From cc97df40b01f33c1bed9218d0b650ec17036f057 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Tue, 9 Mar 2021 16:18:47 +0100 Subject: moved module to default.nix Should make this whole thing more intuitive to use. --- README.md | 2 +- default.nix | 166 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ workadventure.nix | 166 ------------------------------------------------------ 3 files changed, 167 insertions(+), 167 deletions(-) create mode 100644 default.nix delete mode 100644 workadventure.nix diff --git a/README.md b/README.md index 0ec061f..cd7f798 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ a normal NixOS service, i.e. like so: ```nix {config, pkgs, ...}: { - imports = [ "${this-repo}/workadventure.nix" ]; + imports = [ path-to-this-repo ]; services.workadventure."localhost" = { nginx = { diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..c972d40 --- /dev/null +++ b/default.nix @@ -0,0 +1,166 @@ +# Workadventure NixOS module. + +{ config, lib, pkgs, ... }: + +with lib; + +let + instances = config.services.workadventure; + + urls = instanceConfig: if instanceConfig.nginx.domain != null then { + api = instanceConfig.nginx.domain + instanceConfig.frontend.urls.api; + uploader = instanceConfig.nginx.domain + instanceConfig.frontend.urls.uploader; + admin = instanceConfig.nginx.domain + instanceConfig.frontend.urls.admin; + maps = instanceConfig.nginx.domain + instanceConfig.frontend.urls.maps; + } else instanceConfig.urls; + + envCommonConfig = instanceConfig: with instanceConfig; { + SECRET_KEY = commonConfig.secretKey; + MINIMUM_DISTANCE = toString commonConfig.minimumDistance; + GROUP_RADIUS = toString commonConfig.groupRadius; + ALLOW_ARTILLERY = if commonConfig.allowArtillery then "true" else "false"; + MAX_USERS_PER_ROOM = toString commonConfig.maxUsersPerRoom; + CPU_OVERHEAT_THRESHOLD = toString commonConfig.cpuOverheatThreshold; + JITSI_URL = commonConfig.jitsi.url; + JITSI_ISS = commonConfig.jitsi.iss; + SECRET_JITSI_KEY = commonConfig.jitsi.secretKey; + SOCKET_IDLE_TIME = toString commonConfig.socketIdleTime; + }; + + servicesBack = mapAttrs' (instanceName: instanceConfig: { + name = "wa-back-${instanceName}"; + value = mkIf instanceConfig.backend.enable { + description = "WorkAdventure backend ${instanceName}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + # Hack to get node-grpc-precompiled to work on NixOS by adding getconf to + # $PATH. + # + # It uses node-pre-gyp which attempts to select the right native module + # via npmjs.com/package/detect-libc, which says 'yep, it's glibc' as long + # as `getconf GNU_LIBC_VERSION` returns something sensible. This happens + # during the build process (as stdenv.mkDerivation has enough of a glibc + # dev env to make it work) but doesn't happen on production deployments + # in which the environment is much more limited. This is regardless of + # actual glibc ABI presence wrt. to /nix/store vs. /usr/lib64 paths. + # + # This should be fixed in workadventure-nix. + path = [ + pkgs.getconf + ]; + environment = { + HTTP_PORT = toString instanceConfig.backend.httpPort; + GRPC_PORT = toString instanceConfig.backend.grpcPort; + } // envCommonConfig instanceConfig; + serviceConfig = { + User = "workadventure-backend"; + Group = "workadventure-backend"; + DynamicUser = true; # Note: this implies a lot of other security features. + ExecStart = "${instanceConfig.packageset.back}/bin/workadventureback"; + Restart = "always"; + RestartSec = "10s"; + }; + }; + } + ) instances; + + servicesPusher = mapAttrs' (instanceName: instanceConfig: + { + name = "wa-pusher-${instanceName}"; + value = mkIf instanceConfig.pusher.enable { + description = "WorkAdventure pusher ${instanceName}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + path = [ + pkgs.getconf + ]; + environment = { + PUSHER_HTTP_PORT = toString instanceConfig.pusher.port; + API_URL = "localhost:${toString instanceConfig.backend.grpcPort}"; + } // envCommonConfig