wip : link containers to make it work
This commit is contained in:
Ingolf Wagner
parent
dd208f2e1e
commit
6ebfa54f6f
2 changed files with 71 additions and 139 deletions
|
|
@ -3,13 +3,16 @@
|
|||
#
|
||||
./hardware-configuration.nix
|
||||
./ssh.nix
|
||||
#./jitsi.nix
|
||||
./jitsi.nix
|
||||
./workadventure.nix
|
||||
];
|
||||
|
||||
environment.systemPackages =
|
||||
[ pkgs.git pkgs.docker-compose pkgs.ag pkgs.htop ];
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
|
||||
networking.hostName = "host";
|
||||
|
||||
security.acme.email = "contact@ingolf-wagner.de";
|
||||
|
|
|
|||
|
|
@ -1,9 +1,20 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
# this makes workadventure magically send CORS headers
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
'';
|
||||
|
||||
workadventure-repository = pkgs.fetchgit {
|
||||
url = "https://github.com/thecodingmachine/workadventure.git";
|
||||
rev = "284846e8a59ec0d921189ac3a46e0eb5d1e14818";
|
||||
sha256 = "1f1vi226kas7x9y8zw810q5vg1ikn4bb6ha9vnzvqk9y7jlc1n8q";
|
||||
rev = "c2d0cda441dde6f4fed79aa742b11122b0bffd68";
|
||||
sha256 = "1r1f80l07wk0jdmjyf4a4fq9mynjdmixivc4pf72ry4xx51hsv2y";
|
||||
};
|
||||
|
||||
homeFolder = "/srv/workadventure";
|
||||
|
|
@ -44,7 +55,8 @@ let
|
|||
mapsPort = 9003;
|
||||
|
||||
playURL = "play.${domain}";
|
||||
playPort = 9004;
|
||||
#playPort = 9004;
|
||||
playPort = 8080;
|
||||
|
||||
pusherURL = "pusher.${domain}";
|
||||
pusherPort = 9005;
|
||||
|
|
@ -56,8 +68,8 @@ in {
|
|||
|
||||
# todo delete
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 80 443 ];
|
||||
allowedUDPPorts = [ 80 443 ];
|
||||
allowedTCPPorts = [ 80 443 8080 ];
|
||||
allowedUDPPorts = [ 80 443 8080 ];
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
|
@ -125,12 +137,14 @@ in {
|
|||
};
|
||||
cmd = [ "yarn" "run" "start" ];
|
||||
volumes = [ "${homeFolder}/front:/usr/src/app" ];
|
||||
ports = [ "${toString playPort}:8080" ];
|
||||
#ports = [ "${toString playPort}:8080" ];
|
||||
ports = [ "0.0.0.0:${toString playPort}:8080" ];
|
||||
extraOptions = let
|
||||
labelFile = pkgs.writeText "front-labels" ''
|
||||
traefik.http.routers.front.rule=Host(`play.${domain}`)
|
||||
traefik.http.routers.front.entryPoints=web,traefik
|
||||
traefik.http.services.front.loadbalancer.server.port=8080
|
||||
#traefik.http.routers.front.rule=Host(`play.${domain}`)
|
||||
#traefik.http.routers.front.entryPoints=web,traefik
|
||||
#traefik.http.services.front.loadbalancer.server.port=8080
|
||||
|
||||
#traefik.http.routers.front-ssl.rule=Host(`play.${domain}`)
|
||||
#traefik.http.routers.front-ssl.entryPoints=websecure
|
||||
#traefik.http.routers.front-ssl.tls=false
|
||||
|
|
@ -148,19 +162,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString playPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."${adminURL}" = {
|
||||
|
|
@ -169,20 +171,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString mainPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -204,14 +193,14 @@ in {
|
|||
ports = [ "${toString pusherPort}:8080" ];
|
||||
extraOptions = let
|
||||
labelFile = pkgs.writeText "pusher-labels" ''
|
||||
traefik.http.routers.pusher.rule=Host(`pusher.${domain}`)
|
||||
traefik.http.routers.pusher.entryPoints=web
|
||||
traefik.http.services.pusher.loadbalancer.server.port=8080
|
||||
traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`)
|
||||
traefik.http.routers.pusher-ssl.entryPoints=websecure
|
||||
traefik.http.routers.pusher-ssl.tls=false
|
||||
traefik.http.routers.pusher-ssl.service=pusher
|
||||
traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
|
||||
#traefik.http.routers.pusher.rule=Host(`pusher.${domain}`)
|
||||
#traefik.http.routers.pusher.entryPoints=web
|
||||
#traefik.http.services.pusher.loadbalancer.server.port=8080
|
||||
#traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`)
|
||||
#traefik.http.routers.pusher-ssl.entryPoints=websecure
|
||||
#traefik.http.routers.pusher-ssl.tls=false
|
||||
#traefik.http.routers.pusher-ssl.service=pusher
|
||||
#traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
|
||||
'';
|
||||
in [ "--label-file" (toString labelFile) ];
|
||||
};
|
||||
|
|
@ -225,19 +214,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString pusherPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -255,13 +232,13 @@ in {
|
|||
ports = [ "${toString mapsPort}:80" ];
|
||||
extraOptions = let
|
||||
labelFile = pkgs.writeText "maps-labels" ''
|
||||
traefik.http.routers.maps.rule=Host(`maps.${domain}`)
|
||||
traefik.http.routers.maps.entryPoints=web,traefik
|
||||
traefik.http.services.maps.loadbalancer.server.port=80
|
||||
traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`)
|
||||
traefik.http.routers.maps-ssl.entryPoints=websecure
|
||||
