ma workadventure: init
This commit is contained in:
parent
feb36c2f9a
commit
96b5248e85
|
@ -11,8 +11,7 @@
|
||||||
{ #direnv
|
{ #direnv
|
||||||
home-manager.users.makefu.home.packages = [
|
home-manager.users.makefu.home.packages = [
|
||||||
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
|
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
|
||||||
pkgs.direnv pkgs.nur.repos.kalbasit.nixify ];
|
];
|
||||||
# home-manager.users.makefu.home.file.".direnvrc".text = '''';
|
|
||||||
}
|
}
|
||||||
{ # bat
|
{ # bat
|
||||||
home-manager.users.makefu.home.packages = [ pkgs.bat ];
|
home-manager.users.makefu.home.packages = [ pkgs.bat ];
|
||||||
|
@ -25,6 +24,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
environment.pathsToLink = [ "/share/zsh" ];
|
environment.pathsToLink = [ "/share/zsh" ];
|
||||||
|
|
||||||
|
programs.direnv.enable = true;
|
||||||
|
programs.direnv.enableNixDirenvIntegration = true;
|
||||||
|
|
||||||
home-manager.users.makefu = {
|
home-manager.users.makefu = {
|
||||||
programs.fzf.enable = false; # alt-c
|
programs.fzf.enable = false; # alt-c
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
|
|
6
makefu/2configs/workadventure/default.nix
Normal file
6
makefu/2configs/workadventure/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./jitsi.nix
|
||||||
|
./workadventure.nix
|
||||||
|
];
|
||||||
|
}
|
59
makefu/2configs/workadventure/jitsi.nix
Normal file
59
makefu/2configs/workadventure/jitsi.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
{
|
||||||
|
# + +
|
||||||
|
# | |
|
||||||
|
# | |
|
||||||
|
# v v
|
||||||
|
# 80, 443 TCP 443 TCP, 10000 UDP
|
||||||
|
# +--------------+ +---------------------+
|
||||||
|
# | nginx | 5222, 5347 TCP | |
|
||||||
|
# | jitsi-meet |<-------------------+| jitsi-videobridge |
|
||||||
|
# | prosody | | | |
|
||||||
|
# | jicofo | | +---------------------+
|
||||||
|
# +--------------+ |
|
||||||
|
# | +---------------------+
|
||||||
|
# | | |
|
||||||
|
# +----------+| jitsi-videobridge |
|
||||||
|
# | | |
|
||||||
|
# | +---------------------+
|
||||||
|
# |
|
||||||
|
# | +---------------------+
|
||||||
|
# | | |
|
||||||
|
# +----------+| jitsi-videobridge |
|
||||||
|
# | |
|
||||||
|
# +---------------------+
|
||||||
|
|
||||||
|
# This is a one server setup
|
||||||
|
services.jitsi-meet = {
|
||||||
|
enable = true;
|
||||||
|
hostName = "meet.euer.krebsco.de";
|
||||||
|
|
||||||
|
# JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
|
||||||
|
# https://github.com/jitsi/jicofo
|
||||||
|
jicofo.enable = true;
