diff options
| author | makefu <github@syntax-fehler.de> | 2021-01-18 23:01:13 +0100 | 
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2021-01-18 23:01:13 +0100 | 
| commit | 96b5248e8514fbbf847d2a5c36dcfb047dd393cb (patch) | |
| tree | a4e11e911ea37ee93a4e5140ccbb04247191aa01 | |
| parent | feb36c2f9a6d4f910c7c36c55a84aa46d30adec4 (diff) | |
ma workadventure: init
| -rw-r--r-- | makefu/2configs/home-manager/zsh.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/workadventure/default.nix | 6 | ||||
| -rw-r--r-- | makefu/2configs/workadventure/jitsi.nix | 59 | ||||
| -rw-r--r-- | makefu/2configs/workadventure/workadventure.nix | 161 | 
4 files changed, 231 insertions, 2 deletions
| diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 8d6c1f2f0..74ac12e7f 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -11,8 +11,7 @@      { #direnv        home-manager.users.makefu.home.packages = [          (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox") -        pkgs.direnv pkgs.nur.repos.kalbasit.nixify ]; -        # home-manager.users.makefu.home.file.".direnvrc".text = ''''; +      ];      }      { # bat        home-manager.users.makefu.home.packages = [ pkgs.bat ]; @@ -25,6 +24,10 @@      }    ];    environment.pathsToLink = [ "/share/zsh" ]; + +  programs.direnv.enable = true; +  programs.direnv.enableNixDirenvIntegration = true; +    home-manager.users.makefu = {      programs.fzf.enable = false; # alt-c      programs.zsh = { diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix new file mode 100644 index 000000000..3c68fca8d --- /dev/null +++ b/makefu/2configs/workadventure/default.nix @@ -0,0 +1,6 @@ +{ +  imports = [ +    ./jitsi.nix +    ./workadventure.nix +  ]; +} diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix new file mode 100644 index 000000000..d5c590746 --- /dev/null +++ b/makefu/2configs/workadventure/jitsi.nix @@ -0,0 +1,59 @@ +{ +  #               +                                       + +  #               |                                       | +  #               |                                       | +  #               v                                       v +  #          80, 443 TCP                          443 TCP, 10000 UDP +  #       +--------------+                     +---------------------+ +  #       |  nginx       |  5222, 5347 TCP     |                     | +  #       |  jitsi-meet  |<-------------------+|  jitsi-videobridge  | +  #       |  prosody     |         |           |                     | +  #       |  jicofo      |         |           +---------------------+ +  #       +--------------+         | +  #                                |           +---------------------+ +  #                                |           |                     | +  #                                +----------+|  jitsi-videobridge  | +  #                                |           |                     | +  #                                |           +---------------------+ +  #                                | +  #                                |           +---------------------+ +  #                                |           |                     | +  #                                +----------+|  jitsi-videobridge  | +  #                                            |                     | +  #                                            +---------------------+ + +  # This is a one server setup +  services.jitsi-meet = { +    enable = true; +    hostName = "meet.euer.krebsco.de"; + +    # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. +    # https://github.com/jitsi/jicofo +    jicofo.enable = true; + +    # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. +    #  Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME +    #  will be used to retrieve a TLS certificate by default. To disable this, set the +    #  services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for +    #  services.nginx.virtualHosts.<hostName>.forceSSL. +    nginx.enable = true; + +    # https://github.com/jitsi/jitsi-meet/blob/master/config.js +    config = { +      enableWelcomePage = true; +      defaultLang = "en"; +    }; + +    # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js +    interfaceConfig = { +      SHOW_JITSI_WATERMARK = false; +      SHOW_WATERMARK_FOR_GUESTS = false; +    }; +  }; + +  networking.firewall = { +    allowedTCPPorts = [ 80 443 ]; +    allowedUDPPorts = [ 10000 ]; +  }; + +} diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix new file mode 100644 index 000000000..2b7eca250 --- /dev/null +++ b/makefu/2configs/workadventure/workadventure.nix @@ -0,0 +1,161 @@ +{ config, pkgs, lib, ... }: +let +  # If your Jitsi environment has authentication set up, +  # you MUST set JITSI_PRIVATE_MODE to "true" and +  # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret +  jitsiPrivateMode = "false"; + +  secretJitsiKey = ""; + +  jitsiISS = ""; + +  workadventureSecretKey = ""; + +  jitsiURL = "meet.euer.krebsco.de"; + +  domain = "work.euer.krebsco.de"; +  # domain will redirect to this map. (not play.