summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-02-18 20:25:47 +0100
committertv <tv@krebsco.de>2021-02-18 20:25:47 +0100
commitf9bc618fada82326ed371b131eaed34d21626ae9 (patch)
treec48156ed3dc16594907c3744b14fcdafd2409206 /makefu/2configs
parent9365aff352d99b7506bafbef6682de7bfb00df27 (diff)
parent8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/bureautomation/office-radio/default.nix6
-rw-r--r--makefu/2configs/bureautomation/office-radio/mpd.nix58
-rw-r--r--makefu/2configs/bureautomation/office-radio/mpdconfig.nix6
-rw-r--r--makefu/2configs/bureautomation/office-radio/webserver.nix40
-rw-r--r--makefu/2configs/deployment/mycube.connector.one.nix9
-rw-r--r--makefu/2configs/deployment/newsbot.nix18
-rw-r--r--makefu/2configs/deployment/wiki-irc-bot/default.nix19
-rw-r--r--makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch45
-rw-r--r--makefu/2configs/ham/automation/giesskanne.nix2
-rw-r--r--makefu/2configs/ham/automation/moodlight.nix41
-rw-r--r--makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix82
-rw-r--r--makefu/2configs/home-manager/zsh.nix33
-rw-r--r--makefu/2configs/hw/droidcam.nix4
-rw-r--r--makefu/2configs/share/omo.nix6
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/workadventure/default.nix6
-rw-r--r--makefu/2configs/workadventure/jitsi.nix59
-rw-r--r--makefu/2configs/workadventure/workadventure.nix161
18 files changed, 497 insertions, 100 deletions
diff --git a/makefu/2configs/bureautomation/office-radio/default.nix b/makefu/2configs/bureautomation/office-radio/default.nix
new file mode 100644
index 000000000..d1c0f4730
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./mpd.nix
+ ./webserver.nix
+ ];
+}
diff --git a/makefu/2configs/bureautomation/office-radio/mpd.nix b/makefu/2configs/bureautomation/office-radio/mpd.nix
new file mode 100644
index 000000000..4fc31fff9
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/mpd.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+let
+ mpds = import ./mpdconfig.nix;
+ systemd_mpd = name: value: let
+ path = "/var/lib/mpd-${name}";
+ num = lib.strings.fixedWidthNumber 2 value;
+ mpdconf = pkgs.writeText "mpd-config-${name}" ''
+ music_directory "${path}/music"
+ playlist_directory "${path}/playlists"
+ db_file "${path}/tag_cache"
+ state_file "${path}/state"
+ sticker_file "${path}/sticker.sql"
+
+ bind_to_address "127.0.0.1"
+ port "66${num}"
+ log_level "default"
+ auto_update "yes"
+ audio_output {
+ type "httpd"
+ name "Office Radio ${num} - ${name}"
+ encoder "vorbis" # optional
+ port "280${num}"
+ quality "5.0" # do not define if bitrate is defined
+ # bitrate "128" # do not define if quality is defined
+ format "44100:16:2"
+ always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ tags "yes" # httpd supports sending tags to listening streams.
