diff options
author | tv <tv@krebsco.de> | 2021-02-18 20:25:47 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2021-02-18 20:25:47 +0100 |
commit | f9bc618fada82326ed371b131eaed34d21626ae9 (patch) | |
tree | c48156ed3dc16594907c3744b14fcdafd2409206 /makefu/2configs | |
parent | 9365aff352d99b7506bafbef6682de7bfb00df27 (diff) | |
parent | 8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
18 files changed, 497 insertions, 100 deletions
diff --git a/makefu/2configs/bureautomation/office-radio/default.nix b/makefu/2configs/bureautomation/office-radio/default.nix new file mode 100644 index 000000000..d1c0f4730 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./mpd.nix + ./webserver.nix + ]; +} diff --git a/makefu/2configs/bureautomation/office-radio/mpd.nix b/makefu/2configs/bureautomation/office-radio/mpd.nix new file mode 100644 index 000000000..4fc31fff9 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/mpd.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + mpds = import ./mpdconfig.nix; + systemd_mpd = name: value: let + path = "/var/lib/mpd-${name}"; + num = lib.strings.fixedWidthNumber 2 value; + mpdconf = pkgs.writeText "mpd-config-${name}" '' + music_directory "${path}/music" + playlist_directory "${path}/playlists" + db_file "${path}/tag_cache" + state_file "${path}/state" + sticker_file "${path}/sticker.sql" + + bind_to_address "127.0.0.1" + port "66${num}" + log_level "default" + auto_update "yes" + audio_output { + type "httpd" + name "Office Radio ${num} - ${name}" + encoder "vorbis" # optional + port "280${num}" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. + } + ''; +in { + after = [ "network.target" ]; + description = "Office Radio MPD ${toString value} - ${name}"; + wantedBy = ["multi-user.target"]; + serviceConfig = { + #User = "mpd"; + DynamicUser = true; + ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}"; + LimitRTPRIO = 50; + LimitRTTIME = "infinity"; + ProtectSystem = true; + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + Restart = "always"; + StateDirectory = [ "mpd-${name}" ]; + }; + }; +in + { + systemd.services = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair + ("office-radio-" +name) (systemd_mpd name value)) + mpds; + } diff --git a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix new file mode 100644 index 000000000..b48ceb629 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix @@ -0,0 +1,6 @@ +{ + "cybertisch1" = 0; + "cybertisch2" = 1; + "cyberklo" = 2; + "baellebad" = 3; +} diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix new file mode 100644 index 000000000..e2fc6d9e8 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/webserver.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +let + mpds = import ./mpdconfig.nix; + pkg = pkgs.office-radio; +in { + systemd.services.office-radio-appsrv = { + after = [ "network.target" ]; + description = "Office Radio Appserver"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkg}/bin/office-radio"; + DynamicUser = true; + ProtectSystem = true; + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + Restart = "always"; + }; + }; + systemd.services.office-radio-stopper = { + after = [ "network.target" ]; + description = "Office Radio Script to stop idle streams"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkg}/bin/stop-idle-streams"; + DynamicUser = true; + ProtectSystem = true; + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + Restart = "always"; + }; + }; +} diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 379176f78..aa9ff514c 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: # more than just nginx config but not enough to become a module -with import <stockholm/lib>; let hostname = config.krebs.build.host.name; external-ip = config.krebs.build.host.nets.internet.ip4.addr; wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; in { - services.redis = { - enable = true; - }; - systemd.services.redis.serviceConfig.LimitNOFILE=10032; + services.redis = { enable = true; }; + systemd.services.redis.serviceConfig.LimitNOFILE=65536; services.uwsgi = { enable = true; @@ -28,7 +25,7 @@ in { }; services.nginx = { - enable = mkDefault true; + enable = lib.mkDefault true; virtualHosts."mybox.connector.one" = { locations = { "/".extraConfig = '' diff --git a/makefu/2configs/deployment/newsbot.nix b/makefu/2configs/deployment/newsbot.nix deleted file mode 100644 index 748803447..000000000 --- a/makefu/2configs/deployment/newsbot.