diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/chaski/services/workadventure.nix | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/hosts/chaski/services/workadventure.nix b/hosts/chaski/services/workadventure.nix deleted file mode 100644 index c2b704f..0000000 --- a/hosts/chaski/services/workadventure.nix +++ /dev/null @@ -1,93 +0,0 @@ -{pkgs, lib, config, ...}: - -let - sources = import ../../../nix/sources.nix {}; - # why the double outPath? Dunno, just niv things … - workadventure-nix = sources.workadventure.outPath.outPath; - packageset = ( - import "${workadventure-nix}/wapkgs.nix" { - inherit pkgs lib; - } - ).workadventure-xce; -in -{ - # not the most intuitive of container names, but "workadventure" is too long - containers.wa-space = { - - # we'll need the outer config to get the turn secret inside the container, - # and I'm feeling haskelly so config' it is! - config = let config' = config; in {config, pkgs, ...}: { - imports = [ workadventure-nix ]; - networking.firewall.allowedTCPPorts = [ 80 ]; - - services.workadventure."space.stuebinm.eu" = { - inherit packageset; - - nginx = { - default = true; - domain = "space.stuebinm.eu"; - maps.serve = true; - maps.path = "/workadventuremaps/"; - }; - - frontend.startRoomUrl = "/_/global/space.stuebinm.eu/maps/Floor0/floor0.json"; - - commonConfig = { - webrtc.stun.url = "stun:space.stuebinm.eu:3478"; - webrtc.turn = { - url = "turn:95.217.159.23"; - user = "turn"; - password = config'.services.coturn.static-auth-secret; - }; - jitsi.url = "meet.ffmuc.net"; - }; - }; - }; - - privateNetwork = true; - hostAddress6 = "fd00::42:14"; - localAddress6 = "fd00::42:16"; - - autoStart = true; - - }; - - services.coturn = { - enable = true; - realm = "turn.hacc.space"; - # this is a static "secret" that is also compiled into workadventure, - # so it seems ok to put it into the nix store - static-auth-secret = "1c496cea367f9608c77a754c1ef78079a512e013"; - use-auth-secret = true; - no-cli = true; - no-tcp-relay = true; - - cert = config.security.acme.certs."space.stuebinm.eu".directory + "full.pem"; - pkey = config.security.acme.certs."space.stuebinm.eu".directory + "key.pem"; - }; - - - services.nginx = { - virtualHosts."space.stuebinm.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://[${config.containers.wa-space.localAddress6}]"; - proxyWebsockets = true; - }; - }; - }; - - - networking.firewall = with config.services.coturn; - let - ports = [ listening-port tls-listening-port ]; - in { - allowedTCPPorts = [ 80 ] ++ ports; - allowedUDPPorts = ports; - allowedUDPPortRanges = [ - { from = min-port; to = max-port; } - ]; - }; - -} |