diff --git a/nix/modules/default/config-file.nix b/nix/modules/default/config-file.nix new file mode 100644 index 000000000..1b321f0a7 --- /dev/null +++ b/nix/modules/default/config-file.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + pkgs +}: + +let + cfg = config.services.spacebarchat-server; + jsonFormat = pkgs.formats.json { }; +in +let + endpointSettings = { + api = { + endpointPublic = "http${if cfg.apiEndpoint.useSsl then "s" else ""}://${cfg.apiEndpoint.host}:${toString cfg.apiEndpoint.publicPort}"; + }; + cdn = { + endpointPublic = "http${if cfg.cdnEndpoint.useSsl then "s" else ""}://${cfg.cdnEndpoint.host}:${toString cfg.cdnEndpoint.publicPort}"; + endpointPrivate = "http://127.0.0.1:${toString cfg.cdnEndpoint.localPort}"; + }; + gateway = { + endpointPublic = "ws${if cfg.gatewayEndpoint.useSsl then "s" else ""}://${cfg.gatewayEndpoint.host}:${toString cfg.gatewayEndpoint.publicPort}"; + }; + general = { + serverName = cfg.serverName; + }; + } + // ( + if cfg.enableAdminApi then + { + adminApi = { + endpointPublic = "http${if cfg.adminApiEndpoint.useSsl then "s" else ""}://${cfg.adminApiEndpoint.host}:${toString cfg.adminApiEndpoint.publicPort}"; + }; + } + else + { } + ); +in +jsonFormat.generate "spacebarchat-server.json" (lib.recursiveUpdate endpointSettings cfg.settings) diff --git a/nix/modules/default/cs/admin-api.nix b/nix/modules/default/cs/admin-api.nix index a7b7ca05b..531b50aa3 100644 --- a/nix/modules/default/cs/admin-api.nix +++ b/nix/modules/default/cs/admin-api.nix @@ -31,91 +31,7 @@ in config = lib.mkIf cfg.adminApi.enable ( let - makeServerTsService = ( - conf: - lib.recursiveUpdate - (lib.recursiveUpdate { - documentation = [ "https://docs.spacebar.chat/" ]; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - environment = secrets.systemdEnvironment; - serviceConfig = { - LoadCredential = secrets.systemdLoadCredentials; - - User = "spacebarchat"; - Group = "spacebarchat"; - DynamicUser = false; - - LockPersonality = true; - NoNewPrivileges = true; - - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateUsers = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "@chown" # Required for copying files with FICLONE, apparently. - ]; - CapabilityBoundingSet = [ - "~CAP_SYS_ADMIN" - "~CAP_AUDIT_*" - "~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)" - "~CAP_NET_ADMIN" # No use for this as we don't currently use iptables for enforcing instance bans - "~CAP_SYS_TIME" - "~CAP_KILL" - "~CAP_(DAC_*|FOWNER|IPC_OWNER)" - "~CAP_LINUX_IMMUTABLE" - "~CAP_IPC_LOCK" - "~CAP_BPF" - "~CAP_SYS_TTY_CONFIG" - "~CAP_SYS_BOOT" - "~CAP_SYS_CHROOT" - "~CAP_BLOCK_SUSPEND" - "~CAP_LEASE" - "~CAP_(CHOWN|FSETID|FSETFCAP)" # Check if we need CAP_CHOWN for `fchown()` (FICLONE)? - "~CAP_SET(UID|GID|PCAP)" - "~CAP_MAC_*" - "~CAP_SYS_PTRACE" - "~CAP_SYS_(NICE|RESOURCE)" - "~CAP_SYS_RAWIO" - "~CAP_SYSLOG" - ]; - RestrictSUIDSGID = true; - - WorkingDirectory = "/var/lib/spacebar"; - StateDirectory = "spacebar"; - StateDirectoryMode = "0750"; - RuntimeDirectory = "spacebar"; - RuntimeDirectoryMode = "0750"; - ReadWritePaths = [ cfg.cdnPath ]; - NoExecPaths = [ cfg.cdnPath ]; - - Restart = "on-failure"; - RestartSec = 10; - StartLimitBurst = 5; - UMask = "077"; - } - // lib.optionalAttrs (cfg.databaseFile != null) { EnvironmentFile = cfg.databaseFile; }; - } conf) - { - } - ); + makeServerTsService = import ../makeServerTsService.nix { inherit cfg lib secrets; }; in { assertions = [ diff --git a/nix/modules/default/cs/gateway-offload-cs.nix