neet.dev flake

flake.nix

@@ -3,10 +3,15 @@
 
   outputs = { self, nixpkgs }: {
 
-    nixosConfigurations.reg = nixpkgs.lib.nixosSystem {
+    nixosConfigurations = {
+      "reg" = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = [ ./reg/configuration.nix ];
       };
-
+      "neetdev" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [ ./neet.dev/configuration.nix ];
+      };
+    }
   };
 }

neet.dev/configuration.nix

@@ -8,10 +8,8 @@
 #      ./nsd.nix
       ./thelounge.nix
       ./mumble.nix
-#      ./hedgedoc.nix
-#      ./postgres.nix
-#      ./zerobin.nix
       ./gitlab.nix
+      ./video-stream.nix
     ];
 
   # Use the GRUB 2 boot loader.
@@ -36,6 +34,7 @@
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVR/R3ZOsv7TZbICGBCHdjh1NDT8SnswUyINeJOC7QG"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx"
     ];
   };
 
@@ -55,18 +54,6 @@
       dnsProvider = "digitalocean";
       credentialsFile = "/var/lib/secrets/certs.secret";
     };
-#    "neet.space" = {
-#      group = "nginx";
-#      domain = "*.neet.space";
-#      dnsProvider = "digitalocean";
-#      credentialsFile = "/var/lib/secrets/certs.secret";
-#    };
-#    "neet.cloud" = {
-#      group = "nginx";
-#      domain = "*.neet.cloud";
-#      dnsProvider = "digitalocean";
-#      credentialsFile = "/var/lib/secrets/certs.secret";
-#    };
   };
 
   services.nginx = {

neet.dev/gitlab.nix

@@ -40,7 +40,8 @@
 
   boot.kernel.sysctl."net.ipv4.ip_forward" = true;
   services.gitlab-runner = {
-    enable = true;
+#    enable = true;
+    enable = false;
     services = {
       # runner for building in docker via host's nix-daemon
       # nix store will be readable in runner, might be insecure

neet.dev/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/35ca3392-548a-45ef-9e72-392cddfcea1b";
+      fsType = "btrfs";
+      options = [ "subvol=root" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/35ca3392-548a-45ef-9e72-392cddfcea1b";
+      fsType = "btrfs";
+      options = [ "subvol=home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/d1d3cc19-980f-42ea-9784-a223ea71f435";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/86fdcded-3f0e-4ee0-81bc-c1c92cb96ab1"; }
+    ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+}

neet.dev/video-stream.nix

@@ -0,0 +1,94 @@
+{ config, pkgs, ... }:
+
+let
+  # external
+  rtp-port = 8083;
+  webrtc-peer-lower-port = 20000;
+  webrtc-peer-upper-port = 20100;
+  domain = "live.neet.space";
+
+  # internal
+  ingest-port = 8084;
+  web-port = 8085;
+  webrtc-port = 8086;
+  toStr = builtins.toString;
+in
+{
+  networking.firewall.allowedUDPPorts = [ rtp-port ];
+  networking.firewall.allowedTCPPortRanges = [ {
+    from = webrtc-peer-lower-port;
+    to = webrtc-peer-upper-port;
+  } ];
+  networking.firewall.allowedUDPPortRanges = [ { 
+    from = webrtc-peer-lower-port;
+    to = webrtc-peer-upper-port;
+  } ];
+
+  virtualisation.docker.enable = true;
+
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://localhost:${toStr web-port}";
+      };
+      "websocket" = {
+        proxyPass = "http://localhost:${toStr webrtc-port}/websocket";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers = {
+      "lightspeed-ingest" = {
+        workdir = "/var/lib/lightspeed-ingest";
+        image = "projectlightspeed/ingest";
+        ports = [
+          "${toStr ingest-port}:8084"
+        ];
+#        imageFile = pkgs.dockerTools.pullImage {
+#          imageName = "projectlightspeed/ingest";
+#          finalImageTag = "version-0.1.4";
+#          imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc";
+#          sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5";
+#        };
+      };
+      "lightspeed-react" = {
+        workdir = "/var/lib/lightspeed-react";
+        image = "projectlightspeed/react";
+        ports = [
+          "${toStr web-port}:80"
+        ];
+#        imageFile = pkgs.dockerTools.pullImage {
+#          imageName = "projectlightspeed/react";
+#          finalImageTag = "version-0.1.3";
+#          imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6";
+#          sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js";
+#        };
+      };
+      "lightspeed-webrtc" = {
+        workdir = "/var/lib/lightspeed-webrtc";
+        image = "projectlightspeed/webrtc";
+        ports = [
+          "${toStr webrtc-port}:8080"
+          "${toStr rtp-port}:65535/udp"
+          "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/tcp"
+          "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp"
+        ];
+        cmd = [
+          "lightspeed-webrtc" "--addr=0.0.0.0" "--ip=${domain}"
+          "--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" "run"
+        ];
+#        imageFile = pkgs.dockerTools.pullImage {
+#          imageName = "projectlightspeed/webrtc";
+#          finalImageTag = "version-0.1.2";
+#          imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf";
+#          sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i";
+#        };
+      };
+    };
+  };
+}