+{ lib, pkgs, config, ... }:
+let
+ port = 18013;
+ turnPort = 18014;
+ cfg = config.myServices.websites.tools.visio;
+in {
+ options.myServices.websites.tools.visio = {
+ enable = lib.mkEnableOption "enable visio website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ networking.firewall.allowedTCPPorts = [ turnPort ];
+ networking.firewall.allowedUDPPorts = [ turnPort ];
+ services.galene = {
+ enable = true;
+ httpPort = port;
+ insecure = true;
+ # hack to bypass module's limitations
+ dataDir = "/var/lib/galene/data -http localhost:${builtins.toString port} -turn :${builtins.toString turnPort}";
+ };
+ services.websites.env.tools.vhostConfs.visio = {
+ certName = "eldiron";
+ addToCerts = true;
+ hosts = ["visio.immae.eu" ];
+ root = null;
+ extraConfig = [
+ ''
+ ProxyPass /ws ws://localhost:${builtins.toString port}/ws
+ ProxyPassReverse /ws ws://localhost:${builtins.toString port}/ws
+
+ ProxyPass / http://localhost:${builtins.toString port}/
+ ProxyPassReverse / http://localhost:${builtins.toString port}/
+
+ ProxyPreserveHost On
+ ''
+ ];
+ };
+
+ };
+}
+