systems/eldiron/websites/visio/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   port = config.myEnv.ports.galene_port;
   4   cfg = config.myServices.websites.tools.visio;
   5 in {
   6   options.myServices.websites.tools.visio = {
   7     enable = lib.mkEnableOption "enable visio website";
   8   };
   9
  10   config = lib.mkIf cfg.enable {
  11     myServices.dns.zones."immae.eu".subdomains.visio =
  12       with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
  13
  14     myServices.chatonsProperties.services.galene = {
  15       file.datetime = "2022-08-21T22:45:00";
  16       service = {
  17         name = "Galene";
  18         description = "The Galène videoconference server";
  19         website = "https://visio.immae.eu/";
  20         status.level = "OK";
  21         status.description = "OK";
  22         registration."" = ["NONE"];
  23         registration.load = "OPEN";
  24         install.type = "PACKAGE";
  25       };
  26       software = {
  27         name = "Galene";
  28         website = "https://galene.org/";
  29         license.url = "https://github.com/jech/galene/blob/master/LICENCE";
  30         license.name = "MIT License";
  31         version = pkgs.galene.version;
  32         source.url = "https://github.com/jech/galene";
  33       };
  34     };
  35     services.galene = {
  36       enable = true;
  37       httpPort = port;
  38       insecure = true;
  39       # hack to bypass module's limitations
  40       dataDir = "/var/lib/galene/data -http localhost:${builtins.toString port}";
  41     };
  42     systemd.services.galene.serviceConfig.RestrictAddressFamilies = lib.mkForce [ "AF_INET" "AF_INET6" "AF_NETLINK" ];
  43     security.acme.certs.eldiron.extraDomainNames = [ "visio.immae.eu" ];
  44     services.websites.env.tools.vhostConfs.visio = {
  45       certName    = "eldiron";
  46       hosts       = ["visio.immae.eu" ];
  47       root        = null;
  48       extraConfig = [
  49         ''
  50           ProxyPass        /ws ws://localhost:${builtins.toString port}/ws
  51           ProxyPassReverse /ws ws://localhost:${builtins.toString port}/ws
  52
  53           ProxyPass        / http://localhost:${builtins.toString port}/
  54           ProxyPassReverse / http://localhost:${builtins.toString port}/
  55
  56           ProxyPreserveHost On
  57         ''
  58       ];
  59     };
  60
  61   };
  62 }
  63