diff options
author | lassulus <git@lassul.us> | 2023-02-22 07:27:10 +0100 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-02-22 07:32:37 +0100 |
commit | 222f1e92dbc10aa389f712ae0d345befe4e5423f (patch) | |
tree | 705adc51ffcd7832d8aaca06b4803b315fa1931a /lass/2configs | |
parent | 79a7ab4fd8899e7ac197318bb58a3e04affdf459 (diff) |
l orange.r: add coms service, proxy via neoprism.r
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/murmur.nix | 42 | ||||
-rw-r--r-- | lass/2configs/services/coms/default.nix | 6 | ||||
-rw-r--r-- | lass/2configs/services/coms/jitsi.nix (renamed from lass/2configs/jitsi.nix) | 5 | ||||
-rw-r--r-- | lass/2configs/services/coms/murmur.nix | 47 | ||||
-rw-r--r-- | lass/2configs/services/coms/proxy.nix | 41 |
5 files changed, 99 insertions, 42 deletions
diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix deleted file mode 100644 index 42670dfbb..000000000 --- a/lass/2configs/murmur.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.murmur = { - enable = true; - allowHtml = false; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - sslCert = "/var/lib/acme/lassul.us/cert.pem"; - sslKey = "/var/lib/acme/lassul.us/key.pem"; - }; - users.groups.lasscert.members = [ - "murmur" - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - systemd.services.docker-mumble-web.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - virtualisation.oci-containers.containers.mumble-web = { - image = "rankenstein/mumble-web:0.5"; - environment = { - MUMBLE_SERVER = "lassul.us:64738"; - }; - ports = [ - "64739:8080" - ]; - }; - - services.nginx.virtualHosts."mumble.lassul.us" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:64739"; - proxyWebsockets = true; - }; - }; -} diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix new file mode 100644 index 000000000..4bc5f744b --- /dev/null +++ b/lass/2configs/services/coms/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./murmur.nix + ]; +} diff --git a/lass/2configs/jitsi.nix b/lass/2configs/services/coms/jitsi.nix index 2c148dcdd..bbcb36166 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/services/coms/jitsi.nix @@ -18,6 +18,11 @@ #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } ]; + constraints.video.height = { + ideal = 720; + max = 1080; + min = 240; + }; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix new file mode 100644 index 000000000..40c53da36 --- /dev/null +++ b/lass/2configs/services/coms/murmur.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + # allowHtml = false; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + sslCert = "/var/lib/acme/lassul.us/cert.pem"; + sslKey = "/var/lib/acme/lassul.us/key.pem"; + extraConfig = '' + opusthreshold=0 + # rememberchannelduration=10000 + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + # services.botamusique = { + # enable = true; + # settings = { + # server.host = "lassul.us"; + # bot.auto_check_updates = false; + # bot.max_track_duration = 360; + # webinterface.enabled = true; + # }; + # }; + + services.nginx.virtualHosts."lassul.us" = { + enableACME = true; + }; + security.acme.certs."lassul.us" = { + group = "lasscert"; + }; + users.groups.lasscert.members = [ + "nginx" + "murmur" + ]; + + # services.nginx.virtualHosts."bota.r" = { + # locations."/" = { + # proxyPass = "http://localhost:8181"; + # }; + # }; +} diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix new file mode 100644 index 000000000..57e132151 --- /dev/null +++ b/lass/2configs/services/coms/proxy.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +let + tcpports = [ + 4443 # jitsi + 64738 # murmur + ]; + udpports = [ + 10000 # jitsi + 64738 # murmur + ]; + target = "orange.r"; +in +{ + networking.firewall.allowedTCPPorts = tcpports; + networking.firewall.allowedUDPPorts = udpports; + services.nginx.streamConfig = '' + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port}; + proxy_pass ${target}:${toString port}; + } + '') tcpports} + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port} udp; + proxy_pass ${target}:${toString port}; + } + '') udpports} + ''; + + services.nginx.virtualHosts."jitsi.lassul.us" = { + enableACME = true; + acmeFallbackHost = "${target}"; + addSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://${target}"; + }; + }; +} |