palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

workadventure wip

Browse source
This commit is contained in:
Ingolf Wagner 2020-12-31 16:30:31 +01:00
parent 723be1c799
commit 7f8db23525
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 326 additions and 175 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix
View file

@ -1,12 +1,13 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
imports = [ imports = [
#
./hardware-configuration.nix ./hardware-configuration.nix
./ssh.nix ./ssh.nix
# ./jitsi.nix ./jitsi.nix
./workadventure.nix ./workadventure.nix
]; ];
environment.systemPackages = [ pkgs.git ]; environment.systemPackages = [ pkgs.git pkgs.docker-compose pkgs.ag ];
networking.hostName = "host"; networking.hostName = "host";

318
terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix
View file

@ -10,8 +10,6 @@ let
debugMode = "true"; debugMode = "true";
jitsiURL = "meet.palovandalo.com";
# If your Jitsi environment has authentication set up, # If your Jitsi environment has authentication set up,
# you MUST set JITSI_PRIVATE_MODE to "true" and # you MUST set JITSI_PRIVATE_MODE to "true" and
# you MUST pass a SECRET_JITSI_KEY to generate the JWT secret # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
@ -34,8 +32,43 @@ let
domain = "workadventure.palovandalo.com"; domain = "workadventure.palovandalo.com";
jitsiURL = "meet.palovandalo.com";
mainURL = domain;
mainPort = 9000;
adminURL = "admin.${domain}";
adminPort = 9001;
apiURL = "api.${domain}";
apiPort = 9002;
mapsURL = "maps.${domain}";
mapsPort = 9003;
playURL = "play.${domain}";
playPort = 9004;
pusherURL = "pusher.${domain}";
pusherPort = 9005;
uploaderURL = "uploader.${domain}";
uploaderPort = 9006;
in { in {
# todo delete
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 ];
};
services.nginx.enable = true;
#services.nginx.recommendedGzipSettings = true;
#services.nginx.recommendedOptimisation = true;
#services.nginx.recommendedProxySettings = true;
#services.nginx.recommendedTlsSettings = true;
systemd.services.workadventureRepository = { systemd.services.workadventureRepository = {
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -54,11 +87,9 @@ in {
]; ];
}; };
virtualisation.oci-containers = { virtualisation.oci-containers.backend = "docker";
backend = "docker";
containers = {
front = { virtualisation.oci-containers.containers.front = {
image = "thecodingmachine/nodejs:14"; image = "thecodingmachine/nodejs:14";
environment = { environment = {
DEBUG_MODE = debugMode; DEBUG_MODE = debugMode;
@ -66,34 +97,64 @@ in {
JITSI_PRIVATE_MODE = jitsiPrivateMode; JITSI_PRIVATE_MODE = jitsiPrivateMode;
HOST = "0.0.0.0"; HOST = "0.0.0.0";
NODE_ENV = "development"; NODE_ENV = "development";
API_URL = "pusher.${domain}"; API_URL = pusherURL;
UPLOADER_URL = "uploader.${domain}"; UPLOADER_URL = uploaderURL;
ADMIN_URL = "admin.${domain}"; ADMIN_URL = adminURL;
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
# udp packet foobar
TURN_SERVER = TURN_SERVER =
"turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443"; "turn:coturn.workadventu.re:443,turns:coturn.workadventu.re:443";
TURN_USER = "workadventure"; TURN_USER = "workadventure";
TURN_PASSWORD = "WorkAdventure123"; TURN_PASSWORD = "WorkAdventure123";
}; };
cmd = [ "yarn run start" ]; cmd = [ "yarn" "run" "start" ];
volumes = [ "$homeFolder}/front:/usr/src/app" ]; volumes = [ "${homeFolder}/front:/usr/src/app" ];
extraOptions = let #ports = [ "${toString playPort}:80" ];
labelFile = pkgs.writeText "front-labels" '' ports = [ "${toString playPort}:8080" ];
traefik.http.routers.front.rule=Host(`play.${domain}`) #extraOptions = let
traefik.http.routers.front.entryPoints=web,traefik # labelFile = pkgs.writeText "front-labels" ''
traefik.http.services.front.loadbalancer.server.port=8080 # traefik.http.routers.front.rule=Host(`${playURL}`)
traefik.http.routers.front-ssl.rule=Host(`play.${domain}`) # traefik.http.routers.front.entryPoints=web,traefik
traefik.http.routers.front-ssl.entryPoints=websecure # traefik.http.services.front.loadbalancer.server.port=8080
traefik.http.routers.front-ssl.tls=true # traefik.http.routers.front-ssl.rule=Host(`${playURL}}`)
traefik.http.routers.front-ssl.service=front # traefik.http.routers.front-ssl.entryPoints=websecure
# traefik.http.routers.front-ssl.tls=true
# traefik.http.routers.front-ssl.service=front
# '';
#in [ "--label-file" (toString labelFile) ];
};
systemd.services.docker-front.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
services.nginx.virtualHosts."${playURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString playPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
''; '';
in [ "--label-file" (toString labelFile) ]; };
};
services.nginx.virtualHosts."${adminURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
#proxyPass = "http://localhost:${toString adminPort}";
proxyPass = "http://localhost:${toString mainPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
}; };
pusher = { virtualisation.oci-containers.containers.pusher = {
image = "thecodingmachine/nodejs:12"; image = "thecodingmachine/nodejs:12";
cmd = [ "yarn dev" ]; cmd = [ "yarn" "dev" ];
environment = { environment = {
DEBUG = "*"; DEBUG = "*";
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
@ -105,20 +166,38 @@ in {
JITSI_ISS = jitsiISS; JITSI_ISS = jitsiISS;
}; };
volumes = [ "${homeFolder}/pusher:/usr/src/app" ]; volumes = [ "${homeFolder}/pusher:/usr/src/app" ];
extraOptions = let #ports = [ "${toString pusherPort}:80" ];
labelFile = pkgs.writeText "pusher-labels" '' ports = [ "${toString pusherPort}:8080" ];
traefik.http.routers.pusher.rule=Host(`pusher.${domain}`) #extraOptions = let
traefik.http.routers.pusher.entryPoints=web # labelFile = pkgs.writeText "pusher-labels" ''
traefik.http.services.pusher.loadbalancer.server.port=8080 # traefik.http.routers.pusher.rule=Host(`${pusherURL}`)
traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`) # traefik.http.routers.pusher.entryPoints=web
traefik.http.routers.pusher-ssl.entryPoints=websecure # traefik.http.services.pusher.loadbalancer.server.port=8080
traefik.http.routers.pusher-ssl.tls=true # traefik.http.routers.pusher-ssl.rule=Host(`${pusherURL}`)
traefik.http.routers.pusher-ssl.service=pusher # traefik.http.routers.pusher-ssl.entryPoints=websecure
# traefik.http.routers.pusher-ssl.tls=true
# traefik.http.routers.pusher-ssl.service=pusher
# '';
#in [ "--label-file" (toString labelFile) ];
};
systemd.services.docker-pusher.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
services.nginx.virtualHosts."${pusherURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString pusherPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
''; '';
in [ "--label-file" (toString labelFile) ]; };
}; };
maps = { virtualisation.oci-containers.containers.maps = {
image = "thecodingmachine/nodejs:12-apache"; image = "thecodingmachine/nodejs:12-apache";
environment = { environment = {
DEBUG_MODE = debugMode; DEBUG_MODE = debugMode;
@ -129,22 +208,39 @@ in {
STARTUP_COMMAND_2 = "yarn run dev &"; STARTUP_COMMAND_2 = "yarn run dev &";
}; };
volumes = [ "${homeFolder}/maps:/var/www/html" ]; volumes = [ "${homeFolder}/maps:/var/www/html" ];
extraOptions = let ports = [ "${toString mapsPort}:80" ];
labelFile = pkgs.writeText "maps-labels" '' #extraOptions = let
traefik.http.routers.maps.rule=Host(`maps.${domain}`) # labelFile = pkgs.writeText "maps-labels" ''
traefik.http.routers.maps.entryPoints=web,traefik # traefik.http.routers.maps.rule=Host(`${mapsURL}`)
traefik.http.services.maps.loadbalancer.server.port=80 # traefik.http.routers.maps.entryPoints=web,traefik
traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`) # traefik.http.services.maps.loadbalancer.server.port=80
traefik.http.routers.maps-ssl.entryPoints=websecure # traefik.http.routers.maps-ssl.rule=Host(`${mapsURL}`)
traefik.http.routers.maps-ssl.tls=true # traefik.http.routers.maps-ssl.entryPoints=websecure
traefik.http.routers.maps-ssl.service=maps # traefik.http.routers.maps-ssl.tls=true
# traefik.http.routers.maps-ssl.service=maps
# '';
#in [ "--label-file" (toString labelFile) ];
};
systemd.services.docker-maps.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
services.nginx.virtualHosts."${mapsURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString mapsPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
''; '';
in [ "--label-file" (toString labelFile) ]; };
}; };
back = { virtualisation.oci-containers.containers.back = {
image = "thecodingmachine/nodejs:12"; image = "thecodingmachine/nodejs:12";
cmd = [ "yarn dev" ]; cmd = [ "yarn" "dev" ];
environment = { environment = {
DEBUG = "*"; DEBUG = "*";
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
@ -156,42 +252,77 @@ in {
JITSI_ISS = jitsiISS; JITSI_ISS = jitsiISS;
}; };
volumes = [ "${homeFolder}/back:/usr/src/app" ]; volumes = [ "${homeFolder}/back:/usr/src/app" ];
extraOptions = let #ports = [ "${toString apiPort}:80" ];
labelFile = pkgs.writeText "back-labels" '' ports = [ "${toString apiPort}:8080" ];
traefik.http.routers.back.rule=Host(`api.${domain}`) #extraOptions = let
traefik.http.routers.back.entryPoints=web # labelFile = pkgs.writeText "back-labels" ''
traefik.http.services.back.loadbalancer.server.port=8080 # traefik.http.routers.back.rule=Host(`${apiURL}`)
traefik.http.routers.back-ssl.rule=Host(`api.${domain}`) # traefik.http.routers.back.entryPoints=web
