2021-01-10 03:59:23 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
|
|
# If your Jitsi environment has authentication set up,
|
|
|
|
# you MUST set JITSI_PRIVATE_MODE to "true" and
|
|
|
|
# you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
|
|
|
jitsiPrivateMode = "false";
|
|
|
|
|
|
|
|
secretJitsiKey = "";
|
|
|
|
|
|
|
|
jitsiISS = "";
|
|
|
|
|
2021-05-28 06:32:17 +02:00
|
|
|
workadventureSecretKey = "";
|
2021-01-10 03:59:23 +01:00
|
|
|
|
2021-05-23 13:37:02 +02:00
|
|
|
jitsiURL = "meet.${config.workadventure.domain}";
|
2021-01-10 03:59:23 +01:00
|
|
|
|
2021-05-23 13:37:02 +02:00
|
|
|
domain = "party.${config.workadventure.domain}";
|
2021-01-10 03:59:23 +01:00
|
|
|
# domain will redirect to this map. (not play.${domain})
|
2021-01-17 16:57:20 +01:00
|
|
|
defaultMap = "mrvandalo.github.io/workadventure-worlds/main.json";
|
|
|
|
|
2021-01-10 03:59:23 +01:00
|
|
|
apiURL = "api.${domain}";
|
|
|
|
apiPort = 9002;
|
|
|
|
|
|
|
|
frontURL = "play.${domain}";
|
|
|
|
frontPort = 9004;
|
|
|
|
|
|
|
|
pusherURL = "push.${domain}";
|
|
|
|
pusherPort = 9005;
|
|
|
|
|
|
|
|
uploaderURL = "upload.${domain}";
|
|
|
|
uploaderPort = 9006;
|
|
|
|
|
2021-05-23 13:37:02 +02:00
|
|
|
version = "v1.1.0";
|
|
|
|
frontImage = "thecodingmachine/workadventure-front:${version}";
|
|
|
|
pusherImage = "thecodingmachine/workadventure-pusher:${version}";
|
|
|
|
apiImage = "thecodingmachine/workadventure-back:${version}";
|
|
|
|
uploaderImage = "thecodingmachine/workadventure-uploader:${version}";
|
2021-01-10 03:59:23 +01:00
|
|
|
|
|
|
|
in {
|
|
|
|
|
2021-01-10 12:57:28 +01:00
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
|
|
|
|
2021-01-10 03:59:23 +01:00
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [ 80 443 ];
|
|
|
|
allowedUDPPorts = [ 80 443 ];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.enable = true;
|
|
|
|
services.nginx.recommendedProxySettings = true;
|
|
|
|
|
|
|
|
systemd.services.workadventure-network = {
|
|
|
|
enable = true;
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
script = ''
|
|
|
|
${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
|
|
|
|
'';
|
|
|
|
after = [ "docker" ];
|
|
|
|
before = [
|
|
|
|
"docker-workadventure-back.service"
|
|
|
|
"docker-workadventure-pusher.service"
|
|
|
|
"docker-workadventure-uploader.service"
|
|
|
|
"docker-workadventure-website.service"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.oci-containers.backend = "docker";
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
2021-01-17 16:57:20 +01:00
|
|
|
return = "302 $scheme://play.${domain}/_/global/${defaultMap}";
|
2021-01-10 03:59:23 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.workadventure-front = {
|
|
|
|
image = frontImage;
|
|
|
|
environment = {
|
|
|
|
API_URL = pusherURL;
|
|
|
|
JITSI_PRIVATE_MODE = jitsiPrivateMode;
|
|
|
|
JITSI_URL = jitsiURL;
|
|
|
|
SECRET_JITSI_KEY = secretJitsiKey;
|
|
|
|
UPLOADER_URL = uploaderURL;
|
|
|
|
};
|
|
|
|
ports = [ "127.0.0.1:${toString frontPort}:80" ];
|
|
|
|
extraOptions = [ "--network=workadventure" ];
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts."${frontURL}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.workadventure-pusher = {
|
|
|
|
image = pusherImage;
|
|
|
|
environment = {
|
|
|
|
API_URL = "workadventure-back:50051";
|
|
|
|
JITSI_ISS = jitsiISS;
|
|
|
|
JITSI_URL = jitsiURL;
|
|
|
|
SECRET_KEY = workadventureSecretKey;
|
|
|
|
};
|
|
|
|
ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
|
|
|
|
extraOptions = [ "--network=workadventure" ];
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts."${pusherURL}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString pusherPort}";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
locations."/room" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString pusherPort}";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.workadventure-back = {
|
|
|
|
image = apiImage;
|
|
|
|
environment = {
|
|
|
|
#DEBUG = "*";
|
|
|
|
JITSI_ISS = jitsiISS;
|
|
|
|
JITSI_URL = jitsiURL;
|
|
|
|
SECRET_KEY = workadventureSecretKey;
|
|
|
|
};
|
|
|
|
ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
|
|
|
|
extraOptions = [ "--network=workadventure" ];
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts."${apiURL}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation.oci-containers.containers.workadventure-uploader = {
|
|
|
|
image = uploaderImage;
|
|
|
|
ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
|
|
|
|
extraOptions = [ "--network=workadventure" ];
|
|
|
|
};
|
|
|
|
services.nginx.virtualHosts."${uploaderURL}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString uploaderPort}";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.docker-workadventure-front.serviceConfig = {
|
|
|
|
StandardOutput = lib.mkForce "journal";
|
|
|
|
StandardError = lib.mkForce "journal";
|
|
|
|
};
|
|
|
|
systemd.services.docker-workadventure-uploader.serviceConfig = {
|
|
|
|
StandardOutput = lib.mkForce "journal";
|
|
|
|
StandardError = lib.mkForce "journal";
|
|
|
|
};
|
|
|
|
systemd.services.docker-workadventure-pusher.serviceConfig = {
|
|
|
|
StandardOutput = lib.mkForce "journal";
|
|
|
|
StandardError = lib.mkForce "journal";
|
|
|
|
};
|
|
|
|
systemd.services.docker-workadventure-back.serviceConfig = {
|
|
|
|
StandardOutput = lib.mkForce "journal";
|
|
|
|
StandardError = lib.mkForce "journal";
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|