blob: 76d1960d39ae942293f60431841ebffeb9c1a1f3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
{ lib, pkgs, config, ... }:
let
port = config.myEnv.ports.galene_port;
cfg = config.myServices.websites.tools.visio;
in {
options.myServices.websites.tools.visio = {
enable = lib.mkEnableOption "enable visio website";
};
config = lib.mkIf cfg.enable {
myServices.dns.zones."immae.eu".subdomains.visio =
with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
myServices.chatonsProperties.services.galene = {
file.datetime = "2022-08-21T22:45:00";
service = {
name = "Galene";
description = "The Galène videoconference server";
website = "https://visio.immae.eu/";
status.level = "OK";
status.description = "OK";
registration."" = ["NONE"];
registration.load = "OPEN";
install.type = "PACKAGE";
};
software = {
name = "Galene";
website = "https://galene.org/";
license.url = "https://github.com/jech/galene/blob/master/LICENCE";
license.name = "MIT License";
version = pkgs.galene.version;
source.url = "https://github.com/jech/galene";
};
};
services.galene = {
enable = true;
httpPort = port;
insecure = true;
# hack to bypass module's limitations
dataDir = "/var/lib/galene/data -http localhost:${builtins.toString port}";
};
systemd.services.galene.serviceConfig.RestrictAddressFamilies = lib.mkForce [ "AF_INET" "AF_INET6" "AF_NETLINK" ];
security.acme.certs.eldiron.extraDomainNames = [ "visio.immae.eu" ];
services.websites.env.tools.vhostConfs.visio = {
certName = "eldiron";
hosts = ["visio.immae.eu" ];
root = null;
extraConfig = [
''
ProxyPass /ws ws://localhost:${builtins.toString port}/ws
ProxyPassReverse /ws ws://localhost:${builtins.toString port}/ws
ProxyPass / http://localhost:${builtins.toString port}/
ProxyPassReverse / http://localhost:${builtins.toString port}/
ProxyPreserveHost On
''
];
};
};
}
|
