haccfiles/configuration/hosts/hainich/services/nginx.nix
Matthias Stübinger a0042efc5a Added proxy to gitlab pages for rc3 cluster site
Signed-off-by: hexchen <hexchen@lilwit.ch>
2020-12-09 12:07:17 +00:00

61 lines
1.3 KiB
Nix

{ config, lib, pkgs, ... }:
{
security.acme.acceptTerms = true;
security.acme.email = "info+acme@hacc.space";
services.nginx.enable = true;
services.nginx.package = pkgs.nginx.override {
modules = [ pkgs.nginxModules.rtmp ];
};
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts = let
rc3clustersite = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "https://stuebinm.4future.dev/about-future-website/";
};
in {
"hainich.chaoswit.ch" = {
enableACME = true;
forceSSL = true;
};
"hainich.hacc.space" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
return = "404";
};
};
};
"freedom.rc3.io" = rc3clustersite;
"future.rc3.io" = rc3clustersite;
};
networking.firewall.allowedTCPPorts = [ 1935 ];
services.nginx.appendConfig = ''
rtmp {
server {
listen 1935;
application cutiestream {
live on;
allow publish all;
allow play all;
}
application ingest {
live on;
record all;
record_path /data/ingest;
record_unique on;
include /var/secrets/ingest.conf;
}
}
}
'';
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
}