workadventure finalize

configs/workhorse/taskserver.nix

@@ -10,8 +10,6 @@
     organisations."orgie".users = [ "palo" ];
   };
 
-  backup.dirs = [
-    config.services.taskserver.dataDir
-  ];
+  backup.dirs = [ config.services.taskserver.dataDir ];
 
 }

terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix

@@ -1,321 +0,0 @@
-{ pkgs, lib, ... }:
-let
-  extraConfig = ''
-    if ($request_method = OPTIONS) {
-        return 204;
-    }
-    # this makes workadventure magically send CORS headers
-    add_header Access-Control-Allow-Headers Range;
-
-    proxy_set_header Host            $host;
-    proxy_set_header X-Forwarded-For $remote_addr;
-  '';
-
-  workadventure-repository = pkgs.fetchgit {
-    url = "https://github.com/thecodingmachine/workadventure.git";
-    rev = "c2d0cda441dde6f4fed79aa742b11122b0bffd68";
-    sha256 = "1r1f80l07wk0jdmjyf4a4fq9mynjdmixivc4pf72ry4xx51hsv2y";
-  };
-
-  homeFolder = "/srv/workadventure";
-
-  debugMode = "true";
-
-  # If your Jitsi environment has authentication set up,
-  # you MUST set JITSI_PRIVATE_MODE to "true" and
-  # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
-
-  #JITSI_PRIVATE_MODE = "false";
-  jitsiPrivateMode = "false";
-
-  #SECRET_JITSI_KEY=
-  secretJitsiKey = "";
-
-  #JITSI_ISS=
-  jitsiISS = "";
-
-  #ADMIN_API_TOKEN = 123
-  adminAPIToken = "123";
-
-  domain = "workadventure.palovandalo.com";
-
-  #jitsiURL = "meet.palovandalo.com";
-  jitsiURL = "meet.jit.si";
-
-  mainURL = domain;
-  mainPort = 9000;
-
-  adminURL = "admin.${domain}";
-  adminPort = 9001;
-
-  apiURL = "api.${domain}";
-  apiPort = 9002;
-
-  mapsURL = "maps.${domain}";
-  mapsPort = 9003;
-
-  playURL = "play.${domain}";
-  #playPort = 9004;
-  playPort = 8080;
-
-  pusherURL = "pusher.${domain}";
-  pusherPort = 9005;
-
-  uploaderURL = "uploader.${domain}";
-  uploaderPort = 9006;
-
-in {
-
-  # todo delete
-  networking.firewall = {
-    allowedTCPPorts = [ 80 443 8080 ];
-    allowedUDPPorts = [ 80 443 8080 ];
-  };
-
-  services.nginx.enable = true;
-
-  systemd.services.workadventureRepository = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-    script = ''
-      mkdir -p ${homeFolder}
-      cp -r "${workadventure-repository}"/* "${homeFolder}/"
-      chmod -R 777 "${homeFolder}"
-    '';
-    before = [
-      "docker-back.service"
-      "docker-maps.service"
-      "docker-messages.service"
-      "docker-prune.service"
-      "docker-uploader.service"
-      "docker-website.service"
-    ];
-  };
-
-  systemd.services.workadventure-network = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-    script = ''
-      ${pkgs.docker}/bin/docker network create --driver bridge workadventure
-    '';
-    after = [ "docker" ];
-    before = [
-      "docker-back.service"
-      "docker-maps.service"
-      "docker-messages.service"
-      "docker-prune.service"
-      "docker-uploader.service"
-      "docker-website.service"
-    ];
-  };
-
-  virtualisation.oci-containers.backend = "docker";
-
-  virtualisation.oci-containers.containers.front = {
-    image = "thecodingmachine/nodejs:14";
-    environment = {
-      DEBUG_MODE = debugMode;
-      JITSI_URL = jitsiURL;
-      JITSI_PRIVATE_MODE = jitsiPrivateMode;
-      HOST = "0.0.0.0";
-      #HTTP_PORT = "80";
-      NODE_ENV = "development";
-      #NODE_ENV = "production";
-      API_URL = pusherURL;
-      UPLOADER_URL = uploaderURL;
-      ADMIN_URL = adminURL;
-      STARTUP_COMMAND_1 = "yarn install";
-      #TURN_SERVER = "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443";
-      #TURN_USER = "workadventure";
-      #TURN_PASSWORD = "WorkAdventure123";
-    };
-    cmd = [ "yarn" "run" "start" ];
-    volumes = [ "${homeFolder}/front:/usr/src/app" ];
-    #ports = [ "${toString playPort}:8080" ];
-    ports = [ "0.0.0.0:${toString playPort}:8080" ];
-    extraOptions = [ "--network=workadventure" ];
-  };
-  systemd.services.docker-front.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-  services.nginx.virtualHosts."${playURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString playPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-  services.nginx.virtualHosts."${adminURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString mainPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-
-  virtualisation.oci-containers.containers.pusher = {
-    image = "thecodingmachine/nodejs:12";
