workadventure wip
This commit is contained in:
parent
ff2b0c7e60
commit
dd208f2e1e
1 changed files with 156 additions and 17 deletions
|
@ -57,7 +57,7 @@ in {
|
||||||
# todo delete
|
# todo delete
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ 80 443 ];
|
allowedTCPPorts = [ 80 443 ];
|
||||||
allowedUDPPorts = [ 80 443 8080 ];
|
allowedUDPPorts = [ 80 443 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
@ -87,6 +87,24 @@ in {
|
||||||
|
|
||||||
virtualisation.oci-containers.backend = "docker";
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
#virtualisation.oci-containers.containers.reverse-proxy = {
|
||||||
|
# image = "traefik:v2.0";
|
||||||
|
# cmd = [
|
||||||
|
# "--api.insecure=true"
|
||||||
|
# "--providers.docker"
|
||||||
|
# "--entryPoints.web.address=:80"
|
||||||
|
# "--entryPoints.websecure.address=:443"
|
||||||
|
# ];
|
||||||
|
# ports = [
|
||||||
|
# "80:80"
|
||||||
|
# "443:443"
|
||||||
|
# # The Web UI (enabled by --api.insecure=true)
|
||||||
|
# "8080:8080"
|
||||||
|
# ];
|
||||||
|
# dependsOn = [ "back" "front" ];
|
||||||
|
# volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
|
||||||
|
#};
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.front = {
|
virtualisation.oci-containers.containers.front = {
|
||||||
image = "thecodingmachine/nodejs:14";
|
image = "thecodingmachine/nodejs:14";
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -94,7 +112,9 @@ in {
|
||||||
JITSI_URL = jitsiURL;
|
JITSI_URL = jitsiURL;
|
||||||
JITSI_PRIVATE_MODE = jitsiPrivateMode;
|
JITSI_PRIVATE_MODE = jitsiPrivateMode;
|
||||||
HOST = "0.0.0.0";
|
HOST = "0.0.0.0";
|
||||||
|
#HTTP_PORT = "80";
|
||||||
NODE_ENV = "development";
|
NODE_ENV = "development";
|
||||||
|
#NODE_ENV = "production";
|
||||||
API_URL = pusherURL;
|
API_URL = pusherURL;
|
||||||
UPLOADER_URL = uploaderURL;
|
UPLOADER_URL = uploaderURL;
|
||||||
ADMIN_URL = adminURL;
|
ADMIN_URL = adminURL;
|
||||||
|
@ -106,6 +126,17 @@ in {
|
||||||
cmd = [ "yarn" "run" "start" ];
|
cmd = [ "yarn" "run" "start" ];
|
||||||
volumes = [ "${homeFolder}/front:/usr/src/app" ];
|
volumes = [ "${homeFolder}/front:/usr/src/app" ];
|
||||||
ports = [ "${toString playPort}:8080" ];
|
ports = [ "${toString playPort}:8080" ];
|
||||||
|
extraOptions = let
|
||||||
|
labelFile = pkgs.writeText "front-labels" ''
|
||||||
|
traefik.http.routers.front.rule=Host(`play.${domain}`)
|
||||||
|
traefik.http.routers.front.entryPoints=web,traefik
|
||||||
|
traefik.http.services.front.loadbalancer.server.port=8080
|
||||||
|
#traefik.http.routers.front-ssl.rule=Host(`play.${domain}`)
|
||||||
|
#traefik.http.routers.front-ssl.entryPoints=websecure
|
||||||
|
#traefik.http.routers.front-ssl.tls=false
|
||||||
|
#traefik.http.routers.front-ssl.service=front
|
||||||
|
'';
|
||||||
|
in [ "--label-file" (toString labelFile) ];
|
||||||
};
|
};
|
||||||
systemd.services.docker-front.serviceConfig = {
|
systemd.services.docker-front.serviceConfig = {
|
||||||
StandardOutput = lib.mkForce "journal";
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
@ -118,8 +149,15 @@ in {
|
||||||
proxyPass = "http://localhost:${toString playPort}";
|
proxyPass = "http://localhost:${toString playPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
@ -132,8 +170,16 @@ in {
|
||||||
proxyPass = "http://localhost:${toString mainPort}";
|
proxyPass = "http://localhost:${toString mainPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
@ -149,13 +195,25 @@ in {
|
||||||
SECRET_JITSI_KEY = secretJitsiKey;
|
SECRET_JITSI_KEY = secretJitsiKey;
|
||||||
SECRET_KEY = "yourSecretKey";
|
SECRET_KEY = "yourSecretKey";
|
||||||
ADMIN_API_TOKEN = adminAPIToken;
|
ADMIN_API_TOKEN = adminAPIToken;
|
||||||
#API_URL = "back:50051";
|
API_URL = "back:50051";
|
||||||
API_URL = "back:8080";
|
#API_URL = "back:8080";
