streaming-cdn/cdn.nix

let
cdn-node-setup = args@{ domain, config_file, ... }: {
    deployment.targetHost = domain;
    nixpkgs.localSystem.system = "x86_64-linux";
    imports =
    [
      config_file
    ];


    networking.firewall.allowedTCPPorts = [
      80 # HTTP
      443 # HTTPs
    ];

    # Enable nginx service
    services.nginx = {

      enable = true;
      # Use recommended settings
      # Don't use recommendes Proxy settings becuase it does funky things with the setup
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      virtualHosts.${domain} = {

              forceSSL = true;
              enableACME = true;
              locations = {
                "~* \\.(m3u8)$" = {
                  proxyPass = "https://cdn-master.lukas.studio$request_uri";

                  extraConfig = ''
                    #proxy_cache = off;
                    expires -1;
                    '';
                };
                "/hls" = {
                  proxyPass = "https://cdn-master.lukas.studio$request_uri";
                  extraConfig = ''
                    types {
                      application/vnd.apple.mpegurl m3u8;
                      video/mp2t ts;
                    }
                    proxy_cache hls;
                    proxy_ignore_headers Cache-Control;
                    proxy_cache_valid any 30m;
                    '';

                };

              };




        };
        appendHttpConfig = ''
          proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
          resolver 1.1.1.1;
          '';

      };
      security.acme.certs = {
        ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
        };
      security.acme.acceptTerms = true;
};

cdn-master-setup = args@{ domain, config_file, host-server, ... }: {
    deployment.targetHost = domain;
    nixpkgs.localSystem.system = "x86_64-linux";
    imports =
    [
      config_file
    ];


    networking.firewall.allowedTCPPorts = [
      80 # HTTP
      443 # HTTPs
    ];

    # Enable nginx service
    services.nginx = {

      enable = true;
      # Use recommended settings
      # Don't use recommendes Proxy settings becuase it does funky things with the setup
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      virtualHosts.${domain} = {

              forceSSL = true;
              enableACME = true;
              locations = {
                "~* \\.(m3u8)$" = {
                  proxyPass = "${host-server}$request_uri";

                  extraConfig = ''
                    #proxy_cache = off;
                    expires -1;
                    '';
                };
                "/hls" = {
                  proxyPass = "${host-server}$request_uri";
                  extraConfig = ''
                    types {
                      application/vnd.apple.mpegurl m3u8;
                      video/mp2t ts;
                    }
                    proxy_cache hls;
                    proxy_ignore_headers Cache-Control;
                    proxy_cache_valid any 30m;
                    '';

                };

              };
            };
            appendHttpConfig = ''
              proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on;
              resolver 1.1.1.1;
              '';

      };
      security.acme.certs = {
        ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
        };
      security.acme.acceptTerms = true;
};

cdn-loadbalancer-setup = args@{ domain, config_file, nodes, ... }: {
    deployment.targetHost = domain;
    nixpkgs.localSystem.system = "x86_64-linux";
    imports =
    [
      config_file
    ];


    networking.firewall.allowedTCPPorts = [
      80 # HTTP
      443 # HTTPs
    ];

    # Enable nginx service
    services.nginx = {

      enable = true;

      # Use recommended settings
      # Don't use recommendes Proxy settings becuase it does funky things with the setup
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      virtualHosts.${domain} = {
              locations = {
                "/" = {
                  return = "301 \"http://\$\{cdnhosts\}\$\{request_uri\}\"";
                };
              };
              forceSSL = true;
              enableACME = true;
            };
            appendHttpConfig = ''
              split_clients "''\$''\{remote_addr''\}" $cdnhosts {
              50% "cdn-node-1.lukas.studio";
              50% "cdn-node-2.lukas.studio";
              }
              '';
      };


      security.acme.certs = {
        ${domain}.email = "allesmoeglicheundvielmehr@hotmail.de";
        };
      security.acme.acceptTerms = true;
};


in
{
  network.description = "CDN for some stuff";
  #network.enableRollback = true;

  cdn-node-1 = cdn-node-setup {
    domain="cdn-node-1.lukas.studio";
    config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-1.nix";
  };
  cdn-node-2 = cdn-node-setup {
    domain="cdn-node-2.lukas.studio";
    config_file="/Users/lukas/Documents/nixops/configuration-cdn-node-2.nix";
  };
  cdn-master = cdn-master-setup {
    domain="cdn-master.lukas.studio";
    config_file="/Users/lukas/Documents/nixops/configuration-cdn-master.nix";
    host-server = "https://rosenbaum.lukas.studio";
  };
  cdn-loadbalancer = cdn-loadbalancer-setup {
    domain="cdn-loadbalancer.lukas.studio";
    config_file="/Users/lukas/Documents/nixops/configuration-cdn-loadbalancer.nix";
    nodes= {
    # implement automatic node setting
    };
  };

}