palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

workadventure wip

Browse source
This commit is contained in:
Ingolf Wagner 2020-12-31 18:04:02 +01:00
parent 7f8db23525
commit 3a4adeac88
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 42 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix
View file

@ -7,7 +7,8 @@
./workadventure.nix ./workadventure.nix
]; ];
environment.systemPackages = [ pkgs.git pkgs.docker-compose pkgs.ag ]; environment.systemPackages =
[ pkgs.git pkgs.docker-compose pkgs.ag pkgs.htop ];
networking.hostName = "host"; networking.hostName = "host";

140
terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix
View file

@ -24,15 +24,12 @@ let
jitsiISS = ""; jitsiISS = "";
#ADMIN_API_TOKEN = 123 #ADMIN_API_TOKEN = 123
adminAPIToken = 123; adminAPIToken = "123";
# note: container logs can be viewed by using
# journalctrl CONTAINER_NAME=front
# journalctrl CONTAINER_NAME=back
domain = "workadventure.palovandalo.com"; domain = "workadventure.palovandalo.com";
jitsiURL = "meet.palovandalo.com"; #jitsiURL = "meet.palovandalo.com";
jitsiURL = "meet.jit.si";
mainURL = domain; mainURL = domain;
mainPort = 9000; mainPort = 9000;
@ -60,10 +57,11 @@ in {
# todo delete # todo delete
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 ]; allowedUDPPorts = [ 80 443 8080 ];
}; };
services.nginx.enable = true; services.nginx.enable = true;
#services.nginx.recommendedGzipSettings = true; #services.nginx.recommendedGzipSettings = true;
#services.nginx.recommendedOptimisation = true; #services.nginx.recommendedOptimisation = true;
#services.nginx.recommendedProxySettings = true; #services.nginx.recommendedProxySettings = true;
@ -101,53 +99,43 @@ in {
UPLOADER_URL = uploaderURL; UPLOADER_URL = uploaderURL;
ADMIN_URL = adminURL; ADMIN_URL = adminURL;
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
TURN_SERVER = #TURN_SERVER = "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443";
"turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443"; #TURN_USER = "workadventure";
TURN_USER = "workadventure"; #TURN_PASSWORD = "WorkAdventure123";
TURN_PASSWORD = "WorkAdventure123";
}; };
cmd = [ "yarn" "run" "start" ]; cmd = [ "yarn" "run" "start" ];
volumes = [ "${homeFolder}/front:/usr/src/app" ]; volumes = [ "${homeFolder}/front:/usr/src/app" ];
#ports = [ "${toString playPort}:80" ];
ports = [ "${toString playPort}:8080" ]; ports = [ "${toString playPort}:8080" ];
#extraOptions = let
# labelFile = pkgs.writeText "front-labels" ''
# traefik.http.routers.front.rule=Host(`${playURL}`)
# traefik.http.routers.front.entryPoints=web,traefik
# traefik.http.services.front.loadbalancer.server.port=8080
# traefik.http.routers.front-ssl.rule=Host(`${playURL}}`)
# traefik.http.routers.front-ssl.entryPoints=websecure
# traefik.http.routers.front-ssl.tls=true
# traefik.http.routers.front-ssl.service=front
# '';
#in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-front.serviceConfig = { systemd.services.docker-front.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal"; StandardError = lib.mkForce "journal";
}; };
services.nginx.virtualHosts."${playURL}" = { services.nginx.virtualHosts."${playURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString playPort}"; proxyPass = "http://localhost:${toString playPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };
services.nginx.virtualHosts."${adminURL}" = { services.nginx.virtualHosts."${adminURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
#proxyPass = "http://localhost:${toString adminPort}";
proxyPass = "http://localhost:${toString mainPort}"; proxyPass = "http://localhost:${toString mainPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };
@ -160,39 +148,30 @@ in {
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
SECRET_JITSI_KEY = secretJitsiKey; SECRET_JITSI_KEY = secretJitsiKey;
SECRET_KEY = "yourSecretKey"; SECRET_KEY = "yourSecretKey";
ADMIN_API_TOKEN = "$ADMIN_API_TOKEN"; ADMIN_API_TOKEN = adminAPIToken;
API_URL = "back:50051"; #API_URL = "back:50051";
API_URL = "back:8080";
JITSI_URL = jitsiURL; JITSI_URL = jitsiURL;
JITSI_ISS = jitsiISS; JITSI_ISS = jitsiISS;
}; };
volumes = [ "${homeFolder}/pusher:/usr/src/app" ]; volumes = [ "${homeFolder}/pusher:/usr/src/app" ];
#ports = [ "${toString pusherPort}:80" ];
ports = [ "${toString pusherPort}:8080" ]; ports = [ "${toString pusherPort}:8080" ];
#extraOptions = let
# labelFile = pkgs.writeText "pusher-labels" ''
# traefik.http.routers.pusher.rule=Host(`${pusherURL}`)
# traefik.http.routers.pusher.entryPoints=web
# traefik.http.services.pusher.loadbalancer.server.port=8080
# traefik.http.routers.pusher-ssl.rule=Host(`${pusherURL}`)
# traefik.http.routers.pusher-ssl.entryPoints=websecure
# traefik.http.routers.pusher-ssl.tls=true
# traefik.http.routers.pusher-ssl.service=pusher
# '';
#in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-pusher.serviceConfig = { systemd.services.docker-pusher.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal"; StandardError = lib.mkForce "journal";
}; };
services.nginx.virtualHosts."${pusherURL}" = { services.nginx.virtualHosts."${pusherURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString pusherPort}"; proxyPass = "http://localhost:${toString pusherPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };