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: - -let - newsfile = pkgs.writeText "feeds" '' - nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs - ''; -in { - environment.systemPackages = [ - pkgs.newsbot-js - ]; - krebs.newsbot-js = { - enable = true; - ircServer = "chat.freenode.net"; - feeds = newsfile; - urlShortenerHost = "go"; - urlShortenerPort = "80"; - }; -} diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix deleted file mode 100644 index 12686efba..000000000 --- a/makefu/2configs/deployment/wiki-irc-bot/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: - -let - pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: { - patches = [ ./wiki-output.patch ]; - }); - newsfile = pkgs.writeText "feeds" '' - nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs - ''; -in { - krebs.newsbot-js = { - enable = true; - package = pkg; - ircServer = "chat.freenode.net"; - feeds = newsfile; - urlShortenerHost = "go"; - urlShortenerPort = "80"; - }; -} diff --git a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch b/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch deleted file mode 100644 index 6e1e27853..000000000 --- a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/newsbot.js b/newsbot.js -index 42d0666..a284011 100644 ---- a/newsbot.js -+++ b/newsbot.js -@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) { - } - - function broadcast_new_item (item) { -+ console.log('Broadcasting item ',item.link) - return getShortLink(item.link, function (error, shortlink) { -- return broadcast(item.title + ' ' + shortlink) -+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink) - }) - } - -@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) { - - if (client.lastItems) { - items.forEach(function (item) { -- if (!client.lastItems.hasOwnProperty(item.title)) { -+ -+ if (!client.lastItems.hasOwnProperty(item.guid)) { - broadcast_new_item(item) -+ }else { -+ console.log("Item already seen:",item.guid) - } - }) - } - - client.lastItems = {} - items.forEach(function (item) { -- client.lastItems[item.title] = true -+ client.lastItems[item.guid] = true - }) - - return continue_loop() -@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) { - } - - function getShortLink (link, callback) { -+ callback(null,link) -+ return - var form = new FormData() - try { - form.append('uri', link) diff --git a/makefu/2configs/ham/automation/giesskanne.nix b/makefu/2configs/ham/automation/giesskanne.nix index d89ea595b..4b0fb61dd 100644 --- a/makefu/2configs/ham/automation/giesskanne.nix +++ b/makefu/2configs/ham/automation/giesskanne.nix @@ -7,7 +7,7 @@ let light = "light.espcam_02_light"; seconds = 60; # default shutoff to protect the LED from burning out }; - seconds = 6; + seconds = 60; pump = "switch.arbeitszimmer_giesskanne_relay"; # sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; in diff --git a/makefu/2configs/ham/automation/moodlight.nix b/makefu/2configs/ham/automation/moodlight.nix new file mode 100644 index 000000000..df229f16b --- /dev/null +++ b/makefu/2configs/ham/automation/moodlight.nix @@ -0,0 +1,41 @@ +# uses: + +let + wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht"; + arbeitszimmer = "light.box_led_status"; + final_off = "01:00"; + + turn_on = entity_id: at: + { alias = "Turn on ${entity_id} at ${at}"; + trigger = [ + { platform = "time"; inherit at; } + ]; + action = + [ + { service = "light.turn_on"; inherit entity_id; } + ]; + }; +in +{ + services.home-assistant.config = + { + automation = + [ + (turn_on wohnzimmer "17:30") + (turn_on arbeitszimmer "9:00") + + { alias = "Always turn off the lights at ${final_off}"; + trigger = [ + { platform = "time"; at = final_off; } + ]; + action = + [ + { + service = "light.turn_off"; + entity_id = [ wohnzimmer arbeitszimmer]; + } + ]; + } + ]; + }; +} diff --git a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix index f06094662..4303cdfa5 100644 --- a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix +++ b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix @@ -26,6 +26,81 @@ let data.entity_id = light; }; }; + rf_state = code: light: halfbright: + let + maxbright = 255; + transition = 0.2; # seconds + in + # this function implements a simple state machine based on the state and brightness of the light (light must support brightness + { + alias = "Cycle through states of ${light} via rf code ${code}"; + trigger = { + platform = "event"; + event_type = "esphome.rf_code_received"; + event_data.code = code; + }; + action = { + choose = [ + { + # state 0: off to half + conditions = { + condition = "template"; + value_template = ''{{ states("${light}") == "off" }}''; + }; + sequence = [ + { + service = "light.turn_on"; + data = { + entity_id = light; + brightness = halfbright; + }; + } + ]; + } + { + # state 1: half to full + conditions = { + condition = "template"; + value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}''; + }; + sequence = [ + { + service = "light.turn_on"; + data = { + entity_id = light; + brightness = maxbright; + }; + } + ]; + } + { + # state 2: full to off + conditions = { + condition = "template"; + # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere? + value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}''; + }; + sequence = [ + { + service = "light.turn_off"; + data = { + entity_id = light; + }; + } + ]; + } + ]; + # default: on to off + # this works because state 0 checks for "state == off" + default = [{ + service = "light.turn_off"; + data = { + entity_id = light; + }; + }]; + }; + } +; rf_toggle = code: light: { alias = "Toggle ${light} via rf code ${code}"; @@ -39,14 +114,13 @@ let data.entity_id = light; }; }; - in { services.home-assistant.config.automation = [ (rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A - (rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B - (rf_toggle "401451" "light.wohnzimmer_komode_osram") # C - (rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D + (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B + (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C + (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D # OFF Lane (rf_turn_off "400554" "all") # A diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 8d6c1f2f0..cf6f1d334 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -8,11 +8,10 @@ }; }; imports = [ - { #direnv + { home-manager.users.makefu.home.packages = [ (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox") - pkgs.direnv pkgs.nur.repos.kalbasit.nixify ]; - # home-manager.users.makefu.home.file.".direnvrc".text = ''''; + ]; } { # bat home-manager.users.makefu.home.packages = [ pkgs.bat ]; @@ -24,8 +23,34 @@ }; } ]; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = [ + "/share/zsh" + ]; + + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + ''; + home-manager.users.makefu = { + + programs.direnv.enable = true; + programs.direnv.enableNixDirenvIntegration = true; + programs.direnv.enableZshIntegration = true; + home.packages = [ (pkgs.writeDashBin "nixify" '' +test ! -e shell.nix && cat > shell.nix <<EOF +{ pkgs ? import <nixpkgs> {}}: + +pkgs.mkShell { + nativeBuildInputs = [ pkgs.hello ]; +} +EOF +echo "use nix" >> .envrc +direnv allow +'') + ]; + #home.packages = [ pkgs.direnv pkgs.nix-direnv ]; + programs.fzf.enable = false; # alt-c programs.zsh = { enable = true; diff --git a/makefu/2configs/hw/droidcam.nix b/makefu/2configs/hw/droidcam.nix index c638123bb..adc0aa379 100644 --- a/makefu/2configs/hw/droidcam.nix +++ b/makefu/2configs/hw/droidcam.nix @@ -1,7 +1,9 @@ -{ pkgs, config, ... }: +{ pkgs, config, ... }: { boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480"; boot.extraModulePackages = [ (pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; }) ]; + boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ]; + users.users.makefu.packages = [ pkgs.droidcam ]; } diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 1a488e69c..d9e22ad71 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -60,6 +60,12 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + photos = { + path = "/media/cryptX/photos"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; crypX-games = { path = "/media/cryptX/games"; "read only" = "yes"; diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 0cf218d46..98bc748dd 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,12 +5,10 @@ mosh sshfs rclone - exfat (pkgs.callPackage ./secrets.nix {}) opensc pcsctools libu2f-host ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; boot.supportedFilesystems = [ "exfat" ]; } diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix new file mode 100644 index 000000000..3c68fca8d --- /dev/null +++ b/makefu/2configs/workadventure/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./workadventure.nix + ]; +} diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix new file mode 100644 index 000000000..d5c590746 --- /dev/null +++ b/makefu/2configs/workadventure/jitsi.nix @@ -0,0 +1,59 @@ +{ + # + + + # | | + # | | + # v v + # 80, 443 TCP 443 TCP, 10000 UDP + # +--------------+ +---------------------+ + # | nginx | 5222, 