b/nix/modules/default/cs/gateway-offload-cs.nix index 4e56a566f..ebbc14254 100644 --- a/nix/modules/default/cs/gateway-offload-cs.nix +++ b/nix/modules/default/cs/gateway-offload-cs.nix @@ -39,91 +39,7 @@ in config = lib.mkIf cfg.gatewayOffload.enable ( let - makeServerTsService = ( - conf: - lib.recursiveUpdate - (lib.recursiveUpdate { - documentation = [ "https://docs.spacebar.chat/" ]; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - environment = secrets.systemdEnvironment; - serviceConfig = { - LoadCredential = secrets.systemdLoadCredentials; - - User = "spacebarchat"; - Group = "spacebarchat"; - DynamicUser = false; - - LockPersonality = true; - NoNewPrivileges = true; - - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateUsers = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "@chown" # Required for copying files with FICLONE, apparently. - ]; - CapabilityBoundingSet = [ - "~CAP_SYS_ADMIN" - "~CAP_AUDIT_*" - "~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)" - "~CAP_NET_ADMIN" # No use for this as we don't currently use iptables for enforcing instance bans - "~CAP_SYS_TIME" - "~CAP_KILL" - "~CAP_(DAC_*|FOWNER|IPC_OWNER)" - "~CAP_LINUX_IMMUTABLE" - "~CAP_IPC_LOCK" - "~CAP_BPF" - "~CAP_SYS_TTY_CONFIG" - "~CAP_SYS_BOOT" - "~CAP_SYS_CHROOT" - "~CAP_BLOCK_SUSPEND" - "~CAP_LEASE" - "~CAP_(CHOWN|FSETID|FSETFCAP)" # Check if we need CAP_CHOWN for `fchown()` (FICLONE)? - "~CAP_SET(UID|GID|PCAP)" - "~CAP_MAC_*" - "~CAP_SYS_PTRACE" - "~CAP_SYS_(NICE|RESOURCE)" - "~CAP_SYS_RAWIO" - "~CAP_SYSLOG" - ]; - RestrictSUIDSGID = true; - - WorkingDirectory = "/var/lib/spacebar"; - StateDirectory = "spacebar"; - StateDirectoryMode = "0750"; - RuntimeDirectory = "spacebar"; - RuntimeDirectoryMode = "0750"; - ReadWritePaths = [ cfg.cdnPath ]; - NoExecPaths = [ cfg.cdnPath ]; - - Restart = "on-failure"; - RestartSec = 10; - StartLimitBurst = 5; - UMask = "077"; - } - // lib.optionalAttrs (cfg.databaseFile != null) { EnvironmentFile = cfg.databaseFile; }; - } conf) - { - } - ); + makeServerTsService = import ../makeServerTsService.nix { inherit cfg lib secrets; }; in { assertions = [ diff --git a/nix/modules/default/cs/uapi.nix b/nix/modules/default/cs/uapi.nix index 1486ef266..9cd76b624 100644 --- a/nix/modules/default/cs/uapi.nix +++ b/nix/modules/default/cs/uapi.nix @@ -36,91 +36,7 @@ in config = lib.mkIf cfg.uApi.enable ( let - makeServerTsService = ( - conf: - lib.recursiveUpdate - (lib.recursiveUpdate { - documentation = [ "https://docs.spacebar.chat/" ]; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - environment = secrets.systemdEnvironment; - serviceConfig = { - LoadCredential = secrets.systemdLoadCredentials; - - User = "spacebarchat"; - Group = "spacebarchat"; - DynamicUser = false; - - LockPersonality = true; - NoNewPrivileges = true; - - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateUsers = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "@chown" # Required for copying files with FICLONE, apparently. - ]; - CapabilityBoundingSet = [ - "~CAP_SYS_ADMIN" - "~CAP_AUDIT_*" - "~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)" - "~CAP_NET_ADMIN" # No use for this as we don't currently use iptables for enforcing instance bans - "~CAP_SYS_TIME" - "~CAP_KILL" - "~CAP_(DAC_*|FOWNER|IPC_OWNER)" - "~CAP_LINUX_IMMUTABLE" - "~CAP_IPC_LOCK" - "~CAP_BPF" - "~CAP_SYS_TTY_CONFIG" - "~CAP_SYS_BOOT" - "~CAP_SYS_CHROOT" - "~CAP_BLOCK_SUSPEND" - "~CAP_LEASE" - "~CAP_(CHOWN|FSETID|FSETFCAP)" # Check if we need CAP_CHOWN for `fchown()` (FICLONE)? - "~CAP_SET(UID|GID|PCAP)" - "~CAP_MAC_*" - "~CAP_SYS_PTRACE" - "~CAP_SYS_(NICE|RESOURCE)" - "~CAP_SYS_RAWIO" - "~CAP_SYSLOG" - ]; - RestrictSUIDSGID = true; - - WorkingDirectory = "/var/lib/spacebar"; - StateDirectory = "spacebar"; - StateDirectoryMode = "0750"; - RuntimeDirectory = "spacebar"; - RuntimeDirectoryMode = "0750"; - ReadWritePaths = [ cfg.cdnPath ]; - NoExecPaths = [ cfg.cdnPath ]; - - Restart = "on-failure"; - RestartSec = 10; - StartLimitBurst = 5; - UMask = "077"; - } - // lib.optionalAttrs (cfg.databaseFile != null) { EnvironmentFile = cfg.databaseFile; }; - } conf) - { - } - ); + makeServerTsService = import ../makeServerTsService.nix { inherit cfg lib secrets; }; in { assertions = [ diff --git a/nix/modules/default/default.nix b/nix/modules/default/default.nix index 07cb7d2ec..fb84c8f60 100644 --- a/nix/modules/default/default.nix +++ b/nix/modules/default/default.nix @@ -11,40 +11,13 @@ let secrets = import ./secrets.nix { inherit lib config; }; cfg = config.services.spacebarchat-server; jsonFormat = pkgs.formats.json { }; - configFile = - let - endpointSettings = { - api = { - endpointPublic = "http${if cfg.apiEndpoint.useSsl then "s" else ""}://${cfg.apiEndpoint.host}:${toString cfg.apiEndpoint.publicPort}"; - }; - cdn = { - endpointPublic = "http${if cfg.cdnEndpoint.useSsl then "s" else ""}://${cfg.cdnEndpoint.host}:${toString cfg.cdnEndpoint.publicPort}"; - endpointPrivate = "http://127.0.0.1:${toString cfg.cdnEndpoint.localPort}"; - }; - gateway = { - endpointPublic = "ws${if cfg.gatewayEndpoint.useSsl then "s" else ""}://${cfg.gatewayEndpoint.host}:${toString cfg.gatewayEndpoint.publicPort}"; - }; - general = { - serverName = cfg.serverName; - }; - } - // ( - if cfg.enableAdminApi then - { - adminApi = { - endpointPublic = "http${if cfg.adminApiEndpoint.useSsl then "s" else ""}://${cfg.adminApiEndpoint.host}:${toString cfg.adminApiEndpoint.publicPort}"; - }; - } - else - { } - ); - in - jsonFormat.generate "spacebarchat-server.json" (lib.recursiveUpdate endpointSettings cfg.settings); + configFile = (import ./config-file.nix { inherit config lib pkgs; }); in { imports = [ ./integration-nginx.nix ./users.nix + (import ./pion-sfu.nix self) (import ./cs/gateway-offload-cs.nix self) (import ./cs/admin-api.nix self) (import ./cs/uapi.nix self) @@ -72,10 +45,12 @@ in type = lib.types.str; description = "The server name for this Spacebar instance (aka. common name, usually the domain where your well known is hosted)."; }; - adminApiEndpoint = mkEndpointOptions "admin-api.sb.localhost" 3004; apiEndpoint = mkEndpointOptions "api.sb.localhost" 3001; gatewayEndpoint = mkEndpointOptions "gateway.sb.localhost" 3003; cdnEndpoint = mkEndpointOptions "cdn.sb.localhost" 3003; + adminApiEndpoint = mkEndpointOptions "admin-api.sb.localhost" 3004; + webrtcEndpoint = mkEndpointOptions "voice.sb.localhost" 3005; + cdnPath = lib.mkOption { type = lib.types.str; default = "./files"; @@ -119,91 +94,7 @@ in config = lib.mkIf cfg.enable ( let - makeServerTsService = ( - conf: - lib.recursiveUpdate - (lib.recursiveUpdate { - documentation = [ "https://docs.spacebar.chat/" ]; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - environment = secrets.systemdEnvironment; - serviceConfig = { - LoadCredential = secrets.systemdLoadCredentials; - - User = "spacebarchat"; - Group = "spacebarchat"; - DynamicUser = false; - - LockPersonality = true; - NoNewPrivileges = true; - - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateUsers = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "@chown" # Required for copying files with FICLONE, apparently. - ]; - CapabilityBoundingSet = [ - "~CAP_SYS_ADMIN" - "~CAP_AUDIT_*" - "~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)" - "~CAP_NET_ADMIN" # No use for this as we don't currently use iptables for enforcing instance bans - "~CAP_SYS_TIME" - "~CAP_KILL" - "~CAP_(DAC_*|FOWNER|IPC_OWNER)" - "~CAP_LINUX_IMMUTABLE" - "~CAP_IPC_LOCK" - "~CAP_BPF" - "~CAP_SYS_TTY_CONFIG" - "~CAP_SYS_BOOT" - "~CAP_SYS_CHROOT" - "~CAP_BLOCK_SUSPEND" - "~CAP_LEASE" - "~CAP_(CHOWN|FSETID|FSETFCAP)" # Check if we need CAP_CHOWN for `fchown()` (FICLONE)? - "~CAP_SET(UID|GID|PCAP)" - "~CAP_MAC_*" - "~CAP_SYS_PTRACE" - "~CAP_SYS_(NICE|RESOURCE)" - "~CAP_SYS_RAWIO" - "~CAP_SYSLOG" - ]; - RestrictSUIDSGID = true; - - WorkingDirectory = "/var/lib/spacebar"; - StateDirectory = "spacebar"; - StateDirectoryMode = "0750"; - RuntimeDirectory = "spacebar"; - RuntimeDirectoryMode = "0750"; - ReadWritePaths = [ cfg.cdnPath ]; - NoExecPaths = [ cfg.cdnPath ]; - - Restart = "on-failure"; - RestartSec = 10; - StartLimitBurst = 5; - UMask = "077"; - } - // lib.optionalAttrs (cfg.databaseFile != null) { EnvironmentFile = cfg.databaseFile; }; - } conf) - { - } - ); + makeServerTsService = import ./makeServerTsService.nix { inherit cfg lib secrets; }; in { assertions = [ diff --git a/nix/modules/default/makeServerTsService.nix b/nix/modules/default/makeServerTsService.nix new file mode 100644 index 000000000..4f7a13351 --- /dev/null +++ b/nix/modules/default/makeServerTsService.nix @@ -0,0 +1,88 @@ +{ + lib, + secrets, + cfg, +}: +conf: +lib.recursiveUpdate + (lib.recursiveUpdate { + documentation = [ "https://docs.spacebar.chat/" ]; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + environment = secrets.systemdEnvironment; + serviceConfig = { + LoadCredential = secrets.systemdLoadCredentials; + + User = "spacebarchat"; + Group = "spacebarchat"; + DynamicUser = false; + + LockPersonality = true; + NoNewPrivileges = true; + + ProtectClock = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateUsers = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "@chown" # Required for copying files with FICLONE, apparently. + ]; + CapabilityBoundingSet = [ + "~CAP_SYS_ADMIN" + "~CAP_AUDIT_*" + "~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)" + "~CAP_NET_ADMIN" # No use for this as we don't currently use iptables for enforcing instance bans + "~CAP_SYS_TIME" + "~CAP_KILL" + "~CAP_(DAC_*|FOWNER|IPC_OWNER)" + "~CAP_LINUX_IMMUTABLE" + "~CAP_IPC_LOCK" + "~CAP_BPF" + "~CAP_SYS_TTY_CONFIG" + "~CAP_SYS_BOOT" + "~CAP_SYS_CHROOT" + "~CAP_BLOCK_SUSPEND" + "~CAP_LEASE" + "~CAP_(CHOWN|FSETID|FSETFCAP)" # Check if we need CAP_CHOWN for `fchown()` (FICLONE)? + "~CAP_SET(UID|GID|PCAP)" + "~CAP_MAC_*" + "~CAP_SYS_PTRACE" + "~CAP_SYS_(NICE|RESOURCE)" + "~CAP_SYS_RAWIO" + "~CAP_SYSLOG" + ]; + RestrictSUIDSGID = true; + + WorkingDirectory = "/var/lib/spacebar"; + StateDirectory = "spacebar"; + StateDirectoryMode = "0750"; + RuntimeDirectory = "spacebar"; + RuntimeDirectoryMode = "0750"; + ReadWritePaths = [ cfg.cdnPath ]; + NoExecPaths = [ cfg.cdnPath ]; + + Restart = "on-failure"; + RestartSec = 10; + StartLimitBurst = 5; + UMask = "077"; + } + // lib.optionalAttrs (cfg.databaseFile != null) { EnvironmentFile = cfg.databaseFile; }; + } conf) + { + } diff --git a/nix/modules/default/pion-sfu.nix b/nix/modules/default/pion-sfu.nix new file mode 100644 index 000000000..c3389d00d --- /dev/null +++ b/nix/modules/default/pion-sfu.nix @@ -0,0 +1,90 @@ +self: +{ + config, + lib, + pkgs, + spacebar, + ... +}: + +let + cfg = config.services.spacebarchat-server; + secrets = import ./secrets.nix { inherit lib config; }; + configFile = (import ./config-file.nix { inherit config lib pkgs; }); +in +{ + options.services.spacebarchat-server.pion-sfu = + let + mkEndpointOptions = import ./options-subtypes/mkEndpointOptions.nix { inherit lib; }; + in + { + enable = lib.mkEnableOption "Enable Spacebar Pion SFU"; + openFirewall = lib.mkEnableOption "Allow SFU port in firewall"; + package = lib.mkPackageOption self.packages.${pkgs.stdenv.hostPlatform.system} "Pion SFU" { default = "pion-sfu"; }; + + publicIp = lib.mkOption { + type = lib.types.str; + description = "Public IP address of the server."; + }; + listenPort = lib.mkOption { + type = lib.types.port; + default = 6000; + description = "UDP port the SFU will listen on."; + }; + }; + + config = lib.mkIf cfg.pion-sfu.enable ( + let + makeServerTsService = import ./makeServerTsService.nix { inherit cfg lib secrets; }; + in + { + networking.firewall.allowedUDPPorts = lib.mkIf cfg.pion-sfu.openFirewall [ cfg.pion-sfu.listenPort ]; + services.spacebarchat-server.settings.regions = { + default = "default"; + available = [ + { + id = "default"; + name = "Default Region"; + endpoint = cfg.webrtcEndpoint.host + ":" + toString cfg.webrtcEndpoint.publicPort; + vip = false; + custom = false; + deprecated = false; + } + ]; + }; + + systemd.services.spacebar-webrtc = makeServerTsService { + description = "Spacebar Server - WebRTC"; + environment = builtins.mapAttrs (_: val: builtins.toString val) ( + { + # things we set by default... + EVENT_TRANSMISSION = "unix"; + EVENT_SOCKET_PATH = "/run/spacebar/"; + } + // cfg.extraEnvironment + // { + # things we force... + CONFIG_PATH = configFile; + CONFIG_READONLY = 1; + PORT = toString cfg.webrtcEndpoint.localPort; + APPLY_DB_MIGRATIONS = "false"; + WRTC_LIBRARY = "@spacebarchat/pion-webrtc"; + WRTC_PUBLIC_IP = cfg.pion-sfu.publicIp; + WRTC_PORT_MIN = toString cfg.pion-sfu.listenPort; + WRTC_PORT_MAX = toString cfg.pion-sfu.listenPort; + } + ); + serviceConfig = { + ExecStart = "${cfg.package}/bin/start-webrtc"; + }; + }; + + systemd.services.spacebar-sfu = makeServerTsService { + description = "Spacebar Server - Pion SFU"; + serviceConfig = { + ExecStart = "${lib.getExe cfg.pion-sfu.package} -ip ${cfg.pion-sfu.publicIp} -port ${toString cfg.pion-sfu.listenPort}"; + }; + }; + } + ); +} diff --git a/nix/testVm/configuration.nix b/nix/testVm/configuration.nix index e8de371aa..8d467b3fb 100644 --- a/nix/testVm/configuration.nix +++ b/nix/testVm/configuration.nix @@ -43,6 +43,12 @@ in adminApiEndpoint = { useSsl = false; host = "admin.sb.localhost"; + localPort = 3004; + publicPort = 8080; + }; + webrtcEndpoint = { + useSsl = false; + host = "voice.sb.localhost"; localPort = 3005; publicPort = 8080; }; @@ -61,6 +67,10 @@ in enable = true; extraConfiguration.ConnectionStrings.Spacebar = csConnectionString; }; + pion-sfu = { + enable = true; + publicIp = "127.0.0.1"; + }; extraEnvironment = { DATABASE = "postgres://postgres:postgres@127.0.0.1/spacebar"; #WEBRTC_PORT_RANGE=60000-61000; @@ -72,12 +82,6 @@ in #LOG_PROTO_UPDATES=true; #LOG_PROTO_FRECENCY_UPDATES=true; #LOG_PROTO_SETTINGS_UPDATES=true; - #WRTC_PUBLIC_IP=webrtc.old.server.spacebar.chat; - WRTC_PUBLIC_IP = "216.230.228.19"; - WRTC_PORT_MIN = 60000; - WRTC_PORT_MAX = 65000; - WRTC_LIBRARY = "@spacebarchat/medooze-webrtc"; - #WRTC_LIBRARY=mediasoup-spacebar-wrtc; }; }; in