stuebinm
16245e830f
This removes the special configuration to make our workadventure useable for the truelove event and reverts it to just run at void.hacc.space without authentication etc. Tbh, not sure if that's actually what we want — do we need a running workadventure instance at all? Or should we just remove the entire container?
86 lines
2.3 KiB
Nix
86 lines
2.3 KiB
Nix
{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }:
|
|
let
|
|
wapkgs = "${sources.workadventure}/wapkgs.nix";
|
|
in
|
|
{
|
|
services.coturn = {
|
|
enable = true;
|
|
realm = "void.hacc.space";
|
|
no-cli = true;
|
|
lt-cred-mech = true;
|
|
|
|
extraConfig = ''
|
|
user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457
|
|
fingerprint
|
|
external-ip=135.181.215.233
|
|
server-name=void.hacc.space
|
|
prometheus
|
|
'';
|
|
|
|
cert = config.security.acme.certs."void.hacc.space".directory + "full.pem";
|
|
pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem";
|
|
};
|
|
|
|
networking.firewall = with config.services.coturn;
|
|
let
|
|
ports = [ listening-port tls-listening-port ];
|
|
in {
|
|
allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint
|
|
allowedUDPPorts = ports;
|
|
allowedUDPPortRanges = [
|
|
{ from = min-port; to = max-port; }
|
|
];
|
|
};
|
|
|
|
|
|
services.nginx.virtualHosts."void.hacc.space" = {
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.150.3";
|
|
proxyWebsockets = true;
|
|
};
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
|
|
containers.wa-void = {
|
|
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.150.1";
|
|
localAddress = "192.168.150.3";
|
|
|
|
|
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
|
boot.isContainer = true;
|
|
networking.useDHCP = false;
|
|
users.users.root.hashedPassword = "";
|
|
|
|
imports = [
|
|
"${sources.workadventure.outPath}/default.nix"
|
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
|
];
|
|
|
|
services.workadventure."void" = {
|
|
|
|
packageset = (import wapkgs {inherit pkgs;}).workadventure-xce;
|
|
|
|
nginx = {
|
|
default = true;
|
|
domain = "https://void.hacc.space";
|
|
};
|
|
|
|
frontend.startRoomUrl = "/_/global/localhost/maps/main.json";
|
|
commonConfig = {
|
|
webrtc.stun.url = "stun:void.hacc.space:3478";
|
|
webrtc.turn = {
|
|
url = "turn:135.181.215.233";
|
|
user = "turn";
|
|
password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457";
|
|
};
|
|
jitsi.url = "meet.ffmuc.net";
|
|
};
|
|
};
|
|
})).config.system.build.toplevel;
|
|
};
|
|
}
|