From 7f8db235250a8b3de675f63c8c3b035f62db5947 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Thu, 31 Dec 2020 16:30:31 +0100 Subject: [PATCH] workadventure wip --- .../configs/nixserver-host/configuration.nix | 5 +- .../configs/nixserver-host/workadventure.nix | 496 ++++++++++++------ 2 files changed, 326 insertions(+), 175 deletions(-) diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix b/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix index ef8ad80..0c7800f 100644 --- a/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix +++ b/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix @@ -1,12 +1,13 @@ { config, pkgs, lib, ... }: { imports = [ + # ./hardware-configuration.nix ./ssh.nix - # ./jitsi.nix + ./jitsi.nix ./workadventure.nix ]; - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ pkgs.git pkgs.docker-compose pkgs.ag ]; networking.hostName = "host"; diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix b/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix index 4275513..fadcefc 100644 --- a/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix +++ b/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix @@ -10,8 +10,6 @@ let debugMode = "true"; - jitsiURL = "meet.palovandalo.com"; - # If your Jitsi environment has authentication set up, # you MUST set JITSI_PRIVATE_MODE to "true" and # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret @@ -34,8 +32,43 @@ let domain = "workadventure.palovandalo.com"; + jitsiURL = "meet.palovandalo.com"; + + mainURL = domain; + mainPort = 9000; + + adminURL = "admin.${domain}"; + adminPort = 9001; + + apiURL = "api.${domain}"; + apiPort = 9002; + + mapsURL = "maps.${domain}"; + mapsPort = 9003; + + playURL = "play.${domain}"; + playPort = 9004; + + pusherURL = "pusher.${domain}"; + pusherPort = 9005; + + uploaderURL = "uploader.${domain}"; + uploaderPort = 9006; + in { + # todo delete + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; + }; + + services.nginx.enable = true; + #services.nginx.recommendedGzipSettings = true; + #services.nginx.recommendedOptimisation = true; + #services.nginx.recommendedProxySettings = true; + #services.nginx.recommendedTlsSettings = true; + systemd.services.workadventureRepository = { enable = true; wantedBy = [ "multi-user.target" ]; @@ -54,179 +87,296 @@ in { ]; }; - virtualisation.oci-containers = { - backend = "docker"; - containers = { - - front = { - image = "thecodingmachine/nodejs:14"; - environment = { - DEBUG_MODE = debugMode; - JITSI_URL = jitsiURL; - JITSI_PRIVATE_MODE = jitsiPrivateMode; - HOST = "0.0.0.0"; - NODE_ENV = "development"; - API_URL = "pusher.${domain}"; - UPLOADER_URL = "uploader.${domain}"; - ADMIN_URL = "admin.${domain}"; - STARTUP_COMMAND_1 = "yarn install"; - # udp packet foobar - TURN_SERVER = - "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443"; - TURN_USER = "workadventure"; - TURN_PASSWORD = "WorkAdventure123"; - }; - cmd = [ "yarn run start" ]; - volumes = [ "$homeFolder}/front:/usr/src/app" ]; - extraOptions = let - labelFile = pkgs.writeText "front-labels" '' - traefik.http.routers.front.rule=Host(`play.${domain}`) - traefik.http.routers.front.entryPoints=web,traefik - traefik.http.services.front.loadbalancer.server.port=8080 - traefik.http.routers.front-ssl.rule=Host(`play.${domain}`) - traefik.http.routers.front-ssl.entryPoints=websecure - traefik.http.routers.front-ssl.tls=true - traefik.http.routers.front-ssl.service=front - ''; - in [ "--label-file" (toString labelFile) ]; - }; - - pusher = { - image = "thecodingmachine/nodejs:12"; - cmd = [ "yarn dev" ]; - environment = { - DEBUG = "*"; - STARTUP_COMMAND_1 = "yarn install"; - SECRET_JITSI_KEY = secretJitsiKey; - SECRET_KEY = "yourSecretKey"; - ADMIN_API_TOKEN = "$ADMIN_API_TOKEN"; - API_URL = "back:50051"; - JITSI_URL = jitsiURL; - JITSI_ISS = jitsiISS; - }; - volumes = [ "${homeFolder}/pusher:/usr/src/app" ]; - extraOptions = let - labelFile = pkgs.writeText "pusher-labels" '' - traefik.http.routers.pusher.rule=Host(`pusher.