@ -209,31 +188,22 @@ in {
}; };
volumes = [ "${homeFolder}/maps:/var/www/html" ]; volumes = [ "${homeFolder}/maps:/var/www/html" ];
ports = [ "${toString mapsPort}:80" ]; ports = [ "${toString mapsPort}:80" ];
#extraOptions = let
# labelFile = pkgs.writeText "maps-labels" ''
# traefik.http.routers.maps.rule=Host(`${mapsURL}`)
# traefik.http.routers.maps.entryPoints=web,traefik
# traefik.http.services.maps.loadbalancer.server.port=80
# traefik.http.routers.maps-ssl.rule=Host(`${mapsURL}`)
# traefik.http.routers.maps-ssl.entryPoints=websecure
# traefik.http.routers.maps-ssl.tls=true
# traefik.http.routers.maps-ssl.service=maps
# '';
#in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-maps.serviceConfig = { systemd.services.docker-maps.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal"; StandardError = lib.mkForce "journal";
}; };
services.nginx.virtualHosts."${mapsURL}" = { services.nginx.virtualHosts."${mapsURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString mapsPort}"; proxyPass = "http://localhost:${toString mapsPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };
@ -247,38 +217,28 @@ in {
SECRET_KEY = "yourSecretKey"; SECRET_KEY = "yourSecretKey";
SECRET_JITSI_KEY = secretJitsiKey; SECRET_JITSI_KEY = secretJitsiKey;
ALLOW_ARTILLERY = "true"; ALLOW_ARTILLERY = "true";
ADMIN_API_TOKEN = "$ADMIN_API_TOKEN"; ADMIN_API_TOKEN = adminAPIToken;
JITSI_URL = jitsiURL; JITSI_URL = jitsiURL;
JITSI_ISS = jitsiISS; JITSI_ISS = jitsiISS;
}; };
volumes = [ "${homeFolder}/back:/usr/src/app" ]; volumes = [ "${homeFolder}/back:/usr/src/app" ];
#ports = [ "${toString apiPort}:80" ];
ports = [ "${toString apiPort}:8080" ]; ports = [ "${toString apiPort}:8080" ];
#extraOptions = let
# labelFile = pkgs.writeText "back-labels" ''
# traefik.http.routers.back.rule=Host(`${apiURL}`)
# traefik.http.routers.back.entryPoints=web
# traefik.http.services.back.loadbalancer.server.port=8080
# traefik.http.routers.back-ssl.rule=Host(`${apiURL}`)
# traefik.http.routers.back-ssl.entryPoints=websecure
# traefik.http.routers.back-ssl.tls=true
# traefik.http.routers.back-ssl.service=back
# '';
#in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-back.serviceConfig = { systemd.services.docker-back.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal"; StandardError = lib.mkForce "journal";
}; };
services.nginx.virtualHosts."${apiURL}" = { services.nginx.virtualHosts."${apiURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString apiPort}"; proxyPass = "http://localhost:${toString apiPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };
@ -291,33 +251,23 @@ in {
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
}; };
volumes = [ "${homeFolder}/uploader:/usr/src/app" ]; volumes = [ "${homeFolder}/uploader:/usr/src/app" ];
#ports = [ "${toString uploaderPort}:80" ];
ports = [ "${toString uploaderPort}:8080" ]; ports = [ "${toString uploaderPort}:8080" ];
#extraOptions = let
# labelFile = pkgs.writeText "uploader-labels" ''
# traefik.http.routers.uploader.rule=Host(`${uploaderURL}`)
# traefik.http.routers.uploader.entryPoints=web
# traefik.http.services.uploader.loadbalancer.server.port=8080
# traefik.http.routers.uploader-ssl.rule=Host(`${uploaderURL}`)
# traefik.http.routers.uploader-ssl.entryPoints=websecure
# traefik.http.routers.uploader-ssl.tls=true
# traefik.http.routers.uploader-ssl.service=uploader
# '';
#in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-uploader.serviceConfig = { systemd.services.docker-uploader.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal"; StandardError = lib.mkForce "journal";
}; };
services.nginx.virtualHosts."${uploaderURL}" = { services.nginx.virtualHosts."${uploaderURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString uploaderPort}"; proxyPass = "http://localhost:${toString uploaderPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };
@ -331,32 +281,22 @@ in {
}; };
volumes = [ "${homeFolder}/website:/var/www/html" ]; volumes = [ "${homeFolder}/website:/var/www/html" ];
ports = [ "${toString mainPort}:80" ]; ports = [ "${toString mainPort}:80" ];
#ports = [ "${toString mainPort}:8080" ];
#extraOptions = let
# labelFile = pkgs.writeText "website-labels" ''
# traefik.http.routers.website.rule=Host(`${domain}`)
# traefik.http.routers.website.entryPoints=web
# traefik.http.services.website.loadbalancer.server.port=8080
# traefik.http.routers.website-ssl.rule=Host(`${domain}`)
# traefik.http.routers.website-ssl.entryPoints=websecure
# traefik.http.routers.website-ssl.tls=true
# traefik.http.routers.website-ssl.service=website
# '';
#in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-website.serviceConfig = { systemd.services.docker-website.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal"; StandardError = lib.mkForce "journal";
}; };
services.nginx.virtualHosts."${mainURL}" = { services.nginx.virtualHosts."${mainURL}" = {
enableACME = true; #enableACME = true;
forceSSL = true; #forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString mainPort}"; proxyPass = "http://localhost:${toString mainPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on;
''; '';
}; };
}; };