blob: f38f5da322fc03d90fc8ab837fd80fec62b1da95 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
{pkgs, config, ...}:
let
haccpkgssrc = pkgs.fetchgit {
url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
rev = "a4ffb828aadf5ffd54a269f8a9ec9553c016069b";
sha256 = "12qfisfwr170b94j12rhy2q3smrwc7a3nh6xzbxlphnr3vadplvz";
};
haccpkgs = import "${haccpkgssrc}";
fediventure = pkgs.fetchgit {
url = "https://gitlab.infra4future.de/stuebinm/fediventure-simple";
rev = "f32d3c5efd39df558f80b862c60b2866c567d999";
sha256 = "0kdb29hzh6s7rsz8s9z40hsmj09rrww1lcyfdi7wpng9ixi1jfvx";
};
in
{
containers.wa-test = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::42:20";
localAddress6 = "fd00::42:21";
config = {config, pkgs, ...}: {
imports = [ "${fediventure}/workadventure.nix" ];
networking.firewall.allowedTCPPorts = [ 80 443 5000 7890 ];
services.workadventure.instances."space.stuebinm.eu" = {
nginx.default = true;
nginx.domain = "space.stuebinm.eu";
maps.path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
frontend.settings.startRoomUrl = "space.stuebinm.eu/maps/main.json";
frontend.settings = {
stunServer = "stun:chaski.stuebinm.eu:3478";
turnServer = "turn:95.217.159.23";
turnUser = "chaski";
turnPassword = "chaski";
jitsiUrl = "meet.ffmuc.net";
};
};
services.prometheus = {
enable = true;
port = 9001;
scrapeConfigs = [ {
job_name = "workadventure-back";
static_configs = [ {
targets = [ "localhost:8080" ];
} ];
} ];
};
services.grafana = {
enable = true;
port = 5000;
addr = "[::]";
rootUrl = "https://space.stuebinm.eu/metrics/";
auth.anonymous.enable = true;
provision = {
enable = true;
datasources = [ {
name = "workadventure";
type = "prometheus";
url = "http://localhost:9001";
} ];
};
};
systemd.services.goaccess = {
enable = true;
description = "Uses goaccess to publish a neat acces log on /var/www/index.html";
requires = [ "nginx.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "simple";
path = [ pkgs.goaccess ];
environment = {"HOME" = "/tmp";}; # necessary as goaccess will crash otherwise — is fixed upstream, but not yet in nixos
script = ''
mkdir -p /var/www-goaccess/
goaccess /var/log/nginx/access.log -o /var/www-goaccess/index.html --log-format=COMBINED --html
'';
};
services.nginx.virtualHosts."space.stuebinm.eu" = {
locations."/stats/".alias = "/var/www-goaccess/";
};
};
};
services.nginx.virtualHosts."space.stuebinm.eu" = {
extraConfig = ''
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
'';
locations."/metrics/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:5000/";
locations."/metrics/".proxyWebsockets = true;
locations."/".proxyPass = "http://[${config.containers.wa-test.localAddress6}]:80";
locations."/".proxyWebsockets = true;
enableACME = true;
forceSSL = true;
};
}
|
