forked from hacc/haccfiles
workadventure: update and manage sources with niv
Changes: - workadventure is now pulled from stuebinm.eu/git via niv, and should be updated automatically along with the other sources - the same is true for the default map, which gets pulled directly from its gitlab sources. - this setup may potentially break things if I decide to rename an option upstream, but I don't think that'll happen too often - made the code a little nicer - uses workadventure-xce now, since the tabascoeye version is now gone Open for discussion: - afaik know, the current version of workadventure-xce now contains fediventure-specific patches. Do we want that, or should we switch to the unfederated version?
This commit is contained in:
parent
c3c3bca114
commit
6e36ff58e2
3 changed files with 65 additions and 67 deletions
|
@ -17,7 +17,7 @@
|
|||
./services/lantifa.nix
|
||||
./services/syncthing.nix
|
||||
./services/monitoring.nix
|
||||
# ./services/workadventure.nix
|
||||
./services/workadventure.nix
|
||||
./services/minecraft.nix
|
||||
./services/mattermost.nix
|
||||
];
|
||||
|
|
|
@ -1,79 +1,65 @@
|
|||
{pkgs, lib, config, ...}:
|
||||
|
||||
let
|
||||
wa-container-ip = "fd00::42:16";
|
||||
# this is a static "secret" that is also compiled into workadventure,
|
||||
# so it seems ok to put it into the nix store
|
||||
coturn-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f";
|
||||
# domain on which workadventure is served
|
||||
domain = "void.hacc.space";
|
||||
|
||||
|
||||
# FUNFACT:
|
||||
# the nixos-container module is sufficiently broken that if you move these
|
||||
# fetchgits into the container config below, Nix will run into infinite recursion!
|
||||
|
||||
# contains the hacc assembly map
|
||||
haccpkgssrc = pkgs.fetchgit {
|
||||
url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc";
|
||||
rev = "23a085b0386595f9e769ef3c182749cecc342ead";
|
||||
sha256 = "199np37dkhk52lsjw0f9x2h9vfi86xs18gk5pfijs6pc1hr11scd";
|
||||
};
|
||||
# contains the workadventure module
|
||||
workadventurenix = pkgs.fetchgit {
|
||||
url = "https://stuebinm.eu/git/workadventure-nix";
|
||||
rev = "5d61d1bcb2fe11a3ff469a4f3a1be1885218472d";
|
||||
sha256 = "0yd46n8vdyszb59rclq5p1m9z6hvrgpq258cic5glnqsnya8885v";
|
||||
};
|
||||
haccpkgs = (import "${haccpkgssrc}/default.nix") {inherit pkgs lib;};
|
||||
|
||||
sources = import ../../../nix/sources.nix {};
|
||||
# why the double outPath? Dunno, just niv things …
|
||||
workadventure-nix = sources.workadventure.outPath.outPath;
|
||||
haccmap = sources.haccmap.outPath.outPath;
|
||||
in
|
||||
{
|
||||
# not the most intuitive of container names, but "workadventure" is too long
|
||||
containers.wa-void = {
|
||||
|
||||
config = {config, pkgs, ...}: {
|
||||
imports = [ workadventurenix.outPath ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
|
||||
services.workadventure."void.hacc.space" = {
|
||||
packageset = (import "${workadventurenix.outPath}/wapkgs.nix" {inherit pkgs lib;}).workadventure-tabascoeye;
