49 lines
1.5 KiB
Nix
49 lines
1.5 KiB
Nix
{ config, lib, pkgs, nodes, ... }:
|
|
{
|
|
services.nginx = {
|
|
virtualHosts."stream.${config.vars.primeDomain}" = {
|
|
enableACME = true;
|
|
addSSL = true;
|
|
|
|
root = "/var/www/rtmp";
|
|
|
|
locations."/".extraConfig = ''
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'Range, Origin, X-Requested-With, Content-Type, Accept' always;
|
|
add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range' always;
|
|
'';
|
|
};
|
|
|
|
additionalModules = with pkgs.nginxModules; [ rtmp ];
|
|
|
|
appendConfig = ''
|
|
rtmp {
|
|
server {
|
|
listen [::]:1935;
|
|
chunk_size 4096;
|
|
allow publish all;
|
|
|
|
application stream {
|
|
live on;
|
|
allow play all;
|
|
hls on;
|
|
hls_path /var/www/rtmp/;
|
|
hls_base_url https://stream.${config.vars.primeDomain}/;
|
|
hls_playlist_length 40;
|
|
}
|
|
}
|
|
}
|
|
'';
|
|
};
|
|
|
|
# NixOS sandboxes this path by default. Allow it to be unsandboxed
|
|
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/rtmp" ];
|
|
|
|
# Allow rtmp to select hosts
|
|
networking.firewall.extraInputRules = let
|
|
targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
|
|
in ''
|
|
ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 1935 accept
|
|
'';
|
|
}
|