|
||||||
|
|
||||||
|
# Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
|
||||||
|
# Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
|
||||||
|
# will be used to retrieve a TLS certificate by default. To disable this, set the
|
||||||
|
# services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
|
||||||
|
# services.nginx.virtualHosts.<hostName>.forceSSL.
|
||||||
|
nginx.enable = true;
|
||||||
|
|
||||||
|
# https://github.com/jitsi/jitsi-meet/blob/master/config.js
|
||||||
|
config = {
|
||||||
|
enableWelcomePage = true;
|
||||||
|
defaultLang = "en";
|
||||||
|
};
|
||||||
|
|
||||||
|
# https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
|
||||||
|
interfaceConfig = {
|
||||||
|
SHOW_JITSI_WATERMARK = false;
|
||||||
|
SHOW_WATERMARK_FOR_GUESTS = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 80 443 ];
|
||||||
|
allowedUDPPorts = [ 10000 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
161
makefu/2configs/workadventure/workadventure.nix
Normal file
161
makefu/2configs/workadventure/workadventure.nix
Normal file
|
@ -0,0 +1,161 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
# If your Jitsi environment has authentication set up,
|
||||||
|
# you MUST set JITSI_PRIVATE_MODE to "true" and
|
||||||
|
# you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
||||||
|
jitsiPrivateMode = "false";
|
||||||
|
|
||||||
|
secretJitsiKey = "";
|
||||||
|
|
||||||
|
jitsiISS = "";
|
||||||
|
|
||||||
|
workadventureSecretKey = "";
|
||||||
|
|
||||||
|
jitsiURL = "meet.euer.krebsco.de";
|
||||||
|
|
||||||
|
domain = "work.euer.krebsco.de";
|
||||||
|
# domain will redirect to this map. (not play.${domain})
|
||||||
|
defaultMap = "npeguin.github.io/office-map/map.json";
|
||||||
|
|
||||||
|
apiURL = "api.${domain}";
|
||||||
|
apiPort = 9002;
|
||||||
|
|
||||||
|
frontURL = "play.${domain}";
|
||||||
|
frontPort = 9004;
|
||||||
|
|
||||||
|
pusherURL = "push.${domain}";
|
||||||
|
pusherPort = 9005;
|
||||||
|
|
||||||
|
uploaderURL = "ul.${domain}";
|
||||||
|
uploaderPort = 9006;
|
||||||
|
|
||||||
|
frontImage = "thecodingmachine/workadventure-front:develop";
|
||||||
|
pusherImage = "thecodingmachine/workadventure-pusher:develop";
|
||||||
|
apiImage = "thecodingmachine/workadventure-back:develop";
|
||||||
|
uploaderImage = "thecodingmachine/workadventure-uploader:develop";
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 80 443 ];
|
||||||
|
allowedUDPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.enable = true;
|
||||||
|
services.nginx.recommendedProxySettings = true;
|
||||||
|
|
||||||
|
systemd.services.workadventure-network = {
|
||||||
|
enable = true;
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
script = ''
|
||||||
|
${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
|
||||||
|
'';
|
||||||
|
after = [ "docker" ];
|
||||||
|
before = [
|
||||||
|
"docker-workadventure-back.service"
|
||||||
|
"docker-workadventure-pusher.service"
|
||||||
|
"docker-workadventure-uploader.service"
|
||||||
|
"docker-workadventure-website.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.workadventure-front = {
|
||||||
|
image = frontImage;
|
||||||
|
environment = {
|
||||||
|
API_URL = pusherURL;
|
||||||
|
JITSI_PRIVATE_MODE = jitsiPrivateMode;
|
||||||
|
JITSI_URL = jitsiURL;
|
||||||
|
SECRET_JITSI_KEY = secretJitsiKey;
|
||||||
|
UPLOADER_URL = uploaderURL;
|
||||||
|
};
|
||||||
|
ports = [ "127.0.0.1:${toString frontPort}:80" ];
|
||||||
|
extraOptions = [ "--network=workadventure" ];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."${frontURL}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.workadventure-pusher = {
|
||||||
|
image = pusherImage;
|
||||||
|
environment = {
|
||||||
|
API_URL = "workadventure-back:50051";
|
||||||
|
JITSI_ISS = jitsiISS;
|
||||||
|
JITSI_URL = jitsiURL;
|
||||||
|
SECRET_KEY = workadventureSecretKey;
|
||||||
|
};
|
||||||
|
ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
|
||||||
|
extraOptions = [ "--network=workadventure" ];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."${pusherURL}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString pusherPort}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/room" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString pusherPort}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.workadventure-back = {
|
||||||
|
image = apiImage;
|
||||||
|
environment = {
|
||||||
|
#DEBUG = "*";
|
||||||
|
JITSI_ISS = jitsiISS;
|
||||||
|
JITSI_URL = jitsiURL;
|
||||||
|
SECRET_KEY = workadventureSecretKey;
|
||||||
|
};
|
||||||
|
ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
|
||||||
|
extraOptions = [ "--network=workadventure" ];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."${apiURL}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.workadventure-uploader = {
|
||||||
|
image = uploaderImage;
|
||||||
|
ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
|
||||||
|
extraOptions = [ "--network=workadventure" ];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."${uploaderURL}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString uploaderPort}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.docker-workadventure-front.serviceConfig = {
|
||||||
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
StandardError = lib.mkForce "journal";
|
||||||
|
};
|
||||||
|
systemd.services.docker-workadventure-uploader.serviceConfig = {
|
||||||
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
StandardError = lib.mkForce "journal";
|
||||||
|
};
|
||||||
|
systemd.services.docker-workadventure-pusher.serviceConfig = {
|
||||||
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
StandardError = lib.mkForce "journal";
|
||||||
|
};
|
||||||
|
systemd.services.docker-workadventure-back.serviceConfig = {
|
||||||
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
StandardError = lib.mkForce "journal";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue