diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
| commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
| tree | 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/visio | |
| parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
| download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip | |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/visio')
| -rw-r--r-- | systems/eldiron/websites/visio/default.nix | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/systems/eldiron/websites/visio/default.nix b/systems/eldiron/websites/visio/default.nix new file mode 100644 index 0000000..76d1960 --- /dev/null +++ b/systems/eldiron/websites/visio/default.nix | |||
| @@ -0,0 +1,63 @@ | |||
| 1 | { lib, pkgs, config, ... }: | ||
| 2 | let | ||
| 3 | port = config.myEnv.ports.galene_port; | ||
| 4 | cfg = config.myServices.websites.tools.visio; | ||
| 5 | in { | ||
| 6 | options.myServices.websites.tools.visio = { | ||
| 7 | enable = lib.mkEnableOption "enable visio website"; | ||
| 8 | }; | ||
| 9 | |||
| 10 | config = lib.mkIf cfg.enable { | ||
| 11 | myServices.dns.zones."immae.eu".subdomains.visio = | ||
| 12 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | ||
| 13 | |||
| 14 | myServices.chatonsProperties.services.galene = { | ||
| 15 | file.datetime = "2022-08-21T22:45:00"; | ||
| 16 | service = { | ||
| 17 | name = "Galene"; | ||
| 18 | description = "The Galène videoconference server"; | ||
| 19 | website = "https://visio.immae.eu/"; | ||
| 20 | status.level = "OK"; | ||
| 21 | status.description = "OK"; | ||
| 22 | registration."" = ["NONE"]; | ||
| 23 | registration.load = "OPEN"; | ||
| 24 | install.type = "PACKAGE"; | ||
| 25 | }; | ||
| 26 | software = { | ||
| 27 | name = "Galene"; | ||
| 28 | website = "https://galene.org/"; | ||
| 29 | license.url = "https://github.com/jech/galene/blob/master/LICENCE"; | ||
| 30 | license.name = "MIT License"; | ||
| 31 | version = pkgs.galene.version; | ||
| 32 | source.url = "https://github.com/jech/galene"; | ||
| 33 | }; | ||
| 34 | }; | ||
| 35 | services.galene = { | ||
| 36 | enable = true; | ||
| 37 | httpPort = port; | ||
| 38 | insecure = true; | ||
| 39 | # hack to bypass module's limitations | ||
| 40 | dataDir = "/var/lib/galene/data -http localhost:${builtins.toString port}"; | ||
| 41 | }; | ||
| 42 | systemd.services.galene.serviceConfig.RestrictAddressFamilies = lib.mkForce [ "AF_INET" "AF_INET6" "AF_NETLINK" ]; | ||
| 43 | security.acme.certs.eldiron.extraDomainNames = [ "visio.immae.eu" ]; | ||
| 44 | services.websites.env.tools.vhostConfs.visio = { | ||
| 45 | certName = "eldiron"; | ||
| 46 | hosts = ["visio.immae.eu" ]; | ||
| 47 | root = null; | ||
| 48 | extraConfig = [ | ||
| 49 | '' | ||
| 50 | ProxyPass /ws ws://localhost:${builtins.toString port}/ws | ||
| 51 | ProxyPassReverse /ws ws://localhost:${builtins.toString port}/ws | ||
| 52 | |||
| 53 | ProxyPass / http://localhost:${builtins.toString port}/ | ||
| 54 | ProxyPassReverse / http://localhost:${builtins.toString port}/ | ||
| 55 | |||
| 56 | ProxyPreserveHost On | ||
| 57 | '' | ||
| 58 | ]; | ||
| 59 | }; | ||
| 60 | |||
| 61 | }; | ||
| 62 | } | ||
| 63 | |||