hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity
haccfiles/services/haccvoc-stage.nix
stuebinm 163229b057
haccvoc: stage website 
this is a possibly horrible idea, but I used nix to generate a jekyll
config for a jekyll generating a website which can display videos, so if
we want we can now set the whole website up by adjusting some Nix config
things (okay, I'll admit that mostly I wasn't in the mood for gitlab pages …)

Anyways, features of the web site:
 - shows videos (using videojs, loaded locally)
 - has a chat iframe
 - has a dark mode, displays hint if javascript is disabled (on how to
   watch the stream outside a browser / how to join the chat), the WAVE
   checker doesn't complain too much about it
 - looks somewhat reasonable on all sizes my laptop's screen can display
   (and hopefully elsewhere, too)
 - very, very bad default texts so hopefully we won't forget to change any
 - literally nothing else, not even a font
2021-08-26 22:36:45 +02:00

127 lines
3.4 KiB
Nix
Raw Blame History

{ config, lib, pkgs, evalConfig, ... }:
let
# necessary since overlays won't propagate into the
# container's config
thelounge = pkgs.thelounge-hacked;
website = import ../../../pkgs/haccvoc-stage {
inherit pkgs;
config = {
baseurl = "";
meta = {
title = "noIAA Livestream dings";
description = "Die Workshops auf der noIAA Gegenkonferenz als Livestream";
};
# should be able to use anything videojs understands
videosrc = "https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-11175-deu-eng-fra-Hirne_Hacken_hd.mp4";
header = "Video dingsbums #noIAA";
irc = {
webchat = "https://webchat.voc.hacc.space";
# used for a fallback text in case js is disabled
room = "#hacc-webchat";
server = "irc.libera.chat";
};
description = {
title = "Dingsbeschreibung";
text = ''
<p>Lorem Ipsum dolor sit amet consecutetur ...</p>
'';
};
footer = {
text = "für mehr <a href='https://ccc.de'>chaos</a> in der welt!";
imprint = "lalala was ist ein Impressum?";
};
};
};
in
{
containers.thelounge = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.4";
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.thelounge = {
enable = true;
extraConfig = {
public = true;
# respect X-Forwarded-For
reverseProxy = true;
defaults = {
name = "libera chat";
host = "irc.eu.libera.chat";
port = 6697;
# encrypt things!
tls = true;
# yes, please do actually check the cert …
rejectUnauthorized = true;
nick = "haccGuest%%%%";
join = "#hacc-webchat";
};
lockNetwork = true;
# don't log messages (default is text / sqlite)
messageStorage = [];
# darker theme
#theme = "morning";
# these three should result in having link previews
# which are fetched only by the server, then proxied
# (i.e. clients won't directly connect to arbitrary
# domains to get previews)
prefetch = true;
prefetchStorage = true;
disableMediaPreview = true;
leaveMessage = "happy haccing";
};
};
# override the package we use
systemd.services.thelounge.serviceConfig.ExecStart =
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."webchat.voc.hacc.space" = {
locations."/".proxyPass =
"http://${config.containers.thelounge.localAddress}:9000";
enableACME = true;
forceSSL = true;
};
services.nginx.virtualHosts."live.hacc.space" = {
locations."/".root = website;
enableACME = true;
forceSSL = true;
};
}
Reference in a new issue View git blame Copy permalink