From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Wed, 29 Sep 2021 22:25:04 +0000 (+0200)
Subject: Add visio website
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=bdaca01ec078b7a4eeadf08a4bec957353f0226d;hp=61777b7e11ca8f0183b8dbec176f68557d06b03e;p=perso%2FImmae%2FConfig%2FNix.git

Add visio website
---

diff --git a/flakes/backports/flake.nix b/flakes/backports/flake.nix
index 8be885f..bd31ed5 100644
--- a/flakes/backports/flake.nix
+++ b/flakes/backports/flake.nix
@@ -16,6 +16,7 @@
         dovecot_fts-xapian = pkgs.dovecot_fts_xapian;
         duply = pkgs.duply;
         fiche = pkgs.fiche;
+        galene = pkgs.galene;
         influxdb2 = pkgs.influxdb2;
         ldapvi = pkgs.ldapvi;
         lego = pkgs.lego;
@@ -40,6 +41,7 @@
         cryptpad = flake-utils.lib.mkApp { drv = packages.cryptpad; name = "cryptpad"; };
         duply = flake-utils.lib.mkApp { drv = packages.duply; name = "duply"; };
         fiche = flake-utils.lib.mkApp { drv = packages.fiche; name = "fiche"; };
+        galene = flake-utils.lib.mkApp { drv = packages.galene; name = "galene"; };
         influxd = flake-utils.lib.mkApp { drv = packages.influxdb2; name = "influxd"; };
         influx = flake-utils.lib.mkApp { drv = packages.influxdb2; name = "influx"; };
         ldapvi = flake-utils.lib.mkApp { drv = packages.ldapvi; name = "ldapvi"; };
@@ -77,6 +79,7 @@
       };
       duply = final: prev: { duply = self.packages."${final.system}".duply; };
       fiche = final: prev: { fiche = self.packages."${final.system}".fiche; };
+      galene = final: prev: { galene = self.packages."${final.system}".galene; };
       influxdb2 = final: prev: { influxdb2 = self.packages."${final.system}".influxdb2; };
       ldapvi = final: prev: { ldapvi = self.packages."${final.system}".ldapvi; };
       lego = final: prev: { lego = self.packages."${final.system}".lego; };
@@ -101,6 +104,7 @@
       // overlays.dovecot_fts-xapian final prev
       // overlays.duply final prev
       // overlays.fiche final prev
+      // overlays.galene final prev
       // overlays.influxdb2 final prev
       // overlays.ldapvi final prev
       // overlays.lego final prev
@@ -119,6 +123,7 @@
     );
 
     nixosModules = {
+      galene = import (nixpkgs + "/nixos/modules/services/web-apps/galene.nix");
       influxdb2 = import (nixpkgs + "/nixos/modules/services/databases/influxdb2.nix");
       mpd = import (nixpkgs + "/nixos/modules/services/audio/mpd.nix");
       zrepl = import (nixpkgs + "/nixos/modules/services/backup/zrepl.nix");
diff --git a/modules/default.nix b/modules/default.nix
index 2f06eb1..4516c84 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -26,4 +26,6 @@ in
   php-application = ./websites/php-application.nix;
   zrepl = ./zrepl.nix;
   websites = ./websites;
+
+  galene = (flakeCompat ../flakes/backports).nixosModules.galene;
 } // (if builtins.pathExists ./private then import ./private else {})
diff --git a/modules/private/default.nix b/modules/private/default.nix
index b68bd6b..51e0cdf 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -113,6 +113,7 @@ set = {
   toolsTool = ./websites/tools/tools;
   mailTool = ./websites/tools/mail;
   statsTool = ./websites/tools/stats;
+  visioTool = ./websites/tools/visio;
 
   # Games
   codenamesGame = ./websites/tools/games/codenames;
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 34e4bf2..701ad1d 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -327,6 +327,7 @@ in
       tools.tools.enable = true;
       tools.email.enable = true;
       tools.stats.enable = false;
+      tools.visio.enable = true;
 
       games.codenames.enable = true;
       games.terraforming-mars.enable = true;
diff --git a/modules/private/websites/tools/visio/default.nix b/modules/private/websites/tools/visio/default.nix
new file mode 100644
index 0000000..e7ebe9b
--- /dev/null
+++ b/modules/private/websites/tools/visio/default.nix
@@ -0,0 +1,41 @@
+{ lib, pkgs, config,  ... }:
+let
+  port = 18013;
+  turnPort = 18014;
+  cfg = config.myServices.websites.tools.visio;
+in {
+  options.myServices.websites.tools.visio = {
+    enable = lib.mkEnableOption "enable visio website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ turnPort ];
+    networking.firewall.allowedUDPPorts = [ turnPort ];
+    services.galene = {
+      enable = true;
+      httpPort = port;
+      insecure = true;
+      # hack to bypass module's limitations
+      dataDir = "/var/lib/galene/data -http localhost:${builtins.toString port} -turn :${builtins.toString turnPort}";
+    };
+    services.websites.env.tools.vhostConfs.visio = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = ["visio.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        ''
+          ProxyPass        /ws ws://localhost:${builtins.toString port}/ws
+          ProxyPassReverse /ws ws://localhost:${builtins.toString port}/ws
+
+          ProxyPass        / http://localhost:${builtins.toString port}/
+          ProxyPassReverse / http://localhost:${builtins.toString port}/
+
+          ProxyPreserveHost On
+        ''
+      ];
+    };
+
+  };
+}
+