hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity

workadventure: update and manage sources with niv

Browse source 
Changes:
 - workadventure is now pulled from stuebinm.eu/git via niv, and
   should be updated automatically along with the other sources
 - the same is true for the default map, which gets pulled directly from
   its gitlab sources.
 - this setup may potentially break things if I decide to rename an
   option upstream, but I don't think that'll happen too often
 - made the code a little nicer
 - uses workadventure-xce now, since the tabascoeye version is now gone

Open for discussion:
 - afaik know, the current version of workadventure-xce now contains
   fediventure-specific patches. Do we want that, or should we switch
   to the unfederated version?
This commit is contained in:
stuebinm 2021-04-15 00:13:53 +02:00 committed by schweby
parent c3c3bca114
commit 6e36ff58e2
3 changed files with 65 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/hainich/configuration.nix
View file

@ -17,7 +17,7 @@
./services/lantifa.nix ./services/lantifa.nix
./services/syncthing.nix ./services/syncthing.nix
./services/monitoring.nix ./services/monitoring.nix
# ./services/workadventure.nix ./services/workadventure.nix
./services/minecraft.nix ./services/minecraft.nix
./services/mattermost.nix ./services/mattermost.nix
]; ];

56
hosts/hainich/services/workadventure.nix
View file

@ -1,50 +1,34 @@
{pkgs, lib, config, ...}: {pkgs, lib, config, ...}:
let let
wa-container-ip = "fd00::42:16"; sources = import ../../../nix/sources.nix {};
# this is a static "secret" that is also compiled into workadventure, # why the double outPath? Dunno, just niv things …
# so it seems ok to put it into the nix store workadventure-nix = sources.workadventure.outPath.outPath;
coturn-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f"; haccmap = sources.haccmap.outPath.outPath;
# domain on which workadventure is served
domain = "void.hacc.space";
# FUNFACT:
# the nixos-container module is sufficiently broken that if you move these
# fetchgits into the container config below, Nix will run into infinite recursion!
# contains the hacc assembly map
haccpkgssrc = pkgs.fetchgit {
url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
rev = "23a085b0386595f9e769ef3c182749cecc342ead";
sha256 = "199np37dkhk52lsjw0f9x2h9vfi86xs18gk5pfijs6pc1hr11scd";
};
# contains the workadventure module
workadventurenix = pkgs.fetchgit {
url = "https://stuebinm.eu/git/workadventure-nix";
rev = "5d61d1bcb2fe11a3ff469a4f3a1be1885218472d";
sha256 = "0yd46n8vdyszb59rclq5p1m9z6hvrgpq258cic5glnqsnya8885v";
};
haccpkgs = (import "${haccpkgssrc}/default.nix") {inherit pkgs lib;};
in in
{ {
# not the most intuitive of container names, but "workadventure" is too long # not the most intuitive of container names, but "workadventure" is too long
containers.wa-void = { containers.wa-void = {
config = {config, pkgs, ...}: { # we'll need the outer config to get the turn secret inside the container,
imports = [ workadventurenix.outPath ]; # and I'm feeling haskelly so config' it is!
config = let config' = config; in {config, pkgs, ...}: {
imports = [ workadventure-nix ];
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
services.workadventure."void.hacc.space" = { services.workadventure."void.hacc.space" = {
packageset = (import "${workadventurenix.outPath}/wapkgs.nix" {inherit pkgs lib;}).workadventure-tabascoeye; packageset = (
import "${workadventure-nix}/wapkgs.nix" {
inherit pkgs lib;
}
).workadventure-xce;
nginx = { nginx = {
default = true; default = true;
inherit domain; domain = "void.hacc.space";
maps = { maps = {
serve = true; serve = true;
path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/"; path = "${haccmap}/";
}; };
}; };
@ -55,7 +39,7 @@ in
webrtc.turn = { webrtc.turn = {
url = "turn:95.217.159.23"; url = "turn:95.217.159.23";
user = "turn"; user = "turn";
password = coturn-auth-secret; password = config'.services.coturn.static-auth-secret;
}; };
jitsi.url = "meet.ffmuc.net"; jitsi.url = "meet.ffmuc.net";
}; };
@ -64,7 +48,7 @@ in
privateNetwork = true; privateNetwork = true;
hostAddress6 = "fd00::42:14"; hostAddress6 = "fd00::42:14";
localAddress6 = wa-container-ip; localAddress6 = "fd00::42:16";
autoStart = true; autoStart = true;
@ -73,7 +57,9 @@ in
services.coturn = { services.coturn = {
enable = true; enable = true;
realm = "turn.hacc.space"; realm = "turn.hacc.space";
static-auth-secret = coturn-auth-secret; # this is a static "secret" that is also compiled into workadventure,
# so it seems ok to put it into the nix store
static-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f";
use-auth-secret = true; use-auth-secret = true;
no-cli = true; no-cli = true;
no-tcp-relay = true; no-tcp-relay = true;
@ -88,7 +74,7 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://[${wa-container-ip}]"; proxyPass = "http://[${config.containers.wa-void.localAddress6}]";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

12
nix/sources.json
View file

@ -1,4 +1,10 @@
{ {
"haccmap": {
"ref": "master",
"repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map",
"rev": "3b99ee7e5bb2f27044784d03572da77d39cb2427",
"type": "git"
},
"home-manager": { "home-manager": {
"branch": "release-20.09", "branch": "release-20.09",
"description": "Manage a user environment using Nix [maintainer=@rycee] ", "description": "Manage a user environment using Nix [maintainer=@rycee] ",
@ -67,5 +73,11 @@
"repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git", "repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
"rev": "c3b08fe355d08facf2b2d2f0f96050892242cd38", "rev": "c3b08fe355d08facf2b2d2f0f96050892242cd38",
"type": "git" "type": "git"
},
"workadventure": {
"ref": "master",
"repo": "https://stuebinm.eu/git/workadventure-nix",
"rev": "cbe9196fba75be98569d7504e7c1d091bcbf053e",
"type": "git"
} }
} }