+ }
+ '';
+in {
+ after = [ "network.target" ];
+ description = "Office Radio MPD ${toString value} - ${name}";
+ wantedBy = ["multi-user.target"];
+ serviceConfig = {
+ #User = "mpd";
+ DynamicUser = true;
+ ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}";
+ LimitRTPRIO = 50;
+ LimitRTTIME = "infinity";
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ StateDirectory = [ "mpd-${name}" ];
+ };
+ };
+in
+ {
+ systemd.services = lib.attrsets.mapAttrs' (name: value:
+ lib.attrsets.nameValuePair
+ ("office-radio-" +name) (systemd_mpd name value))
+ mpds;
+ }
diff --git a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix
new file mode 100644
index 000000000..b48ceb629
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix
@@ -0,0 +1,6 @@
+{
+ "cybertisch1" = 0;
+ "cybertisch2" = 1;
+ "cyberklo" = 2;
+ "baellebad" = 3;
+}
diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix
new file mode 100644
index 000000000..e2fc6d9e8
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/webserver.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+ mpds = import ./mpdconfig.nix;
+ pkg = pkgs.office-radio;
+in {
+ systemd.services.office-radio-appsrv = {
+ after = [ "network.target" ];
+ description = "Office Radio Appserver";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/office-radio";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+ systemd.services.office-radio-stopper = {
+ after = [ "network.target" ];
+ description = "Office Radio Script to stop idle streams";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/stop-idle-streams";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix
index 379176f78..aa9ff514c 100644
--- a/makefu/2configs/deployment/mycube.connector.one.nix
+++ b/makefu/2configs/deployment/mycube.connector.one.nix
@@ -1,15 +1,12 @@
{ config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module
-with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in {
- services.redis = {
- enable = true;
- };
- systemd.services.redis.serviceConfig.LimitNOFILE=10032;
+ services.redis = { enable = true; };
+ systemd.services.redis.serviceConfig.LimitNOFILE=65536;
services.uwsgi = {
enable = true;
@@ -28,7 +25,7 @@ in {
};
services.nginx = {
- enable = mkDefault true;
+ enable = lib.mkDefault true;
virtualHosts."mybox.connector.one" = {
locations = {
"/".extraConfig = ''
diff --git a/makefu/2configs/deployment/newsbot.nix b/makefu/2configs/deployment/newsbot.nix
deleted file mode 100644
index 748803447..000000000
--- a/makefu/2configs/deployment/newsbot.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- newsfile = pkgs.writeText "feeds" ''
- nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs
- '';
-in {
- environment.systemPackages = [
- pkgs.newsbot-js
- ];
- krebs.newsbot-js = {
- enable = true;
- ircServer = "chat.freenode.net";
- feeds = newsfile;
- urlShortenerHost = "go";
- urlShortenerPort = "80";
- };
-}
diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix
deleted file mode 100644
index 12686efba..000000000
--- a/makefu/2configs/deployment/wiki-irc-bot/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
- patches = [ ./wiki-output.patch ];
- });
- newsfile = pkgs.writeText "feeds" ''
- nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
- '';
-in {
- krebs.newsbot-js = {
- enable = true;
- package = pkg;
- ircServer = "chat.freenode.net";
- feeds = newsfile;
- urlShortenerHost = "go";
- urlShortenerPort = "80";
- };
-}
diff --git a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch b/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
deleted file mode 100644
index 6e1e27853..000000000
--- a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff --git a/newsbot.js b/newsbot.js
-index 42d0666..a284011 100644
---- a/newsbot.js
-+++ b/newsbot.js
-@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
- }
-
- function broadcast_new_item (item) {
-+ console.log('Broadcasting item ',item.link)
- return getShortLink(item.link, function (error, shortlink) {
-- return broadcast(item.title + ' ' + shortlink)
-+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
- })
- }
-
-@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
-
- if (client.lastItems) {
