summaryrefslogtreecommitdiff
path: root/hosts/chaski/services/workadventure.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--hosts/chaski/services/workadventure.nix93
1 files changed, 0 insertions, 93 deletions
diff --git a/hosts/chaski/services/workadventure.nix b/hosts/chaski/services/workadventure.nix
deleted file mode 100644
index c2b704f..0000000
--- a/hosts/chaski/services/workadventure.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{pkgs, lib, config, ...}:
-
-let
- sources = import ../../../nix/sources.nix {};
- # why the double outPath? Dunno, just niv things …
- workadventure-nix = sources.workadventure.outPath.outPath;
- packageset = (
- import "${workadventure-nix}/wapkgs.nix" {
- inherit pkgs lib;
- }
- ).workadventure-xce;
-in
-{
- # not the most intuitive of container names, but "workadventure" is too long
- containers.wa-space = {
-
- # we'll need the outer config to get the turn secret inside the container,
- # and I'm feeling haskelly so config' it is!
- config = let config' = config; in {config, pkgs, ...}: {
- imports = [ workadventure-nix ];
- networking.firewall.allowedTCPPorts = [ 80 ];
-
- services.workadventure."space.stuebinm.eu" = {
- inherit packageset;
-
- nginx = {
- default = true;
- domain = "space.stuebinm.eu";
- maps.serve = true;
- maps.path = "/workadventuremaps/";
- };
-
- frontend.startRoomUrl = "/_/global/space.stuebinm.eu/maps/Floor0/floor0.json";
-
- commonConfig = {
- webrtc.stun.url = "stun:space.stuebinm.eu:3478";
- webrtc.turn = {
- url = "turn:95.217.159.23";
- user = "turn";
- password = config'.services.coturn.static-auth-secret;
- };
- jitsi.url = "meet.ffmuc.net";
- };
- };
- };
-
- privateNetwork = true;
- hostAddress6 = "fd00::42:14";
- localAddress6 = "fd00::42:16";
-
- autoStart = true;
-
- };
-
- services.coturn = {
- enable = true;
- realm = "turn.hacc.space";
- # this is a static "secret" that is also compiled into workadventure,
- # so it seems ok to put it into the nix store
- static-auth-secret = "1c496cea367f9608c77a754c1ef78079a512e013";
- use-auth-secret = true;
- no-cli = true;
- no-tcp-relay = true;
-
- cert = config.security.acme.certs."space.stuebinm.eu".directory + "full.pem";
- pkey = config.security.acme.certs."space.stuebinm.eu".directory + "key.pem";
- };
-
-
- services.nginx = {
- virtualHosts."space.stuebinm.eu" = {
- forceSSL = true;
- enableACME = true;
- locations."/" = {
- proxyPass = "http://[${config.containers.wa-space.localAddress6}]";
- proxyWebsockets = true;
- };
- };
- };
-
-
- networking.firewall = with config.services.coturn;
- let
- ports = [ listening-port tls-listening-port ];
- in {
- allowedTCPPorts = [ 80 ] ++ ports;
- allowedUDPPorts = ports;
- allowedUDPPortRanges = [
- { from = min-port; to = max-port; }
- ];
- };
-
-}