{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }: let wapkgs = "${sources.workadventure}/wapkgs.nix"; in { services.coturn = { enable = true; realm = "void.hacc.space"; no-cli = true; lt-cred-mech = true; extraConfig = '' user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457 fingerprint external-ip=135.181.215.233 server-name=void.hacc.space prometheus ''; cert = config.security.acme.certs."void.hacc.space".directory + "full.pem"; pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem"; }; networking.firewall = with config.services.coturn; let ports = [ listening-port tls-listening-port ]; in { allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint allowedUDPPorts = ports; allowedUDPPortRanges = [ { from = min-port; to = max-port; } ]; }; services.nginx.virtualHosts."void.hacc.space" = { locations."/" = { proxyPass = "http://192.168.150.3"; proxyWebsockets = true; }; enableACME = true; forceSSL = true; }; containers.wa-void = { autoStart = true; privateNetwork = true; hostAddress = "192.168.150.1"; localAddress = "192.168.150.3"; path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { boot.isContainer = true; networking.useDHCP = false; users.users.root.hashedPassword = ""; imports = [ "${sources.workadventure.outPath}/default.nix" ((import sources.nix-hexchen) {}).profiles.nopersist ]; services.workadventure."void" = { packageset = (import wapkgs {inherit pkgs;}).workadventure-xce; nginx = { default = true; domain = "https://void.hacc.space"; maps.path = "${sources.haccmap.outPath}/"; maps.serve = true; }; frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json"; commonConfig = { webrtc.stun.url = "stun:void.hacc.space:3478"; webrtc.turn = { url = "turn:135.181.215.233"; user = "turn"; password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457"; }; jitsi.url = "meet.ffmuc.net"; }; }; })).config.system.build.toplevel; }; }