workadventure: update and manage sources with niv

Changes: - workadventure is now pulled from stuebinm.eu/git via niv, and should be updated automatically along with the other sources - the same is true for the default map, which gets pulled directly from its gitlab sources. - this setup may potentially break things if I decide to rename an option upstream, but I don't think that'll happen too often - made the code a little nicer - uses workadventure-xce now, since the tabascoeye version is now gone Open for discussion: - afaik know, the current version of workadventure-xce now contains fediventure-specific patches. Do we want that, or should we switch to the unfederated version?
2021-04-15 00:13:53 +02:00 · 2021-04-15 00:13:53 +02:00 · 6e36ff58e2
parent c3c3bca114
commit 6e36ff58e2
3 changed files with 65 additions and 67 deletions
--- a/hosts/hainich/configuration.nix
+++ b/hosts/hainich/configuration.nix
@ -17,7 +17,7 @@
    ./services/lantifa.nix
    ./services/syncthing.nix
    ./services/monitoring.nix
-#   ./services/workadventure.nix
+    ./services/workadventure.nix
    ./services/minecraft.nix
    ./services/mattermost.nix
  ];
--- a/hosts/hainich/services/workadventure.nix
+++ b/hosts/hainich/services/workadventure.nix
@ -1,79 +1,65 @@
 {pkgs, lib, config, ...}:

 let
-  wa-container-ip = "fd00::42:16";
-  # this is a static "secret" that is also compiled into workadventure,
-  # so it seems ok to put it into the nix store
-  coturn-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f";
-  # domain on which workadventure is served
-  domain = "void.hacc.space";
-
-
-  # FUNFACT:
-  # the nixos-container module is sufficiently broken that if you move these
-  # fetchgits into the container config below, Nix will run into infinite recursion!
-  
-  # contains the hacc assembly map
-  haccpkgssrc = pkgs.fetchgit {
-    url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
-    rev = "23a085b0386595f9e769ef3c182749cecc342ead";
-    sha256 = "199np37dkhk52lsjw0f9x2h9vfi86xs18gk5pfijs6pc1hr11scd";
-  };
-  # contains the workadventure module
-  workadventurenix = pkgs.fetchgit {
-    url = "https://stuebinm.eu/git/workadventure-nix";
-    rev = "5d61d1bcb2fe11a3ff469a4f3a1be1885218472d";
-    sha256 = "0yd46n8vdyszb59rclq5p1m9z6hvrgpq258cic5glnqsnya8885v";
-  };
-  haccpkgs = (import "${haccpkgssrc}/default.nix") {inherit pkgs lib;};
-
+  sources = import ../../../nix/sources.nix {};
+  # why the double outPath? Dunno, just niv things …
+  workadventure-nix = sources.workadventure.outPath.outPath;
+  haccmap = sources.haccmap.outPath.outPath;
 in
 {
  # not the most intuitive of container names, but "workadventure" is too long
  containers.wa-void = {
-    
-    config = {config, pkgs, ...}: {
-        imports = [ workadventurenix.outPath ];
-        networking.firewall.allowedTCPPorts = [ 80 ];

-        services.workadventure."void.hacc.space" = {
-          packageset = (import "${workadventurenix.outPath}/wapkgs.nix" {inherit pkgs lib;}).workadventure-tabascoeye;
+    # we'll need the outer config to get the turn secret inside the container,
+    # and I'm feeling haskelly so config' it is!
+    config = let config' = config; in {config, pkgs, ...}: {
+      imports = [ workadventure-nix ];
+      networking.firewall.allowedTCPPorts = [ 80 ];

-          nginx = {
-            default = true;
-            inherit domain;
-            maps = {
-              serve = true;
-              path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
-            };
-          };
-          
-          frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
+      services.workadventure."void.hacc.space" = {
+        packageset = (
+          import "${workadventure-nix}/wapkgs.nix" {
+            inherit pkgs lib;
+          }
+        ).workadventure-xce;

-          commonConfig = {
-            webrtc.stun.url = "stun:turn.hacc.space:3478";
-            webrtc.turn = {
-              url = "turn:95.217.159.23";
-              user = "turn";
-              password = coturn-auth-secret;
-            };
-            jitsi.url = "meet.ffmuc.net";
+        nginx = {
+          default = true;
+          domain = "void.hacc.space";
+          maps = {
+            serve = true;
+            path = "${haccmap}/";
          };
        };
+
+        frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
+
+        commonConfig = {
+          webrtc.stun.url = "stun:turn.hacc.space:3478";
+          webrtc.turn = {
+            url = "turn:95.217.159.23";
+            user = "turn";
+            password = config'.services.coturn.static-auth-secret;
+          };
+          jitsi.url = "meet.ffmuc.net";
+        };
      };
-    
+    };
+
    privateNetwork = true;
    hostAddress6 = "fd00::42:14";
-    localAddress6 = wa-container-ip;
+    localAddress6 = "fd00::42:16";

    autoStart = true;

  };
-  
+
  services.coturn = {
    enable = true;
    realm = "turn.hacc.space";
-    static-auth-secret = coturn-auth-secret;
+    # this is a static "secret" that is also compiled into workadventure,
+    # so it seems ok to put it into the nix store
+    static-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f";
    use-auth-secret = true;
    no-cli = true;
    no-tcp-relay = true;
@ -82,13 +68,13 @@ in
    pkey = config.security.acme.certs."turn.hacc.space".directory + "key.pem";
  };

-  
+
  services.nginx = {
    virtualHosts."void.hacc.space" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
-        proxyPass = "http://[${wa-container-ip}]";
+        proxyPass = "http://[${config.containers.wa-void.localAddress6}]";
        proxyWebsockets = true;
      };
    };
@ -99,18 +85,18 @@ in
      forceSSL = true;
    };
  };
-  
+

  networking.firewall = with config.services.coturn;
-    let 
-      ports = [ listening-port tls-listening-port ];
-    in {
-      allowedTCPPorts = [ 80 ] ++ ports;
-      allowedUDPPorts = ports;
-      allowedUDPPortRanges = [
-        { from = min-port; to = max-port; }
-      ];
-    };
+  let
+  ports = [ listening-port tls-listening-port ];
+  in {
+    allowedTCPPorts = [ 80 ] ++ ports;
+    allowedUDPPorts = ports;
+    allowedUDPPortRanges = [
+      { from = min-port; to = max-port; }
+    ];
+  };

 }

--- a/nix/sources.json
+++ b/nix/sources.json
@ -1,4 +1,10 @@
 {
+    "haccmap": {
+        "ref": "master",
+        "repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map",
+        "rev": "3b99ee7e5bb2f27044784d03572da77d39cb2427",
+        "type": "git"
+    },
    "home-manager": {
        "branch": "release-20.09",
        "description": "Manage a user environment using Nix  [maintainer=@rycee] ",
@ -67,5 +73,11 @@
        "repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
        "rev": "c3b08fe355d08facf2b2d2f0f96050892242cd38",
        "type": "git"
+    },
+    "workadventure": {
+        "ref": "master",
+        "repo": "https://stuebinm.eu/git/workadventure-nix",
+        "rev": "cbe9196fba75be98569d7504e7c1d091bcbf053e",
+        "type": "git"
    }
 }