Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ma workadventure: init

Browse Source
This commit is contained in:
makefu 2021-01-18 23:01:13 +01:00
parent feb36c2f9a
commit 96b5248e85
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
4 changed files with 231 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
makefu/2configs/home-manager/zsh.nix
View File

@ -11,8 +11,7 @@
{ #direnv { #direnv
home-manager.users.makefu.home.packages = [ home-manager.users.makefu.home.packages = [
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox") (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
pkgs.direnv pkgs.nur.repos.kalbasit.nixify ]; ];
# home-manager.users.makefu.home.file.".direnvrc".text = '''';
} }
{ # bat { # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ]; home-manager.users.makefu.home.packages = [ pkgs.bat ];
@ -25,6 +24,10 @@
} }
]; ];
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
programs.direnv.enable = true;
programs.direnv.enableNixDirenvIntegration = true;
home-manager.users.makefu = { home-manager.users.makefu = {
programs.fzf.enable = false; # alt-c programs.fzf.enable = false; # alt-c
programs.zsh = { programs.zsh = {

6
makefu/2configs/workadventure/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./jitsi.nix
./workadventure.nix
];
}

59
makefu/2configs/workadventure/jitsi.nix Normal file
View File

@ -0,0 +1,59 @@
{
# + +
# | |
# | |
# v v
# 80, 443 TCP 443 TCP, 10000 UDP
# +--------------+ +---------------------+
# | nginx | 5222, 5347 TCP | |
# | jitsi-meet |<-------------------+| jitsi-videobridge |
# | prosody | | | |
# | jicofo | | +---------------------+
# +--------------+ |
# | +---------------------+
# | | |
# +----------+| jitsi-videobridge |
# | | |
# | +---------------------+
# |
# | +---------------------+
# | | |
# +----------+| jitsi-videobridge |
# | |
# +---------------------+
# This is a one server setup
services.jitsi-meet = {
enable = true;
hostName = "meet.euer.krebsco.de";
# JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
# https://github.com/jitsi/jicofo
jicofo.enable = true;
# Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
# Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
# will be used to retrieve a TLS certificate by default. To disable this, set the
# services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
# services.nginx.virtualHosts.<hostName>.forceSSL.
nginx.enable = true;
# https://github.com/jitsi/jitsi-meet/blob/master/config.js
config = {
enableWelcomePage = true;
defaultLang = "en";
};
# https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
};
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 10000 ];
};
}

161
makefu/2configs/workadventure/workadventure.nix Normal file
View File

@ -0,0 +1,161 @@
{ config, pkgs, lib, ... }:
let
# If your Jitsi environment has authentication set up,
# you MUST set JITSI_PRIVATE_MODE to "true" and
# you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
jitsiPrivateMode = "false";
secretJitsiKey = "";
jitsiISS = "";
workadventureSecretKey = "";
jitsiURL = "meet.euer.krebsco.de";
domain = "work.euer.krebsco.de";
# domain will redirect to this map. (not play.${domain})
defaultMap = "npeguin.github.io/office-map/map.json";
apiURL = "api.${domain}";
apiPort = 9002;
frontURL = "play.${domain}";
frontPort = 9004;
pusherURL = "push.${domain}";
pusherPort = 9005;
uploaderURL = "ul.${domain}";
uploaderPort = 9006;
frontImage = "thecodingmachine/workadventure-front:develop";
pusherImage = "thecodingmachine/workadventure-pusher:develop";
apiImage = "thecodingmachine/workadventure-back:develop";
uploaderImage = "thecodingmachine/workadventure-uploader:develop";
in {
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 ];
};
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
systemd.services.workadventure-network = {
enable = true;
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
'';
after = [ "docker" ];
before = [
"docker-workadventure-back.service"
"docker-workadventure-pusher.service"
"docker-workadventure-uploader.service"
"docker-workadventure-website.service"
];
};
virtualisation.oci-containers.backend = "docker";
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
};
};
virtualisation.oci-containers.containers.workadventure-front = {
image = frontImage;
environment = {
API_URL = pusherURL;
JITSI_PRIVATE_MODE = jitsiPrivateMode;
JITSI_URL = jitsiURL;
SECRET_JITSI_KEY = secretJitsiKey;
UPLOADER_URL = uploaderURL;
};
ports = [ "127.0.0.1:${toString frontPort}:80" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${frontURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
};
virtualisation.oci-containers.containers.workadventure-pusher = {
image = pusherImage;
environment = {
API_URL = "workadventure-back:50051";
JITSI_ISS = jitsiISS;
JITSI_URL = jitsiURL;
SECRET_KEY = workadventureSecretKey;
};
ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${pusherURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
proxyWebsockets = true;
};
locations."/room" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
proxyWebsockets = true;
};
};
virtualisation.oci-containers.containers.workadventure-back = {
image = apiImage;
environment = {
#DEBUG = "*";
JITSI_ISS = jitsiISS;
JITSI_URL = jitsiURL;
SECRET_KEY = workadventureSecretKey;
};
ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${apiURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
};
virtualisation.oci-containers.containers.workadventure-uploader = {
image = uploaderImage;
ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${uploaderURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString uploaderPort}";
proxyWebsockets = true;
};
};
systemd.services.docker-workadventure-front.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-uploader.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-pusher.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-back.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
}