5347 TCP | | + # | jitsi-meet |<-------------------+| jitsi-videobridge | + # | prosody | | | | + # | jicofo | | +---------------------+ + # +--------------+ | + # | +---------------------+ + # | | | + # +----------+| jitsi-videobridge | + # | | | + # | +---------------------+ + # | + # | +---------------------+ + # | | | + # +----------+| jitsi-videobridge | + # | | + # +---------------------+ + + # This is a one server setup + services.jitsi-meet = { + enable = true; + hostName = "meet.euer.krebsco.de"; + + # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. + # https://github.com/jitsi/jicofo + jicofo.enable = true; + + # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. + # Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME + # will be used to retrieve a TLS certificate by default. To disable this, set the + # services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for + # services.nginx.virtualHosts.<hostName>.forceSSL. + nginx.enable = true; + + # https://github.com/jitsi/jitsi-meet/blob/master/config.js + config = { + enableWelcomePage = true; + defaultLang = "en"; + }; + + # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 10000 ]; + }; + +} diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix new file mode 100644 index 000000000..2b7eca250 --- /dev/null +++ b/makefu/2configs/workadventure/workadventure.nix @@ -0,0 +1,161 @@ +{ config, pkgs, lib, ... }: +let + # If your Jitsi environment has authentication set up, + # you MUST set JITSI_PRIVATE_MODE to "true" and + # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret + jitsiPrivateMode = "false"; + + secretJitsiKey = ""; + + jitsiISS = ""; + + workadventureSecretKey = ""; + + jitsiURL = "meet.euer.krebsco.de"; + + domain = "work.euer.krebsco.de"; + # domain will redirect to this map. (not play.${domain}) + defaultMap = "npeguin.github.io/office-map/map.json"; + + apiURL = "api.${domain}"; + apiPort = 9002; + + frontURL = "play.${domain}"; + frontPort = 9004; + + pusherURL = "push.${domain}"; + pusherPort = 9005; + + uploaderURL = "ul.${domain}"; + uploaderPort = 9006; + + frontImage = "thecodingmachine/workadventure-front:develop"; + pusherImage = "thecodingmachine/workadventure-pusher:develop"; + apiImage = "thecodingmachine/workadventure-back:develop"; + uploaderImage = "thecodingmachine/workadventure-uploader:develop"; + +in { + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; + }; + + services.nginx.enable = true; + services.nginx.recommendedProxySettings = true; + + systemd.services.workadventure-network = { + enable = true; + wantedBy = [ "multi-user.target" ]; + script = '' + ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: + ''; + after = [ "docker" ]; + before = [ + "docker-workadventure-back.service" + "docker-workadventure-pusher.service" + "docker-workadventure-uploader.service" + "docker-workadventure-website.service" + ]; + }; + + virtualisation.oci-containers.backend = "docker"; + + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "301 $scheme://play.${domain}/_/global/${defaultMap}"; + }; + }; + + virtualisation.oci-containers.containers.workadventure-front = { + image = frontImage; + environment = { + API_URL = pusherURL; + JITSI_PRIVATE_MODE = jitsiPrivateMode; + JITSI_URL = jitsiURL; + SECRET_JITSI_KEY = secretJitsiKey; + UPLOADER_URL = uploaderURL; + }; + ports = [ "127.0.0.1:${toString frontPort}:80" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${frontURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-pusher = { + image = pusherImage; + environment = { + API_URL = "workadventure-back:50051"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${pusherURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + locations."/room" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + }; + + virtualisation.oci-containers.containers.workadventure-back = { + image = apiImage; + environment = { + #DEBUG = "*"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${apiURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-uploader = { + image = uploaderImage; + ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${uploaderURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString uploaderPort}"; + proxyWebsockets = true; + }; + }; + + systemd.services.docker-workadventure-front.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-uploader.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-pusher.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-back.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; +} |