- items.forEach(function (item) {
-- if (!client.lastItems.hasOwnProperty(item.title)) {
-+
-+ if (!client.lastItems.hasOwnProperty(item.guid)) {
- broadcast_new_item(item)
-+ }else {
-+ console.log("Item already seen:",item.guid)
- }
- })
- }
-
- client.lastItems = {}
- items.forEach(function (item) {
-- client.lastItems[item.title] = true
-+ client.lastItems[item.guid] = true
- })
-
- return continue_loop()
-@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
- }
-
- function getShortLink (link, callback) {
-+ callback(null,link)
-+ return
- var form = new FormData()
- try {
- form.append('uri', link)
diff --git a/makefu/2configs/ham/automation/giesskanne.nix b/makefu/2configs/ham/automation/giesskanne.nix
index d89ea595b..4b0fb61dd 100644
--- a/makefu/2configs/ham/automation/giesskanne.nix
+++ b/makefu/2configs/ham/automation/giesskanne.nix
@@ -7,7 +7,7 @@ let
light = "light.espcam_02_light";
seconds = 60; # default shutoff to protect the LED from burning out
};
- seconds = 6;
+ seconds = 60;
pump = "switch.arbeitszimmer_giesskanne_relay";
# sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture";
in
diff --git a/makefu/2configs/ham/automation/moodlight.nix b/makefu/2configs/ham/automation/moodlight.nix
new file mode 100644
index 000000000..df229f16b
--- /dev/null
+++ b/makefu/2configs/ham/automation/moodlight.nix
@@ -0,0 +1,41 @@
+# uses:
+
+let
+ wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht";
+ arbeitszimmer = "light.box_led_status";
+ final_off = "01:00";
+
+ turn_on = entity_id: at:
+ { alias = "Turn on ${entity_id} at ${at}";
+ trigger = [
+ { platform = "time"; inherit at; }
+ ];
+ action =
+ [
+ { service = "light.turn_on"; inherit entity_id; }
+ ];
+ };
+in
+{
+ services.home-assistant.config =
+ {
+ automation =
+ [
+ (turn_on wohnzimmer "17:30")
+ (turn_on arbeitszimmer "9:00")
+
+ { alias = "Always turn off the lights at ${final_off}";
+ trigger = [
+ { platform = "time"; at = final_off; }
+ ];
+ action =
+ [
+ {
+ service = "light.turn_off";
+ entity_id = [ wohnzimmer arbeitszimmer];
+ }
+ ];
+ }
+ ];
+ };
+}
diff --git a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
index f06094662..4303cdfa5 100644
--- a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
+++ b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
@@ -26,6 +26,81 @@ let
data.entity_id = light;
};
};
+ rf_state = code: light: halfbright:
+ let
+ maxbright = 255;
+ transition = 0.2; # seconds
+ in
+ # this function implements a simple state machine based on the state and brightness of the light (light must support brightness
+ {
+ alias = "Cycle through states of ${light} via rf code ${code}";
+ trigger = {
+ platform = "event";
+ event_type = "esphome.rf_code_received";
+ event_data.code = code;
+ };
+ action = {
+ choose = [
+ {
+ # state 0: off to half
+ conditions = {
+ condition = "template";
+ value_template = ''{{ states("${light}") == "off" }}'';
+ };
+ sequence = [
+ {
+ service = "light.turn_on";
+ data = {
+ entity_id = light;
+ brightness = halfbright;
+ };
+ }
+ ];
+ }
+ {
+ # state 1: half to full
+ conditions = {
+ condition = "template";
+ value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}'';
+ };
+ sequence = [
+ {
+ service = "light.turn_on";
+ data = {
+ entity_id = light;
+ brightness = maxbright;
+ };
+ }
+ ];
+ }
+ {
+ # state 2: full to off
+ conditions = {
+ condition = "template";
+ # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere?
+ value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}'';
+ };
+ sequence = [
+ {
+ service = "light.turn_off";
+ data = {
+ entity_id = light;
+ };
+ }
+ ];
+ }
+ ];
+ # default: on to off
+ # this works because state 0 checks for "state == off"
+ default = [{
+ service = "light.turn_off";
+ data = {
+ entity_id = light;
+ };
+ }];
+ };
+ }
+;
rf_toggle = code: light:
{
alias = "Toggle ${light} via rf code ${code}";
@@ -39,14 +114,13 @@ let
data.entity_id = light;
};
};
-
in
{
services.home-assistant.config.automation = [
(rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A
- (rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B
- (rf_toggle "401451" "light.wohnzimmer_komode_osram") # C
- (rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D
