workadventure wip

This commit is contained in:
Ingolf Wagner 2021-01-02 00:30:07 +01:00
parent ff2b0c7e60
commit dd208f2e1e
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

View file

@ -57,7 +57,7 @@ in {
# todo delete # todo delete
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 8080 ]; allowedUDPPorts = [ 80 443 ];
}; };
services.nginx.enable = true; services.nginx.enable = true;
@ -87,6 +87,24 @@ in {
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
#virtualisation.oci-containers.containers.reverse-proxy = {
# image = "traefik:v2.0";
# cmd = [
# "--api.insecure=true"
# "--providers.docker"
# "--entryPoints.web.address=:80"
# "--entryPoints.websecure.address=:443"
# ];
# ports = [
# "80:80"
# "443:443"
# # The Web UI (enabled by --api.insecure=true)
# "8080:8080"
# ];
# dependsOn = [ "back" "front" ];
# volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
#};
virtualisation.oci-containers.containers.front = { virtualisation.oci-containers.containers.front = {
image = "thecodingmachine/nodejs:14"; image = "thecodingmachine/nodejs:14";
environment = { environment = {
@ -94,7 +112,9 @@ in {
JITSI_URL = jitsiURL; JITSI_URL = jitsiURL;
JITSI_PRIVATE_MODE = jitsiPrivateMode; JITSI_PRIVATE_MODE = jitsiPrivateMode;
HOST = "0.0.0.0"; HOST = "0.0.0.0";
#HTTP_PORT = "80";
NODE_ENV = "development"; NODE_ENV = "development";
#NODE_ENV = "production";
API_URL = pusherURL; API_URL = pusherURL;
UPLOADER_URL = uploaderURL; UPLOADER_URL = uploaderURL;
ADMIN_URL = adminURL; ADMIN_URL = adminURL;
@ -106,6 +126,17 @@ in {
cmd = [ "yarn" "run" "start" ]; cmd = [ "yarn" "run" "start" ];
volumes = [ "${homeFolder}/front:/usr/src/app" ]; volumes = [ "${homeFolder}/front:/usr/src/app" ];
ports = [ "${toString playPort}:8080" ]; ports = [ "${toString playPort}:8080" ];
extraOptions = let
labelFile = pkgs.writeText "front-labels" ''
traefik.http.routers.front.rule=Host(`play.${domain}`)
traefik.http.routers.front.entryPoints=web,traefik
traefik.http.services.front.loadbalancer.server.port=8080
#traefik.http.routers.front-ssl.rule=Host(`play.${domain}`)
#traefik.http.routers.front-ssl.entryPoints=websecure
#traefik.http.routers.front-ssl.tls=false
#traefik.http.routers.front-ssl.service=front
'';
in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-front.serviceConfig = { systemd.services.docker-front.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
@ -118,8 +149,15 @@ in {
proxyPass = "http://localhost:${toString playPort}"; proxyPass = "http://localhost:${toString playPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';
@ -132,8 +170,16 @@ in {
proxyPass = "http://localhost:${toString mainPort}"; proxyPass = "http://localhost:${toString mainPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';
@ -149,13 +195,25 @@ in {
SECRET_JITSI_KEY = secretJitsiKey; SECRET_JITSI_KEY = secretJitsiKey;
SECRET_KEY = "yourSecretKey"; SECRET_KEY = "yourSecretKey";
ADMIN_API_TOKEN = adminAPIToken; ADMIN_API_TOKEN = adminAPIToken;
#API_URL = "back:50051"; API_URL = "back:50051";
API_URL = "back:8080"; #API_URL = "back:8080";
JITSI_URL = jitsiURL; JITSI_URL = jitsiURL;
JITSI_ISS = jitsiISS; JITSI_ISS = jitsiISS;
}; };
volumes = [ "${homeFolder}/pusher:/usr/src/app" ]; volumes = [ "${homeFolder}/pusher:/usr/src/app" ];
ports = [ "${toString pusherPort}:8080" ]; ports = [ "${toString pusherPort}:8080" ];
extraOptions = let
labelFile = pkgs.writeText "pusher-labels" ''
traefik.http.routers.pusher.rule=Host(`pusher.${domain}`)
traefik.http.routers.pusher.entryPoints=web
traefik.http.services.pusher.loadbalancer.server.port=8080
traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`)
traefik.http.routers.pusher-ssl.entryPoints=websecure
traefik.http.routers.pusher-ssl.tls=false
traefik.http.routers.pusher-ssl.service=pusher
traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
'';
in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-pusher.serviceConfig = { systemd.services.docker-pusher.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
@ -168,8 +226,15 @@ in {
proxyPass = "http://localhost:${toString pusherPort}"; proxyPass = "http://localhost:${toString pusherPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';
@ -188,6 +253,17 @@ in {
}; };
volumes = [ "${homeFolder}/maps:/var/www/html" ]; volumes = [ "${homeFolder}/maps:/var/www/html" ];
ports = [ "${toString mapsPort}:80" ]; ports = [ "${toString mapsPort}:80" ];
extraOptions = let
labelFile = pkgs.writeText "maps-labels" ''
