = "@CERT_DIR@/key.pem",
+    pem_cert = "@CERT_DIR@/cert.pem",
+    pem_ca = "@CERT_DIR@/fullchain.pem",
+  }
+}

hosts/plover/default.nix

@@ -40,6 +40,7 @@ in
     ./modules/services/portunus.nix
     ./modules/services/vaultwarden.nix
     ./modules/services/wireguard.nix
+    ./modules/services/wezterm-mux-server.nix
   ];
 
   # Automatic format and partitioning.

hosts/plover/modules/services/wezterm-mux-server.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+# We're setting up Wezterm mux server with TLS domains.
+let
+  weztermDomain = "mux.${config.networking.domain}";
+  configFile = pkgs.substituteAll {
+    src = ../../config/wezterm/config.lua;
+    CERT_DIR = config.security.acme.certs."${weztermDomain}".directory;
+  };
+in
+{
+  services.wezterm-mux-server = {
+    inherit configFile;
+    enable = true;
+  };
+
+  security.acme.certs."${weztermDomain}" = {
+    group = "wezterm";
+    postRun = ''
+      systemctl restart wezterm-mux-server.service
+    '';
+  };
+}