+ (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B
+ (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C
+ (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D
# OFF Lane
(rf_turn_off "400554" "all") # A
diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix
index 8d6c1f2f0..cf6f1d334 100644
--- a/makefu/2configs/home-manager/zsh.nix
+++ b/makefu/2configs/home-manager/zsh.nix
@@ -8,11 +8,10 @@
};
};
imports = [
- { #direnv
+ {
home-manager.users.makefu.home.packages = [
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
- pkgs.direnv pkgs.nur.repos.kalbasit.nixify ];
- # home-manager.users.makefu.home.file.".direnvrc".text = '''';
+ ];
}
{ # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ];
@@ -24,8 +23,34 @@
};
}
];
- environment.pathsToLink = [ "/share/zsh" ];
+ environment.pathsToLink = [
+ "/share/zsh"
+ ];
+
+ nix.extraOptions = ''
+ keep-outputs = true
+ keep-derivations = true
+ '';
+
home-manager.users.makefu = {
+
+ programs.direnv.enable = true;
+ programs.direnv.enableNixDirenvIntegration = true;
+ programs.direnv.enableZshIntegration = true;
+ home.packages = [ (pkgs.writeDashBin "nixify" ''
+test ! -e shell.nix && cat > shell.nix <<EOF
+{ pkgs ? import <nixpkgs> {}}:
+
+pkgs.mkShell {
+ nativeBuildInputs = [ pkgs.hello ];
+}
+EOF
+echo "use nix" >> .envrc
+direnv allow
+'')
+ ];
+ #home.packages = [ pkgs.direnv pkgs.nix-direnv ];
+
programs.fzf.enable = false; # alt-c
programs.zsh = {
enable = true;
diff --git a/makefu/2configs/hw/droidcam.nix b/makefu/2configs/hw/droidcam.nix
index c638123bb..adc0aa379 100644
--- a/makefu/2configs/hw/droidcam.nix
+++ b/makefu/2configs/hw/droidcam.nix
@@ -1,7 +1,9 @@
-{ pkgs, config, ... }:
+{ pkgs, config, ... }:
{
boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480";
boot.extraModulePackages = [
(pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; })
];
+ boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ];
+ users.users.makefu.packages = [ pkgs.droidcam ];
}
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index 1a488e69c..d9e22ad71 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -60,6 +60,12 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+ photos = {
+ path = "/media/cryptX/photos";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
crypX-games = {
path = "/media/cryptX/games";
"read only" = "yes";
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 0cf218d46..98bc748dd 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,12 +5,10 @@
mosh
sshfs
rclone
- exfat
(pkgs.callPackage ./secrets.nix {})
opensc pcsctools libu2f-host
];
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.supportedFilesystems = [ "exfat" ];
}
diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix
new file mode 100644
index 000000000..3c68fca8d
--- /dev/null
+++ b/makefu/2configs/workadventure/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./jitsi.nix
+ ./workadventure.nix
+ ];
+}
diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix
new file mode 100644
index 000000000..d5c590746
--- /dev/null
+++ b/makefu/2configs/workadventure/jitsi.nix
@@ -0,0 +1,59 @@
+{
+ # + +
+ # | |
+ # | |
+ # v v
+ # 80, 443 TCP 443 TCP, 10000 UDP
+ # +--------------+ +---------------------+
+ # | nginx | 5222, 5347 TCP | |
+ # | jitsi-meet |<-------------------+| jitsi-videobridge |
+ # | prosody | | | |
+ # | jicofo | | +---------------------+
+ # +--------------+ |
+ # | +---------------------+
+ # | | |
+ # +----------+| jitsi-videobridge |
+ # | | |
+ # | +---------------------+
+ # |
+ # | +---------------------+
+ # | | |
+ # +----------+| jitsi-videobridge |
+ # | |
+ # +---------------------+
+
+ # This is a one server setup
+ services.jitsi-meet = {
+ enable = true;
+ hostName = "meet.euer.krebsco.de";
+
+ # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
+ # https://github.com/jitsi/jicofo
+ jicofo.enable = true;
+
+ # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
+ # Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
+ # will be used to retrieve a TLS certificate by default. To disable this, set the
+ # services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
+ # services.nginx.virtualHosts.<hostName>.forceSSL.
