From 6563e0ccfa785bd52ce5ecaf169adf41837e9d4f Mon Sep 17 00:00:00 2001 From: stuebinm Date: Tue, 9 Nov 2021 17:02:43 +0000 Subject: [PATCH] add services/workadventure for true-love event --- hosts/parsons/configuration.nix | 1 + services/workadventure.nix | 90 +++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 services/workadventure.nix diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index bff67ea..e08d403 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -21,6 +21,7 @@ ../../services/gitlab-runner.nix ../../services/lantifa.nix ../../services/vaultwarden.nix + ../../services/workadventure.nix ./lxc.nix ]; diff --git a/services/workadventure.nix b/services/workadventure.nix new file mode 100644 index 0000000..63c6a21 --- /dev/null +++ b/services/workadventure.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }: +let + wapkgs = "${sources.workadventure}/wapkgs.nix"; +in +{ + services.coturn = { + enable = true; + realm = "void.hacc.space"; + no-cli = true; + lt-cred-mech = true; + + extraConfig = '' + user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457 + fingerprint + external-ip=135.181.215.233 + server-name=void.hacc.space + prometheus + ''; + + cert = config.security.acme.certs."void.hacc.space".directory + "full.pem"; + pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem"; + }; + + networking.firewall = with config.services.coturn; + let + ports = [ listening-port tls-listening-port ]; + in { + allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint + allowedUDPPorts = ports; + allowedUDPPortRanges = [ + { from = min-port; to = max-port; } + ]; + }; + + + services.nginx.virtualHosts."void.hacc.space" = { + locations."/" = { + proxyPass = "http://192.168.150.3"; + proxyWebsockets = true; + extraConfig = '' + allow 23.88.116.81; + allow 2a01:4f8:c17:86ba::1; + deny all; + ''; + }; + enableACME = true; + forceSSL = true; + }; + + containers.wa-truelove = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.150.1"; + localAddress = "192.168.150.3"; + + + path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { + boot.isContainer = true; + networking.useDHCP = false; + users.users.root.hashedPassword = ""; + + imports = [ + "${sources.workadventure.outPath}/default.nix" + ((import sources.nix-hexchen) {}).profiles.nopersist + ]; + + services.workadventure."truelove" = { + + packageset = (import wapkgs {inherit pkgs;}).workadventure-xce; + + nginx = { + default = true; + domain = "https://true-love.world.hacc.space"; + }; + + frontend.startRoomUrl = "/_/global/localhost/maps/main.json"; + commonConfig = { + webrtc.stun.url = "stun:void.hacc.space:3478"; + webrtc.turn = { + url = "turn:135.181.215.233"; + user = "turn"; + password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457"; + }; + jitsi.url = "meet.ffmuc.net"; + }; + }; + })).config.system.build.toplevel; + }; +}