let cdn-node-setup = args@{ domain, config_file, ... }: { deployment.targetHost = domain; nixpkgs.localSystem.system = "x86_64-linux"; imports = [ config_file ]; networking.firewall.allowedTCPPorts = [ 80 # HTTP 443 # HTTPs ]; # Enable nginx service services.nginx = { enable = true; # Use recommended settings # Don't use recommendes Proxy settings becuase it does funky things with the setup recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts.${domain} = { forceSSL = true; enableACME = true; locations = { "~* \\.(m3u8)$" = { proxyPass = "https://cdn-master.lukas.studio$request_uri"; extraConfig = '' #proxy_cache = off; expires -1; ''; }; "/hls" = { proxyPass = "https://cdn-master.lukas.studio$request_uri"; extraConfig = '' types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; } proxy_cache hls; proxy_ignore_headers Cache-Control; proxy_cache_valid any 30m; ''; }; }; }; appendHttpConfig = '' proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; resolver 1.1.1.1; ''; }; security.acme.certs = { ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de"; }; security.acme.acceptTerms = true; }; cdn-master-setup = args@{ domain, config_file, host-server, ... }: { deployment.targetHost = domain; nixpkgs.localSystem.system = "x86_64-linux"; imports = [ config_file ]; networking.firewall.allowedTCPPorts = [ 80 # HTTP 443 # HTTPs ]; # Enable nginx service services.nginx = { enable = true; # Use recommended settings # Don't use recommendes Proxy settings becuase it does funky things with the setup recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts.${domain} = { forceSSL = true; enableACME = true; locations = { "~* \\.(m3u8)$" = { proxyPass = "${host-server}$request_uri"; extraConfig = '' #proxy_cache = off; expires -1; ''; }; "/hls" = { proxyPass = "${host-server}$request_uri"; extraConfig = '' types { application/vnd.apple.mpegurl m3u8; video/mp2t ts; } proxy_cache hls; proxy_ignore_headers Cache-Control; proxy_cache_valid any 30m; ''; }; }; }; appendHttpConfig = '' proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; resolver 1.1.1.1; ''; }; security.acme.certs = { ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de"; }; security.acme.acceptTerms = true; }; cdn-loadbalancer-setup = args@{ domain, config_file, nodes, ... }: { deployment.targetHost = domain; nixpkgs.localSystem.system = "x86_64-linux"; imports = [ config_file ]; networking.firewall.allowedTCPPorts = [ 80 # HTTP 443 # HTTPs ]; # Enable nginx service services.nginx = { enable = true; # Use recommended settings # Don't use recommendes Proxy settings becuase it does funky things with the setup recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; virtualHosts.${domain} = { locations = { "/" = { return = "301 \"http://\$\{cdnhosts\}\$\{request_uri\}\""; }; }; forceSSL = true; enableACME = true; }; appendHttpConfig = '' split_clients "''\$''\{remote_addr''\}" $cdnhosts { 50% "cdn-node-1.lukas.studio"; 50% "cdn-node-2.lukas.studio"; } ''; }; security.acme.certs = { ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de"; }; security.acme.acceptTerms = true; }; in { network.description = "CDN for some stuff"; #network.enableRollback = true; cdn-node-1 = cdn-node-setup { domain="cdn-node-1.lukas.studio"; config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-1.nix"; }; cdn-node-2 = cdn-node-setup { domain="cdn-node-2.lukas.studio"; config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-2.nix"; }; cdn-master = cdn-master-setup { domain="cdn-master.lukas.studio"; config_file="/Users/lukas/Documents/nixops/configuration-cdn-master.nix"; host-server = "https://rosenbaum.lukas.studio"; }; cdn-loadbalancer = cdn-loadbalancer-setup { domain="cdn-loadbalancer.lukas.studio"; config_file="/Users/lukas/Documents/nixops/configuration-cdn-loadbalancer.nix"; nodes= { # implement automatic node setting }; }; }