From dcb004c8b371decec6c7916f8103c39a6261be21 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sun, 7 Nov 2021 01:48:53 +0100 Subject: [PATCH 1/4] re-add void.hacc.space workadventure instance This is meant as a fallback instance for the truelove event. The code was mostly hacked together from my own (by now defunct) deployment and the nixfiles left over from divoc. If I haven't missed anything, then even the turn server should function correctly. --- hosts/parsons/configuration.nix | 1 + services/workadventure.nix | 85 +++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 services/workadventure.nix diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index bff67ea..e08d403 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -21,6 +21,7 @@ ../../services/gitlab-runner.nix ../../services/lantifa.nix ../../services/vaultwarden.nix + ../../services/workadventure.nix ./lxc.nix ]; diff --git a/services/workadventure.nix b/services/workadventure.nix new file mode 100644 index 0000000..589130b --- /dev/null +++ b/services/workadventure.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }: +let + wapkgs = "${sources.workadventure}/wapkgs.nix"; +in +{ + services.coturn = { + enable = true; + realm = "void.hacc.space"; + no-cli = true; + lt-cred-mech = true; + + extraConfig = '' + user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457 + fingerprint + external-ip=116.203.185.253 + server-name=void.hacc.space + prometheus + ''; + + cert = config.security.acme.certs."void.hacc.space".directory + "full.pem"; + pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem"; + }; + + networking.firewall = with config.services.coturn; + let + ports = [ listening-port tls-listening-port ]; + in { + allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint + allowedUDPPorts = ports; + allowedUDPPortRanges = [ + { from = min-port; to = max-port; } + ]; + }; + + + services.nginx.virtualHosts."void.hacc.space" = { + locations."/" = { + proxyPass = "http://192.168.150.3"; + proxyWebsockets = true; + }; + enableACME = true; + forceSSL = true; + }; + + containers.wa-truelove = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.150.1"; + localAddress = "192.168.150.3"; + + + path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { + boot.isContainer = true; + networking.useDHCP = false; + users.users.root.hashedPassword = ""; + + imports = [ + "${sources.workadventure.outPath}/default.nix" + ((import sources.nix-hexchen) {}).profiles.nopersist + ]; + + services.workadventure."truelove" = { + + packageset = (import wapkgs {inherit pkgs;}).workadventure-xce; + + nginx = { + default = true; + domain = "void.hacc.space"; + }; + + frontend.startRoomUrl = "/_/global/localhost/maps/main.json"; + commonConfig = { + webrtc.stun.url = "stun:void.hacc.space:3478"; + webrtc.turn = { + url = "turn:135.181.215.233"; + user = "turn"; + password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457"; + }; + jitsi.url = "meet.ffmuc.net"; + }; + }; + })).config.system.build.toplevel; + }; +} From a5fa6fe0f9d7c2c373cc95666df7f79260001208 Mon Sep 17 00:00:00 2001 From: octycs Date: Sun, 7 Nov 2021 18:08:03 +0100 Subject: [PATCH 2/4] Fix domain. Else WA requests stuff from https://void.hacc.space/void.hacc.space/stuff --- services/workadventure.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/workadventure.nix b/services/workadventure.nix index 589130b..47009a2 100644 --- a/services/workadventure.nix +++ b/services/workadventure.nix @@ -66,7 +66,7 @@ in nginx = { default = true; - domain = "void.hacc.space"; + domain = "https://void.hacc.space"; }; frontend.startRoomUrl = "/_/global/localhost/maps/main.json"; From d1800661036109d963ba0d3de564027dd6dc48d1 Mon Sep 17 00:00:00 2001 From: octycs Date: Sun, 7 Nov 2021 20:34:22 +0100 Subject: [PATCH 3/4] Update config for the true-love project --- services/workadventure.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/workadventure.nix b/services/workadventure.nix index 47009a2..84a676c 100644 --- a/services/workadventure.nix +++ b/services/workadventure.nix @@ -37,6 +37,11 @@ in locations."/" = { proxyPass = "http://192.168.150.3"; proxyWebsockets = true; + extraConfig = '' + allow 23.88.116.81; + allow 2a01:4f8:c17:86ba::1; + deny all; + ''; }; enableACME = true; forceSSL = true; @@ -66,7 +71,7 @@ in nginx = { default = true; - domain = "https://void.hacc.space"; + domain = "https://true-love.world.hacc.space"; }; frontend.startRoomUrl = "/_/global/localhost/maps/main.json"; From cb6e48f59cf5a9ad2d78f8f213d29e84fd09499f Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sun, 7 Nov 2021 21:04:31 +0100 Subject: [PATCH 4/4] coturn: fix ip address --- services/workadventure.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/workadventure.nix b/services/workadventure.nix index 84a676c..63c6a21 100644 --- a/services/workadventure.nix +++ b/services/workadventure.nix @@ -12,7 +12,7 @@ in extraConfig = '' user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457 fingerprint - external-ip=116.203.185.253 + external-ip=135.181.215.233 server-name=void.hacc.space prometheus '';