{ config, lib, ... }:
{
  imports = [ ./nginx ];

  config = lib.mkIf config.services.owncast.enable {
    services.owncast = {
      port = 8060;
      rtmp-port = 1945;
    };
    networking.nftables.tables.owncast = {
      family = "inet";
      content = ''
        chain input {
	  type filter hook input priority filter; policy drop;
          ip saddr 10.0.0.0/8 tcp dport 1945 accept comment "Accept RTMP"
        }
      '';
    };
    environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
  };
}