Skip to content

Commit

Permalink
feat(nixosConfigurations): add turn-3
Browse files Browse the repository at this point in the history
  • Loading branch information
steveej committed Apr 25, 2024
1 parent e697a0c commit cbd3f78
Show file tree
Hide file tree
Showing 3 changed files with 130 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,10 @@ in {
turn-2.${fqdn2domain}. A ${self.nixosConfigurations.turn-2.config.services.holochain-turn-server.address}
signal-2.${fqdn2domain}. A ${self.nixosConfigurations.turn-2.config.services.tx5-signal-server.address}
bootstrap-2.${fqdn2domain}. A ${self.nixosConfigurations.turn-2.config.services.kitsune-bootstrap.address}
turn-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.holochain-turn-server.address}
signal-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.tx5-signal-server.address}
bootstrap-3.${fqdn2domain}. A ${self.nixosConfigurations.turn-3.config.services.kitsune-bootstrap.address}
'';
};

Expand Down Expand Up @@ -334,6 +338,12 @@ in {
reverse_proxy http://turn-2.${fqdn2domain}:${builtins.toString self.nixosConfigurations.turn-2.config.services.holochain-turn-server.nginx-http-port}
'';
};

"acme-turn-3.${fqdn2domain}:80" = {
extraConfig = ''
reverse_proxy http://turn-3.${fqdn2domain}:${builtins.toString self.nixosConfigurations.turn-3.config.services.holochain-turn-server.nginx-http-port}
'';
};
};

sops.secrets.global-server-nomad-key = {
Expand Down
108 changes: 108 additions & 0 deletions modules/flake-parts/nixosConfigurations.turn-3/configuration.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
{
config,
inputs,
self,
pkgs,
...
}: let
hostName = "turn-3";

turnIpv4 = "65.21.54.162";
turnFqdn = "${hostName}.infra.holochain.org";

signalIpv4 = "95.217.241.142";
signalFqdn = "signal-3.infra.holochain.org";

bootstrapIpv4 = "65.109.242.243";
bootstrapFqdn = "bootstrap-3.infra.holochain.org";
in {
imports = [
inputs.disko.nixosModules.disko
inputs.srvos.nixosModules.server
inputs.srvos.nixosModules.mixins-terminfo
inputs.srvos.nixosModules.hardware-hetzner-cloud
self.nixosModules.hardware-hetzner-cloud-cpx

inputs.sops-nix.nixosModules.sops

self.nixosModules.holo-users
../../nixos/shared.nix
../../nixos/shared-nix-settings.nix

self.nixosModules.holochain-turn-server
self.nixosModules.tx5-signal-server
self.nixosModules.kitsune-bootstrap
];

networking.hostName = hostName; # Define your hostname.

hostName = turnIpv4;

nix.settings.max-jobs = 8;

nix.settings.substituters = [
"https://holochain-ci.cachix.org"
];

nix.settings.trusted-public-keys = [
"holochain-ci.cachix.org-3:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
];

# FIXME: is there a better way to do this?
environment.etc."systemd/network/10-cloud-init-eth0.network.d/00-floating-ips.conf".text = ''
[Network]
Address = ${signalIpv4}/32
Address = ${bootstrapIpv4}/32
'';

system.stateVersion = "23.11";

services.holochain-turn-server = {
enable = true;
url = turnFqdn;
address = turnIpv4;
username = "test";
credential = "test";
verbose = false;
extraCoturnAttrs = {
cli-ip = "127.0.0.1";
cli-password = "$5$4c2b9a49c5e013ae$14f901c5f36d4c8d5cf0c7383ecb0f26b052134293152bd1191412641a20ddf5";
};
};

services.tx5-signal-server = {
enable = true;
address = signalIpv4;
port = 8443;
tls-port = 443;
url = signalFqdn;
iceServers = [
{
urls = [
"stun:${config.services.holochain-turn-server.url}:80"
];
}
{
urls = [
"turn:${config.services.holochain-turn-server.url}:80"
"turn:${config.services.holochain-turn-server.url}:80?transport=tcp"
"turns:${config.services.holochain-turn-server.url}:443?transport=tcp"
];

inherit
(config.services.holochain-turn-server)
username
credential
;
}
];
};

services.kitsune-bootstrap = {
enable = true;
address = bootstrapIpv4;
port = 8444;
tls-port = 443;
url = bootstrapFqdn;
};
}
12 changes: 12 additions & 0 deletions modules/flake-parts/nixosConfigurations.turn-3/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
self,
lib,
inputs,
...
}: {
flake.nixosConfigurations.turn-3 = inputs.nixpkgs.lib.nixosSystem {
modules = [./configuration.nix];
system = "x86_64-linux";
specialArgs = self.specialArgs;
};
}

0 comments on commit cbd3f78

Please sign in to comment.