stuebinm
163229b057
this is a possibly horrible idea, but I used nix to generate a jekyll config for a jekyll generating a website which can display videos, so if we want we can now set the whole website up by adjusting some Nix config things (okay, I'll admit that mostly I wasn't in the mood for gitlab pages …) Anyways, features of the web site: - shows videos (using videojs, loaded locally) - has a chat iframe - has a dark mode, displays hint if javascript is disabled (on how to watch the stream outside a browser / how to join the chat), the WAVE checker doesn't complain too much about it - looks somewhat reasonable on all sizes my laptop's screen can display (and hopefully elsewhere, too) - very, very bad default texts so hopefully we won't forget to change any - literally nothing else, not even a font
127 lines
3.4 KiB
Nix
127 lines
3.4 KiB
Nix
{ config, lib, pkgs, evalConfig, ... }:
|
|
|
|
let
|
|
# necessary since overlays won't propagate into the
|
|
# container's config
|
|
thelounge = pkgs.thelounge-hacked;
|
|
|
|
website = import ../../../pkgs/haccvoc-stage {
|
|
inherit pkgs;
|
|
config = {
|
|
baseurl = "";
|
|
meta = {
|
|
title = "noIAA Livestream dings";
|
|
description = "Die Workshops auf der noIAA Gegenkonferenz als Livestream";
|
|
};
|
|
|
|
# should be able to use anything videojs understands
|
|
videosrc = "https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-11175-deu-eng-fra-Hirne_Hacken_hd.mp4";
|
|
header = "Video dingsbums #noIAA";
|
|
|
|
irc = {
|
|
webchat = "https://webchat.voc.hacc.space";
|
|
# used for a fallback text in case js is disabled
|
|
room = "#hacc-webchat";
|
|
server = "irc.libera.chat";
|
|
};
|
|
|
|
description = {
|
|
title = "Dingsbeschreibung";
|
|
text = ''
|
|
<p>Lorem Ipsum dolor sit amet consecutetur ...</p>
|
|
'';
|
|
};
|
|
|
|
footer = {
|
|
text = "für mehr <a href='https://ccc.de'>chaos</a> in der welt!";
|
|
imprint = "lalala was ist ein Impressum?";
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
containers.thelounge = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.1";
|
|
localAddress = "192.168.100.4";
|
|
|
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
|
boot.isContainer = true;
|
|
networking.useDHCP = false;
|
|
users.users.root.hashedPassword = "";
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
networking.firewall.enable = false;
|
|
networking.defaultGateway = {
|
|
address = "192.168.100.1";
|
|
interface = "eth0";
|
|
};
|
|
|
|
services.thelounge = {
|
|
enable = true;
|
|
|
|
extraConfig = {
|
|
public = true;
|
|
# respect X-Forwarded-For
|
|
reverseProxy = true;
|
|
defaults = {
|
|
name = "libera chat";
|
|
host = "irc.eu.libera.chat";
|
|
port = 6697;
|
|
# encrypt things!
|
|
tls = true;
|
|
# yes, please do actually check the cert …
|
|
rejectUnauthorized = true;
|
|
nick = "haccGuest%%%%";
|
|
join = "#hacc-webchat";
|
|
};
|
|
lockNetwork = true;
|
|
|
|
# don't log messages (default is text / sqlite)
|
|
messageStorage = [];
|
|
|
|
# darker theme
|
|
#theme = "morning";
|
|
|
|
# these three should result in having link previews
|
|
# which are fetched only by the server, then proxied
|
|
# (i.e. clients won't directly connect to arbitrary
|
|
# domains to get previews)
|
|
prefetch = true;
|
|
prefetchStorage = true;
|
|
disableMediaPreview = true;
|
|
|
|
leaveMessage = "happy haccing";
|
|
};
|
|
};
|
|
|
|
# override the package we use
|
|
systemd.services.thelounge.serviceConfig.ExecStart =
|
|
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
|
|
|
|
services.coredns = {
|
|
enable = true;
|
|
config = ''
|
|
.:53 {
|
|
forward . 1.1.1.1
|
|
}
|
|
'';
|
|
};
|
|
})).config.system.build.toplevel;
|
|
};
|
|
|
|
services.nginx.virtualHosts."webchat.voc.hacc.space" = {
|
|
locations."/".proxyPass =
|
|
"http://${config.containers.thelounge.localAddress}:9000";
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
|
|
services.nginx.virtualHosts."live.hacc.space" = {
|
|
locations."/".root = website;
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
}
|