summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-02-22 07:27:10 +0100
committerlassulus <git@lassul.us>2023-02-22 07:32:37 +0100
commit222f1e92dbc10aa389f712ae0d345befe4e5423f (patch)
tree705adc51ffcd7832d8aaca06b4803b315fa1931a /lass/2configs
parent79a7ab4fd8899e7ac197318bb58a3e04affdf459 (diff)
l orange.r: add coms service, proxy via neoprism.r
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/murmur.nix42
-rw-r--r--lass/2configs/services/coms/default.nix6
-rw-r--r--lass/2configs/services/coms/jitsi.nix (renamed from lass/2configs/jitsi.nix)5
-rw-r--r--lass/2configs/services/coms/murmur.nix47
-rw-r--r--lass/2configs/services/coms/proxy.nix41
5 files changed, 99 insertions, 42 deletions
diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix
deleted file mode 100644
index 42670dfbb..000000000
--- a/lass/2configs/murmur.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
- services.murmur = {
- enable = true;
- allowHtml = false;
- bandwidth = 10000000;
- registerName = "lassul.us";
- autobanTime = 30;
- sslCert = "/var/lib/acme/lassul.us/cert.pem";
- sslKey = "/var/lib/acme/lassul.us/key.pem";
- };
- users.groups.lasscert.members = [
- "murmur"
- ];
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
- { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
- ];
-
- systemd.services.docker-mumble-web.serviceConfig = {
- StandardOutput = lib.mkForce "journal";
- StandardError = lib.mkForce "journal";
- };
- virtualisation.oci-containers.containers.mumble-web = {
- image = "rankenstein/mumble-web:0.5";
- environment = {
- MUMBLE_SERVER = "lassul.us:64738";
- };
- ports = [
- "64739:8080"
- ];
- };
-
- services.nginx.virtualHosts."mumble.lassul.us" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:64739";
- proxyWebsockets = true;
- };
- };
-}
diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix
new file mode 100644
index 000000000..4bc5f744b
--- /dev/null
+++ b/lass/2configs/services/coms/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./jitsi.nix
+ ./murmur.nix
+ ];
+}
diff --git a/lass/2configs/jitsi.nix b/lass/2configs/services/coms/jitsi.nix
index 2c148dcdd..bbcb36166 100644
--- a/lass/2configs/jitsi.nix
+++ b/lass/2configs/services/coms/jitsi.nix
@@ -18,6 +18,11 @@
#{ urls = "turn:turn.${domainName}:3479?transport=udp"; }
#{ urls = "turn:turn.${domainName}:3479?transport=tcp"; }
];
+ constraints.video.height = {
+ ideal = 720;
+ max = 1080;
+ min = 240;
+ };
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix
new file mode 100644
index 000000000..40c53da36
--- /dev/null
+++ b/lass/2configs/services/coms/murmur.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+{
+ services.murmur = {
+ enable = true;
+ # allowHtml = false;
+ bandwidth = 10000000;
+ registerName = "lassul.us";
+ autobanTime = 30;
+ sslCert = "/var/lib/acme/lassul.us/cert.pem";
+ sslKey = "/var/lib/acme/lassul.us/key.pem";
+ extraConfig = ''
+ opusthreshold=0
+ # rememberchannelduration=10000
+ '';
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
+ ];
+
+ # services.botamusique = {
+ # enable = true;
+ # settings = {
+ # server.host = "lassul.us";
+ # bot.auto_check_updates = false;
+ # bot.max_track_duration = 360;
+ # webinterface.enabled = true;
+ # };
+ # };
+
+ services.nginx.virtualHosts."lassul.us" = {
+ enableACME = true;
+ };
+ security.acme.certs."lassul.us" = {
+ group = "lasscert";
+ };
+ users.groups.lasscert.members = [
+ "nginx"
+ "murmur"
+ ];
+
+ # services.nginx.virtualHosts."bota.r" = {
+ # locations."/" = {
+ # proxyPass = "http://localhost:8181";
+ # };
+ # };
+}
diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix
new file mode 100644
index 000000000..57e132151
--- /dev/null
+++ b/lass/2configs/services/coms/proxy.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+let
+ tcpports = [
+ 4443 # jitsi
+ 64738 # murmur
+ ];
+ udpports = [
+ 10000 # jitsi
+ 64738 # murmur
+ ];
+ target = "orange.r";
+in
+{
+ networking.firewall.allowedTCPPorts = tcpports;
+ networking.firewall.allowedUDPPorts = udpports;
+ services.nginx.streamConfig = ''
+ ${lib.concatMapStringsSep "\n" (port: ''
+ server {
+ listen ${toString port};
+ proxy_pass ${target}:${toString port};
+ }
+ '') tcpports}
+ ${lib.concatMapStringsSep "\n" (port: ''
+ server {
+ listen ${toString port} udp;
+ proxy_pass ${target}:${toString port};
+ }
+ '') udpports}
+ '';
+
+ services.nginx.virtualHosts."jitsi.lassul.us" = {
+ enableACME = true;
+ acmeFallbackHost = "${target}";
+ addSSL = true;
+ locations."/" = {
+ recommendedProxySettings = true;
+ proxyWebsockets = true;
+ proxyPass = "http://${target}";
+ };
+ };
+}