Compare commits

...

4 commits

Author SHA1 Message Date
Gonne Kretschmer
559c5a47ad Enable prometheus node exporter by default 2023-10-25 10:25:18 +00:00
Gonne Kretschmer
bb93d3aed5 Move Jitsi to a module 2023-10-23 19:05:51 +02:00
Gonne Kretschmer
4318950142 Jitsi konfiguriert 2023-10-20 23:10:28 +02:00
Gonne Kretschmer
e8929ff159 Ghatanothoa (Neues Jitsi) 2023-10-20 09:35:11 +02:00
5 changed files with 127 additions and 0 deletions

View file

@ -0,0 +1,19 @@
flake-inputs:
{config, pkgs, lib, ... }: {
imports = [
./hardware-configuration.nix
../../modules/jitsi.nix
../../roles
./network.nix
];
services.mathebau-jitsi = {
enable = true;
hostName = "meet.mathebau.de";
};
# System configuration here
networking.hostName = "ghatanothoa";
system.stateVersion = "23.11";
}

View file

@ -0,0 +1,31 @@
{config, lib, pkgs, modulesPath, ...}: {
imports = [ ];
fileSystems."/" = {
device = "gha-root";
fsType = "tmpfs";
options = [ "size=1G" "mode=755" ];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
fsType = "btrfs";
options = [ "subvol=persist" ];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/19da7f3a-69da-4fa8-bb68-b355d7697ba7";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e0a160ef-7d46-4705-9152-a6b602898136";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }];
nix.settings.max-jobs = lib.mkDefault 4;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -0,0 +1,15 @@
# We sohuld put that config somewhere in roles and give it a parameter or something,
# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
# depend on the same thing
{
imports = [ ];
networking = {
interfaces.enX0.ipv4.addresses = [ {
address = "192.168.0.25";
prefixLength = 16;
} ];
defaultGateway = "192.168.0.152";
nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
};
}

55
nixos/modules/jitsi.nix Normal file
View file

@ -0,0 +1,55 @@
{pkgs, config, lib, modulesPath, ...}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
head;
inherit (lib.types) str;
cfg = config.services.mathebau-jitsi;
in
{
imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
options.services.mathebau-jitsi = {
enable = mkEnableOption "mathebau jitsi service";
hostName = mkOption {
type = str;
};
localAddress = mkOption {
type = str;
default = (head config.networking.interfaces.enX0.ipv4.addresses).address;
};
};
config = mkIf cfg.enable {
services.jitsi-meet = {
enable = true;
hostName = cfg.hostName;
config = {
defaultLang = "de";
};
};
services.jitsi-videobridge = {
openFirewall = true;
nat = {
publicAddress = "130.83.2.184";
localAddress = cfg.localAddress;
};
};
environment.persistence.${config.impermanence.name} = {
directories = [
"/var/lib/jitsi-meet"
"/var/lib/prosody"
];
};
#We are behind a reverse proxy that handles TLS
services.nginx.virtualHosts."${cfg.hostName}" = {
enableACME = false;
forceSSL = false;
};
#The network ports for HTTP(S) are not opened automatically
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}

View file

@ -55,5 +55,12 @@ services = {
PasswordAuthentication = false; PasswordAuthentication = false;
}; };
}; };
prometheus.exporters.node = {
enable = true;
port = 9100;
};
}; };
# Prometheus Monitoring
networking.firewall.allowedTCPPorts = [ 9100 ];
} }