instanceConfig; + serviceConfig = { + User = "workadventure-pusher"; + Group = "workadventure-pusher"; + DynamicUser = true; + ExecStart = "${instanceConfig.packageset.pusher}/bin/workadventurepusher"; + Restart = "always"; + RestartSec = "10s"; + }; + }; + } + ) instances; + + frontPackage = mapAttrs (instanceName: instanceConfig: + let fc = instanceConfig.frontend; + cc = instanceConfig.commonConfig; + in + instanceConfig.packageset.front.override { + environment = { + DEBUG_MODE = if fc.debugMode then "true" else "false"; # toString bool behaves weird + START_ROOM_URL = fc.startRoomUrl; + STUN_SERVER = cc.webrtc.stun.url; + TURN_SERVER = cc.webrtc.turn.url; + TURN_USER = cc.webrtc.turn.user; + TURN_PASSWORD = cc.webrtc.turn.password; + JITSI_URL = cc.jitsi.url; + JITSI_PRIVATE_MODE = if cc.jitsi.privateMode then "true" else "false"; + + API_URL = (urls instanceConfig).api; + UPDLOADER_URL = (urls instanceConfig).uploader; + ADMIN_URL = (urls instanceConfig).admin; + MAPS_URL = (urls instanceConfig).maps; + + RESOLUTION = fc.resolution; + ZOOM_LEVEL = fc.zoomLevel; + POSITION_DELAY = fc.positionDelay; + MAX_EXTRAPOLATION_TIME = fc.maxExtrapolationTime; + }; + } + ) instances; + + virtualHosts = mapAttrs (instanceName: instanceConfig: + mkIf instanceConfig.nginx.enable { + default = instanceConfig.nginx.default; + serverName = instanceConfig.nginx.domain; + root = frontPackage.${instanceName} + "/dist"; + locations = { + "/_/" = { + tryFiles = "/index.html =404"; + }; + + "/pusher/" = { + #proxyPass = "http://10.233.3.1:9000"; + proxyPass = "http://localhost:${toString instanceConfig.pusher.port}/"; + proxyWebsockets = true; + }; + + "/maps/" = mkIf instanceConfig.nginx.maps.serve { + alias = if instanceConfig.nginx.maps.path == null + then instanceConfig.packageset.maps.outPath + "/workadventuremaps" + else instanceConfig.nginx.maps.path; + }; + }; + } + ) instances; +in + { + options = { + services.workadventure = mkOption { + type = types.attrsOf (types.submodule (import ./instance-options.nix { + inherit config lib; + pkgs = import ./wapkgs.nix {inherit pkgs lib;}; + })); + default = {}; + description = "Declarative WorkAdventure instance config"; + }; + }; + + config = { + systemd.services = servicesBack // servicesPusher; + services.nginx = mkIf (virtualHosts != {}) { + inherit virtualHosts; + enable = mkDefault true; + }; + }; + } diff --git a/workadventure.nix b/workadventure.nix deleted file mode 100644 index c972d40..0000000 --- a/workadventure.nix +++ /dev/null @@ -1,166 +0,0 @@ -# Workadventure NixOS module. - -{ config, lib, pkgs, ... }: - -with lib; - -let - instances = config.services.workadventure; - - urls = instanceConfig: if instanceConfig.nginx.domain != null then { - api = instanceConfig.nginx.domain + instanceConfig.frontend.urls.api; - uploader = instanceConfig.nginx.domain + instanceConfig.frontend.urls.uploader; - admin = instanceConfig.nginx.domain + instanceConfig.frontend.urls.admin; - maps = instanceConfig.nginx.domain + instanceConfig.frontend.urls.maps; - } else instanceConfig.urls; - - envCommonConfig = instanceConfig: with instanceConfig; { - SECRET_KEY = commonConfig.secretKey; - MINIMUM_DISTANCE = toString commonConfig.minimumDistance; - GROUP_RADIUS = toString commonConfig.groupRadius; - ALLOW_ARTILLERY = if commonConfig.allowArtillery then "true" else "false"; - MAX_USERS_PER_ROOM = toString commonConfig.maxUsersPerRoom; - CPU_OVERHEAT_THRESHOLD = toString commonConfig.cpuOverheatThreshold; - JITSI_URL = commonConfig.jitsi.url; - JITSI_ISS = commonConfig.jitsi.iss; - SECRET_JITSI_KEY = commonConfig.jitsi.secretKey; - SOCKET_IDLE_TIME = toString commonConfig.socketIdleTime; - }; - - servicesBack = mapAttrs' (instanceName: instanceConfig: { - name = "wa-back-${instanceName}"; - value = mkIf instanceConfig.backend.enable { - description = "WorkAdventure backend ${instanceName}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - # Hack to get node-grpc-precompiled to work