|
||||
# we'll need the outer config to get the turn secret inside the container,
|
||||
# and I'm feeling haskelly so config' it is!
|
||||
config = let config' = config; in {config, pkgs, ...}: {
|
||||
imports = [ workadventure-nix ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
|
||||
nginx = {
|
||||
default = true;
|
||||
inherit domain;
|
||||
maps = {
|
||||
serve = true;
|
||||
path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/";
|
||||
};
|
||||
};
|
||||
|
||||
frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
|
||||
services.workadventure."void.hacc.space" = {
|
||||
packageset = (
|
||||
import "${workadventure-nix}/wapkgs.nix" {
|
||||
inherit pkgs lib;
|
||||
}
|
||||
).workadventure-xce;
|
||||
|
||||
commonConfig = {
|
||||
webrtc.stun.url = "stun:turn.hacc.space:3478";
|
||||
webrtc.turn = {
|
||||
url = "turn:95.217.159.23";
|
||||
user = "turn";
|
||||
password = coturn-auth-secret;
|
||||
};
|
||||
jitsi.url = "meet.ffmuc.net";
|
||||
nginx = {
|
||||
default = true;
|
||||
domain = "void.hacc.space";
|
||||
maps = {
|
||||
serve = true;
|
||||
path = "${haccmap}/";
|
||||
};
|
||||
};
|
||||
|
||||
frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
|
||||
|
||||
commonConfig = {
|
||||
webrtc.stun.url = "stun:turn.hacc.space:3478";
|
||||
webrtc.turn = {
|
||||
url = "turn:95.217.159.23";
|
||||
user = "turn";
|
||||
password = config'.services.coturn.static-auth-secret;
|
||||
};
|
||||
jitsi.url = "meet.ffmuc.net";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
privateNetwork = true;
|
||||
hostAddress6 = "fd00::42:14";
|
||||
localAddress6 = wa-container-ip;
|
||||
localAddress6 = "fd00::42:16";
|
||||
|
||||
autoStart = true;
|
||||
|
||||
};
|
||||
|
||||
|
||||
services.coturn = {
|
||||
enable = true;
|
||||
realm = "turn.hacc.space";
|
||||
static-auth-secret = coturn-auth-secret;
|
||||
# this is a static "secret" that is also compiled into workadventure,
|
||||
# so it seems ok to put it into the nix store
|
||||
static-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f";
|
||||
use-auth-secret = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
|
@ -82,13 +68,13 @@ in
|
|||
pkey = config.security.acme.certs."turn.hacc.space".directory + "key.pem";
|
||||
};
|
||||
|
||||
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."void.hacc.space" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://[${wa-container-ip}]";
|
||||
proxyPass = "http://[${config.containers.wa-void.localAddress6}]";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
@ -99,18 +85,18 @@ in
|
|||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
networking.firewall = with config.services.coturn;
|
||||
let
|
||||
ports = [ listening-port tls-listening-port ];
|
||||
in {
|
||||
allowedTCPPorts = [ 80 ] ++ ports;
|
||||
allowedUDPPorts = ports;
|
||||
allowedUDPPortRanges = [
|
||||
{ from = min-port; to = max-port; }
|
||||
];
|
||||
};
|
||||
let
|
||||
ports = [ listening-port tls-listening-port ];
|
||||
in {
|
||||
allowedTCPPorts = [ 80 ] ++ ports;
|
||||
allowedUDPPorts = ports;
|
||||
allowedUDPPortRanges = [
|
||||
{ from = min-port; to = max-port; }
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{
|
||||
"haccmap": {
|
||||
"ref": "master",
|
||||
"repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map",
|
||||
"rev": "3b99ee7e5bb2f27044784d03572da77d39cb2427",
|
||||
"type": "git"
|
||||
},
|
||||
"home-manager": {
|
||||
"branch": "release-20.09",
|
||||
"description": "Manage a user environment using Nix [maintainer=@rycee] ",
|
||||
|
@ -67,5 +73,11 @@
|
|||
"repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
|
||||
"rev": "c3b08fe355d08facf2b2d2f0f96050892242cd38",
|
||||
"type": "git"
|
||||
},
|
||||
"workadventure": {
|
||||
"ref": "master",
|
||||
"repo": "https://stuebinm.eu/git/workadventure-nix",
|
||||
"rev": "cbe9196fba75be98569d7504e7c1d091bcbf053e",
|
||||
"type": "git"
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue