diff options
author | lassulus <lassulus@lassul.us> | 2021-01-28 18:07:02 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2021-01-28 18:07:02 +0100 |
commit | 10a397b299698f94561115e8239ed0cd8877c0fe (patch) | |
tree | 5a58fe88ab8551763818a400f6ebbbd7c69c56ea /makefu/2configs/workadventure | |
parent | 549f3fd553155412f04870a31849b29776a63d59 (diff) | |
parent | 0ea65cef9aa2f936f357c624fc53a393f79d8fcc (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs/workadventure')
-rw-r--r-- | makefu/2configs/workadventure/default.nix | 6 | ||||
-rw-r--r-- | makefu/2configs/workadventure/jitsi.nix | 59 | ||||
-rw-r--r-- | makefu/2configs/workadventure/workadventure.nix | 161 |
3 files changed, 226 insertions, 0 deletions
diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix new file mode 100644 index 000000000..3c68fca8d --- /dev/null +++ b/makefu/2configs/workadventure/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./workadventure.nix + ]; +} diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix new file mode 100644 index 000000000..d5c590746 --- /dev/null +++ b/makefu/2configs/workadventure/jitsi.nix @@ -0,0 +1,59 @@ +{ + # + + + # | | + # | | + # v v + # 80, 443 TCP 443 TCP, 10000 UDP + # +--------------+ +---------------------+ + # | nginx | 5222, 5347 TCP | | + # | jitsi-meet |<-------------------+| jitsi-videobridge | + # | prosody | | | | + # | jicofo | | +---------------------+ + # +--------------+ | + # | +---------------------+ + # | | | + # +----------+| jitsi-videobridge | + # | | | + # | +---------------------+ + # | + # | +---------------------+ + # | | | + # +----------+| jitsi-videobridge | + # | | + # +---------------------+ + + # This is a one server setup + services.jitsi-meet = { + enable = true; + hostName = "meet.euer.krebsco.de"; + + # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. + # https://github.com/jitsi/jicofo + jicofo.enable = true; + + # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. + # Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME + # will be used to retrieve a TLS certificate by default. To disable this, set the + # services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for + # services.nginx.virtualHosts.<hostName>.forceSSL. + nginx.enable = true; + + # https://github.com/jitsi/jitsi-meet/blob/master/config.js + config = { + enableWelcomePage = true; + defaultLang = "en"; + }; + + # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 10000 ]; + }; + +} diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix new file mode 100644 index 000000000..2b7eca250 --- /dev/null +++ b/makefu/2configs/workadventure/workadventure.nix @@ -0,0 +1,161 @@ +{ config, pkgs, lib, ... }: +let + # If your Jitsi environment has authentication set up, + # you MUST set JITSI_PRIVATE_MODE to "true" and + # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret + jitsiPrivateMode = "false"; + + secretJitsiKey = ""; + + jitsiISS = ""; + + workadventureSecretKey = ""; + + jitsiURL = "meet.euer.krebsco.de"; + + domain = "work.euer.krebsco.de"; + # domain will redirect to this map. (not play.${domain}) + defaultMap = "npeguin.github.io/office-map/map.json"; + + apiURL = "api.${domain}"; + apiPort = 9002; + + frontURL = "play.${domain}"; + frontPort = 9004; + + pusherURL = "push.${domain}"; + pusherPort = 9005; + + uploaderURL = "ul.${domain}"; + uploaderPort = 9006; + + frontImage = "thecodingmachine/workadventure-front:develop"; + pusherImage = "thecodingmachine/workadventure-pusher:develop"; + apiImage = "thecodingmachine/workadventure-back:develop"; + uploaderImage = "thecodingmachine/workadventure-uploader:develop"; + +in { + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; + }; + + services.nginx.enable = true; + services.nginx.recommendedProxySettings = true; + + systemd.services.workadventure-network = { + enable = true; + wantedBy = [ "multi-user.target" ]; + script = '' + ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: + ''; + after = [ "docker" ]; + before = [ + "docker-workadventure-back.service" + "docker-workadventure-pusher.service" + "docker-workadventure-uploader.service" + "docker-workadventure-website.service" + ]; + }; + + virtualisation.oci-containers.backend = "docker"; + + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "301 $scheme://play.${domain}/_/global/${defaultMap}"; + }; + }; + + virtualisation.oci-containers.containers.workadventure-front = { + image = frontImage; + environment = { + API_URL = pusherURL; + JITSI_PRIVATE_MODE = jitsiPrivateMode; + JITSI_URL = jitsiURL; + SECRET_JITSI_KEY = secretJitsiKey; + UPLOADER_URL = uploaderURL; + }; + ports = [ "127.0.0.1:${toString frontPort}:80" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${frontURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-pusher = { + image = pusherImage; + environment = { + API_URL = "workadventure-back:50051"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${pusherURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + locations."/room" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + }; + + virtualisation.oci-containers.containers.workadventure-back = { + image = apiImage; + environment = { + #DEBUG = "*"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${apiURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-uploader = { + image = uploaderImage; + ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${uploaderURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString uploaderPort}"; + proxyWebsockets = true; + }; + }; + + systemd.services.docker-workadventure-front.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-uploader.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-pusher.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-back.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; +} |