lukas
/
livestreaming-cdn-nixops
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
livestreaming-cdn-nixops/cdn.nix

298 lines
8.6 KiB
Nix
Raw Permalink Blame History

let
basicAuthLogin = { admin = "jkblufies"; };
cdn-node-setup = args@{ domain, config_file, ... }: {
deployment.targetHost = domain;
nixpkgs.localSystem.system = "x86_64-linux";
imports =
[
config_file
];
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
enable = true;
# Use recommended settings
# Don't use recommended Proxy settings because it does funky things with the setup
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "https://cdn-master.live.hacc.media$request_uri";
extraConfig = ''
#proxy_cache = off;
expires 3s;
auth_basic off;
'';
};
"/hls" = {
proxyPass = "https://cdn-master.live.hacc.media$request_uri";
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
};
appendHttpConfig = ''
proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
resolver 1.1.1.1;
'';
};
security.acme.certs = {
${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
};
security.acme.acceptTerms = true;
};
cdn-master-setup = args@{ domain, config_file, host-server, ... }: {
deployment.targetHost = domain;
nixpkgs.localSystem.system = "x86_64-linux";
imports =
[
config_file
];
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
enable = true;
# Use recommended settings
# Don't use recommendea Proxy settings because it does funky things with the setup
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
basicAuth = basicAuthLogin;
locations = {
"~* \\.(m3u8)$" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
#proxy_cache = off;
expires 2s;
auth_basic off;
'';
};
"/hls" = {
proxyPass = "${host-server}$request_uri";
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
proxy_cache hls;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 30m;
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
};
appendHttpConfig = ''
proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
resolver 1.1.1.1;
'';
};
security.acme.certs = {
${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
};
security.acme.acceptTerms = true;
};
cdn-loadbalancer-setup = args@{ domain, config_file, nodes, ... }: {
deployment.targetHost = domain;
nixpkgs.localSystem.system = "x86_64-linux";
imports =
[
config_file
];
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPs
];
services.netdata = {
enable = true;
};
# Enable nginx service
services.nginx = {
enable = true;
# Use recommended settings
# Don't use recommended Proxy settings because it does funky things with the setup
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts.${domain} = {
locations = {
"/" = {
return = "301 \"http://\$\{cdnhosts\}\$\{request_uri\}\"";
extraConfig = ''
auth_basic off;
'';
};
"/stats" = {
return = "301 /stats/";
};
"~ /stats/(?<ndpath>.*)" = {
proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args";
extraConfig = ''
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
gzip on;
gzip_proxied any;
gzip_types *;
'';
};
};
forceSSL = true;
enableACME = true;
};
appendHttpConfig = ''
split_clients "''\$''\{remote_addr''\}" $cdnhosts {
50% "cdn-node-1.live.hacc.media";
50% "cdn-node-2.live.hacc.media";
}
'';
};
security.acme.certs = {
${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
};
security.acme.acceptTerms = true;
};
in
{
network.description = "CDN for some stuff";
#network.enableRollback = true;
cdn-node-1 = cdn-node-setup {
domain="cdn-node-1.live.hacc.media";
config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-1.nix";
};
cdn-node-2 = cdn-node-setup {
domain="cdn-node-2.live.hacc.media";
config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-2.nix";
};
cdn-master = cdn-master-setup {
domain="cdn-master.live.hacc.media";
config_file="/Users/lukas/Documents/nixops/configuration-cdn-master.nix";
host-server = "https://rosenbaum.lukas.studio";
};
cdn-loadbalancer = cdn-loadbalancer-setup {
domain="cdn-loadbalancer.live.hacc.media";
config_file="/Users/lukas/Documents/nixops/configuration-cdn-loadbalancer.nix";
nodes= {
# implement automatic node setting
};
};
}
Reference in New Issue View Git Blame Copy Permalink