56 lines
1.3 KiB
Nix
56 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
security.acme.acceptTerms = true;
|
|
security.acme.email = "info+acme@hacc.space";
|
|
services.nginx.enable = true;
|
|
services.nginx.package = pkgs.nginx.override {
|
|
modules = [ pkgs.nginxModules.rtmp ];
|
|
};
|
|
|
|
# services.nginx.recommendedProxySettings = true;
|
|
|
|
services.nginx.virtualHosts = let
|
|
in {
|
|
# let all empty subdomains pointing to hainich return 404
|
|
"hainich.hacc.space" = {
|
|
default = true;
|
|
locations."/".return = "404";
|
|
};
|
|
"hacc.space" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".return = "301 https://hacc.earth";
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 1935 ];
|
|
services.nginx = {
|
|
appendHttpConfig = ''
|
|
add_header Permissions-Policy "interest-cohort=()";
|
|
'';
|
|
appendConfig = ''
|
|
rtmp {
|
|
server {
|
|
listen 1935;
|
|
application cutiestream {
|
|
live on;
|
|
allow publish all;
|
|
allow play all;
|
|
}
|
|
application ingest {
|
|
live on;
|
|
|
|
record all;
|
|
record_path /data/ingest;
|
|
record_unique on;
|
|
|
|
# include /var/secrets/ingest.conf;
|
|
}
|
|
}
|
|
}
|
|
'';
|
|
};
|
|
|
|
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
|
|
}
|