summaryrefslogtreecommitdiff
path: root/Biz/Cloud/Comms
diff options
context:
space:
mode:
Diffstat (limited to 'Biz/Cloud/Comms')
-rw-r--r--Biz/Cloud/Comms/Coturn.nix10
-rw-r--r--Biz/Cloud/Comms/Jitsi.nix17
-rw-r--r--Biz/Cloud/Comms/Mumble.nix25
-rw-r--r--Biz/Cloud/Comms/Xmpp.nix210
4 files changed, 0 insertions, 262 deletions
diff --git a/Biz/Cloud/Comms/Coturn.nix b/Biz/Cloud/Comms/Coturn.nix
deleted file mode 100644
index 93093f0..0000000
--- a/Biz/Cloud/Comms/Coturn.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, ... }:
-
-{
- services.coturn = {
- enable = true;
- cert = "/var/lib/acme/${config.networking.domain}/fullchain.pem";
- pkey = "/var/lib/acme/${config.networking.domain}/key.pem";
- cli-ip = "127.0.0.1";
- };
-}
diff --git a/Biz/Cloud/Comms/Jitsi.nix b/Biz/Cloud/Comms/Jitsi.nix
deleted file mode 100644
index 17aeced..0000000
--- a/Biz/Cloud/Comms/Jitsi.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ config, ... }:
-
-{
- services.jitsi-meet = {
- enable = true;
- config = {
- enableWelcomePage = false;
- defaulLang = "en";
- };
-
- prosody.enable = true;
- nginx.enable = true;
- jibri.enable = false;
- jicofo.enable = false;
- videobridge.enable = false;
- };
-}
diff --git a/Biz/Cloud/Comms/Mumble.nix b/Biz/Cloud/Comms/Mumble.nix
deleted file mode 100644
index 66d21a5..0000000
--- a/Biz/Cloud/Comms/Mumble.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, ... }:
-
-# mumble and related services
-let ports = import ../Ports.nix;
-in {
- services.murmur = {
- enable = true;
- openFirewall = true;
- environmentFile = "/var/lib/murmur/murmurd.env";
- registerHostname = config.networking.domain;
- registerName = config.networking.domain;
- };
-
- services.botamusique = {
- enable = true;
- settings = {
- webinterface = {
- enabled = true;
- listening_addr = "127.0.0.1";
- listening_port = ports.botamusique;
- };
- radio = { lofi = "https://live.hunter.fm/lofi_high"; };
- };
- };
-}
diff --git a/Biz/Cloud/Comms/Xmpp.nix b/Biz/Cloud/Comms/Xmpp.nix
deleted file mode 100644
index ad8649b..0000000
--- a/Biz/Cloud/Comms/Xmpp.nix
+++ /dev/null
@@ -1,210 +0,0 @@
-{ config, pkgs, ... }:
-#
-# xmpp chat service
-#
-let
- rootDomain = config.networking.domain; # simatime.com
- ssl = {
- cert = "/var/lib/acme/${rootDomain}/fullchain.pem";
- key = "/var/lib/acme/${rootDomain}/key.pem";
- };
-in {
- networking.firewall.allowedTCPPorts = [
- # https://prosody.im/doc/ports
- 5000 # file transfer
- 5222 # client connections
- 5269 # server-to-server
- 5280 # http
- 5281 # https
- 5347 # external components
- 5582 # telnet console
- ];
-
- services.prosody = {
- enable = true;
- package =
- pkgs.prosody.override { withCommunityModules = [ "conversejs" ]; };
-
- # when i learn how to use security.acme better, and use separate certs, then i
- # can fix this group
- group = "nginx";
- admins = [ "bsima@${rootDomain}" ];
- allowRegistration = true;
- inherit ssl;
- uploadHttp = {
- domain = "upload.${rootDomain}";
- uploadExpireAfter = toString (60 * 60 * 24 * 30); # 30 days, as seconds
- };
-
- modules = {
- announce = true;
- blocklist = true;
- bookmarks = true;
- bosh = true;
- carbons = true;
- cloud_notify = true;
- csi = true;
- dialback = true;
- disco = true;
- groups = true;
- http_files = false; # hm, look into this
- motd = true;
- pep = true;
- ping = true;
- private = true;
- proxy65 = true;
- register = true;
- roster = true;
- server_contact_info = true;
- smacks = true;
- vcard = true;
- watchregistrations = true;
- websocket = true;
- welcome = true;
- };
-
- extraConfig = ''
- conversejs_options = {
- allow_registration = true;
- bosh_service_url = "https://${rootDomain}/http-bind";
- debug = true;
- loglevel = "debug";
- -- default_domain = "${rootDomain}";
- -- domain_placeholder = "${rootDomain}";
- -- jid = "${rootDomain}";
- -- keepalive = true;
- -- registration_domain = "${rootDomain}";
- websocket_url = "wss://${rootDomain}/xmpp-websocket";
- }
-
- cross_domain_websocket = { "https://${rootDomain}", "https://anon.${rootDomain}" }
- cross_domain_bosh = false; -- handle this with nginx
- consider_bosh_secure = true;
-
- -- this is a virtualhost that allows anonymous authentication. use this
- -- for a public lobby. the nix module doesn't support 'authentication'
- -- so i have to do this here.