|
||||||
JITSI_URL = jitsiURL;
|
JITSI_URL = jitsiURL;
|
||||||
JITSI_ISS = jitsiISS;
|
JITSI_ISS = jitsiISS;
|
||||||
};
|
};
|
||||||
volumes = [ "${homeFolder}/pusher:/usr/src/app" ];
|
volumes = [ "${homeFolder}/pusher:/usr/src/app" ];
|
||||||
ports = [ "${toString pusherPort}:8080" ];
|
ports = [ "${toString pusherPort}:8080" ];
|
||||||
|
extraOptions = let
|
||||||
|
labelFile = pkgs.writeText "pusher-labels" ''
|
||||||
|
traefik.http.routers.pusher.rule=Host(`pusher.${domain}`)
|
||||||
|
traefik.http.routers.pusher.entryPoints=web
|
||||||
|
traefik.http.services.pusher.loadbalancer.server.port=8080
|
||||||
|
traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`)
|
||||||
|
traefik.http.routers.pusher-ssl.entryPoints=websecure
|
||||||
|
traefik.http.routers.pusher-ssl.tls=false
|
||||||
|
traefik.http.routers.pusher-ssl.service=pusher
|
||||||
|
traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
|
||||||
|
'';
|
||||||
|
in [ "--label-file" (toString labelFile) ];
|
||||||
};
|
};
|
||||||
systemd.services.docker-pusher.serviceConfig = {
|
systemd.services.docker-pusher.serviceConfig = {
|
||||||
StandardOutput = lib.mkForce "journal";
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
@ -168,8 +226,15 @@ in {
|
||||||
proxyPass = "http://localhost:${toString pusherPort}";
|
proxyPass = "http://localhost:${toString pusherPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
@ -188,6 +253,17 @@ in {
|
||||||
};
|
};
|
||||||
volumes = [ "${homeFolder}/maps:/var/www/html" ];
|
volumes = [ "${homeFolder}/maps:/var/www/html" ];
|
||||||
ports = [ "${toString mapsPort}:80" ];
|
ports = [ "${toString mapsPort}:80" ];
|
||||||
|
extraOptions = let
|
||||||
|
labelFile = pkgs.writeText "maps-labels" ''
|
||||||
|
traefik.http.routers.maps.rule=Host(`maps.${domain}`)
|
||||||
|
traefik.http.routers.maps.entryPoints=web,traefik
|
||||||
|
traefik.http.services.maps.loadbalancer.server.port=80
|
||||||
|
traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`)
|
||||||
|
traefik.http.routers.maps-ssl.entryPoints=websecure
|
||||||
|
traefik.http.routers.maps-ssl.tls=false
|
||||||
|
traefik.http.routers.maps-ssl.service=maps
|
||||||
|
'';
|
||||||
|
in [ "--label-file" (toString labelFile) ];
|
||||||
};
|
};
|
||||||
systemd.services.docker-maps.serviceConfig = {
|
systemd.services.docker-maps.serviceConfig = {
|
||||||
StandardOutput = lib.mkForce "journal";
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
@ -200,8 +276,15 @@ in {
|
||||||
proxyPass = "http://localhost:${toString mapsPort}";
|
proxyPass = "http://localhost:${toString mapsPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
@ -216,6 +299,7 @@ in {
|
||||||
STARTUP_COMMAND_1 = "yarn install";
|
STARTUP_COMMAND_1 = "yarn install";
|
||||||
SECRET_KEY = "yourSecretKey";
|
SECRET_KEY = "yourSecretKey";
|
||||||
SECRET_JITSI_KEY = secretJitsiKey;
|
SECRET_JITSI_KEY = secretJitsiKey;
|
||||||
|
#HTTP_PORT = "80";
|
||||||
ALLOW_ARTILLERY = "true";
|
ALLOW_ARTILLERY = "true";
|
||||||
ADMIN_API_TOKEN = adminAPIToken;
|
ADMIN_API_TOKEN = adminAPIToken;
|
||||||
JITSI_URL = jitsiURL;
|
JITSI_URL = jitsiURL;
|
||||||
|
@ -223,6 +307,18 @@ in {
|
||||||
};
|
};
|
||||||
volumes = [ "${homeFolder}/back:/usr/src/app" ];
|
volumes = [ "${homeFolder}/back:/usr/src/app" ];
|
||||||
ports = [ "${toString apiPort}:8080" ];
|
ports = [ "${toString apiPort}:8080" ];
|
||||||
|
extraOptions = let
|
||||||
|
labelFile = pkgs.writeText "back-labels" ''
|
||||||
|
traefik.http.routers.back.rule=Host(`api.${domain}`)
|
||||||
|
traefik.http.routers.back.entryPoints=web
|
||||||
|
traefik.http.services.back.loadbalancer.server.port=8080
|
||||||
|
traefik.http.routers.back-ssl.rule=Host(`api.${domain}`)
|
||||||
|
traefik.http.routers.back-ssl.entryPoints=websecure
|
||||||
|
