forked from hacc/haccfiles
61 lines
1.3 KiB
Nix
61 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
security.acme.acceptTerms = true;
|
|
security.acme.email = "info+acme@hacc.space";
|
|
services.nginx.enable = true;
|
|
services.nginx.package = pkgs.nginx.override {
|
|
modules = [ pkgs.nginxModules.rtmp ];
|
|
};
|
|
|
|
# services.nginx.recommendedProxySettings = true;
|
|
|
|
services.nginx.virtualHosts = let
|
|
rc3clustersite = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "https://stuebinm.4future.dev/about-future-website/";
|
|
};
|
|
in {
|
|
"hainich.chaoswit.ch" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
"hainich.hacc.space" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/" = {
|
|
return = "404";
|
|
};
|
|
};
|
|
};
|
|
"freedom.rc3.io" = rc3clustersite;
|
|
"future.rc3.io" = rc3clustersite;
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 1935 ];
|
|
services.nginx.appendConfig = ''
|
|
rtmp {
|
|
server {
|
|
listen 1935;
|
|
application cutiestream {
|
|
live on;
|
|
allow publish all;
|
|
allow play all;
|
|
}
|
|
application ingest {
|
|
live on;
|
|
|
|
record all;
|
|
record_path /data/ingest;
|
|
record_unique on;
|
|
|
|
include /var/secrets/ingest.conf;
|
|
}
|
|
}
|
|
}
|
|
'';
|
|
|
|
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
|
|
}
|