+ nginx.enable = true;
+
+ # https://github.com/jitsi/jitsi-meet/blob/master/config.js
+ config = {
+ enableWelcomePage = true;
+ defaultLang = "en";
+ };
+
+ # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
+ interfaceConfig = {
+ SHOW_JITSI_WATERMARK = false;
+ SHOW_WATERMARK_FOR_GUESTS = false;
+ };
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 10000 ];
+ };
+
+}
diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix
new file mode 100644
index 000000000..2b7eca250
--- /dev/null
+++ b/makefu/2configs/workadventure/workadventure.nix
@@ -0,0 +1,161 @@
+{ config, pkgs, lib, ... }:
+let
+ # If your Jitsi environment has authentication set up,
+ # you MUST set JITSI_PRIVATE_MODE to "true" and
+ # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
+ jitsiPrivateMode = "false";
+
+ secretJitsiKey = "";
+
+ jitsiISS = "";
+
+ workadventureSecretKey = "";
+
+ jitsiURL = "meet.euer.krebsco.de";
+
+ domain = "work.euer.krebsco.de";
+ # domain will redirect to this map. (not play.${domain})
+ defaultMap = "npeguin.github.io/office-map/map.json";
+
+ apiURL = "api.${domain}";
+ apiPort = 9002;
+
+ frontURL = "play.${domain}";
+ frontPort = 9004;
+
+ pusherURL = "push.${domain}";
+ pusherPort = 9005;
+
+ uploaderURL = "ul.${domain}";
+ uploaderPort = 9006;
+
+ frontImage = "thecodingmachine/workadventure-front:develop";
+ pusherImage = "thecodingmachine/workadventure-pusher:develop";
+ apiImage = "thecodingmachine/workadventure-back:develop";
+ uploaderImage = "thecodingmachine/workadventure-uploader:develop";
+
+in {
+
+ networking.firewall = {
+ allowedTCPPorts = [ 80 443 ];
+ allowedUDPPorts = [ 80 443 ];
+ };
+
+ services.nginx.enable = true;
+ services.nginx.recommendedProxySettings = true;
+
+ systemd.services.workadventure-network = {
+ enable = true;
+ wantedBy = [ "multi-user.target" ];
+ script = ''
+ ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
+ '';
+ after = [ "docker" ];
+ before = [
+ "docker-workadventure-back.service"
+ "docker-workadventure-pusher.service"
+ "docker-workadventure-uploader.service"
+ "docker-workadventure-website.service"
+ ];
+ };
+
+ virtualisation.oci-containers.backend = "docker";
+
+ services.nginx.virtualHosts."${domain}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
+ };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-front = {
+ image = frontImage;
+ environment = {
+ API_URL = pusherURL;
+ JITSI_PRIVATE_MODE = jitsiPrivateMode;
+ JITSI_URL = jitsiURL;
+ SECRET_JITSI_KEY = secretJitsiKey;
+ UPLOADER_URL = uploaderURL;
+ };
+ ports = [ "127.0.0.1:${toString frontPort}:80" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${frontURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-pusher = {
+ image = pusherImage;
+ environment = {
+ API_URL = "workadventure-back:50051";
+ JITSI_ISS = jitsiISS;
+ JITSI_URL = jitsiURL;
+ SECRET_KEY = workadventureSecretKey;
+ };
+ ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${pusherURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString pusherPort}";
+ proxyWebsockets = true;
+ };
+ locations."/room" = {
+ proxyPass = "http://127.0.0.1:${toString pusherPort}";
+ proxyWebsockets = true;
+ };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-back = {
+ image = apiImage;
+ environment = {
+ #DEBUG = "*";
+ JITSI_ISS = jitsiISS;
+ JITSI_URL = jitsiURL;
+ SECRET_KEY = workadventureSecretKey;
+ };
+ ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${apiURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
+ };
+
+ virtualisation.oci-containers.containers.workadventure-uploader = {
+ image = uploaderImage;
+ ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
+ extraOptions = [ "--network=workadventure" ];
+ };
+ services.nginx.virtualHosts."${uploaderURL}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString uploaderPort}";
+ proxyWebsockets = true;
+ };
+ };
+
+ systemd.services.docker-workadventure-front.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-uploader.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-pusher.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+ systemd.services.docker-workadventure-back.serviceConfig = {
+ StandardOutput = lib.mkForce "journal";
+ StandardError = lib.mkForce "journal";
+ };
+}