traefik.http.routers.back-ssl.entryPoints=websecure # traefik.http.services.back.loadbalancer.server.port=8080
traefik.http.routers.back-ssl.tls=true # traefik.http.routers.back-ssl.rule=Host(`${apiURL}`)
traefik.http.routers.back-ssl.service=back # traefik.http.routers.back-ssl.entryPoints=websecure
# traefik.http.routers.back-ssl.tls=true
# traefik.http.routers.back-ssl.service=back
# '';
#in [ "--label-file" (toString labelFile) ];
};
systemd.services.docker-back.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
services.nginx.virtualHosts."${apiURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString apiPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
''; '';
in [ "--label-file" (toString labelFile) ]; };
}; };
uploader = { virtualisation.oci-containers.containers.uploader = {
image = "thecodingmachine/nodejs:12"; image = "thecodingmachine/nodejs:12";
cmd = [ "yarn dev" ]; cmd = [ "yarn" "dev" ];
environment = { environment = {
DEBUG = "*"; DEBUG = "*";
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
}; };
volumes = [ "${homeFolder}/uploader:/usr/src/app" ]; volumes = [ "${homeFolder}/uploader:/usr/src/app" ];
extraOptions = let #ports = [ "${toString uploaderPort}:80" ];
labelFile = pkgs.writeText "uploader-labels" '' ports = [ "${toString uploaderPort}:8080" ];
traefik.http.routers.uploader.rule=Host(`uploader.${domain}`) #extraOptions = let
traefik.http.routers.uploader.entryPoints=web # labelFile = pkgs.writeText "uploader-labels" ''
traefik.http.services.uploader.loadbalancer.server.port=8080 # traefik.http.routers.uploader.rule=Host(`${uploaderURL}`)
traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`) # traefik.http.routers.uploader.entryPoints=web
traefik.http.routers.uploader-ssl.entryPoints=websecure # traefik.http.services.uploader.loadbalancer.server.port=8080
traefik.http.routers.uploader-ssl.tls=true # traefik.http.routers.uploader-ssl.rule=Host(`${uploaderURL}`)
traefik.http.routers.uploader-ssl.service=uploader # traefik.http.routers.uploader-ssl.entryPoints=websecure
# traefik.http.routers.uploader-ssl.tls=true
# traefik.http.routers.uploader-ssl.service=uploader
# '';
#in [ "--label-file" (toString labelFile) ];
};
systemd.services.docker-uploader.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
services.nginx.virtualHosts."${uploaderURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString uploaderPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
''; '';
in [ "--label-file" (toString labelFile) ]; };
}; };
website = { virtualisation.oci-containers.containers.website = {
image = "thecodingmachine/nodejs:12-apache"; image = "thecodingmachine/nodejs:12-apache";
environment = { environment = {
STARTUP_COMMAND_1 = "npm install"; STARTUP_COMMAND_1 = "npm install";
@ -199,20 +330,38 @@ in {
APACHE_DOCUMENT_ROOT = "dist/"; APACHE_DOCUMENT_ROOT = "dist/";
}; };
volumes = [ "${homeFolder}/website:/var/www/html" ]; volumes = [ "${homeFolder}/website:/var/www/html" ];
extraOptions = let ports = [ "${toString mainPort}:80" ];
labelFile = pkgs.writeText "website-labels" '' #ports = [ "${toString mainPort}:8080" ];
traefik.http.routers.website.rule=Host(`${domain}`) #extraOptions = let
traefik.http.routers.website.entryPoints=web # labelFile = pkgs.writeText "website-labels" ''
traefik.http.services.website.loadbalancer.server.port=8080 # traefik.http.routers.website.rule=Host(`${domain}`)
traefik.http.routers.website-ssl.rule=Host(`${domain}`) # traefik.http.routers.website.entryPoints=web
traefik.http.routers.website-ssl.entryPoints=websecure # traefik.http.services.website.loadbalancer.server.port=8080
traefik.http.routers.website-ssl.tls=true # traefik.http.routers.website-ssl.rule=Host(`${domain}`)
traefik.http.routers.website-ssl.service=website # traefik.http.routers.website-ssl.entryPoints=websecure
# traefik.http.routers.website-ssl.tls=true
# traefik.http.routers.website-ssl.service=website
# '';
#in [ "--label-file" (toString labelFile) ];
};
systemd.services.docker-website.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
services.nginx.virtualHosts."${mainURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString mainPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
''; '';
in [ "--label-file" (toString labelFile) ]; };
}; };
messages = { virtualisation.oci-containers.containers.messages = {
image = "thecodingmachine/workadventure-back-base:latest"; image = "thecodingmachine/workadventure-back-base:latest";
environment = { environment = {
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
@ -225,8 +374,9 @@ in {
"${homeFolder}/pusher:/usr/src/pusher" "${homeFolder}/pusher:/usr/src/pusher"
]; ];
}; };
systemd.services.docker-messages.serviceConfig = {
}; StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
}; };
} }