2020-11-27 20:56:20 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
security.acme.email = "info+acme@hacc.space";
|
|
|
|
services.nginx.enable = true;
|
|
|
|
services.nginx.package = pkgs.nginx.override {
|
|
|
|
modules = [ pkgs.nginxModules.rtmp ];
|
|
|
|
};
|
2020-12-08 16:57:35 +00:00
|
|
|
|
2020-12-10 08:28:01 +00:00
|
|
|
# services.nginx.recommendedProxySettings = true;
|
2020-12-08 16:57:35 +00:00
|
|
|
|
|
|
|
services.nginx.virtualHosts = let
|
|
|
|
in {
|
2021-03-18 18:04:00 +00:00
|
|
|
# let all empty subdomains pointing to hainich return 404
|
2020-11-27 20:56:20 +00:00
|
|
|
"hainich.hacc.space" = {
|
2021-03-18 18:04:00 +00:00
|
|
|
default = true;
|
|
|
|
locations."/".return = "404";
|
2020-11-27 20:56:20 +00:00
|
|
|
};
|
2021-03-18 18:12:14 +00:00
|
|
|
"hacc.space" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".return = "301 https://hacc.earth";
|
|
|
|
};
|
2020-11-27 20:56:20 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 1935 ];
|
2021-04-15 08:05:56 +00:00
|
|
|
services.nginx = {
|
|
|
|
appendHttpConfig = ''
|
|
|
|
add_header Permissions-Policy "interest-cohort=()";
|
|
|
|
'';
|
|
|
|
appendConfig = ''
|
|
|
|
rtmp {
|
|
|
|
server {
|
|
|
|
listen 1935;
|
|
|
|
application cutiestream {
|
|
|
|
live on;
|
|
|
|
allow publish all;
|
|
|
|
allow play all;
|
|
|
|
}
|
|
|
|
application ingest {
|
|
|
|
live on;
|
|
|
|
|
|
|
|
record all;
|
|
|
|
record_path /data/ingest;
|
|
|
|
record_unique on;
|
|
|
|
|
|
|
|
# include /var/secrets/ingest.conf;
|
|
|
|
}
|
|
|
|
}
|
2020-11-27 20:56:20 +00:00
|
|
|
}
|
2021-04-15 08:05:56 +00:00
|
|
|
'';
|
|
|
|
};
|
2020-11-27 20:56:20 +00:00
|
|
|
|
|
|
|
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
|
|
|
|
}
|