${domain}`) - traefik.http.routers.pusher.entryPoints=web - traefik.http.services.pusher.loadbalancer.server.port=8080 - traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`) - traefik.http.routers.pusher-ssl.entryPoints=websecure - traefik.http.routers.pusher-ssl.tls=true - traefik.http.routers.pusher-ssl.service=pusher - ''; - in [ "--label-file" (toString labelFile) ]; - }; - - maps = { - image = "thecodingmachine/nodejs:12-apache"; - environment = { - DEBUG_MODE = debugMode; - HOST = "0.0.0.0"; - NODE_ENV = "development"; - STARTUP_COMMAND_0 = "sudo a2enmod headers"; - STARTUP_COMMAND_1 = "yarn install"; - STARTUP_COMMAND_2 = "yarn run dev &"; - }; - volumes = [ "${homeFolder}/maps:/var/www/html" ]; - extraOptions = let - labelFile = pkgs.writeText "maps-labels" '' - traefik.http.routers.maps.rule=Host(`maps.${domain}`) - traefik.http.routers.maps.entryPoints=web,traefik - traefik.http.services.maps.loadbalancer.server.port=80 - traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`) - traefik.http.routers.maps-ssl.entryPoints=websecure - traefik.http.routers.maps-ssl.tls=true - traefik.http.routers.maps-ssl.service=maps - ''; - in [ "--label-file" (toString labelFile) ]; - }; - - back = { - image = "thecodingmachine/nodejs:12"; - cmd = [ "yarn dev" ]; - environment = { - DEBUG = "*"; - STARTUP_COMMAND_1 = "yarn install"; - SECRET_KEY = "yourSecretKey"; - SECRET_JITSI_KEY = secretJitsiKey; - ALLOW_ARTILLERY = "true"; - ADMIN_API_TOKEN = "$ADMIN_API_TOKEN"; - JITSI_URL = jitsiURL; - JITSI_ISS = jitsiISS; - }; - volumes = [ "${homeFolder}/back:/usr/src/app" ]; - extraOptions = let - labelFile = pkgs.writeText "back-labels" '' - traefik.http.routers.back.rule=Host(`api.${domain}`) - traefik.http.routers.back.entryPoints=web - traefik.http.services.back.loadbalancer.server.port=8080 - traefik.http.routers.back-ssl.rule=Host(`api.${domain}`) - traefik.http.routers.back-ssl.entryPoints=websecure - traefik.http.routers.back-ssl.tls=true - traefik.http.routers.back-ssl.service=back - ''; - in [ "--label-file" (toString labelFile) ]; - }; - - uploader = { - image = "thecodingmachine/nodejs:12"; - cmd = [ "yarn dev" ]; - environment = { - DEBUG = "*"; - STARTUP_COMMAND_1 = "yarn install"; - }; - volumes = [ "${homeFolder}/uploader:/usr/src/app" ]; - extraOptions = let - labelFile = pkgs.writeText "uploader-labels" '' - traefik.http.routers.uploader.rule=Host(`uploader.${domain}`) - traefik.http.routers.uploader.entryPoints=web - traefik.http.services.uploader.loadbalancer.server.port=8080 - traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`) - traefik.http.routers.uploader-ssl.entryPoints=websecure - traefik.http.routers.uploader-ssl.tls=true - traefik.http.routers.uploader-ssl.service=uploader - ''; - in [ "--label-file" (toString labelFile) ]; - - }; - - website = { - image = "thecodingmachine/nodejs:12-apache"; - environment = { - STARTUP_COMMAND_1 = "npm install"; - STARTUP_COMMAND_2 = "npm run watch &"; - APACHE_DOCUMENT_ROOT = "dist/"; - }; - volumes = [ "${homeFolder}/website:/var/www/html" ]; - extraOptions = let - labelFile = pkgs.writeText "website-labels" '' - traefik.http.routers.website.rule=Host(`${domain}`) - traefik.http.routers.website.entryPoints=web - traefik.http.services.website.loadbalancer.server.port=8080 - traefik.http.routers.website-ssl.rule=Host(`${domain}`) - traefik.http.routers.website-ssl.entryPoints=websecure - traefik.http.routers.website-ssl.tls=true - traefik.http.routers.website-ssl.service=website - ''; - in [ "--label-file" (toString labelFile) ]; - }; - - messages = { - image = "thecodingmachine/workadventure-back-base:latest"; - environment = { - STARTUP_COMMAND_1 = "yarn install"; - STARTUP_COMMAND_2 = "yarn run proto:watch"; - }; - volumes = [ - "${homeFolder}/messages:/usr/src/app" - "${homeFolder}/back:/usr/src/back" - "${homeFolder}/front:/usr/src/front" - "${homeFolder}/pusher:/usr/src/pusher" - ]; - }; + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers.front = { + image = "thecodingmachine/nodejs:14"; + environment = { + DEBUG_MODE = debugMode; + JITSI_URL = jitsiURL; + JITSI_PRIVATE_MODE = jitsiPrivateMode; + HOST = "0.0.0.0"; + NODE_ENV = "development"; + API_URL = pusherURL; + UPLOADER_URL = uploaderURL; + ADMIN_URL = adminURL; + STARTUP_COMMAND_1 = "yarn install"; + TURN_SERVER = + "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443"; + TURN_USER = "workadventure"; + TURN_PASSWORD = "WorkAdventure123"; + }; + cmd = [ "yarn" "run" "start" ]; + volumes = [ "${homeFolder}/front:/usr/src/app" ]; + #ports = [ "${toString playPort}:80" ]; + ports = [ "${toString playPort}:8080" ]; + #extraOptions = let + # labelFile = pkgs.writeText "front-labels" '' + # traefik.http.routers.front.rule=Host(`${playURL}`) + # traefik.http.routers.front.entryPoints=web,traefik + # traefik.http.services.front.loadbalancer.server.port=8080 + # traefik.http.routers.front-ssl.rule=Host(`${playURL}}`) + # traefik.http.routers.front-ssl.entryPoints=websecure + # traefik.http.routers.front-ssl.tls=true + # traefik.http.routers.front-ssl.service=front + # ''; + #in [ "--label-file" (toString labelFile) ]; + }; + systemd.services.docker-front.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + services.nginx.virtualHosts."${playURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString playPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + services.nginx.virtualHosts."${adminURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + #proxyPass = "http://localhost:${toString adminPort}"; + proxyPass = "http://localhost:${toString mainPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; }; }; + virtualisation.oci-containers.containers.pusher = { + image = "thecodingmachine/nodejs:12"; + cmd = [ "yarn" "dev" ]; + environment = { + DEBUG = "*"; + STARTUP_COMMAND_1 = "yarn install"; + SECRET_JITSI_KEY = secretJitsiKey; + SECRET_KEY = "yourSecretKey"; + ADMIN_API_TOKEN = "$ADMIN_API_TOKEN"; + API_URL = "back:50051"; + JITSI_URL = jitsiURL; + JITSI_ISS = jitsiISS; + }; + volumes = [ "${homeFolder}/pusher:/usr/src/app" ]; + #ports = [ "${toString pusherPort}:80" ]; + ports = [ "${toString pusherPort}:8080" ]; + #extraOptions = let + # labelFile = pkgs.writeText "pusher-labels" '' + # traefik.http.routers.pusher.rule=Host(`${pusherURL}`) + # traefik.http.routers.pusher.entryPoints=web + # traefik.http.services.pusher.loadbalancer.server.port=8080 + # traefik.http.routers.pusher-ssl.rule=Host(`${pusherURL}`) + # traefik.http.routers.pusher-ssl.entryPoints=websecure + # traefik.http.routers.pusher-ssl.tls=true + # traefik.http.routers.pusher-ssl.service=pusher + # ''; + #in [ "--label-file" (toString labelFile) ]; + }; + systemd.services.docker-pusher.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + services.nginx.virtualHosts."${pusherURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString pusherPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + + virtualisation.oci-containers.containers.maps = { + image = "thecodingmachine/nodejs:12-apache"; + environment = { + DEBUG_MODE = debugMode; + HOST = "0.0.0.0"; + NODE_ENV = "development"; + STARTUP_COMMAND_0 = "sudo a2enmod headers"; + STARTUP_COMMAND_1 = "yarn install"; + STARTUP_COMMAND_2 = "yarn run dev &"; + }; + volumes = [ "${homeFolder}/maps:/var/www/html" ]; + ports = [ "${toString mapsPort}:80" ]; + #extraOptions = let + # labelFile = pkgs.writeText "maps-labels" '' + # traefik.http.routers.maps.rule=Host(`${mapsURL}`) + # traefik.http.routers.maps.entryPoints=web,traefik + # traefik.http.services.maps.loadbalancer.server.port=80 + # traefik.http.routers.maps-ssl.rule=Host(`${mapsURL}`) + # traefik.http.routers.maps-ssl.entryPoints=websecure + # traefik.http.routers.maps-ssl.tls=true + # traefik.http.routers.maps-ssl.service=maps + # ''; + #in [ "--label-file" (toString labelFile) ]; + }; + systemd.services.docker-maps.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + services.nginx.virtualHosts."${mapsURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString mapsPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + + virtualisation.oci-containers.containers.back = { + image = "thecodingmachine/nodejs:12"; + cmd = [ "yarn" "dev" ]; + environment = { + DEBUG = "*"; + STARTUP_COMMAND_1 = "yarn install"; + SECRET_KEY = "yourSecretKey"; + SECRET_JITSI_KEY = secretJitsiKey; + ALLOW_ARTILLERY = "true"; + ADMIN_API_TOKEN = "$ADMIN_API_TOKEN"; + JITSI_URL = jitsiURL; + JITSI_ISS = jitsiISS; + }; + volumes = [ "${homeFolder}/back:/usr/src/app" ]; + #ports = [ "${toString apiPort}:80" ]; + ports = [ "${toString apiPort}:8080" ]; + #extraOptions = let + # labelFile = pkgs.writeText "back-labels" '' + # traefik.http.routers.back.rule=Host(`${apiURL}`) + # traefik.http.routers.back.entryPoints=web + # traefik.http.services.back.loadbalancer.server.port=8080 + # traefik.http.routers.back-ssl.rule=Host(`${apiURL}`) + # traefik.http.routers.back-ssl.entryPoints=websecure + # traefik.http.routers.back-ssl.tls=true + # traefik.http.routers.back-ssl.service=back + # ''; + #in [ "--label-file" (toString labelFile) ]; + }; + systemd.services.docker-back.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + services.nginx.virtualHosts."${apiURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString apiPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + + virtualisation.oci-containers.containers.uploader = { + image = "thecodingmachine/nodejs:12"; + cmd = [ "yarn" "dev" ]; + environment = { + DEBUG = "*"; + STARTUP_COMMAND_1 = "yarn install"; + }; + volumes = [ "${homeFolder}/uploader:/usr/src/app" ]; + #ports = [ "${toString uploaderPort}:80" ]; + ports = [ "${toString uploaderPort}:8080" ]; + #extraOptions = let + # labelFile = pkgs.writeText "uploader-labels" '' + # traefik.http.routers.uploader.rule=Host(`${uploaderURL}`) + # traefik.http.routers.uploader.entryPoints=web + # traefik.http.services.uploader.loadbalancer.server.port=8080 + # traefik.http.routers.uploader-ssl.rule=Host(`${uploaderURL}`) + # traefik.http.routers.uploader-ssl.entryPoints=websecure + # traefik.http.routers.uploader-ssl.tls=true + # traefik.http.routers.uploader-ssl.service=uploader + # ''; + #in [ "--label-file" (toString labelFile) ]; + }; + systemd.services.docker-uploader.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + services.nginx.virtualHosts."${uploaderURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString uploaderPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + + virtualisation.oci-containers.containers.website = { + image = "thecodingmachine/nodejs:12-apache"; + environment = { + STARTUP_COMMAND_1 = "npm install"; + STARTUP_COMMAND_2 = "npm run watch &"; + APACHE_DOCUMENT_ROOT = "dist/"; + }; + volumes = [ "${homeFolder}/website:/var/www/html" ]; + ports = [ "${toString mainPort}:80" ]; + #ports = [ "${toString mainPort}:8080" ]; + #extraOptions = let + # labelFile = pkgs.writeText "website-labels" '' + # traefik.http.routers.website.rule=Host(`${domain}`) + # traefik.http.routers.website.entryPoints=web + # traefik.http.services.website.loadbalancer.server.port=8080 + # traefik.http.routers.website-ssl.rule=Host(`${domain}`) + # traefik.http.routers.website-ssl.entryPoints=websecure + # traefik.http.routers.website-ssl.tls=true + # traefik.http.routers.website-ssl.service=website + # ''; + #in [ "--label-file" (toString labelFile) ]; + }; + systemd.services.docker-website.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + services.nginx.virtualHosts."${mainURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString mainPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; + + virtualisation.oci-containers.containers.messages = { + image = "thecodingmachine/workadventure-back-base:latest"; + environment = { + STARTUP_COMMAND_1 = "yarn install"; + STARTUP_COMMAND_2 = "yarn run proto:watch"; + }; + volumes = [ + "${homeFolder}/messages:/usr/src/app" + "${homeFolder}/back:/usr/src/back" + "${homeFolder}/front:/usr/src/front" + "${homeFolder}/pusher:/usr/src/pusher" + ]; + }; + systemd.services.docker-messages.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + }