l orange.r: add coms service, proxy via neoprism.r

This commit is contained in:
lassulus 2023-02-22 07:27:10 +01:00
parent 79a7ab4fd8
commit 222f1e92db
7 changed files with 103 additions and 44 deletions

View file

@ -10,6 +10,7 @@
<stockholm/lass/2configs/services/flix/container-host.nix>
<stockholm/lass/2configs/services/radio/container-host.nix>
<stockholm/lass/2configs/ubik-host.nix>
<stockholm/lass/2configs/orange-host.nix>
<stockholm/krebs/2configs/hotdog-host.nix>
# other containers
@ -18,6 +19,7 @@
# proxying of services
<stockholm/lass/2configs/services/radio/proxy.nix>
<stockholm/lass/2configs/services/flix/proxy.nix>
<stockholm/lass/2configs/services/coms/proxy.nix>
];
krebs.build.host = config.krebs.hosts.neoprism;

View file

@ -134,7 +134,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/jitsi.nix>
<stockholm/lass/2configs/services/coms/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
<stockholm/krebs/2configs/mastodon-proxy.nix>
@ -280,7 +280,7 @@ with import <stockholm/lib>;
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; }
];
}
<stockholm/lass/2configs/murmur.nix>
<stockholm/lass/2configs/services/coms/murmur.nix>
<stockholm/lass/2configs/docker.nix>
{
systemd.services."container@yellow".reloadIfChanged = mkForce false;

View file

@ -1,42 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.murmur = {
enable = true;
allowHtml = false;
bandwidth = 10000000;
registerName = "lassul.us";
autobanTime = 30;
sslCert = "/var/lib/acme/lassul.us/cert.pem";
sslKey = "/var/lib/acme/lassul.us/key.pem";
};
users.groups.lasscert.members = [
"murmur"
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
{ predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
systemd.services.docker-mumble-web.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
virtualisation.oci-containers.containers.mumble-web = {
image = "rankenstein/mumble-web:0.5";
environment = {
MUMBLE_SERVER = "lassul.us:64738";
};
ports = [
"64739:8080"
];
};
services.nginx.virtualHosts."mumble.lassul.us" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:64739";
proxyWebsockets = true;
};
};
}

View file

@ -0,0 +1,6 @@
{
imports = [
./jitsi.nix
./murmur.nix
];
}

View file

@ -18,6 +18,11 @@
#{ urls = "turn:turn.${domainName}:3479?transport=udp"; }
#{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }
];
constraints.video.height = {
ideal = 720;
max = 1080;
min = 240;
};
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;

View file

@ -0,0 +1,47 @@
{ config, lib, pkgs, ... }:
{
services.murmur = {
enable = true;
# allowHtml = false;
bandwidth = 10000000;
registerName = "lassul.us";
autobanTime = 30;
sslCert = "/var/lib/acme/lassul.us/cert.pem";
sslKey = "/var/lib/acme/lassul.us/key.pem";
extraConfig = ''
opusthreshold=0
# rememberchannelduration=10000
'';
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
{ predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
# services.botamusique = {
# enable = true;
# settings = {
# server.host = "lassul.us";
# bot.auto_check_updates = false;
# bot.max_track_duration = 360;
# webinterface.enabled = true;
# };
# };
services.nginx.virtualHosts."lassul.us" = {
enableACME = true;
};
security.acme.certs."lassul.us" = {
group = "lasscert";
};
users.groups.lasscert.members = [
"nginx"
"murmur"
];
# services.nginx.virtualHosts."bota.r" = {
# locations."/" = {
# proxyPass = "http://localhost:8181";
# };
# };
}

View file

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let
tcpports = [
4443 # jitsi
64738 # murmur
];
udpports = [
10000 # jitsi
64738 # murmur
];
target = "orange.r";
in
{
networking.firewall.allowedTCPPorts = tcpports;
networking.firewall.allowedUDPPorts = udpports;
services.nginx.streamConfig = ''
${lib.concatMapStringsSep "\n" (port: ''
server {
listen ${toString port};
proxy_pass ${target}:${toString port};
}
'') tcpports}
${lib.concatMapStringsSep "\n" (port: ''
server {
listen ${toString port} udp;
proxy_pass ${target}:${toString port};
}
'') udpports}
'';
services.nginx.virtualHosts."jitsi.lassul.us" = {
enableACME = true;
acmeFallbackHost = "${target}";
addSSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://${target}";
};
};
}