diff --git a/configs/workhorse/taskserver.nix b/configs/workhorse/taskserver.nix index 5424d27..9005939 100644 --- a/configs/workhorse/taskserver.nix +++ b/configs/workhorse/taskserver.nix @@ -10,8 +10,6 @@ organisations."orgie".users = [ "palo" ]; }; - backup.dirs = [ - config.services.taskserver.dataDir - ]; + backup.dirs = [ config.services.taskserver.dataDir ]; } diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix b/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix deleted file mode 100644 index bae3733..0000000 --- a/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix +++ /dev/null @@ -1,321 +0,0 @@ -{ pkgs, lib, ... }: -let - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - # this makes workadventure magically send CORS headers - add_header Access-Control-Allow-Headers Range; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - ''; - - workadventure-repository = pkgs.fetchgit { - url = "https://github.com/thecodingmachine/workadventure.git"; - rev = "c2d0cda441dde6f4fed79aa742b11122b0bffd68"; - sha256 = "1r1f80l07wk0jdmjyf4a4fq9mynjdmixivc4pf72ry4xx51hsv2y"; - }; - - homeFolder = "/srv/workadventure"; - - debugMode = "true"; - - # If your Jitsi environment has authentication set up, - # you MUST set JITSI_PRIVATE_MODE to "true" and - # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret - - #JITSI_PRIVATE_MODE = "false"; - jitsiPrivateMode = "false"; - - #SECRET_JITSI_KEY= - secretJitsiKey = ""; - - #JITSI_ISS= - jitsiISS = ""; - - #ADMIN_API_TOKEN = 123 - adminAPIToken = "123"; - - domain = "workadventure.palovandalo.com"; - - #jitsiURL = "meet.palovandalo.com"; - jitsiURL = "meet.jit.si"; - - mainURL = domain; - mainPort = 9000; - - adminURL = "admin.${domain}"; - adminPort = 9001; - - apiURL = "api.${domain}"; - apiPort = 9002; - - mapsURL = "maps.${domain}"; - mapsPort = 9003; - - playURL = "play.${domain}"; - #playPort = 9004; - playPort = 8080; - - pusherURL = "pusher.${domain}"; - pusherPort = 9005; - - uploaderURL = "uploader.${domain}"; - uploaderPort = 9006; - -in { - - # todo delete - networking.firewall = { - allowedTCPPorts = [ 80 443 8080 ]; - allowedUDPPorts = [ 80 443 8080 ]; - }; - - services.nginx.enable = true; - - systemd.services.workadventureRepository = { - enable = true; - wantedBy = [ "multi-user.target" ]; - script = '' - mkdir -p ${homeFolder} - cp -r "${workadventure-repository}"/* "${homeFolder}/" - chmod -R 777 "${homeFolder}" - ''; - before = [ - "docker-back.service" - "docker-maps.service" - "docker-messages.service" - "docker-prune.service" - "docker-uploader.service" - "docker-website.service" - ]; - }; - - systemd.services.workadventure-network = { - enable = true; - wantedBy = [ "multi-user.target" ]; - script = '' - ${pkgs.docker}/bin/docker network create --driver bridge workadventure - ''; - after = [ "docker" ]; - before = [ - "docker-back.service" - "docker-maps.service" - "docker-messages.service" - "docker-prune.service" - "docker-uploader.service" - "docker-website.service" - ]; - }; - - virtualisation.oci-containers.backend = "docker"; - - virtualisation.oci-containers.containers.front = { - image = "thecodingmachine/nodejs:14"; - environment = { - DEBUG_MODE = debugMode; - JITSI_URL = jitsiURL; - JITSI_PRIVATE_MODE = jitsiPrivateMode; - HOST = "0.0.0.0"; - #HTTP_PORT = "80"; - NODE_ENV = "development"; - #NODE_ENV = "production"; - API_URL = pusherURL; - UPLOADER_URL = uploaderURL; - ADMIN_URL = adminURL; - STARTUP_COMMAND_1 = "yarn install"; - #TURN_SERVER = "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443"; - #TURN_USER = "workadventure"; - #TURN_PASSWORD = "WorkAdventure123"; - }; - cmd = [ "yarn" "run" "start" ]; - volumes = [ "${homeFolder}/front:/usr/src/app" ]; - #ports = [ "${toString playPort}:8080" ]; - ports = [ "0.0.0.0:${toString playPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - systemd.services.docker-front.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - services.nginx.virtualHosts."${playURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString playPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - services.nginx.virtualHosts."${adminURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString mainPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - - virtualisation.oci-containers.containers.pusher = { - image = "thecodingmachine/nodejs:12"; - cmd = [ "yarn" "dev" ]; - environment = { - DEBUG = "*"; - STARTUP_COMMAND_1 = "yarn install"; - SECRET_JITSI_KEY = secretJitsiKey; - SECRET_KEY = "yourSecretKey"; - ADMIN_API_TOKEN = adminAPIToken; - API_URL = "back:50051"; - #API_URL = "back:8080"; - JITSI_URL = jitsiURL; - JITSI_ISS = jitsiISS; - }; - volumes = [ "${homeFolder}/pusher:/usr/src/app" ]; - ports = [ "${toString pusherPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - systemd.services.docker-pusher.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - services.nginx.virtualHosts."${pusherURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString pusherPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - - virtualisation.oci-containers.containers.maps = { - image = "thecodingmachine/nodejs:12-apache"; - environment = { - DEBUG_MODE = debugMode; - HOST = "0.0.0.0"; - NODE_ENV = "development"; - STARTUP_COMMAND_0 = "sudo a2enmod headers"; - STARTUP_COMMAND_1 = "yarn install"; - STARTUP_COMMAND_2 = "yarn run dev &"; - }; - volumes = [ "${homeFolder}/maps:/var/www/html" ]; - ports = [ "${toString mapsPort}:80" ]; - extraOptions = [ "--network=workadventure" ]; - }; - systemd.services.docker-maps.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - services.nginx.virtualHosts."${mapsURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString mapsPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - - virtualisation.oci-containers.containers.back = { - image = "thecodingmachine/nodejs:12"; - cmd = [ "yarn" "dev" ]; - environment = { - DEBUG = "*"; - STARTUP_COMMAND_1 = "yarn install"; - SECRET_KEY = "yourSecretKey"; - SECRET_JITSI_KEY = secretJitsiKey; - #HTTP_PORT = "80"; - ALLOW_ARTILLERY = "true"; - ADMIN_API_TOKEN = adminAPIToken; - JITSI_URL = jitsiURL; - JITSI_ISS = jitsiISS; - }; - volumes = [ "${homeFolder}/back:/usr/src/app" ]; - ports = [ "${toString apiPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - systemd.services.docker-back.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - services.nginx.virtualHosts."${apiURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString apiPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - - virtualisation.oci-containers.containers.uploader = { - image = "thecodingmachine/nodejs:12"; - cmd = [ "yarn" "dev" ]; - environment = { - DEBUG = "*"; - STARTUP_COMMAND_1 = "yarn install"; - }; - volumes = [ "${homeFolder}/uploader:/usr/src/app" ]; - ports = [ "${toString uploaderPort}:8080" ]; - extraOptions = [ "--network=workadventure" ]; - }; - systemd.services.docker-uploader.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - services.nginx.virtualHosts."${uploaderURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString uploaderPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - - virtualisation.oci-containers.containers.website = { - image = "thecodingmachine/nodejs:12-apache"; - environment = { - STARTUP_COMMAND_1 = "npm install"; - STARTUP_COMMAND_2 = "npm run watch &"; - APACHE_DOCUMENT_ROOT = "dist/"; - }; - volumes = [ "${homeFolder}/website:/var/www/html" ]; - ports = [ "${toString mainPort}:80" ]; - extraOptions = [ "--network=workadventure" ]; - }; - systemd.services.docker-website.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - services.nginx.virtualHosts."${mainURL}" = { - #enableACME = true; - #forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString mainPort}"; - proxyWebsockets = true; - extraConfig = extraConfig; - }; - }; - - virtualisation.oci-containers.containers.messages = { - image = "thecodingmachine/workadventure-back-base:latest"; - environment = { - STARTUP_COMMAND_1 = "yarn install"; - STARTUP_COMMAND_2 = "yarn run proto:watch"; - }; - volumes = [ - "${homeFolder}/messages:/usr/src/app" - "${homeFolder}/back:/usr/src/back" - "${homeFolder}/front:/usr/src/front" - "${homeFolder}/pusher:/usr/src/pusher" - ]; - }; - systemd.services.docker-messages.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - -} diff --git a/terranix/jitsi-cloud/.gitignore b/terranix/workadventure-jitsi-setup/.gitignore similarity index 100% rename from terranix/jitsi-cloud/.gitignore rename to terranix/workadventure-jitsi-setup/.gitignore diff --git a/terranix/jitsi-cloud/README.md b/terranix/workadventure-jitsi-setup/README.md similarity index 100% rename from terranix/jitsi-cloud/README.md rename to terranix/workadventure-jitsi-setup/README.md diff --git a/terranix/jitsi-cloud/config.nix b/terranix/workadventure-jitsi-setup/config.nix similarity index 100% rename from terranix/jitsi-cloud/config.nix rename to terranix/workadventure-jitsi-setup/config.nix diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/configuration.nix similarity index 100% rename from terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix rename to terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/configuration.nix diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/hardware-configuration.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/hardware-configuration.nix similarity index 100% rename from terranix/jitsi-cloud/plops/configs/nixserver-host/hardware-configuration.nix rename to terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/hardware-configuration.nix diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/jitsi.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/jitsi.nix similarity index 100% rename from terranix/jitsi-cloud/plops/configs/nixserver-host/jitsi.nix rename to terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/jitsi.nix diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/ssh.