traefik.http.routers.maps-ssl.tls=false
|
||||
traefik.http.routers.maps-ssl.service=maps
|
||||
#traefik.http.routers.maps.rule=Host(`maps.${domain}`)
|
||||
#traefik.http.routers.maps.entryPoints=web,traefik
|
||||
#traefik.http.services.maps.loadbalancer.server.port=80
|
||||
#traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`)
|
||||
#traefik.http.routers.maps-ssl.entryPoints=websecure
|
||||
#traefik.http.routers.maps-ssl.tls=false
|
||||
#traefik.http.routers.maps-ssl.service=maps
|
||||
'';
|
||||
in [ "--label-file" (toString labelFile) ];
|
||||
};
|
||||
|
|
@ -275,19 +252,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString mapsPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -309,14 +274,14 @@ in {
|
|||
ports = [ "${toString apiPort}:8080" ];
|
||||
extraOptions = let
|
||||
labelFile = pkgs.writeText "back-labels" ''
|
||||
traefik.http.routers.back.rule=Host(`api.${domain}`)
|
||||
traefik.http.routers.back.entryPoints=web
|
||||
traefik.http.services.back.loadbalancer.server.port=8080
|
||||
traefik.http.routers.back-ssl.rule=Host(`api.${domain}`)
|
||||
traefik.http.routers.back-ssl.entryPoints=websecure
|
||||
traefik.http.routers.back-ssl.tls=false
|
||||
traefik.http.routers.back-ssl.service=back
|
||||
traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
|
||||
#traefik.http.routers.back.rule=Host(`api.${domain}`)
|
||||
#traefik.http.routers.back.entryPoints=web
|
||||
#traefik.http.services.back.loadbalancer.server.port=8080
|
||||
#traefik.http.routers.back-ssl.rule=Host(`api.${domain}`)
|
||||
#traefik.http.routers.back-ssl.entryPoints=websecure
|
||||
#traefik.http.routers.back-ssl.tls=false
|
||||
#traefik.http.routers.back-ssl.service=back
|
||||
#traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
|
||||
'';
|
||||
in [ "--label-file" (toString labelFile) ];
|
||||
};
|
||||
|
|
@ -330,19 +295,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString apiPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -357,13 +310,13 @@ in {
|
|||
ports = [ "${toString uploaderPort}:8080" ];
|
||||
extraOptions = let
|
||||
labelFile = pkgs.writeText "uploader-labels" ''
|
||||
traefik.http.routers.uploader.rule=Host(`uploader.${domain}`)
|
||||
traefik.http.routers.uploader.entryPoints=web
|
||||
traefik.http.services.uploader.loadbalancer.server.port=8080
|
||||
traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`)
|
||||
traefik.http.routers.uploader-ssl.entryPoints=websecure
|
||||
traefik.http.routers.uploader-ssl.tls=true
|
||||
traefik.http.routers.uploader-ssl.service=uploader
|
||||
#traefik.http.routers.uploader.rule=Host(`uploader.${domain}`)
|
||||
#traefik.http.routers.uploader.entryPoints=web
|
||||
#traefik.http.services.uploader.loadbalancer.server.port=8080
|
||||
#traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`)
|
||||
#traefik.http.routers.uploader-ssl.entryPoints=websecure
|
||||
#traefik.http.routers.uploader-ssl.tls=true
|
||||
#traefik.http.routers.uploader-ssl.service=uploader
|
||||
'';
|
||||
in [ "--label-file" (toString labelFile) ];
|
||||
};
|
||||
|
|
@ -377,19 +330,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString uploaderPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -404,13 +345,13 @@ in {
|
|||
ports = [ "${toString mainPort}:80" ];
|
||||
extraOptions = let
|
||||
labelFile = pkgs.writeText "website-labels" ''
|
||||
traefik.http.routers.website.rule=Host(`${domain}`)
|
||||
traefik.http.routers.website.entryPoints=web
|
||||
traefik.http.services.website.loadbalancer.server.port=8080
|
||||
traefik.http.routers.website-ssl.rule=Host(`${domain}`)
|
||||
traefik.http.routers.website-ssl.entryPoints=websecure
|
||||
traefik.http.routers.website-ssl.tls=true
|
||||
traefik.http.routers.website-ssl.service=website
|
||||
#traefik.http.routers.website.rule=Host(`${domain}`)
|
||||
#traefik.http.routers.website.entryPoints=web
|
||||
#traefik.http.services.website.loadbalancer.server.port=8080
|
||||
#traefik.http.routers.website-ssl.rule=Host(`${domain}`)
|
||||
#traefik.http.routers.website-ssl.entryPoints=websecure
|
||||
#traefik.http.routers.website-ssl.tls=true
|
||||
#traefik.http.routers.website-ssl.service=website
|
||||
'';
|
||||
in [ "--label-file" (toString labelFile) ];
|
||||
};
|
||||
|
|
@ -424,19 +365,7 @@ in {
|
|||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString mainPort}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
add_header Access-Control-Max-Age 3600;
|
||||
add_header Access-Control-Expose-Headers Content-Length;
|
||||
add_header Access-Control-Allow-Headers Range;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#sub_filter '${domain}:8080' '${domain}';
|
||||
#sub_filter_once on;
|
||||
'';
|
||||
extraConfig = extraConfig;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue