diff --git a/doc/guix.texi b/doc/guix.texi index e2c9edd27..11a9de689 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14194,103 +14194,139 @@ string, you could instantiate a prosody service like this: @node Telephony Services @subsubsection Telephony Services -@cindex Murmur -Murmur is the official server of the @code{mumble} voice over IP (VoIP) software. +@cindex Murmur (VoIP server) +@cindex VoIP server +This section describes how to set up and run a Murmur server. Murmur is +the server of the @uref{https://mumble.info, Mumble} voice-over-IP +(VoIP) suite. @deftp {Data Type} murmur-configuration -The service type for the murmur server. An example configuration can look like this: +The service type for the Murmur server. An example configuration can +look like this: + @example (service murmur-service-type (murmur-configuration - (welcome-text "Welcome to this mumble server running on GuixSD!") - (cert-required? #t) ; disallow text password logins + (welcome-text + "Welcome to this Mumble server running on GuixSD!") + (cert-required? #t) ;disallow text password logins (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem") (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem"))) @end example -After reconfiguring your system, you can manually set the murmur @code{"SuperUser"} +After reconfiguring your system, you can manually set the murmur @code{SuperUser} password with the command that is printed during the activation phase. -It is recommended to register a normal mumble user account + +It is recommended to register a normal Mumble user account and grant it admin or moderator rights. You can use the @code{mumble} client to -login as new normal user, register yourself, and logout. -For the next step login with the name @code{"SuperUser"} use +login as new normal user, register yourself, and log out. +For the next step login with the name @code{SuperUser} use the @code{SuperUser} password that you set previously, -and grant your newly registered mumble user admin/moderator +and grant your newly registered mumble user administrator or moderator rights and create some channels. Available @code{murmur-configuration} fields are: + @table @asis @item @code{package} (default: @code{mumble}) Package that contains @code{bin/murmurd}. + @item @code{user} (default: @code{"murmur"}) -User who will run the murmur server. +User who will run the Murmur server. + @item @code{group} (default: @code{"murmur"}) Group of the user who will run the murmur server. + @item @code{port} (default: @code{64738}) Port on which the server will listen. + @item @code{welcome-text} (default: @code{""}) Welcome text sent to clients when they connect. + @item @code{server-password} (default: @code{""}) Password the clients have to enter in order to connect. + @item @code{max-users} (default: @code{100}) Maximum of users that can be connected to the server at once. + @item @code{max-user-bandwidth} (default: @code{#f}) Maximum voice traffic a user can send per second. + @item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"}) -Filepath location of the sqlite database. +File name of the sqlite database. The service's user will become the owner of the directory. + @item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"}) -Filepath of the log file. +File name of the log file. The service's user will become the owner of the directory. + @item @code{autoban-attempts} (default: @code{10}) Maximum number of logins a user can make in @code{autoban-timeframe} without getting auto banned for @code{autoban-time}. + @item @code{autoban-timeframe} (default: @code{120}) Timeframe for autoban in seconds. + @item @code{autoban-time} (default: @code{300}) Amount of time in seconds for which a client gets banned when violating the autoban limits. + @item @code{opus-threshold} (default: @code{100}) Percentage of clients that need to support opus before switching over to opus audio codec. + @item @code{channel-nesting-limit} (default: @code{10}) How deep channels can be nested at maximum. + @item @code{channelname-regex} (default: @code{#f}) A string in from of a Qt regular expression that channel names must conform to. + @item @code{username-regex} (default: @code{#f}) A string in from of a Qt regular expression that user names must conform to. + @item @code{text-message-length} (default: @code{5000}) Maximum size in bytes that a user can send in one text chat message. + @item @code{image-message-length} (default: @code{(* 128 1024)}) Maximum size in bytes that a user can send in one image message. + @item @code{cert-required?} (default: @code{#f}) If it is set to @code{#t} clients that use weak password authentification will not be accepted. Users must have completed the certificate wizard to join. + @item @code{remember-channel?} (defualt @code{#f}) Should murmur remember the last channel each user was in when they disconnected and put them into the remembered channel when they rejoin. + @item @code{allow-html?