summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/workadventure
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2021-01-18 23:01:13 +0100
committermakefu <github@syntax-fehler.de>2021-01-18 23:01:13 +0100
commit96b5248e8514fbbf847d2a5c36dcfb047dd393cb (patch)
treea4e11e911ea37ee93a4e5140ccbb04247191aa01 /makefu/2configs/workadventure
parentfeb36c2f9a6d4f910c7c36c55a84aa46d30adec4 (diff)
ma workadventure: init
Diffstat (limited to 'makefu/2configs/workadventure')
-rw-r--r--makefu/2configs/workadventure/default.nix6
-rw-r--r--makefu/2configs/workadventure/jitsi.nix59
-rw-r--r--makefu/2configs/workadventure/workadventure.nix161
3 files changed, 226 insertions, 0 deletions
diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix
new file mode 100644
index 000000000..3c68fca8d
--- /dev/null
+++ b/makefu/2configs/workadventure/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./jitsi.nix
+ ./workadventure.nix
+ ];
+}
diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix
new file mode 100644
index 000000000..d5c590746
--- /dev/null
+++ b/makefu/2configs/workadventure/jitsi.nix
@@ -0,0 +1,59 @@
+{
+ # + +
+ # | |
+ # | |
+ # v v
+ # 80, 443 TCP 443 TCP, 10000 UDP
+ # +--------------+ +---------------------+
+ # | nginx | 5222, 5347 TCP | |
+ # | jitsi-meet |<-------------------+| jitsi-videobridge |
+ # | prosody | | | |
+ # | jicofo | | +---------------------+
+ # +--------------+ |
+ # | +---------------------+
+ # | | |
+ # +----------+| jitsi-videobridge |
+ # | | |
+ # | +---------------------+
+ # |
+ # | +---------------------+
+ # | | |
+ # +----------+| jitsi-videobridge |
+ # | |
+ # +---------------------+
+
+ # This is a one server setup
+ services.jitsi-meet = {
+ enable = true;
+ hostName = "meet.euer.krebsco.de";
+
+ # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
+ # https://github.com/jitsi/jicofo
+ jicofo.enable = true;
+
+ # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
+ # Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
+ # will be used to retrieve a TLS certificate by default. To disable this, set the
+ # services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
+ # services.nginx.virtualHosts.<hostName>.forceSSL.
+ nginx.enable = true;
+
+ # https://github.com/jitsi/jitsi-meet/blob/master/config.js
+ config = {
+ enableWelcomePage = true;
+ defaultLang = "en";
+ };
+
+ # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
+ interfaceConfig = {
+ SHOW_JITSI_WATERMARK = false;
+ SHOW_WATERMARK_FOR_GUESTS = false;
+ };
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 10000 ];
+ };
+
+}
diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix
new file mode 100644
index 000000000..2b7eca250
--- /dev/null
+++ b/makefu/2configs/workadventure/workadventure.nix
@@ -0,0 +1,161 @@
+{ config, pkgs, lib, ... }:
+let
+ # If your Jitsi environment has authentication set up,
+ # you MUST set JITSI_PRIVATE_MODE to "true" and
+ # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
+ jitsiPrivateMode = "false";
+
+ secretJitsiKey = "";
+
+ jitsiISS = "";
+
+ workadventureSecretKey = "";
+
+ jitsiURL = "meet.euer.krebsco.de";
+
+ domain = "work.euer.krebsco.de";
+ # domain will redirect to this map. (not play.${domain})
+ defaultMap = "npeguin.github.io/office-map/map.json";
+
+ apiURL = "api.${domain}";
+ apiPort = 9002;
+
+ frontURL = "play.${domain}";
+ frontPort = 9004;
+
+ pusherURL = "push.${domain}";
+ pusherPort = 9005;
+
+ uploaderURL = "ul.${domain}";
+ uploaderPort = 9006;
+
+ frontImage = "thecodingmachine/workadventure-front:develop";
+ pusherImage = "thecodingmachine/workadventure-pusher:develop";
+ apiImage = "thecodingmachine/workadventure-back:develop";
+ uploaderImage = "thecodingmachine/workadventure-uploader:develop";
+
+in {
+
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 80 443 ];
+ };
+
+ services.nginx.enable = true;
+ services.nginx.recommendedProxySettings = true;
+
+ systemd.services.workadventure-network = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ script = ''
+ ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
+ '';
+ after = [ "docker" ];
+ before = [
+ "docker-workadventure-back.service"
+ "docker-workadventure-pusher.service"
+ "docker-workadventure-uploader.service"
+ "docker-workadventure-website.service"
+ ];
+ };
+
+ virtualisation.oci-containers.backend = "docker";
+
+ services.nginx.virtualHosts."${domain}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
+ };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-front = {
+ image = frontImage;
+ environment = {
+ API_URL = pusherURL;
+ JITSI_PRIVATE_MODE = jitsiPrivateMode;
+ JITSI_URL = jitsiURL;
+ SECRET_JITSI_KEY = secretJitsiKey;
+ UPLOADER_URL = uploaderURL;
+ };
+ ports = [ "127.0.0.1:${toString frontPort}:80" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${frontURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-pusher = {
+ image = pusherImage;
+ environment = {
+ API_URL = "workadventure-back:50051";
+ JITSI_ISS = jitsiISS;
+ JITSI_URL = jitsiURL;
+ SECRET_KEY = workadventureSecretKey;
+ };
+ ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${pusherURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString pusherPort}";
+ proxyWebsockets = true;
+ };
+ locations."/room" = {
+ proxyPass = "http://127.0.0.1:${toString pusherPort}";
+ proxyWebsockets = true;
+ };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-back = {
+ image = apiImage;
+ environment = {
+ #DEBUG = "*";
+ JITSI_ISS = jitsiISS;
+ JITSI_URL = jitsiURL;
+ SECRET_KEY = workadventureSecretKey;
+ };
+ ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${apiURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-uploader = {
+ image = uploaderImage;
+ ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${uploaderURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString uploaderPort}";
+ proxyWebsockets = true;
+ };
+ };
+
+ systemd.services.docker-workadventure-front.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-uploader.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-pusher.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-back.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+}