From d96fbd63510048bf56d3d600a65f7983096c1bb1 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Wed, 3 Mar 2021 00:51:39 +0100 Subject: migrating config This deploy logic is primarily based on hxchn's deploy lib [1], with some slight modifications to make it work with my setup. Everything seems to work fine for now. However, I am unsure about the usage of niv — the config doesn't seem to gain much from it, apart from (some) additional complexity. [1] https://gitlab.com/hexchen/nixfiles --- hosts/flora/services/workadventure.nix | 104 +++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 hosts/flora/services/workadventure.nix (limited to 'hosts/flora/services/workadventure.nix') diff --git a/hosts/flora/services/workadventure.nix b/hosts/flora/services/workadventure.nix new file mode 100644 index 0000000..f38f5da --- /dev/null +++ b/hosts/flora/services/workadventure.nix @@ -0,0 +1,104 @@ +{pkgs, config, ...}: + + +let + haccpkgssrc = pkgs.fetchgit { + url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc"; + rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b"; + sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz"; + }; + haccpkgs = import "${haccpkgssrc}"; + fediventure = pkgs.fetchgit { + url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple"; + rev = "f32d3c5efd39df558f80b862c60b2866c567d999"; + sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx"; + }; +in + +{ + + containers.wa-test = { + autoStart = true; + privateNetwork = true; + hostAddress6 = "fd00::42:20"; + localAddress6 = "fd00::42:21"; + + config = {config, pkgs, ...}: { + imports = [ "${fediventure}/workadventure.nix" ]; + networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ]; + + services.workadventure.instances."space.stuebinm.eu" = { + nginx.default = true; + nginx.domain = "space.stuebinm.eu"; + maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/"; + frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json"; + frontend.settings = { + stunServer = "stun:chaski.stuebinm.eu:3478"; + turnServer = "turn:95.217.159.23"; + turnUser = "chaski"; + turnPassword = "chaski"; + jitsiUrl = "meet.ffmuc.net"; + }; + }; + + services.prometheus = { + enable = true; + port = 9001; + scrapeConfigs = [ { + job_name = "workadventure-back"; + static_configs = [ { + targets = [ "localhost:8080" ]; + } ]; + } ]; + }; + + services.grafana = { + enable = true; + port = 5000; + addr = "[::]"; + rootUrl = "https://space.stuebinm.eu/metrics/"; + auth.anonymous.enable = true; + provision = { + enable = true; + datasources = [ { + name = "workadventure"; + type = "prometheus"; + url = "http://localhost:9001"; + } ]; + }; + }; + + systemd.services.goaccess = { + enable = true; + description = "Uses goaccess to publish a neat acces log on /var/www/index.html"; + requires = [ "nginx.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "simple"; + path = [ pkgs.goaccess ]; + environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos + script = '' + mkdir -p /var/www-goaccess/ + goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html + ''; + }; + + services.nginx.virtualHosts."space.stuebinm.eu" = { + locations."/stats/".alias = "/var/www-goaccess/"; + }; + }; + }; + + services.nginx.virtualHosts."space.stuebinm.eu" = { + extraConfig = '' + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + ''; + locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/"; + locations."/metrics/".proxyWebsockets = true; + locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80"; + locations."/".proxyWebsockets = true; + enableACME = true; + forceSSL = true; + }; +} + -- cgit v1.2.3