re-add void.hacc.space workadventure instance

This is meant as a fallback instance for the truelove event. The code was mostly hacked together from my own (by now defunct) deployment and the nixfiles left over from divoc. If I haven't missed anything, then even the turn server should function correctly.
2021-11-07 01:48:53 +01:00 · 2021-11-07 01:48:53 +01:00 · 20dabf703d
parent 5432503397
commit 20dabf703d
3 changed files with 87 additions and 1 deletions
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@ -21,6 +21,7 @@
    ../../services/gitlab-runner.nix
    ../../services/lantifa.nix
    ../../services/vaultwarden.nix
+    ../../services/workadventure.nix

    ./lxc.nix
  ];
--- a/nix/sources.json
+++ b/nix/sources.json
@ -100,7 +100,7 @@
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "workadventure": {
-        "branch": "master",
+        "ref": "master",
        "repo": "https://stuebinm.eu/git/workadventure-nix",
        "rev": "8db4bbc5eccaac218c68fb0853f1972dadd7a40c",
        "type": "git"
--- a/services/workadventure.nix
+++ b/services/workadventure.nix
@ -0,0 +1,85 @@
+{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }:
+let
+  wapkgs = "${sources.workadventure}/wapkgs.nix";
+in
+{
+  services.coturn = {
+    enable = true;
+    realm = "void.hacc.space";
+    no-cli = true;
+    lt-cred-mech = true;
+
+    extraConfig = ''
+      user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457
+      fingerprint
+      external-ip=116.203.185.253
+      server-name=void.hacc.space
+      prometheus
+    '';
+
+    cert = config.security.acme.certs."void.hacc.space".directory + "full.pem";
+    pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem";
+  };
+
+  networking.firewall = with config.services.coturn;
+    let
+      ports = [ listening-port tls-listening-port ];
+    in {
+      allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint
+      allowedUDPPorts = ports;
+      allowedUDPPortRanges = [
+        { from = min-port; to = max-port; }
+      ];
+    };
+
+
+  services.nginx.virtualHosts."void.hacc.space" = {
+    locations."/" = {
+      proxyPass = "http://192.168.150.3";
+      proxyWebsockets = true;
+    };
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  containers.wa-truelove = {
+
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.150.1";
+    localAddress = "192.168.150.3";
+
+
+    path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
+      boot.isContainer = true;
+      networking.useDHCP = false;
+      users.users.root.hashedPassword = "";
+
+      imports = [
+        "${sources.workadventure.outPath}/default.nix"
+        ((import sources.nix-hexchen) {}).profiles.nopersist
+      ];
+
+      services.workadventure."truelove" = {
+
+        packageset = (import wapkgs {inherit pkgs;}).workadventure-xce;
+
+        nginx = {
+          default = true;
+          domain = "void.hacc.space";
+        };
+
+        frontend.startRoomUrl = "/_/global/localhost/maps/main.json";
+        commonConfig = {
+          webrtc.stun.url = "stun:void.hacc.space:3478";
+          webrtc.turn = {
+            url = "turn:135.181.215.233";
+            user = "turn";
+            password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457";
+          };
+          jitsi.url = "meet.ffmuc.net";
+        };
+      };
+    })).config.system.build.toplevel;
+  };
+}