ma workadventure: init

2021-01-18 23:01:13 +01:00 · 2021-01-18 23:01:13 +01:00 · 96b5248e85
commit 96b5248e85
parent feb36c2f9a
4 changed files with 231 additions and 2 deletions
--- a/makefu/2configs/home-manager/zsh.nix
+++ b/makefu/2configs/home-manager/zsh.nix
@ -11,8 +11,7 @@
    { #direnv
      home-manager.users.makefu.home.packages = [
        (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
-        pkgs.direnv pkgs.nur.repos.kalbasit.nixify ];
-        # home-manager.users.makefu.home.file.".direnvrc".text = '''';
+      ];
    }
    { # bat
      home-manager.users.makefu.home.packages = [ pkgs.bat ];
@ -25,6 +24,10 @@
    }
  ];
  environment.pathsToLink = [ "/share/zsh" ];
+
+  programs.direnv.enable = true;
+  programs.direnv.enableNixDirenvIntegration = true;
+
  home-manager.users.makefu = {
    programs.fzf.enable = false; # alt-c
    programs.zsh = {
--- a/makefu/2configs/workadventure/default.nix
+++ b/makefu/2configs/workadventure/default.nix
@ -0,0 +1,6 @@
+{
+  imports = [
+    ./jitsi.nix
+    ./workadventure.nix
+  ];
+}
--- a/makefu/2configs/workadventure/jitsi.nix
+++ b/makefu/2configs/workadventure/jitsi.nix
@ -0,0 +1,59 @@
+{
+  #               +                                       +
+  #               |                                       |
+  #               |                                       |
+  #               v                                       v
+  #          80, 443 TCP                          443 TCP, 10000 UDP
+  #       +--------------+                     +---------------------+
+  #       |  nginx       |  5222, 5347 TCP     |                     |
+  #       |  jitsi-meet  |<-------------------+|  jitsi-videobridge  |
+  #       |  prosody     |         |           |                     |
+  #       |  jicofo      |         |           +---------------------+
+  #       +--------------+         |
+  #                                |           +---------------------+
+  #                                |           |                     |
+  #                                +----------+|  jitsi-videobridge  |
+  #                                |           |                     |
+  #                                |           +---------------------+
+  #                                |
+  #                                |           +---------------------+
+  #                                |           |                     |
+  #                                +----------+|  jitsi-videobridge  |
+  #                                            |                     |
+  #                                            +---------------------+
+
+  # This is a one server setup
+  services.jitsi-meet = {
+    enable = true;
+    hostName = "meet.euer.krebsco.de";
+
+    # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
+    # https://github.com/jitsi/jicofo
+    jicofo.enable = true;
+
+    # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
+    #  Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
+    #  will be used to retrieve a TLS certificate by default. To disable this, set the
+    #  services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
+    #  services.nginx.virtualHosts.<hostName>.forceSSL.
+    nginx.enable = true;
+
+    # https://github.com/jitsi/jitsi-meet/blob/master/config.js
+    config = {
+      enableWelcomePage = true;
+      defaultLang = "en";
+    };
+
+    # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
+    interfaceConfig = {
+      SHOW_JITSI_WATERMARK = false;
+      SHOW_WATERMARK_FOR_GUESTS = false;
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 80 443 ];
+    allowedUDPPorts = [ 10000 ];
+  };
+
+}
--- a/makefu/2configs/workadventure/workadventure.nix
+++ b/makefu/2configs/workadventure/workadventure.nix
@ -0,0 +1,161 @@
+{ config, pkgs, lib, ... }:
+let
+  # If your Jitsi environment has authentication set up,
+  # you MUST set JITSI_PRIVATE_MODE to "true" and
+  # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
+  jitsiPrivateMode = "false";
+
+  secretJitsiKey = "";
+
+  jitsiISS = "";
+
+  workadventureSecretKey = "";
+
+  jitsiURL = "meet.euer.krebsco.de";
+
+  domain = "work.euer.krebsco.de";
+  # domain will redirect to this map. (not play.${domain})
+  defaultMap = "npeguin.github.io/office-map/map.json";
+
+  apiURL = "api.${domain}";
+  apiPort = 9002;
+
+  frontURL = "play.${domain}";
+  frontPort = 9004;
+
+  pusherURL = "push.${domain}";
+  pusherPort = 9005;
+
+  uploaderURL = "ul.${domain}";
+  uploaderPort = 9006;
+
+  frontImage = "thecodingmachine/workadventure-front:develop";
+  pusherImage = "thecodingmachine/workadventure-pusher:develop";
+  apiImage = "thecodingmachine/workadventure-back:develop";
+  uploaderImage = "thecodingmachine/workadventure-uploader:develop";
+
+in {
+
+  networking.firewall = {
+    allowedTCPPorts = [ 80 443 ];
+    allowedUDPPorts = [ 80 443 ];
+  };
+
+  services.nginx.enable = true;
+  services.nginx.recommendedProxySettings = true;
+
+  systemd.services.workadventure-network = {
+    enable = true;
+    wantedBy = [ "multi-user.target" ];
+    script = ''
+      ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
+    '';
+    after = [ "docker" ];
+    before = [
+      "docker-workadventure-back.service"
+      "docker-workadventure-pusher.service"
+      "docker-workadventure-uploader.service"
+      "docker-workadventure-website.service"
+    ];
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
+    };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-front = {
+    image = frontImage;
+    environment = {
+      API_URL = pusherURL;
+      JITSI_PRIVATE_MODE = jitsiPrivateMode;
+      JITSI_URL = jitsiURL;
+      SECRET_JITSI_KEY = secretJitsiKey;
+      UPLOADER_URL = uploaderURL;
+    };
+    ports = [ "127.0.0.1:${toString frontPort}:80" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${frontURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-pusher = {
+    image = pusherImage;
+    environment = {
+      API_URL = "workadventure-back:50051";
+      JITSI_ISS = jitsiISS;
+      JITSI_URL = jitsiURL;
+      SECRET_KEY = workadventureSecretKey;
+    };
+    ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${pusherURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString pusherPort}";
+      proxyWebsockets = true;
+    };
+    locations."/room" = {
+      proxyPass = "http://127.0.0.1:${toString pusherPort}";
+      proxyWebsockets = true;
+    };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-back = {
+    image = apiImage;
+    environment = {
+      #DEBUG = "*";
+      JITSI_ISS = jitsiISS;
+      JITSI_URL = jitsiURL;
+      SECRET_KEY = workadventureSecretKey;
+    };
+    ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${apiURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-uploader = {
+    image = uploaderImage;
+    ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${uploaderURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString uploaderPort}";
+      proxyWebsockets = true;
+    };
+  };
+
+  systemd.services.docker-workadventure-front.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+  systemd.services.docker-workadventure-uploader.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+  systemd.services.docker-workadventure-pusher.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+  systemd.services.docker-workadventure-back.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+}