diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix index bd4b75a..4c7ad8a 100644 --- a/hosts/hainich/configuration.nix +++ b/hosts/hainich/configuration.nix @@ -17,7 +17,7 @@ ./services/lantifa.nix ./services/syncthing.nix ./services/monitoring.nix -# ./services/workadventure.nix + ./services/workadventure.nix ./services/minecraft.nix ./services/mattermost.nix ]; diff --git a/hosts/hainich/services/workadventure.nix b/hosts/hainich/services/workadventure.nix index a947317..643f7f5 100644 --- a/hosts/hainich/services/workadventure.nix +++ b/hosts/hainich/services/workadventure.nix @@ -1,79 +1,65 @@ {pkgs, lib, config, ...}: let - wa-container-ip = "fd00::42:16"; - # this is a static "secret" that is also compiled into workadventure, - # so it seems ok to put it into the nix store - coturn-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f"; - # domain on which workadventure is served - domain = "void.hacc.space"; - - - # FUNFACT: - # the nixos-container module is sufficiently broken that if you move these - # fetchgits into the container config below, Nix will run into infinite recursion! - - # contains the hacc assembly map - haccpkgssrc = pkgs.fetchgit { - url = "https://gitlab.infra4future.de/stuebinm/workadventure-nix-hacc"; - rev = "23a085b0386595f9e769ef3c182749cecc342ead"; - sha256 = "199np37dkhk52lsjw0f9x2h9vfi86xs18gk5pfijs6pc1hr11scd"; - }; - # contains the workadventure module - workadventurenix = pkgs.fetchgit { - url = "https://stuebinm.eu/git/workadventure-nix"; - rev = "5d61d1bcb2fe11a3ff469a4f3a1be1885218472d"; - sha256 = "0yd46n8vdyszb59rclq5p1m9z6hvrgpq258cic5glnqsnya8885v"; - }; - haccpkgs = (import "${haccpkgssrc}/default.nix") {inherit pkgs lib;}; - + sources = import ../../../nix/sources.nix {}; + # why the double outPath? Dunno, just niv things … + workadventure-nix = sources.workadventure.outPath.outPath; + haccmap = sources.haccmap.outPath.outPath; in { # not the most intuitive of container names, but "workadventure" is too long containers.wa-void = { - - config = {config, pkgs, ...}: { - imports = [ workadventurenix.outPath ]; - networking.firewall.allowedTCPPorts = [ 80 ]; - services.workadventure."void.hacc.space" = { - packageset = (import "${workadventurenix.outPath}/wapkgs.nix" {inherit pkgs lib;}).workadventure-tabascoeye; + # we'll need the outer config to get the turn secret inside the container, + # and I'm feeling haskelly so config' it is! + config = let config' = config; in {config, pkgs, ...}: { + imports = [ workadventure-nix ]; + networking.firewall.allowedTCPPorts = [ 80 ]; - nginx = { - default = true; - inherit domain; - maps = { - serve = true; - path = haccpkgs.workadventure-hacc-rc3-map.outPath + "/"; - }; - }; - - frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json"; + services.workadventure."void.hacc.space" = { + packageset = ( + import "${workadventure-nix}/wapkgs.nix" { + inherit pkgs lib; + } + ).workadventure-xce; - commonConfig = { - webrtc.stun.url = "stun:turn.hacc.space:3478"; - webrtc.turn = { - url = "turn:95.217.159.23"; - user = "turn"; - password = coturn-auth-secret; - }; - jitsi.url = "meet.ffmuc.net"; + nginx = { + default = true; + domain = "void.hacc.space"; + maps = { + serve = true; + path = "${haccmap}/"; }; }; + + frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json"; + + commonConfig = { + webrtc.stun.url = "stun:turn.hacc.space:3478"; + webrtc.turn = { + url = "turn:95.217.159.23"; + user = "turn"; + password = config'.services.coturn.static-auth-secret; + }; + jitsi.url = "meet.ffmuc.net"; + }; }; - + }; + privateNetwork = true; hostAddress6 = "fd00::42:14"; - localAddress6 = wa-container-ip; + localAddress6 = "fd00::42:16"; autoStart = true; }; - + services.coturn = { enable = true; realm = "turn.hacc.space"; - static-auth-secret = coturn-auth-secret; + # this is a static "secret" that is also compiled into workadventure, + # so it seems ok to put it into the nix store + static-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f"; use-auth-secret = true; no-cli = true; no-tcp-relay = true; @@ -82,13 +68,13 @@ in pkey = config.security.acme.certs."turn.hacc.space".directory + "key.pem"; }; - + services.nginx = { virtualHosts."void.hacc.space" = { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://[${wa-container-ip}]"; + proxyPass = "http://[${config.containers.wa-void.localAddress6}]"; proxyWebsockets = true; }; }; @@ -99,18 +85,18 @@ in forceSSL = true; }; }; - + networking.firewall = with config.services.coturn; - let - ports = [ listening-port tls-listening-port ]; - in { - allowedTCPPorts = [ 80 ] ++ ports; - allowedUDPPorts = ports; - allowedUDPPortRanges = [ - { from = min-port; to = max-port; } - ]; - }; + let + ports = [ listening-port tls-listening-port ]; + in { + allowedTCPPorts = [ 80 ] ++ ports; + allowedUDPPorts = ports; + allowedUDPPortRanges = [ + { from = min-port; to = max-port; } + ]; + }; } diff --git a/nix/sources.json b/nix/sources.json index d575312..2c75064 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -1,4 +1,10 @@ { + "haccmap": { + "ref": "master", + "repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map", + "rev": "3b99ee7e5bb2f27044784d03572da77d39cb2427", + "type": "git" + }, "home-manager": { "branch": "release-20.09", "description": "Manage a user environment using Nix [maintainer=@rycee] ", @@ -67,5 +73,11 @@ "repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git", "rev": "c3b08fe355d08facf2b2d2f0f96050892242cd38", "type": "git" + }, + "workadventure": { + "ref": "master", + "repo": "https://stuebinm.eu/git/workadventure-nix", + "rev": "cbe9196fba75be98569d7504e7c1d091bcbf053e", + "type": "git" } }