Add back clustering

.env.production

@@ -1,3 +1,5 @@
 PUBLIC_RELAY_SCHEME="https"
 PUBLIC_RELAY_HOST="relay.quic.video"
-PUBLIC_DEMO_TOKEN=""
+
+# cargo run --bin moq-token -- --key root.jwk sign --path "demo" --subscribe "" > demo.jwt
+PUBLIC_DEMO_TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXRoIjoiZGVtbyIsInB1YiI6bnVsbCwicHViISI6bnVsbCwic3ViIjoiIiwiZXhwIjpudWxsLCJpYXQiOm51bGx9.xeSMuPLRqmjkRLtcraXnvwqmYDK_BuU2ooZOWisL_aE"

.github/workflows/pr.yml

@@ -18,7 +18,5 @@ jobs:
         with:
           cache: 'pnpm'
 
-      - uses: biomejs/setup-biome@v2
-
       - run: pnpm install --frozen-lockfile
       - run: pnpm run check

.gitignore

@@ -26,4 +26,6 @@ bun.lockb
 .DS_Store
 
 # Don't leak me secrets
-.env.production
+.env.production
+*.jwt
+*.jwk

biome.json

@@ -1,5 +1,5 @@
 {
-	"$schema": "https://biomejs.dev/schemas/1.9.4/schema.json",
+	"$schema": "https://biomejs.dev/schemas/2.0.5/schema.json",
 	"vcs": {
 		"enabled": true,
 		"clientKind": "git",
@@ -13,13 +13,23 @@
 		"indentStyle": "tab",
 		"lineWidth": 120
 	},
-	"organizeImports": {
-		"enabled": true
-	},
+	"assist": { "actions": { "source": { "organizeImports": "on" } } },
 	"linter": {
 		"enabled": true,
 		"rules": {
-			"recommended": true
+			"recommended": true,
+			"style": {
+				"noParameterAssign": "error",
+				"useAsConstAssertion": "error",
+				"useDefaultParameterLast": "error",
+				"useEnumInitializers": "error",
+				"useSelfClosingElements": "error",
+				"useSingleVarDeclarator": "error",
+				"noUnusedTemplateLiteral": "error",
+				"useNumberNamespace": "error",
+				"noInferrableTypes": "error",
+				"noUselessElse": "error"
+			}
 		}
 	},
 	"javascript": {

infra/input.tf

@@ -20,34 +20,31 @@ variable "domain" {
 
 variable "docker_relay" {
   description = "Docker image for moq-relay"
-  default     = "docker.io/kixelated/moq-relay:latest"
+  default     = "docker.io/kixelated/moq-relay:0.7.5"
 }
 
 variable "docker_hang" {
   description = "Docker image for hang"
-  default     = "docker.io/kixelated/hang:latest"
+  default     = "docker.io/kixelated/hang:0.1.7"
 }
 
-# A key generated using moq-token generate
-variable "demo_key" {
-  description = "demo key"
+# cargo run --bin moq-token -- --key root.jwk generate
+variable "root_key" {
+  description = "root key"
   sensitive   = true
 }
 
 # A token used to publish demo/bbb.hang
 # This is very manual/crude, but I don't want someone to hijack the broadcast.
+# cargo run --bin moq-token -- --key root.jwk sign --path "demo" --publish "" > demo.jwt
 variable "demo_token" {
   description = "demo token"
   sensitive   = true
 }
 
-variable "root_key" {
-  description = "root key"
-  sensitive   = true
-}
-
-variable "root_token" {
-  description = "root token"
+# cargo run --bin moq-token -- --key root.jwk sign --publish "" --publish-secondary --subscribe "" --subscribe-primary > cluster.jwt
+variable "cluster_token" {
+  description = "cluster token"
   sensitive   = true
 }
 
@@ -60,18 +57,18 @@ locals {
       machine = "t2d-standard-1",
       image   = "cos-cloud/cos-stable",
     },
-    #europe-west = { # Netherlands
-    #  region  = "europe-west4",
-    #  zone    = "europe-west4-b",
-    #  machine = "t2d-standard-1",
-    #  image   = "cos-cloud/cos-stable",
-    #},
-    #asia-southeast = { # Singapore
-    #  region  = "asia-southeast1",
-    #  zone    = "asia-southeast1-c",
-    #  machine = "t2d-standard-1",
-    #  image   = "cos-cloud/cos-stable",
-    #}
+    europe-west = { # Netherlands
+      region  = "europe-west4",
+      zone    = "europe-west4-b",
+      machine = "t2d-standard-1",
+      image   = "cos-cloud/cos-stable",
+    },
+    asia-southeast = { # Singapore
+      region  = "asia-southeast1",
+      zone    = "asia-southeast1-c",
+      machine = "t2d-standard-1",
+      image   = "cos-cloud/cos-stable",
+    },
   }
   pub = {
     region  = "us-central1"

infra/pub.yml.tpl

@@ -20,7 +20,7 @@ write_files:
         -e REGION=${region} \
         --entrypoint hang-bbb \
         ${docker_image} \
-        publish "https://relay.quic.video/demo/bbb.hang"
+        publish "https://relay.quic.video/${demo_token}.jwt"
 
       ExecStop=docker stop hang-bbb
 
@@ -51,4 +51,4 @@ write_files:
 runcmd:
   - systemctl daemon-reload
   - systemctl restart docker
-  - systemctl start hang-bbb moq-clock
+  - systemctl start hang-bbb

infra/relay.tf

@@ -47,12 +47,9 @@ resource "google_compute_instance" "relay" {
       cluster_node = "relay-${each.key}.${each.value.zone}.c.${var.project}.internal"
       cluster_root = "${local.root}.c.${var.project}.internal"
 
-      # The demo key, used to authenticate the demo broadcast
-      demo_key = var.demo_key
-
       # The root key and token, used to authenticate nodes
-      root_key   = var.root_key
-      root_token = var.root_token
+      root_key      = var.root_key
+      cluster_token = var.cluster_token
     })
   }
 

infra/relay.yml.tpl

@@ -37,13 +37,6 @@ write_files:
     permissions: "0644"
     owner: root
 
-  # Write the demo key to disk
-  - path: /etc/moq/demo.jwk
-    content: |
-      ${indent(6, demo_key)}
-    permissions: "0644"
-    owner: root
-
   # Write the root key to disk
   - path: /etc/moq/root.jwk
     content: |
@@ -52,9 +45,9 @@ write_files:
     owner: root
 
   # Write the root token to disk
-  - path: /etc/moq/root.jwt
+  - path: /etc/moq/cluster.jwt
     content: |
-      ${indent(6, root_token)}
+      ${indent(6, cluster_token)}
     permissions: "0644"
     owner: root
 
@@ -77,14 +70,14 @@ write_files:
       [cluster]
       connect = "${cluster_root}"
       advertise = "${cluster_node}"
-      token = "/etc/moq/root.jwk"
+      token = "/etc/moq/cluster.jwt"
 
       [auth]
       key = "/etc/moq/root.jwk"
 
       [auth.path]
-      demo = ""
       anon = ""
+      hang = ""
 
     permissions: "0644"
     owner: root

package.json

@@ -6,7 +6,7 @@
 	"scripts": {
 		"dev": "astro dev --open",
 		"build": "astro build --production",
-		"prod": "astro build --production && astro preview --production",
+		"prod": "astro build --production && astro preview --production --open",
 		"check": "biome ci && tsc --noEmit",
 		"fix": "biome check --write && pnpm audit fix"
 	},
@@ -15,7 +15,7 @@
 		"@astrojs/node": "9.2.2",
 		"@astrojs/solid-js": "5.1.0",
 		"@astrojs/tailwind": "6.0.2",
-		"@kixelated/hang": "^0.2.1",
+		"@kixelated/hang": "^0.2.5",
 		"@tailwindcss/forms": "^0.5.10",
 		"@tailwindcss/typography": "^0.5.16",
 		"astro": "^5.8.2",
@@ -27,6 +27,7 @@
 		"vite-plugin-wasm": "^3.4.1"
 	},
 	"devDependencies": {
+		"@biomejs/biome": "2.0.5",
 		"@types/node": "^22.15.29"
 	},
 	"packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977"