traefik.http.routers.maps.rule=Host(`maps.${domain}`)
traefik.http.routers.maps.entryPoints=web,traefik
traefik.http.services.maps.loadbalancer.server.port=80
traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`)
traefik.http.routers.maps-ssl.entryPoints=websecure
traefik.http.routers.maps-ssl.tls=false
traefik.http.routers.maps-ssl.service=maps
'';
in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-maps.serviceConfig = { systemd.services.docker-maps.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
@ -200,8 +276,15 @@ in {
proxyPass = "http://localhost:${toString mapsPort}"; proxyPass = "http://localhost:${toString mapsPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';
@ -216,6 +299,7 @@ in {
STARTUP_COMMAND_1 = "yarn install"; STARTUP_COMMAND_1 = "yarn install";
SECRET_KEY = "yourSecretKey"; SECRET_KEY = "yourSecretKey";
SECRET_JITSI_KEY = secretJitsiKey; SECRET_JITSI_KEY = secretJitsiKey;
#HTTP_PORT = "80";
ALLOW_ARTILLERY = "true"; ALLOW_ARTILLERY = "true";
ADMIN_API_TOKEN = adminAPIToken; ADMIN_API_TOKEN = adminAPIToken;
JITSI_URL = jitsiURL; JITSI_URL = jitsiURL;
@ -223,6 +307,18 @@ in {
}; };
volumes = [ "${homeFolder}/back:/usr/src/app" ]; volumes = [ "${homeFolder}/back:/usr/src/app" ];
ports = [ "${toString apiPort}:8080" ]; ports = [ "${toString apiPort}:8080" ];
extraOptions = let
labelFile = pkgs.writeText "back-labels" ''
traefik.http.routers.back.rule=Host(`api.${domain}`)
traefik.http.routers.back.entryPoints=web
traefik.http.services.back.loadbalancer.server.port=8080
traefik.http.routers.back-ssl.rule=Host(`api.${domain}`)
traefik.http.routers.back-ssl.entryPoints=websecure
traefik.http.routers.back-ssl.tls=false
traefik.http.routers.back-ssl.service=back
traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain}
'';
in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-back.serviceConfig = { systemd.services.docker-back.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
@ -235,8 +331,15 @@ in {
proxyPass = "http://localhost:${toString apiPort}"; proxyPass = "http://localhost:${toString apiPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';
@ -252,6 +355,17 @@ in {
}; };
volumes = [ "${homeFolder}/uploader:/usr/src/app" ]; volumes = [ "${homeFolder}/uploader:/usr/src/app" ];
ports = [ "${toString uploaderPort}:8080" ]; ports = [ "${toString uploaderPort}:8080" ];
extraOptions = let
labelFile = pkgs.writeText "uploader-labels" ''
traefik.http.routers.uploader.rule=Host(`uploader.${domain}`)
traefik.http.routers.uploader.entryPoints=web
traefik.http.services.uploader.loadbalancer.server.port=8080
traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`)
traefik.http.routers.uploader-ssl.entryPoints=websecure
traefik.http.routers.uploader-ssl.tls=true
traefik.http.routers.uploader-ssl.service=uploader
'';
in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-uploader.serviceConfig = { systemd.services.docker-uploader.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
@ -264,8 +378,15 @@ in {
proxyPass = "http://localhost:${toString uploaderPort}"; proxyPass = "http://localhost:${toString uploaderPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';
@ -281,6 +402,17 @@ in {
}; };
volumes = [ "${homeFolder}/website:/var/www/html" ]; volumes = [ "${homeFolder}/website:/var/www/html" ];
ports = [ "${toString mainPort}:80" ]; ports = [ "${toString mainPort}:80" ];
extraOptions = let
labelFile = pkgs.writeText "website-labels" ''
traefik.http.routers.website.rule=Host(`${domain}`)
traefik.http.routers.website.entryPoints=web
traefik.http.services.website.loadbalancer.server.port=8080
traefik.http.routers.website-ssl.rule=Host(`${domain}`)
traefik.http.routers.website-ssl.entryPoints=websecure
traefik.http.routers.website-ssl.tls=true
traefik.http.routers.website-ssl.service=website
'';
in [ "--label-file" (toString labelFile) ];
}; };
systemd.services.docker-website.serviceConfig = { systemd.services.docker-website.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";
@ -293,8 +425,15 @@ in {
proxyPass = "http://localhost:${toString mainPort}"; proxyPass = "http://localhost:${toString mainPort}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; if ($request_method = OPTIONS) {
proxy_set_header X-Forwarded-For $remote_addr; return 204;
}
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
#sub_filter '${domain}:8080' '${domain}'; #sub_filter '${domain}:8080' '${domain}';
#sub_filter_once on; #sub_filter_once on;
''; '';