on NixOS by adding getconf to - # $PATH. - # - # It uses node-pre-gyp which attempts to select the right native module - # via npmjs.com/package/detect-libc, which says 'yep, it's glibc' as long - # as `getconf GNU_LIBC_VERSION` returns something sensible. This happens - # during the build process (as stdenv.mkDerivation has enough of a glibc - # dev env to make it work) but doesn't happen on production deployments - # in which the environment is much more limited. This is regardless of - # actual glibc ABI presence wrt. to /nix/store vs. /usr/lib64 paths. - # - # This should be fixed in workadventure-nix. - path = [ - pkgs.getconf - ]; - environment = { - HTTP_PORT = toString instanceConfig.backend.httpPort; - GRPC_PORT = toString instanceConfig.backend.grpcPort; - } // envCommonConfig instanceConfig; - serviceConfig = { - User = "workadventure-backend"; - Group = "workadventure-backend"; - DynamicUser = true; # Note: this implies a lot of other security features. - ExecStart = "${instanceConfig.packageset.back}/bin/workadventureback"; - Restart = "always"; - RestartSec = "10s"; - }; - }; - } - ) instances; - - servicesPusher = mapAttrs' (instanceName: instanceConfig: - { - name = "wa-pusher-${instanceName}"; - value = mkIf instanceConfig.pusher.enable { - description = "WorkAdventure pusher ${instanceName}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - path = [ - pkgs.getconf - ]; - environment = { - PUSHER_HTTP_PORT = toString instanceConfig.pusher.port; - API_URL = "localhost:${toString instanceConfig.backend.grpcPort}"; - } // envCommonConfig instanceConfig; - serviceConfig = { - User = "workadventure-pusher"; - Group = "workadventure-pusher"; - DynamicUser = true; - ExecStart = "${instanceConfig.packageset.pusher}/bin/workadventurepusher"; - Restart = "always"; - RestartSec = "10s"; - }; - }; - } - ) instances; - - frontPackage = mapAttrs (instanceName: instanceConfig: - let fc = instanceConfig.frontend; - cc = instanceConfig.commonConfig; - in - instanceConfig.packageset.front.override { - environment = { - DEBUG_MODE = if fc.debugMode then "true" else "false"; # toString bool behaves weird - START_ROOM_URL = fc.startRoomUrl; - STUN_SERVER = cc.webrtc.stun.url; - TURN_SERVER = cc.webrtc.turn.url; - TURN_USER = cc.webrtc.turn.user; - TURN_PASSWORD = cc.webrtc.turn.password; - JITSI_URL = cc.jitsi.url; - JITSI_PRIVATE_MODE = if cc.jitsi.privateMode then "true" else "false"; - - API_URL = (urls instanceConfig).api; - UPDLOADER_URL = (urls instanceConfig).uploader; - ADMIN_URL = (urls instanceConfig).admin; - MAPS_URL = (urls instanceConfig).maps; - - RESOLUTION = fc.resolution; - ZOOM_LEVEL = fc.zoomLevel; - POSITION_DELAY = fc.positionDelay; - MAX_EXTRAPOLATION_TIME = fc.maxExtrapolationTime; - }; - } - ) instances; - - virtualHosts = mapAttrs (instanceName: instanceConfig: - mkIf instanceConfig.nginx.enable { - default = instanceConfig.nginx.default; - serverName = instanceConfig.nginx.domain; - root = frontPackage.${instanceName} + "/dist"; - locations = { - "/_/" = { - tryFiles = "/index.html =404"; - }; - - "/pusher/" = { - #proxyPass = "http://10.233.3.1:9000"; - proxyPass = "http://localhost:${toString instanceConfig.pusher.port}/"; - proxyWebsockets = true; - }; - - "/maps/" = mkIf instanceConfig.nginx.maps.serve { - alias = if instanceConfig.nginx.maps.path == null - then instanceConfig.packageset.maps.outPath + "/workadventuremaps" - else instanceConfig.nginx.maps.path; - }; - }; - } - ) instances; -in - { - options = { - services.workadventure = mkOption { - type = types.attrsOf (types.submodule (import ./instance-options.nix { - inherit config lib; - pkgs = import ./wapkgs.nix {inherit pkgs lib;}; - })); - default = {}; - description = "Declarative WorkAdventure instance config"; - }; - }; - - config = { - systemd.services = servicesBack // servicesPusher; - services.nginx = mkIf (virtualHosts != {}) { - inherit virtualHosts; - enable = mkDefault true; - }; - }; - } -- cgit v1.2.3