diff options
Diffstat (limited to 'infra/libkookie/configuration/server/nginx/default.nix')
| -rw-r--r-- | infra/libkookie/configuration/server/nginx/default.nix | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/infra/libkookie/configuration/server/nginx/default.nix b/infra/libkookie/configuration/server/nginx/default.nix new file mode 100644 index 000000000000..5c1e3c99cdf7 --- /dev/null +++ b/infra/libkookie/configuration/server/nginx/default.nix @@ -0,0 +1,68 @@ +{ config, pkgs, ... }: + +# TODO: split this into an RTMP module? +{ + services.nginx.enable = true; + services.nginx.package = pkgs.nginxMainline.override { + modules = [ pkgs.nginxModules.rtmp ]; + }; + + users.users.nginx.extraGroups = [ "tls" ]; + + networking.firewall.allowedTCPPorts = [ + 80 443 /* Regular HTTP(s) */ + + 11011 11012 /* alyssatv rtmp */ + ]; + + # services.nginx.logError = "stderr debug"; + services.nginx.appendHttpConfig = '' + map $remote_addr $remote_addr_anon { + ~(?P<ip>\d+\.\d+\.\d+)\. $ip.X; + ~(?P<ip>[^:]+:[^:]+): $ip::X; + default 0.0.0.0; + } + + log_format anonymous '$remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/access.log anonymous; + charset UTF-8; + + server { + listen 11012; + location /stat { + rtmp_stat all; + } + } + ''; + + services.nginx.appendConfig = '' + stream { + server { + listen 8400 ssl; + ssl_certificate /var/lib/acme/hyperion.kookie.space/fullchain.pem; + ssl_certificate_key /var/lib/acme/hyperion.kookie.space/key.pem; + proxy_pass 127.0.0.1:8412; + } + } + + rtmp { + server { + listen 11011; + application alyssa.tv { + live on; + record off; + allow publish 10.0.0.0/8; + deny publish all; + + record all; + record_path /var/lib/rtmp/alyssatv; + record_unique on; + record_max_size 300000000K; + } + } + } + ''; + +} |