- VirtualHost "anon.${rootDomain}"
- authentication = "anonymous"
- ssl = {
- cafile = "/etc/ssl/certs/ca-bundle.crt";
- key = "${ssl.key}";
- certificate = "${ssl.cert}";
- };
- '';
-
- muc = [
- {
- domain = "conference.${rootDomain}";
- maxHistoryMessages = 10000;
- name = "Chat Rooms";
- restrictRoomCreation = "admin";
- roomDefaultHistoryLength = 20;
- roomDefaultMembersOnly = true;
- roomDefaultModerated = true;
- roomDefaultPublic = false;
- }
- {
- domain = "chat.${rootDomain}";
- maxHistoryMessages = 10000;
- name = "Chat Rooms";
- restrictRoomCreation = false;
- roomDefaultHistoryLength = 200;
- roomDefaultMembersOnly = false;
- roomDefaultModerated = false;
- roomDefaultPublic = true;
- roomDefaultPublicJids = true;
- }
- ];
-
- virtualHosts = {
- "${rootDomain}" = {
- domain = "${rootDomain}";
- enabled = true;
- inherit ssl;
- };
- };
- };
-
- services.prosody-filer = { enable = true; };
-
- services.nginx.virtualHosts."${rootDomain}".locations = {
- "/http-bind" = {
- proxyPass = "https://${rootDomain}:5281/http-bind";
- extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_buffering off;
- add_header Access-Control-Allow-Origin "*";
- '';
- };
-
- "/xmpp-websocket" = {
- proxyPass = "https://${rootDomain}:5281/xmpp-websocket";
- extraConfig = ''
- proxy_http_version 1.1;
- proxy_buffering off;
- proxy_set_header Host $host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 86400;
- add_header Access-Control-Allow-Origin "*";
- '';
- };
-
- "/chat" = {
- proxyPass = "https://${rootDomain}:5281/conversejs";
- extraConfig = ''
- add_header Access-Control-Allow-Origin "*";
- '';
- };
- };
-
- services.nginx.virtualHosts."anon.${rootDomain}" = {
- useACMEHost = "${rootDomain}";
- forceSSL = true;
- locations = {
- "/http-bind" = {
- proxyPass = "https://anon.${rootDomain}:5281/http-bind";
- extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_buffering off;
- if ($request_method ~* "(GET|POST)") {
- add_header Access-Control-Allow-Origin "*";
- }
- if ($request_method = OPTIONS) {
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD";
- add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
- return 200;
- }
- '';
- };
- };
- };
-
- users.users.nginx.extraGroups = [ "prosody" ];
-
- security.acme.certs.${rootDomain}.extraDomainNames = [
- # these stopped working idk why
- #"upload.${rootDomain}"
- #"conference.${rootDomain}"
- "anon.${rootDomain}"
- "chat.${rootDomain}"
- ];
-
- #security.acme.certs.prosody = {
- # domain = "${domain}";
- # group = "prosody";
- # dnsProvider = "rfc2136";
- # #credentialsFile = config.secrets.files.dns_creds.path;
- # postRun = "systemctl restart prosody";
- # extraDomainNames = [
- # domain
- # "upload.${domain}"
- # ];
- #};
-}