summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorstuebinm2021-04-17 16:09:28 +0200
committerstuebinm2021-04-17 16:09:28 +0200
commit022c17185b8b90515cb2c9b1ae039a9ab190db91 (patch)
treed31d7078f59613615ec2c49b3e243c39d36e4eed
parente1359d9565f4fed555a9aeffae2a83458564f046 (diff)
cgit: chaski -> flora; general cleanup
-rw-r--r--hosts/chaski/configuration.nix2
-rw-r--r--hosts/chaski/services/coturn.nix54
-rw-r--r--hosts/flora/configuration.nix8
-rw-r--r--hosts/flora/services/cgit.nix (renamed from hosts/chaski/services/cgit.nix)0
-rw-r--r--hosts/flora/services/surveys.nix23
-rw-r--r--hosts/flora/services/workadventure.nix104
6 files changed, 27 insertions, 164 deletions
diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix
index 671bc13..cb6fc13 100644
--- a/hosts/chaski/configuration.nix
+++ b/hosts/chaski/configuration.nix
@@ -8,8 +8,6 @@
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
- ./services/coturn.nix
- ./services/cgit.nix
./services/grafana.nix
];
diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix
deleted file mode 100644
index 54ec6d6..0000000
--- a/hosts/chaski/services/coturn.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{pkgs, config, ...}:
-
-{
- services.coturn = {
- enable = true;
- realm = "chaski.stuebinm.eu";
- no-cli = true;
- lt-cred-mech = true;
- extraConfig = ''
- verbose
- fingerprint
- external-ip=95.217.159.23
- user=chaski:chaski
- server-name=chaski.stuebinm.eu
- #mobility
- #listening-ip=95.217.159.23
- prometheus
- '';
-
- cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem";
- pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem";
- };
-
- security.acme = {
- email = "stuebinm@disroot.org";
- acceptTerms = true;
- };
-
- # just here to serve acme challanges
- services.nginx = {
- enable = true;
- user = "turnserver";
- virtualHosts."chaski.stuebinm.eu" = {
- root = "/var/www";
- enableACME = true;
- };
- };
-
- networking.firewall = with config.services.coturn; {
- allowedTCPPorts = [
- 80 # for acme challanges
- listening-port tls-listening-port
- (listening-port +1) (tls-listening-port +1)
- ];
- allowedUDPPorts = [
- listening-port
- tls-listening-port
- (listening-port +1) (tls-listening-port +1)
- ];
- allowedUDPPortRanges = [
- { from = min-port; to = max-port; }
- ];
- };
-}
diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix
index adf3ba8..d45175e 100644
--- a/hosts/flora/configuration.nix
+++ b/hosts/flora/configuration.nix
@@ -4,12 +4,12 @@
imports = [
./hardware-configuration.nix
./services/hedgedoc.nix
- ./services/daemoniones.nix
+ #./services/daemoniones.nix
./services/nginx.nix
- ./services/workadventure.nix
- #./../../../nginx/vod.nix
./services/pleroma.nix
- ./services/picarones.nix
+ ./services/cgit.nix
+ ./services/surveys.nix
+ #./services/picarones.nix
];
# Use the GRUB 2 boot loader.
diff --git a/hosts/chaski/services/cgit.nix b/hosts/flora/services/cgit.nix
index 094bfd5..094bfd5 100644
--- a/hosts/chaski/services/cgit.nix
+++ b/hosts/flora/services/cgit.nix
diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix
new file mode 100644
index 0000000..befa673
--- /dev/null
+++ b/hosts/flora/services/surveys.nix
@@ -0,0 +1,23 @@
+{pkgs, config, ...}:
+
+let survey = pkgs.fetchgit {
+ url = "https://stuebinm.eu/git/slightly-better-surveys";
+ rev = "c255269db0c739400b62d4c4041e3238b1045d22";
+ sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp";
+ };
+in
+{
+ services.nginx.virtualHosts."survey.stuebinm.eu" = {
+ locations."/".root = survey.outPath + "/site";
+ locations."/upload".proxyPass = "http://localhost:8080";
+
+ enableACME = true;
+ forceSSL = true;
+ };
+
+ services.nginx.appendHttpConfig = ''
+ types {
+ application/wasm wasm;
+ }
+ '';
+}
diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix
deleted file mode 100644
index f38f5da..0000000
--- a/hosts/flora/services/workadventure.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{pkgs, config, ...}:
-
-
-let
- haccpkgssrc = pkgs.fetchgit {
- url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
- rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b";
- sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz";
- };
- haccpkgs = import "${haccpkgssrc}";
- fediventure = pkgs.fetchgit {
- url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple";
- rev = "f32d3c5efd39df558f80b862c60b2866c567d999";
- sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx";
- };
-in
-
-{
-
- containers.wa-test = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:20";
- localAddress6 = "fd00::42:21";
-
- config = {config, pkgs, ...}: {
- imports = [ "${fediventure}/workadventure.nix" ];
- networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ];
-
- services.workadventure.instances."space.stuebinm.eu" = {
- nginx.default = true;
- nginx.domain = "space.stuebinm.eu";
- maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
- frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json";
- frontend.settings = {
- stunServer = "stun:chaski.stuebinm.eu:3478";
- turnServer = "turn:95.217.159.23";
- turnUser = "chaski";
- turnPassword = "chaski";
- jitsiUrl = "meet.ffmuc.net";
- };
- };
-
- services.prometheus = {
- enable = true;
- port = 9001;
- scrapeConfigs = [ {
- job_name = "workadventure-back";
- static_configs = [ {
- targets = [ "localhost:8080" ];
- } ];
- } ];
- };
-
- services.grafana = {
- enable = true;
- port = 5000;
- addr = "[::]";
- rootUrl = "https://space.stuebinm.eu/metrics/";
- auth.anonymous.enable = true;
- provision = {
- enable = true;
- datasources = [ {
- name = "workadventure";
- type = "prometheus";
- url = "http://localhost:9001";
- } ];
- };
- };
-
- systemd.services.goaccess = {
- enable = true;
- description = "Uses goaccess to publish a neat acces log on /var/www/index.html";
- requires = [ "nginx.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig.Type = "simple";
- path = [ pkgs.goaccess ];
- environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos
- script = ''
- mkdir -p /var/www-goaccess/
- goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html
- '';
- };
-
- services.nginx.virtualHosts."space.stuebinm.eu" = {
- locations."/stats/".alias = "/var/www-goaccess/";
- };
- };
- };
-
- services.nginx.virtualHosts."space.stuebinm.eu" = {
- extraConfig = ''
- proxy_read_timeout 300s;
- proxy_connect_timeout 75s;
- '';
- locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/";
- locations."/metrics/".proxyWebsockets = true;
- locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80";
- locations."/".proxyWebsockets = true;
- enableACME = true;
- forceSSL = true;
- };
-}
-