From e8929ff1591c4cef8af6be0dfe9b678b125b4d1b Mon Sep 17 00:00:00 2001 From: Gonne Kretschmer Date: Wed, 18 Oct 2023 17:04:30 +0200 Subject: [PATCH 1/3] Ghatanothoa (Neues Jitsi) --- nixos/machines/ghatanothoa/configuration.nix | 14 +++++++++ .../ghatanothoa/hardware-configuration.nix | 31 +++++++++++++++++++ nixos/machines/ghatanothoa/network.nix | 15 +++++++++ 3 files changed, 60 insertions(+) create mode 100644 nixos/machines/ghatanothoa/configuration.nix create mode 100644 nixos/machines/ghatanothoa/hardware-configuration.nix create mode 100644 nixos/machines/ghatanothoa/network.nix diff --git a/nixos/machines/ghatanothoa/configuration.nix b/nixos/machines/ghatanothoa/configuration.nix new file mode 100644 index 0000000..22aa65b --- /dev/null +++ b/nixos/machines/ghatanothoa/configuration.nix @@ -0,0 +1,14 @@ +flake-inputs: +{config, pkgs, lib, ... }: { + +imports = [ + ./hardware-configuration.nix + ../../roles + ./network.nix +]; + +# System configuration here + + networking.hostName = "ghatanothoa"; + system.stateVersion = "23.11"; +} diff --git a/nixos/machines/ghatanothoa/hardware-configuration.nix b/nixos/machines/ghatanothoa/hardware-configuration.nix new file mode 100644 index 0000000..ad588c9 --- /dev/null +++ b/nixos/machines/ghatanothoa/hardware-configuration.nix @@ -0,0 +1,31 @@ +{config, lib, pkgs, modulesPath, ...}: { + imports = [ ]; + + fileSystems."/" = { + device = "gha-root"; + fsType = "tmpfs"; + options = [ "size=1G" "mode=755" ]; + }; + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; + fsType = "btrfs"; + options = [ "subvol=persist" ]; + neededForBoot = true; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7"; + fsType = "ext4"; + }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }]; + + nix.settings.max-jobs = lib.mkDefault 4; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/machines/ghatanothoa/network.nix b/nixos/machines/ghatanothoa/network.nix new file mode 100644 index 0000000..7e26f79 --- /dev/null +++ b/nixos/machines/ghatanothoa/network.nix @@ -0,0 +1,15 @@ +# We sohuld put that config somewhere in roles and give it a parameter or something, +# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways +# depend on the same thing +{ + imports = [ ]; + networking = { + interfaces.enX0.ipv4.addresses = [ { + address = "192.168.0.25"; + prefixLength = 16; + } ]; + defaultGateway = "192.168.0.152"; + nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"]; + }; +} + -- 2.39.5 From 4318950142e0a61f79390c87830c70384f2efdb4 Mon Sep 17 00:00:00 2001 From: Gonne Kretschmer Date: Fri, 20 Oct 2023 11:04:40 +0200 Subject: [PATCH 2/3] Jitsi konfiguriert --- nixos/machines/ghatanothoa/configuration.nix | 1 + nixos/machines/ghatanothoa/jitsi.nix | 23 ++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 nixos/machines/ghatanothoa/jitsi.nix diff --git a/nixos/machines/ghatanothoa/configuration.nix b/nixos/machines/ghatanothoa/configuration.nix index 22aa65b..54f3211 100644 --- a/nixos/machines/ghatanothoa/configuration.nix +++ b/nixos/machines/ghatanothoa/configuration.nix @@ -3,6 +3,7 @@ flake-inputs: imports = [ ./hardware-configuration.nix + (import ./jitsi.nix flake-inputs) ../../roles ./network.nix ]; diff --git a/nixos/machines/ghatanothoa/jitsi.nix b/nixos/machines/ghatanothoa/jitsi.nix new file mode 100644 index 0000000..547e3c7 --- /dev/null +++ b/nixos/machines/ghatanothoa/jitsi.nix @@ -0,0 +1,23 @@ +flake-inputs: +{pkgs, config, lib, modulesPath, ...