diff options
| author | lassulus <git@lassul.us> | 2023-02-22 07:27:10 +0100 | 
|---|---|---|
| committer | lassulus <git@lassul.us> | 2023-02-22 07:32:37 +0100 | 
| commit | 222f1e92dbc10aa389f712ae0d345befe4e5423f (patch) | |
| tree | 705adc51ffcd7832d8aaca06b4803b315fa1931a | |
| parent | 79a7ab4fd8899e7ac197318bb58a3e04affdf459 (diff) | |
l orange.r: add coms service, proxy via neoprism.r
| -rw-r--r-- | lass/1systems/neoprism/config.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/murmur.nix | 42 | ||||
| -rw-r--r-- | lass/2configs/services/coms/default.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/services/coms/jitsi.nix (renamed from lass/2configs/jitsi.nix) | 5 | ||||
| -rw-r--r-- | lass/2configs/services/coms/murmur.nix | 47 | ||||
| -rw-r--r-- | lass/2configs/services/coms/proxy.nix | 41 | 
7 files changed, 103 insertions, 44 deletions
| diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 72de0df83..cc08070af 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -10,6 +10,7 @@      <stockholm/lass/2configs/services/flix/container-host.nix>      <stockholm/lass/2configs/services/radio/container-host.nix>      <stockholm/lass/2configs/ubik-host.nix> +    <stockholm/lass/2configs/orange-host.nix>      <stockholm/krebs/2configs/hotdog-host.nix>      # other containers @@ -18,6 +19,7 @@      # proxying of services      <stockholm/lass/2configs/services/radio/proxy.nix>      <stockholm/lass/2configs/services/flix/proxy.nix> +    <stockholm/lass/2configs/services/coms/proxy.nix>    ];    krebs.build.host = config.krebs.hosts.neoprism; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f23778eba..2e82fae6f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -134,7 +134,7 @@ with import <stockholm/lib>;      <stockholm/lass/2configs/reaktor-coders.nix>      <stockholm/lass/2configs/ciko.nix>      <stockholm/lass/2configs/container-networking.nix> -    <stockholm/lass/2configs/jitsi.nix> +    <stockholm/lass/2configs/services/coms/jitsi.nix>      <stockholm/lass/2configs/fysiirc.nix>      <stockholm/lass/2configs/bgt-bot>      <stockholm/krebs/2configs/mastodon-proxy.nix> @@ -280,7 +280,7 @@ with import <stockholm/lib>;          { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; }        ];      } -    <stockholm/lass/2configs/murmur.nix> +    <stockholm/lass/2configs/services/coms/murmur.nix>      <stockholm/lass/2configs/docker.nix>      {        systemd.services."container@yellow".reloadIfChanged = mkForce false; diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix deleted file mode 100644 index 42670dfbb..000000000 --- a/lass/2configs/murmur.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -{ -  services.murmur = { -    enable = true; -    allowHtml = false; -    bandwidth = 10000000; -    registerName = "lassul.us"; -    autobanTime = 30; -    sslCert = "/var/lib/acme/lassul.us/cert.pem"; -    sslKey = "/var/lib/acme/lassul.us/key.pem"; -  }; -  users.groups.lasscert.members = [ -    "murmur" -  ]; -  krebs.iptables.tables.filter.INPUT.rules = [ -    { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} -    { predicate = "-p udp --dport 64738"; target = "ACCEPT";} -  ]; - -  systemd.services.docker-mumble-web.serviceConfig = { -    StandardOutput = lib.mkForce "journal"; -    StandardError = lib.mkForce "journal"; -  }; -  virtualisation.oci-containers.containers.mumble-web = { -    image = "rankenstein/mumble-web:0.5"; -    environment = { -      MUMBLE_SERVER = "lassul.us:64738"; -    }; -    ports = [ -      "64739:8080" -    ]; -  }; - -  services.nginx.virtualHosts."mumble.lassul.us" = { -    enableACME = true; -    forceSSL = true; -    locations."/" = { -      proxyPass = "http://localhost:64739"; -      proxyWebsockets = true; -    }; -  }; -} diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix new file mode 100644 index 000000000..4bc5f744b --- /dev/null +++ b/lass/2configs/services/coms/default.nix @@ -0,0 +1,6 @@ +{ +  imports = [ +    ./jitsi.nix +    ./murmur.nix +  ]; +} diff --git a/lass/2configs/jitsi.nix b/lass/2configs/services/coms/jitsi.nix index 2c148dcdd..bbcb36166 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/services/coms/jitsi.nix @@ -18,6 +18,11 @@          #{ urls = "turn:turn.${domainName}:3479?transport=udp"; }          #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }        ]; +      constraints.video.height = { +        ideal = 720; +        max = 1080; +        min = 240; +      };      };      interfaceConfig = {        SHOW_JITSI_WATERMARK = false; diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix new file mode 100644 index 000000000..40c53da36 --- /dev/null +++ b/lass/2configs/services/coms/murmur.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +{ +  services.murmur = { +    enable = true; +    # allowHtml = false; +    bandwidth = 10000000; +    registerName = "lassul.us"; +    autobanTime = 30; +    sslCert = "/var/lib/acme/lassul.us/cert.pem"; +    sslKey = "/var/lib/acme/lassul.us/key.pem"; +    extraConfig = '' +      opusthreshold=0 +      # rememberchannelduration=10000 +    ''; +  }; +  krebs.iptables.tables.filter.INPUT.rules = [ +    { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} +    { predicate = "-p udp --dport 64738"; target = "ACCEPT";} +  ]; + +  # services.botamusique = { +  #   enable = true; +  #   settings = { +  #     server.host = "lassul.us"; +  #     bot.auto_check_updates = false; +  #     bot.max_track_duration = 360; +  #     webinterface.enabled = true; +  #   }; +  # }; + +  services.nginx.virtualHosts."lassul.us" = { +    enableACME = true; +  }; +  security.acme.certs."lassul.us" = { +    group = "lasscert"; +  }; +  users.groups.lasscert.members = [ +    "nginx" +    "murmur" +  ]; + +  # services.nginx.virtualHosts."bota.r" = { +  #   locations."/" = { +  #     proxyPass = "http://localhost:8181"; +  #   }; +  # }; +} diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix new file mode 100644 index 000000000..57e132151 --- /dev/null +++ b/lass/2configs/services/coms/proxy.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +let +  tcpports = [ +    4443 # jitsi +    64738 # murmur +  ]; +  udpports = [ +    10000 # jitsi +    64738 # murmur +  ]; +  target = "orange.r"; +in +{ +  networking.firewall.allowedTCPPorts = tcpports; +  networking.firewall.allowedUDPPorts = udpports; +  services.nginx.streamConfig = '' +    ${lib.concatMapStringsSep "\n" (port: '' +      server { +        listen ${toString port}; +        proxy_pass ${target}:${toString port}; +      } +    '') tcpports} +    ${lib.concatMapStringsSep "\n" (port: '' +      server { +        listen ${toString port} udp; +        proxy_pass ${target}:${toString port}; +      } +    '') udpports} +  ''; + +  services.nginx.virtualHosts."jitsi.lassul.us" = { +    enableACME = true; +    acmeFallbackHost = "${target}"; +    addSSL = true; +    locations."/" = { +      recommendedProxySettings = true; +      proxyWebsockets = true; +      proxyPass = "http://${target}"; +    }; +  }; +} | 
