d1e88ef87a
If the file in not present, the preExec check for the config fails and disrupts the deploy. Before readding make sure the file will always be present!
51 lines
1.1 KiB
Nix
51 lines
1.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
security.acme.acceptTerms = true;
|
|
security.acme.email = "info+acme@hacc.space";
|
|
services.nginx.enable = true;
|
|
services.nginx.package = pkgs.nginx.override {
|
|
modules = [ pkgs.nginxModules.rtmp ];
|
|
};
|
|
|
|
# services.nginx.recommendedProxySettings = true;
|
|
|
|
services.nginx.virtualHosts = let
|
|
in {
|
|
# let all empty subdomains pointing to hainich return 404
|
|
"hainich.hacc.space" = {
|
|
default = true;
|
|
locations."/".return = "404";
|
|
};
|
|
"hacc.space" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".return = "301 https://hacc.earth";
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 1935 ];
|
|
services.nginx.appendConfig = ''
|
|
rtmp {
|
|
server {
|
|
listen 1935;
|
|
application cutiestream {
|
|
live on;
|
|
allow publish all;
|
|
allow play all;
|
|
}
|
|
application ingest {
|
|
live on;
|
|
|
|
record all;
|
|
record_path /data/ingest;
|
|
record_unique on;
|
|
|
|
# include /var/secrets/ingest.conf;
|
|
}
|
|
}
|
|
}
|
|
'';
|
|
|
|
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
|
|
}
|