${domain}) +  defaultMap = "npeguin.github.io/office-map/map.json"; + +  apiURL = "api.${domain}"; +  apiPort = 9002; + +  frontURL = "play.${domain}"; +  frontPort = 9004; + +  pusherURL = "push.${domain}"; +  pusherPort = 9005; + +  uploaderURL = "ul.${domain}"; +  uploaderPort = 9006; + +  frontImage = "thecodingmachine/workadventure-front:develop"; +  pusherImage = "thecodingmachine/workadventure-pusher:develop"; +  apiImage = "thecodingmachine/workadventure-back:develop"; +  uploaderImage = "thecodingmachine/workadventure-uploader:develop"; + +in { + +  networking.firewall = { +    allowedTCPPorts = [ 80 443 ]; +    allowedUDPPorts = [ 80 443 ]; +  }; + +  services.nginx.enable = true; +  services.nginx.recommendedProxySettings = true; + +  systemd.services.workadventure-network = { +    enable = true; +    wantedBy = [ "multi-user.target" ]; +    script = '' +      ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: +    ''; +    after = [ "docker" ]; +    before = [ +      "docker-workadventure-back.service" +      "docker-workadventure-pusher.service" +      "docker-workadventure-uploader.service" +      "docker-workadventure-website.service" +    ]; +  }; + +  virtualisation.oci-containers.backend = "docker"; + +  services.nginx.virtualHosts."${domain}" = { +    enableACME = true; +    forceSSL = true; +    locations."/" = { +      return = "301 $scheme://play.${domain}/_/global/${defaultMap}"; +    }; +  }; + +  virtualisation.oci-containers.containers.workadventure-front = { +    image = frontImage; +    environment = { +      API_URL = pusherURL; +      JITSI_PRIVATE_MODE = jitsiPrivateMode; +      JITSI_URL = jitsiURL; +      SECRET_JITSI_KEY = secretJitsiKey; +      UPLOADER_URL = uploaderURL; +    }; +    ports = [ "127.0.0.1:${toString frontPort}:80" ]; +    extraOptions = [ "--network=workadventure" ]; +  }; +  services.nginx.virtualHosts."${frontURL}" = { +    enableACME = true; +    forceSSL = true; +    locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; +  }; + +  virtualisation.oci-containers.containers.workadventure-pusher = { +    image = pusherImage; +    environment = { +      API_URL = "workadventure-back:50051"; +      JITSI_ISS = jitsiISS; +      JITSI_URL = jitsiURL; +      SECRET_KEY = workadventureSecretKey; +    }; +    ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; +    extraOptions = [ "--network=workadventure" ]; +  }; +  services.nginx.virtualHosts."${pusherURL}" = { +    enableACME = true; +    forceSSL = true; +    locations."/" = { +      proxyPass = "http://127.0.0.1:${toString pusherPort}"; +      proxyWebsockets = true; +    }; +    locations."/room" = { +      proxyPass = "http://127.0.0.1:${toString pusherPort}"; +      proxyWebsockets = true; +    }; +  }; + +  virtualisation.oci-containers.containers.workadventure-back = { +    image = apiImage; +    environment = { +      #DEBUG = "*"; +      JITSI_ISS = jitsiISS; +      JITSI_URL = jitsiURL; +      SECRET_KEY = workadventureSecretKey; +    }; +    ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; +    extraOptions = [ "--network=workadventure" ]; +  }; +  services.nginx.virtualHosts."${apiURL}" = { +    enableACME = true; +    forceSSL = true; +    locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; +  }; + +  virtualisation.oci-containers.containers.workadventure-uploader = { +    image = uploaderImage; +    ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; +    extraOptions = [ "--network=workadventure" ]; +  }; +  services.nginx.virtualHosts."${uploaderURL}" = { +    enableACME = true; +    forceSSL = true; +    locations."/" = { +      proxyPass = "http://127.0.0.1:${toString uploaderPort}"; +      proxyWebsockets = true; +    }; +  }; + +  systemd.services.docker-workadventure-front.serviceConfig = { +    StandardOutput = lib.mkForce "journal"; +    StandardError = lib.mkForce "journal"; +  }; +  systemd.services.docker-workadventure-uploader.serviceConfig = { +    StandardOutput = lib.mkForce "journal"; +    StandardError = lib.mkForce "journal"; +  }; +  systemd.services.docker-workadventure-pusher.serviceConfig = { +    StandardOutput = lib.mkForce "journal"; +    StandardError = lib.mkForce "journal"; +  }; +  systemd.services.docker-workadventure-back.serviceConfig = { +    StandardOutput = lib.mkForce "journal"; +    StandardError = lib.mkForce "journal"; +  }; +} | 
