From 222f1e92dbc10aa389f712ae0d345befe4e5423f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2023 07:27:10 +0100 Subject: [PATCH] l orange.r: add coms service, proxy via neoprism.r --- lass/1systems/neoprism/config.nix | 2 + lass/1systems/prism/config.nix | 4 +- lass/2configs/murmur.nix | 42 ------------------ lass/2configs/services/coms/default.nix | 6 +++ lass/2configs/{ => services/coms}/jitsi.nix | 5 +++ lass/2configs/services/coms/murmur.nix | 47 +++++++++++++++++++++ lass/2configs/services/coms/proxy.nix | 41 ++++++++++++++++++ 7 files changed, 103 insertions(+), 44 deletions(-) delete mode 100644 lass/2configs/murmur.nix create mode 100644 lass/2configs/services/coms/default.nix rename lass/2configs/{ => services/coms}/jitsi.nix (91%) create mode 100644 lass/2configs/services/coms/murmur.nix create mode 100644 lass/2configs/services/coms/proxy.nix diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 72de0df83..cc08070af 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -10,6 +10,7 @@ + # other containers @@ -18,6 +19,7 @@ # proxying of services + ]; krebs.build.host = config.krebs.hosts.neoprism; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f23778eba..2e82fae6f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -134,7 +134,7 @@ with import ; - + @@ -280,7 +280,7 @@ with import ; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; } ]; } - + { systemd.services."container@yellow".reloadIfChanged = mkForce false; diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix deleted file mode 100644 index 42670dfbb..000000000 --- a/lass/2configs/murmur.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.murmur = { - enable = true; - allowHtml = false; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - sslCert = "/var/lib/acme/lassul.us/cert.pem"; - sslKey = "/var/lib/acme/lassul.us/key.pem"; - }; - users.groups.lasscert.members = [ - "murmur" - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - systemd.services.docker-mumble-web.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - virtualisation.oci-containers.containers.mumble-web = { - image = "rankenstein/mumble-web:0.5"; - environment = { - MUMBLE_SERVER = "lassul.us:64738"; - }; - ports = [ - "64739:8080" - ]; - }; - - services.nginx.virtualHosts."mumble.lassul.us" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:64739"; - proxyWebsockets = true; - }; - }; -} diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix new file mode 100644 index 000000000..4bc5f744b --- /dev/null +++ b/lass/2configs/services/coms/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./murmur.nix + ]; +} diff --git a/lass/2configs/jitsi.nix b/lass/2configs/services/coms/jitsi.nix similarity index 91% rename from lass/2configs/jitsi.nix rename to lass/2configs/services/coms/jitsi.nix index 2c148dcdd..bbcb36166 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/services/coms/jitsi.nix @@ -18,6 +18,11 @@ #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } ]; + constraints.video.height = { + ideal = 720; + max = 1080; + min = 240; + }; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix new file mode 100644 index 000000000..40c53da36 --- /dev/null +++ b/lass/2configs/services/coms/murmur.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + # allowHtml = false; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + sslCert = "/var/lib/acme/lassul.us/cert.pem"; + sslKey = "/var/lib/acme/lassul.us/key.pem"; + extraConfig = '' + opusthreshold=0 + # rememberchannelduration=10000 + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + # services.botamusique = { + # enable = true; + # settings = { + # server.host = "lassul.us"; + # bot.auto_check_updates = false; + # bot.max_track_duration = 360; + # webinterface.enabled = true; + # }; + # }; + + services.nginx.virtualHosts."lassul.us" = { + enableACME = true; + }; + security.acme.certs."lassul.us" = { + group = "lasscert"; + }; + users.groups.lasscert.members = [ + "nginx" + "murmur" + ]; + + # services.nginx.virtualHosts."bota.r" = { + # locations."/" = { + # proxyPass = "http://localhost:8181"; + # }; + # }; +} diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix new file mode 100644 index 000000000..57e132151 --- /dev/null +++ b/lass/2configs/services/coms/proxy.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +let + tcpports = [ + 4443 # jitsi + 64738 # murmur + ]; + udpports = [ + 10000 # jitsi + 64738 # murmur + ]; + target = "orange.r"; +in +{ + networking.firewall.allowedTCPPorts = tcpports; + networking.firewall.allowedUDPPorts = udpports; + services.nginx.streamConfig = '' + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port}; + proxy_pass ${target}:${toString port}; + } + '') tcpports} + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port} udp; + proxy_pass ${target}:${toString port}; + } + '') udpports} + ''; + + services.nginx.virtualHosts."jitsi.lassul.us" = { + enableACME = true; + acmeFallbackHost = "${target}"; + addSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://${target}"; + }; + }; +}