traefik.http.routers.back-ssl.tls=false
|
||||||
|
traefik.http.routers.back-ssl.service=back
|
||||||
|
traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
|
||||||
|
'';
|
||||||
|
in [ "--label-file" (toString labelFile) ];
|
||||||
};
|
};
|
||||||
systemd.services.docker-back.serviceConfig = {
|
systemd.services.docker-back.serviceConfig = {
|
||||||
StandardOutput = lib.mkForce "journal";
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
@ -235,8 +331,15 @@ in {
|
||||||
proxyPass = "http://localhost:${toString apiPort}";
|
proxyPass = "http://localhost:${toString apiPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
@ -252,6 +355,17 @@ in {
|
||||||
};
|
};
|
||||||
volumes = [ "${homeFolder}/uploader:/usr/src/app" ];
|
volumes = [ "${homeFolder}/uploader:/usr/src/app" ];
|
||||||
ports = [ "${toString uploaderPort}:8080" ];
|
ports = [ "${toString uploaderPort}:8080" ];
|
||||||
|
extraOptions = let
|
||||||
|
labelFile = pkgs.writeText "uploader-labels" ''
|
||||||
|
traefik.http.routers.uploader.rule=Host(`uploader.${domain}`)
|
||||||
|
traefik.http.routers.uploader.entryPoints=web
|
||||||
|
traefik.http.services.uploader.loadbalancer.server.port=8080
|
||||||
|
traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`)
|
||||||
|
traefik.http.routers.uploader-ssl.entryPoints=websecure
|
||||||
|
traefik.http.routers.uploader-ssl.tls=true
|
||||||
|
traefik.http.routers.uploader-ssl.service=uploader
|
||||||
|
'';
|
||||||
|
in [ "--label-file" (toString labelFile) ];
|
||||||
};
|
};
|
||||||
systemd.services.docker-uploader.serviceConfig = {
|
systemd.services.docker-uploader.serviceConfig = {
|
||||||
StandardOutput = lib.mkForce "journal";
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
@ -264,8 +378,15 @@ in {
|
||||||
proxyPass = "http://localhost:${toString uploaderPort}";
|
proxyPass = "http://localhost:${toString uploaderPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
@ -281,6 +402,17 @@ in {
|
||||||
};
|
};
|
||||||
volumes = [ "${homeFolder}/website:/var/www/html" ];
|
volumes = [ "${homeFolder}/website:/var/www/html" ];
|
||||||
ports = [ "${toString mainPort}:80" ];
|
ports = [ "${toString mainPort}:80" ];
|
||||||
|
extraOptions = let
|
||||||
|
labelFile = pkgs.writeText "website-labels" ''
|
||||||
|
traefik.http.routers.website.rule=Host(`${domain}`)
|
||||||
|
traefik.http.routers.website.entryPoints=web
|
||||||
|
traefik.http.services.website.loadbalancer.server.port=8080
|
||||||
|
traefik.http.routers.website-ssl.rule=Host(`${domain}`)
|
||||||
|
traefik.http.routers.website-ssl.entryPoints=websecure
|
||||||
|
traefik.http.routers.website-ssl.tls=true
|
||||||
|
traefik.http.routers.website-ssl.service=website
|
||||||
|
'';
|
||||||
|
in [ "--label-file" (toString labelFile) ];
|
||||||
};
|
};
|
||||||
systemd.services.docker-website.serviceConfig = {
|
systemd.services.docker-website.serviceConfig = {
|
||||||
StandardOutput = lib.mkForce "journal";
|
StandardOutput = lib.mkForce "journal";
|
||||||
|
@ -293,8 +425,15 @@ in {
|
||||||
proxyPass = "http://localhost:${toString mainPort}";
|
proxyPass = "http://localhost:${toString mainPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
if ($request_method = OPTIONS) {
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
return 204;
|
||||||
|
}
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
add_header Access-Control-Max-Age 3600;
|
||||||
|
add_header Access-Control-Expose-Headers Content-Length;
|
||||||
|
add_header Access-Control-Allow-Headers Range;
|
||||||
|
#proxy_set_header Host $host;
|
||||||
|
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
#sub_filter '${domain}:8080' '${domain}';
|
#sub_filter '${domain}:8080' '${domain}';
|
||||||
#sub_filter_once on;
|
#sub_filter_once on;
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue