diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/go.nix | 63 | ||||
-rw-r--r-- | lass/2configs/green-host.nix | 19 | ||||
-rw-r--r-- | lass/2configs/jitsi.nix | 21 | ||||
-rw-r--r-- | lass/2configs/tv.nix | 128 |
4 files changed, 227 insertions, 4 deletions
diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index ecf89b298..7ff27a619 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -15,5 +15,68 @@ ]; }; }; + krebs.htgen.go = { + port = 3333; + script = ''. ${pkgs.writeDash "go" '' + find_item() { + if test ''${#1} -ge 7; then + set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ + -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" + if test -n "$1" && test $(echo "$1" | wc -l) = 1; then + echo "$1" + return 0 + fi + fi + return 1 + } + + STATEDIR=$HOME + mkdir -p "$STATEDIR/items" + + case "$Method $Request_URI" in + "GET /"*) + if item=$(find_item "''${Request_URI#/}"); then + uri=$(cat "$item") + printf 'HTTP/1.1 302 Found\r\n' + printf 'Content-Type: text/plain\r\n' + printf 'Connection: closed\r\n' + printf 'Location: %s\r\n' "$uri" + printf '\r\n' + exit + fi + ;; + "POST /") + uri=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap 'rm $uri >&2' EXIT + + head -c "$req_content_length" \ + | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \ + | head -1 \ + > $uri + sha256=$(sha256sum -b "$uri" | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") + item="$STATEDIR/items/$base32" + ref="http://$req_host/$base32" + + if ! test -e "$item"; then + mkdir -v -p "$STATEDIR/items" >&2 + cp -v $uri "$item" >&2 + fi + + base32short=$(echo "$base32" | cut -b-7) + if item=$(find_item "$base32short"); then + ref="http://$req_host/$base32short" + fi + + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: text/plain; charset=UTF-8\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + printf '%s\n' "$ref" + exit + ;; + esac + ''}''; + }; } diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 000000000..1f17c78c8 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + imports = [ + <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + lass.sync-containers.containers.green = { + peers = [ + "icarus" + "shodan" + "skynet" + "mors" + "littleT" + ]; + hostIp = "10.233.2.15"; + localIp = "10.233.2.16"; + format = "ecryptfs"; + }; +} diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix new file mode 100644 index 000000000..1435ccb5c --- /dev/null +++ b/lass/2configs/jitsi.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix index 8e208d5e5..0ca1b340f 100644 --- a/lass/2configs/tv.nix +++ b/lass/2configs/tv.nix @@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" '' application/vnd.apple.mpegurl m3u8; video/mp2t ts; } - root /tmp; + root /var/lib/rtmp/tmp; add_header Cache-Control no-cache; # CORS setup @@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" '' </html> ''}; } + + location /records { + autoindex on; + root /var/lib/rtmp; + } } } @@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" '' live on; hls on; - hls_path /tmp/hls; + hls_path /var/lib/rtmp/tmp/hls; + hls_fragment 1; + hls_playlist_length 10; dash on; - dash_path /tmp/dash; + dash_path /var/lib/rtmp/tmp/dash; } } } ''; in { + + services.nginx = { + enable = true; + virtualHosts."streaming.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/hls".extraConfig = '' + # Serve HLS fragments + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."/dash".extraConfig = '' + # Serve DASH fragments + types { + application/dash+xml mpd; + video/mp4 mp4; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."= /dash.all.min.js".extraConfig = '' + default_type "text/javascript"; + alias ${pkgs.fetchurl { + url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js"; + sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c"; + }}; + ''; + locations."= /player".extraConfig = '' + default_type "text/html"; + alias ${pkgs.writeText "player.html" '' + <!DOCTYPE html> + <html lang="en"> + <head> + <meta charset="utf-8"> + <title>lassulus livestream</title> + </head> + <body> + <div> + <video id="player" controls></video> + </video> + </div> + <script src="/dash.all.min.js"></script> + <script> + (function(){ + var url = "/dash/nixos.mpd"; + var player = dashjs.MediaPlayer().create(); + player.initialize(document.querySelector("#player"), url, true); + })(); + </script> + </body> + </html> + ''}; + ''; + locations."/records".extraConfig = '' + autoindex on; + root /var/lib/rtmp; + ''; + }; + }; + + fileSystems."/var/lib/rtmp/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + users.users.rtmp = { - home = "/var/lib/rmtp"; + home = "/var/lib/rtmp"; uid = genid_uint31 "rtmp"; isNormalUser = true; createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + mic92.pubkey + palo.pubkey + ]; }; systemd.services.nginx-rtmp = { @@ -149,6 +261,14 @@ in { }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp ''; serviceConfig = { + ExecStartPre = pkgs.writers.writeDash "setup-rtmp" '' + mkdir -p /var/lib/rtmp/tmp/hls + mkdir -p /var/lib/rtmp/tmp/dash + chown rtmp:users /var/lib/rtmp/tmp/hls + chown rtmp:users /var/lib/rtmp/tmp/dash + chmod 755 /var/lib/rtmp/tmp/hls + chmod 755 /var/lib/rtmp/tmp/dash + ''; User = "rtmp"; }; }; |