diff options
author | stuebinm | 2021-04-17 16:09:28 +0200 |
---|---|---|
committer | stuebinm | 2021-04-17 16:09:28 +0200 |
commit | 022c17185b8b90515cb2c9b1ae039a9ab190db91 (patch) | |
tree | d31d7078f59613615ec2c49b3e243c39d36e4eed | |
parent | e1359d9565f4fed555a9aeffae2a83458564f046 (diff) |
cgit: chaski -> flora; general cleanup
-rw-r--r-- | hosts/chaski/configuration.nix | 2 | ||||
-rw-r--r-- | hosts/chaski/services/coturn.nix | 54 | ||||
-rw-r--r-- | hosts/flora/configuration.nix | 8 | ||||
-rw-r--r-- | hosts/flora/services/cgit.nix (renamed from hosts/chaski/services/cgit.nix) | 0 | ||||
-rw-r--r-- | hosts/flora/services/surveys.nix | 23 | ||||
-rw-r--r-- | hosts/flora/services/workadventure.nix | 104 |
6 files changed, 27 insertions, 164 deletions
diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix index 671bc13..cb6fc13 100644 --- a/hosts/chaski/configuration.nix +++ b/hosts/chaski/configuration.nix @@ -8,8 +8,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ./services/coturn.nix - ./services/cgit.nix ./services/grafana.nix ]; diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix deleted file mode 100644 index 54ec6d6..0000000 --- a/hosts/chaski/services/coturn.nix +++ /dev/null @@ -1,54 +0,0 @@ -{pkgs, config, ...}: - -{ - services.coturn = { - enable = true; - realm = "chaski.stuebinm.eu"; - no-cli = true; - lt-cred-mech = true; - extraConfig = '' - verbose - fingerprint - external-ip=95.217.159.23 - user=chaski:chaski - server-name=chaski.stuebinm.eu - #mobility - #listening-ip=95.217.159.23 - prometheus - ''; - - cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem"; - pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem"; - }; - - security.acme = { - email = "stuebinm@disroot.org"; - acceptTerms = true; - }; - - # just here to serve acme challanges - services.nginx = { - enable = true; - user = "turnserver"; - virtualHosts."chaski.stuebinm.eu" = { - root = "/var/www"; - enableACME = true; - }; - }; - - networking.firewall = with config.services.coturn; { - allowedTCPPorts = [ - 80 # for acme challanges - listening-port tls-listening-port - (listening-port +1) (tls-listening-port +1) - ]; - allowedUDPPorts = [ - listening-port - tls-listening-port - (listening-port +1) (tls-listening-port +1) - ]; - allowedUDPPortRanges = [ - { from = min-port; to = max-port; } - ]; - }; -} diff --git a/hosts/flora/configuration.nix b/hosts/flora/configuration.nix index adf3ba8..d45175e 100644 --- a/hosts/flora/configuration.nix +++ b/hosts/flora/configuration.nix @@ -4,12 +4,12 @@ imports = [ ./hardware-configuration.nix ./services/hedgedoc.nix - ./services/daemoniones.nix + #./services/daemoniones.nix ./services/nginx.nix - ./services/workadventure.nix - #./../../../nginx/vod.nix ./services/pleroma.nix - ./services/picarones.nix + ./services/cgit.nix + ./services/surveys.nix + #./services/picarones.nix ]; # Use the GRUB 2 boot loader. diff --git a/hosts/chaski/services/cgit.nix b/hosts/flora/services/cgit.nix index 094bfd5..094bfd5 100644 --- a/hosts/chaski/services/cgit.nix +++ b/hosts/flora/services/cgit.nix diff --git a/hosts/flora/services/surveys.nix b/hosts/flora/services/surveys.nix new file mode 100644 index 0000000..befa673 --- /dev/null +++ b/hosts/flora/services/surveys.nix @@ -0,0 +1,23 @@ +{pkgs, config, ...}: + +let survey = pkgs.fetchgit { + url = "https://stuebinm.eu/git/slightly-better-surveys"; + rev = "c255269db0c739400b62d4c4041e3238b1045d22"; + sha256 = "007q6s5xc3kn3dy1zj7hc94wyn495qam2x1020br3crwgpxy3hmp"; + }; +in +{ + services.nginx.virtualHosts."survey.stuebinm.eu" = { + locations."/".root = survey.outPath + "/site"; + locations."/upload".proxyPass = "http://localhost:8080"; + + enableACME = true; + forceSSL = true; + }; + + services.nginx.appendHttpConfig = '' + types { + application/wasm wasm; + } + ''; +} diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix deleted file mode 100644 index f38f5da..0000000 --- a/hosts/flora/services/workadventure.nix +++ /dev/null @@ -1,104 +0,0 @@ -{pkgs, config, ...}: - - -let - haccpkgssrc = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc"; - rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b"; - sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz"; - }; - haccpkgs = import "${haccpkgssrc}"; - fediventure = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple"; - rev = "f32d3c5efd39df558f80b862c60b2866c567d999"; - sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx"; - }; -in - -{ - - containers.wa-test = { - autoStart = true; - privateNetwork = true; - hostAddress6 = "fd00::42:20"; - localAddress6 = "fd00::42:21"; - - config = {config, pkgs, ...}: { - imports = [ "${fediventure}/workadventure.nix" ]; - networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ]; - - services.workadventure.instances."space.stuebinm.eu" = { - nginx.default = true; - nginx.domain = "space.stuebinm.eu"; - maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/"; - frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json"; - frontend.settings = { - stunServer = "stun:chaski.stuebinm.eu:3478"; - turnServer = "turn:95.217.159.23"; - turnUser = "chaski"; - turnPassword = "chaski"; - jitsiUrl = "meet.ffmuc.net"; - }; - }; - - services.prometheus = { - enable = true; - port = 9001; - scrapeConfigs = [ { - job_name = "workadventure-back"; - static_configs = [ { - targets = [ "localhost:8080" ]; - } ]; - } ]; - }; - - services.grafana = { - enable = true; - port = 5000; - addr = "[::]"; - rootUrl = "https://space.stuebinm.eu/metrics/"; - auth.anonymous.enable = true; - provision = { - enable = true; - datasources = [ { - name = "workadventure"; - type = "prometheus"; - url = "http://localhost:9001"; - } ]; - }; - }; - - systemd.services.goaccess = { - enable = true; - description = "Uses goaccess to publish a neat acces log on /var/www/index.html"; - requires = [ "nginx.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "simple"; - path = [ pkgs.goaccess ]; - environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos - script = '' - mkdir -p /var/www-goaccess/ - goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html - ''; - }; - - services.nginx.virtualHosts."space.stuebinm.eu" = { - locations."/stats/".alias = "/var/www-goaccess/"; - }; - }; - }; - - services.nginx.virtualHosts."space.stuebinm.eu" = { - extraConfig = '' - proxy_read_timeout 300s; - proxy_connect_timeout 75s; - ''; - locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/"; - locations."/metrics/".proxyWebsockets = true; - locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80"; - locations."/".proxyWebsockets = true; - enableACME = true; - forceSSL = true; - }; -} - |