-    cmd = [ "yarn" "dev" ];
-    environment = {
-      DEBUG = "*";
-      STARTUP_COMMAND_1 = "yarn install";
-      SECRET_JITSI_KEY = secretJitsiKey;
-      SECRET_KEY = "yourSecretKey";
-      ADMIN_API_TOKEN = adminAPIToken;
-      API_URL = "back:50051";
-      #API_URL = "back:8080";
-      JITSI_URL = jitsiURL;
-      JITSI_ISS = jitsiISS;
-    };
-    volumes = [ "${homeFolder}/pusher:/usr/src/app" ];
-    ports = [ "${toString pusherPort}:8080" ];
-    extraOptions = [ "--network=workadventure" ];
-  };
-  systemd.services.docker-pusher.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-  services.nginx.virtualHosts."${pusherURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString pusherPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-
-  virtualisation.oci-containers.containers.maps = {
-    image = "thecodingmachine/nodejs:12-apache";
-    environment = {
-      DEBUG_MODE = debugMode;
-      HOST = "0.0.0.0";
-      NODE_ENV = "development";
-      STARTUP_COMMAND_0 = "sudo a2enmod headers";
-      STARTUP_COMMAND_1 = "yarn install";
-      STARTUP_COMMAND_2 = "yarn run dev &";
-    };
-    volumes = [ "${homeFolder}/maps:/var/www/html" ];
-    ports = [ "${toString mapsPort}:80" ];
-    extraOptions = [ "--network=workadventure" ];
-  };
-  systemd.services.docker-maps.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-  services.nginx.virtualHosts."${mapsURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString mapsPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-
-  virtualisation.oci-containers.containers.back = {
-    image = "thecodingmachine/nodejs:12";
-    cmd = [ "yarn" "dev" ];
-    environment = {
-      DEBUG = "*";
-      STARTUP_COMMAND_1 = "yarn install";
-      SECRET_KEY = "yourSecretKey";
-      SECRET_JITSI_KEY = secretJitsiKey;
-      #HTTP_PORT = "80";
-      ALLOW_ARTILLERY = "true";
-      ADMIN_API_TOKEN = adminAPIToken;
-      JITSI_URL = jitsiURL;
-      JITSI_ISS = jitsiISS;
-    };
-    volumes = [ "${homeFolder}/back:/usr/src/app" ];
-    ports = [ "${toString apiPort}:8080" ];
-    extraOptions = [ "--network=workadventure" ];
-  };
-  systemd.services.docker-back.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-  services.nginx.virtualHosts."${apiURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString apiPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-
-  virtualisation.oci-containers.containers.uploader = {
-    image = "thecodingmachine/nodejs:12";
-    cmd = [ "yarn" "dev" ];
-    environment = {
-      DEBUG = "*";
-      STARTUP_COMMAND_1 = "yarn install";
-    };
-    volumes = [ "${homeFolder}/uploader:/usr/src/app" ];
-    ports = [ "${toString uploaderPort}:8080" ];
-    extraOptions = [ "--network=workadventure" ];
-  };
-  systemd.services.docker-uploader.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-  services.nginx.virtualHosts."${uploaderURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString uploaderPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-
-  virtualisation.oci-containers.containers.website = {
-    image = "thecodingmachine/nodejs:12-apache";
-    environment = {
-      STARTUP_COMMAND_1 = "npm install";
-      STARTUP_COMMAND_2 = "npm run watch &";
-      APACHE_DOCUMENT_ROOT = "dist/";
-    };
-    volumes = [ "${homeFolder}/website:/var/www/html" ];
-    ports = [ "${toString mainPort}:80" ];
-    extraOptions = [ "--network=workadventure" ];
-  };
-  systemd.services.docker-website.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-  services.nginx.virtualHosts."${mainURL}" = {
-    #enableACME = true;
-    #forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://localhost:${toString mainPort}";
-      proxyWebsockets = true;
-      extraConfig = extraConfig;
-    };
-  };
-
-  virtualisation.oci-containers.containers.messages = {
-    image = "thecodingmachine/workadventure-back-base:latest";
-    environment = {
-      STARTUP_COMMAND_1 = "yarn install";
-      STARTUP_COMMAND_2 = "yarn run proto:watch";
-    };
-    volumes = [
-      "${homeFolder}/messages:/usr/src/app"
-      "${homeFolder}/back:/usr/src/back"
-      "${homeFolder}/front:/usr/src/front"
-      "${homeFolder}/pusher:/usr/src/pusher"
-    ];
-  };
-  systemd.services.docker-messages.serviceConfig = {
-    StandardOutput = lib.mkForce "journal";
-    StandardError = lib.mkForce "journal";
-  };
-
-}

terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix

@@ -0,0 +1,162 @@
+{ config, pkgs, lib, ... }:
+let
+  # If your Jitsi environment has authentication set up,
+  # you MUST set JITSI_PRIVATE_MODE to "true" and
+  # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
+  jitsiPrivateMode = "false";
+
+  secretJitsiKey = "";
+
+  jitsiISS = "";
+
+  workadventureSecretKey = "YXNkZnNkZmxranNhZGxma2phc2RsZmtqYXNsa2Zkago=";
+
+  jitsiURL = "meet.palovandalo.com";
+
+  domain = "workadventure.palovandalo.com";
+  # domain will redirect to this map. (not play.${domain})
+  defaultMap = "git.ingolf-wagner.de/palo/world-home/raw/master/main.json";
+
+  apiURL = "api.${domain}";
+  apiPort = 9002;
+
+  frontURL = "play.${domain}";
+  frontPort = 9004;
+
+  pusherURL = "push.${domain}";
+  pusherPort = 9005;
+
+  uploaderURL = "upload.${domain}";
+  uploaderPort = 9006;
+
+  frontImage = "thecodingmachine/workadventure-front:develop";
+  pusherImage = "thecodingmachine/workadventure-pusher:develop";
+  apiImage = "thecodingmachine/workadventure-back:develop";
+  uploaderImage = "thecodingmachine/workadventure-uploader:develop";
+
+in {
+
+  networking.firewall = {
+    allowedTCPPorts = [ 80 443 ];
+    allowedUDPPorts = [ 80 443 ];
+  };
+
+  services.nginx.enable = true;
+  services.nginx.recommendedProxySettings = true;
+
+  systemd.services.workadventure-network = {
+    enable = true;
+    wantedBy = [ "multi-user.target" ];
+    script = ''
+      ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
+    '';
+    after = [ "docker" ];
+    before = [
+      "docker-workadventure-back.service"
+      "docker-workadventure-pusher.service"
+      "docker-workadventure-uploader.service"
+      "docker-workadventure-website.service"
+    ];
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
+    };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-front = {
+    image = frontImage;
+    environment = {
+      API_URL = pusherURL;
+      JITSI_PRIVATE_MODE = jitsiPrivateMode;
+      JITSI_URL = jitsiURL;
+      SECRET_JITSI_KEY = secretJitsiKey;
+      UPLOADER_URL = uploaderURL;
+    };
+    ports = [ "127.0.0.1:${toString frontPort}:80" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${frontURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-pusher = {
+    image = pusherImage;
+    environment = {
+      API_URL = "workadventure-back:50051";
+      JITSI_ISS = jitsiISS;
+      JITSI_URL = jitsiURL;
+      SECRET_KEY = workadventureSecretKey;
+    };
+    ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${pusherURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString pusherPort}";
+      proxyWebsockets = true;
+    };
+    locations."/room" = {
+      proxyPass = "http://127.0.0.1:${toString pusherPort}";
+      proxyWebsockets = true;
+    };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-back = {
+    image = apiImage;
+    environment = {
+      #DEBUG = "*";
+      JITSI_ISS = jitsiISS;
+      JITSI_URL = jitsiURL;
+      SECRET_KEY = workadventureSecretKey;
+    };
+    ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${apiURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
+  };
+
+  virtualisation.oci-containers.containers.workadventure-uploader = {
+    image = uploaderImage;
+    ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
+    extraOptions = [ "--network=workadventure" ];
+  };
+  services.nginx.virtualHosts."${uploaderURL}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString uploaderPort}";
+      proxyWebsockets = true;
+    };
+  };
+
+  systemd.services.docker-workadventure-front.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+  systemd.services.docker-workadventure-uploader.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+  systemd.services.docker-workadventure-pusher.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+  systemd.services.docker-workadventure-back.serviceConfig = {
+    StandardOutput = lib.mkForce "journal";
+    StandardError = lib.mkForce "journal";
+  };
+
+}

terranix/workadventure-jitsi-setup/shell.nix

@@ -19,11 +19,11 @@ in pkgs.mkShell {
     terranix
     terraform
 
-    (pkgs.writers.writeBashBin "jitsi-prepare" ''
+    (pkgs.writers.writeBashBin "terraform-prepare" ''
       ${pkgs.openssh}/bin/ssh-keygen -P "" -f ${toString ./.}/sshkey
     '')
 
-    (pkgs.writers.writeBashBin "jitsi-build" ''
+    (pkgs.writers.writeBashBin "terraform-build" ''
       set -e
       set -o pipefail
       ${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > config.tf.json
@@ -31,12 +31,12 @@ in pkgs.mkShell {
       ${terraform}/bin/terraform apply
     '')
 
-    (pkgs.writers.writeBashBin "jitsi-destroy" ''
+    (pkgs.writers.writeBashBin "terraform-destroy" ''
       ${terraform}/bin/terraform destroy
       rm ${toString ./.}/config.tf.json
     '')
 
-    (pkgs.writers.writeBashBin "jitsi-cleanup" ''
+    (pkgs.writers.writeBashBin "terraform-cleanup" ''
       rm ${toString ./.}/sshkey
       rm ${toString ./.}/sshkey.pub
       rm ${toString ./.}/terraform.tfstate*