}: { + imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")]; + + services.jitsi-meet = { + enable = true; + hostName = "meet.mathebau.de"; + config = { + defaultLang = "de"; + }; + }; + services.jitsi-videobridge = { + openFirewall = true; + nat = { + publicAddress = "130.83.2.184"; + localAddress = "192.168.0.25"; + }; + }; + services.nginx.virtualHosts."meet.mathebau.de".enableACME = false; + services.nginx.virtualHosts."meet.mathebau.de".forceSSL = false; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 10000 ]; +} -- 2.39.5 From bb93d3aed57f4388a90635d86d945fc4b8a5a9c2 Mon Sep 17 00:00:00 2001 From: Gonne Kretschmer Date: Mon, 23 Oct 2023 17:43:13 +0200 Subject: [PATCH 3/3] Move Jitsi to a module --- nixos/machines/ghatanothoa/configuration.nix | 8 ++- nixos/machines/ghatanothoa/jitsi.nix | 23 -------- nixos/modules/jitsi.nix | 55 ++++++++++++++++++++ 3 files changed, 61 insertions(+), 25 deletions(-) delete mode 100644 nixos/machines/ghatanothoa/jitsi.nix create mode 100644 nixos/modules/jitsi.nix diff --git a/nixos/machines/ghatanothoa/configuration.nix b/nixos/machines/ghatanothoa/configuration.nix index 54f3211..4e60e1b 100644 --- a/nixos/machines/ghatanothoa/configuration.nix +++ b/nixos/machines/ghatanothoa/configuration.nix @@ -3,13 +3,17 @@ flake-inputs: imports = [ ./hardware-configuration.nix - (import ./jitsi.nix flake-inputs) + ../../modules/jitsi.nix ../../roles ./network.nix ]; -# System configuration here + services.mathebau-jitsi = { + enable = true; + hostName = "meet.mathebau.de"; + }; +# System configuration here networking.hostName = "ghatanothoa"; system.stateVersion = "23.11"; } diff --git a/nixos/machines/ghatanothoa/jitsi.nix b/nixos/machines/ghatanothoa/jitsi.nix deleted file mode 100644 index 547e3c7..0000000 --- a/nixos/machines/ghatanothoa/jitsi.nix +++ /dev/null @@ -1,23 +0,0 @@ -flake-inputs: -{pkgs, config, lib, modulesPath, ...}: { - imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")]; - - services.jitsi-meet = { - enable = true; - hostName = "meet.mathebau.de"; - config = { - defaultLang = "de"; - }; - }; - services.jitsi-videobridge = { - openFirewall = true; - nat = { - publicAddress = "130.83.2.184"; - localAddress = "192.168.0.25"; - }; - }; - services.nginx.virtualHosts."meet.mathebau.de".enableACME = false; - services.nginx.virtualHosts."meet.mathebau.de".forceSSL = false; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 10000 ]; -} diff --git a/nixos/modules/jitsi.nix b/nixos/modules/jitsi.nix new file mode 100644 index 0000000..ca2a8a7 --- /dev/null +++ b/nixos/modules/jitsi.nix @@ -0,0 +1,55 @@ +{pkgs, config, lib, modulesPath, ...}: +let + inherit (lib) + mkIf + mkEnableOption + mkOption + head; + inherit (lib.types) str; + cfg = config.services.mathebau-jitsi; +in +{ + imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")]; + + options.services.mathebau-jitsi = { + enable = mkEnableOption "mathebau jitsi service"; + hostName = mkOption { + type = str; + }; + localAddress = mkOption { + type = str; + default = (head config.networking.interfaces.enX0.ipv4.addresses).address; + }; + }; + + config = mkIf cfg.enable { + services.jitsi-meet = { + enable = true; + hostName = cfg.hostName; + config = { + defaultLang = "de"; + }; + }; + services.jitsi-videobridge = { + openFirewall = true; + nat = { + publicAddress = "130.83.2.184"; + localAddress = cfg.localAddress; + }; + }; + environment.persistence.${config.impermanence.name} = { + directories = [ + "/var/lib/jitsi-meet" + "/var/lib/prosody" + ]; + }; + #We are behind a reverse proxy that handles TLS + services.nginx.virtualHosts."${cfg.hostName}" = { + enableACME = false; + forceSSL = false; + }; + + #The network ports for HTTP(S) are not opened automatically + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +} -- 2.39.5