diff --git a/configuration/hosts/cdn/master/configuration.nix b/configuration/hosts/cdn/master/configuration.nix new file mode 100644 index 0000000..420ea5d --- /dev/null +++ b/configuration/hosts/cdn/master/configuration.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-config.nix + ../../../common + ../../../server/cdn-master.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" ]; + + networking.interfaces.ens3.useDHCP = true; + networking.hostName = "cdn-master"; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.03"; # Did you read the comment? +} diff --git a/configuration/hosts/cdn/master/hardware-config.nix b/configuration/hosts/cdn/master/hardware-config.nix new file mode 100644 index 0000000..4623238 --- /dev/null +++ b/configuration/hosts/cdn/master/hardware-config.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/14cc7936-f928-41e3-8f72-ee6bf18d6c19"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 1; +} + diff --git a/configuration/hosts/default.nix b/configuration/hosts/default.nix index c95bc6b..c92f47d 100644 --- a/configuration/hosts/default.nix +++ b/configuration/hosts/default.nix @@ -12,6 +12,10 @@ let ssh.host = "cdn-node-1.live.hacc.media"; groups = [ "server" "hacc" "live" "livecdn" "livecdn-node" ]; }; + "cdn/master" = { + ssh.host = "cdn-master.live.hacc.media"; + groups = [ "server" "hacc" "live" "livecdn" "livecdn-master" ]; + }; }; pkgs = import {}; evalConfig = import ; diff --git a/configuration/server/cdn-master.nix b/configuration/server/cdn-master.nix new file mode 100644 index 0000000..13c9327 --- /dev/null +++ b/configuration/server/cdn-master.nix @@ -0,0 +1,78 @@ +{config, lib, pkgs, ...}: + +let + host-server = "https://rosenbaum.lukas.studio"; +in { + networking.firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # HTTPs + ]; + + services.netdata = { + enable = true; + }; + + # Enable nginx service + services.nginx = { + enable = true; + # Use recommended settings + # Don't use recommendea Proxy settings because it does funky things with the setup + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."${config.networking.hostName}.live.hacc.media" = { + forceSSL = true; + enableACME = true; +# basicAuth = basicAuthLogin; + locations = { + "~* \\.(m3u8)$" = { + proxyPass = "${host-server}$request_uri"; + extraConfig = '' + #proxy_cache = off; + expires 2s; + auth_basic off; + ''; + }; + "/hls" = { + proxyPass = "${host-server}$request_uri"; + extraConfig = '' + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + proxy_cache hls; + proxy_ignore_headers Cache-Control; + proxy_cache_valid any 30m; + auth_basic off; + ''; + }; + "/stats" = { + return = "301 /stats/"; + }; + "~ /stats/(?.*)" = { + proxyPass = "http://127.0.0.1:19999/$ndpath$is_args$args"; + extraConfig = '' + proxy_redirect off; + proxy_set_header Host $host; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + + gzip on; + gzip_proxied any; + gzip_types *; + ''; + }; + }; + }; + appendHttpConfig = '' + proxy_cache_path /tmp keys_zone=hls:10m max_size=10g inactive=60m use_temp_path=on; + resolver 1.1.1.1; + ''; + }; +}