summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2020-12-30 17:58:04 +0100
committerlassulus <lassulus@lassul.us>2020-12-30 17:58:04 +0100
commite8de3384c8a5b1f1838ceb4feaea3d18f3305799 (patch)
treec6c9f1e8bb4eb01c3ec5ee9dbdcb206dbd5c4b2f
parent50a3903825c8932b87b3fb6be77245688be76534 (diff)
l tv: add ssl via streaming.lassul.us
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--lass/2configs/tv.nix128
2 files changed, 125 insertions, 4 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 3466ef8eb..fccfd472f 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -44,6 +44,7 @@ in {
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix
index 8e208d5e5..0ca1b340f 100644
--- a/lass/2configs/tv.nix
+++ b/lass/2configs/tv.nix
@@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
- root /tmp;
+ root /var/lib/rtmp/tmp;
add_header Cache-Control no-cache;
# CORS setup
@@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
</html>
''};
}
+
+ location /records {
+ autoindex on;
+ root /var/lib/rtmp;
+ }
}
}
@@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
live on;
hls on;
- hls_path /tmp/hls;
+ hls_path /var/lib/rtmp/tmp/hls;
+ hls_fragment 1;
+ hls_playlist_length 10;
dash on;
- dash_path /tmp/dash;
+ dash_path /var/lib/rtmp/tmp/dash;
}
}
}
'';
in {
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."streaming.lassul.us" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/hls".extraConfig = ''
+ # Serve HLS fragments
+ types {
+ application/vnd.apple.mpegurl m3u8;
+ video/mp2t ts;
+ }
+ root /var/lib/rtmp/tmp;
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+
+ if ($request_method != 'OPTIONS') {
+ add_header Cache-Control no-cache;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+ }
+ '';
+ locations."/dash".extraConfig = ''
+ # Serve DASH fragments
+ types {
+ application/dash+xml mpd;
+ video/mp4 mp4;
+ }
+ root /var/lib/rtmp/tmp;
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ if ($request_method != 'OPTIONS') {
+ add_header Cache-Control no-cache;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+ }
+ '';
+ locations."= /dash.all.min.js".extraConfig = ''
+ default_type "text/javascript";
+ alias ${pkgs.fetchurl {
+ url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
+ sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
+ }};
+ '';
+ locations."= /player".extraConfig = ''
+ default_type "text/html";
+ alias ${pkgs.writeText "player.html" ''
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>lassulus livestream</title>
+ </head>
+ <body>
+ <div>
+ <video id="player" controls></video>
+ </video>
+ </div>
+ <script src="/dash.all.min.js"></script>
+ <script>
+ (function(){
+ var url = "/dash/nixos.mpd";
+ var player = dashjs.MediaPlayer().create();
+ player.initialize(document.querySelector("#player"), url, true);
+ })();
+ </script>
+ </body>
+ </html>
+ ''};
+ '';
+ locations."/records".extraConfig = ''
+ autoindex on;
+ root /var/lib/rtmp;
+ '';
+ };
+ };
+
+ fileSystems."/var/lib/rtmp/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = [ "nosuid" "nodev" "noatime" ];
+ };
+
users.users.rtmp = {
- home = "/var/lib/rmtp";
+ home = "/var/lib/rtmp";
uid = genid_uint31 "rtmp";
isNormalUser = true;
createHome = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ mic92.pubkey
+ palo.pubkey
+ ];
};
systemd.services.nginx-rtmp = {
@@ -149,6 +261,14 @@ in {
}}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
'';
serviceConfig = {
+ ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
+ mkdir -p /var/lib/rtmp/tmp/hls
+ mkdir -p /var/lib/rtmp/tmp/dash
+ chown rtmp:users /var/lib/rtmp/tmp/hls
+ chown rtmp:users /var/lib/rtmp/tmp/dash
+ chmod 755 /var/lib/rtmp/tmp/hls
+ chmod 755 /var/lib/rtmp/tmp/dash
+ '';
User = "rtmp";
};
};