} (default: @code{#f}) Should html be allowed in text messages, user comments, and channel descriptions. + @item @code{allow-ping?} (default: @code{#f}) Setting to true exposes the current user count, the maximum user count, and the server's maximum bandwidth per client to unauthenticated users. In the Mumble client, this information is shown in the Connect dialog. Disabling this setting will prevent public listing of the server. + @item @code{bonjour?} (default: @code{#f}) Should the server advertise itself in the local network through the bonjour protocol. + @item @code{send-version?} (default: @code{#f}) Should the murmur server version be exposed in ping requests. + @item @code{log-days} (default: @code{31}) Murmur also stores logs in the database, which are accessible via RPC. The default is 31 days of months, but you can set this setting to 0 to keep logs forever, or -1 to disable logging to the database. + @item @code{obfuscate-ips?} (default @code{#t}) Should logged ips be obfuscated to protect the privacy of users. + @item @code{ssl-cert} (default: @code{#f}) -Filepath to the ssl-cert used for encrypted connections. +File name of the SSL/TLS certificate used for encrypted connections. + @example (ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem") @end example @@ -14299,17 +14335,20 @@ Filepath to the ssl private key used for encrypted connections. @example (ssl-key "/etc/letsencrypt/live/example.com/privkey.pem") @end example + @item @code{ssl-dh-params} (default: @code{#f}) -Filepath to a PEM-encoded file with Diffie-Hellman parameters -for the ssl encryption. Alternatively you set it to +File name of a PEM-encoded file with Diffie-Hellman parameters +for the SSL/TLS encryption. Alternatively you set it to @code{"@@ffdhe2048"}, @code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"} or @code{"@@ffdhe8192"} to use bundled parameters from RFC 7919. + @item @code{ssl-ciphers} (default: @code{#f}) The @code{ssl-ciphers} option chooses the cipher suites to make available for use in SSL/TLS. This option is specified using -@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list notation}. +@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, +OpenSSL cipher list notation}. It is recommended that you try your cipher string using 'openssl ciphers ' before setting it here, to get a feel for which cipher suites you will get. @@ -14319,6 +14358,7 @@ to ensure that Murmur is using the cipher suites that you expected it to. Note: Changing this option may impact the backwards compatibility of your Murmur server, and can remove the ability for older Mumble clients to be able to connect to it. + @item @code{public-registration} (default: @code{#f}) Must be a @code{} record or @code{#f}. @@ -14336,17 +14376,22 @@ Optional alternative override for this configuration. @deftp {Data Type} murmur-public-registration-configuration Configuration for public registration of a murmur service. + @table @asis @item @code{name} This is a display name for your server. Not to be confused with the hostname. + @item @code{password} A password to identify your registration. Subsequent updates will need the same password. Don't lose your password. + @item @code{url} -This should be a http(s):// link to your website. +This should be a @code{http://} or @code{https://} link to your web +site. + @item @code{hostname} (default: @code{#f}) -By default your server will be listed by it's ip. -If it is set your server will be linked by this hostname instead. +By default your server will be listed by its IP address. +If it is set your server will be linked by this host name instead. @end table @end deftp diff --git a/gnu/services/telephony.scm b/gnu/services/telephony.scm index 6c9121ad5..0a735315b 100644 --- a/gnu/services/telephony.scm +++ b/gnu/services/telephony.scm @@ -26,8 +26,7 @@ #:use-module (guix gexp) #:use-module (srfi srfi-1) #:use-module (ice-9 match) - #:export ( - murmur-configuration + #:export (murmur-configuration make-murmur-configuration murmur-configuration? murmur-configuration-package @@ -65,7 +64,6 @@ murmur-configuration-public-registration murmur-configuration-file - murmur-public-registration-configuration make-murmur-public-registration-configuration murmur-public-registration-configuration? @@ -281,7 +279,7 @@ Or set public-registration to #f")))))))) (define (murmur-shepherd-service config) (list (shepherd-service (provision '(murmur)) - (documentation "Run the murmur mumble-server.") + (documentation "Run the Murmur Mumble server.") (requirement '(networking)) (start #~(make-forkexec-constructor '(#$(file-append (murmur-configuration-package config) @@ -294,7 +292,9 @@ Or set public-registration to #f")))))))) (define murmur-service-type (service-type (name 'murmur) - (description "The murmur service type.") + (description + "Run the Murmur voice-over-IP (VoIP) server of the Mumble +suite.") (extensions (list (service-extension shepherd-root-service-type murmur-shepherd-service)