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/ssh.nix similarity index 100% rename from terranix/jitsi-cloud/plops/configs/nixserver-host/ssh.nix rename to terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/ssh.nix diff --git a/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix new file mode 100644 index 0000000..3c1eda5 --- /dev/null +++ b/terranix/workadventure-jitsi-setup/plops/configs/nixserver-host/workadventure.nix @@ -0,0 +1,162 @@ +{ config, pkgs, lib, ... }: +let + # If your Jitsi environment has authentication set up, + # you MUST set JITSI_PRIVATE_MODE to "true" and + # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret + jitsiPrivateMode = "false"; + + secretJitsiKey = ""; + + jitsiISS = ""; + + workadventureSecretKey = "YXNkZnNkZmxranNhZGxma2phc2RsZmtqYXNsa2Zkago="; + + jitsiURL = "meet.palovandalo.com"; + + domain = "workadventure.palovandalo.com"; + # domain will redirect to this map. (not play.${domain}) + defaultMap = "git.ingolf-wagner.de/palo/world-home/raw/master/main.json"; + + apiURL = "api.${domain}"; + apiPort = 9002; + + frontURL = "play.${domain}"; + frontPort = 9004; + + pusherURL = "push.${domain}"; + pusherPort = 9005; + + uploaderURL = "upload.${domain}"; + uploaderPort = 9006; + + frontImage = "thecodingmachine/workadventure-front:develop"; + pusherImage = "thecodingmachine/workadventure-pusher:develop"; + apiImage = "thecodingmachine/workadventure-back:develop"; + uploaderImage = "thecodingmachine/workadventure-uploader:develop"; + +in { + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; + }; + + services.nginx.enable = true; + services.nginx.recommendedProxySettings = true; + + systemd.services.workadventure-network = { + enable = true; + wantedBy = [ "multi-user.target" ]; + script = '' + ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: + ''; + after = [ "docker" ]; + before = [ + "docker-workadventure-back.service" + "docker-workadventure-pusher.service" + "docker-workadventure-uploader.service" + "docker-workadventure-website.service" + ]; + }; + + virtualisation.oci-containers.backend = "docker"; + + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "301 $scheme://play.${domain}/_/global/${defaultMap}"; + }; + }; + + virtualisation.oci-containers.containers.workadventure-front = { + image = frontImage; + environment = { + API_URL = pusherURL; + JITSI_PRIVATE_MODE = jitsiPrivateMode; + JITSI_URL = jitsiURL; + SECRET_JITSI_KEY = secretJitsiKey; + UPLOADER_URL = uploaderURL; + }; + ports = [ "127.0.0.1:${toString frontPort}:80" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${frontURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-pusher = { + image = pusherImage; + environment = { + API_URL = "workadventure-back:50051"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${pusherURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + locations."/room" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + }; + + virtualisation.oci-containers.containers.workadventure-back = { + image = apiImage; + environment = { + #DEBUG = "*"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${apiURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-uploader = { + image = uploaderImage; + ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${uploaderURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString uploaderPort}"; + proxyWebsockets = true; + }; + }; + + systemd.services.docker-workadventure-front.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-uploader.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-pusher.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-back.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + +} diff --git a/terranix/jitsi-cloud/plops/shell.nix b/terranix/workadventure-jitsi-setup/plops/shell.nix similarity index 100% rename from terranix/jitsi-cloud/plops/shell.nix rename to terranix/workadventure-jitsi-setup/plops/shell.nix diff --git a/terranix/jitsi-cloud/shell.nix b/terranix/workadventure-jitsi-setup/shell.nix similarity index 82% rename from terranix/jitsi-cloud/shell.nix rename to terranix/workadventure-jitsi-setup/shell.nix index 75b5e51..1b9722a 100644 --- a/terranix/jitsi-cloud/shell.nix +++ b/terranix/workadventure-jitsi-setup/shell.nix @@ -19,11 +19,11 @@ in pkgs.mkShell { terranix terraform - (pkgs.writers.writeBashBin "jitsi-prepare" '' + (pkgs.writers.writeBashBin "terraform-prepare" '' ${pkgs.openssh}/bin/ssh-keygen -P "" -f ${toString ./.}/sshkey '') - (pkgs.writers.writeBashBin "jitsi-build" '' + (pkgs.writers.writeBashBin "terraform-build" '' set -e set -o pipefail ${terranix}/bin/terranix | ${pkgs.jq}/bin/jq '.' > config.tf.json @@ -31,12 +31,12 @@ in pkgs.mkShell { ${terraform}/bin/terraform apply '') - (pkgs.writers.writeBashBin "jitsi-destroy" '' + (pkgs.writers.writeBashBin "terraform-destroy" '' ${terraform}/bin/terraform destroy rm ${toString ./.}/config.tf.json '') - (pkgs.writers.writeBashBin "jitsi-cleanup" '' + (pkgs.writers.writeBashBin "terraform-cleanup" '' rm ${toString ./.}/sshkey rm ${toString ./.}/sshkey.pub rm ${toString ./.}/terraform.tfstate*