summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/go.nix63
-rw-r--r--lass/2configs/green-host.nix19
-rw-r--r--lass/2configs/jitsi.nix21
-rw-r--r--lass/2configs/tv.nix128
4 files changed, 227 insertions, 4 deletions
diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
index ecf89b298..7ff27a619 100644
--- a/lass/2configs/go.nix
+++ b/lass/2configs/go.nix
@@ -15,5 +15,68 @@
];
};
};
+ krebs.htgen.go = {
+ port = 3333;
+ script = ''. ${pkgs.writeDash "go" ''
+ find_item() {
+ if test ''${#1} -ge 7; then
+ set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
+ -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
+ if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
+ echo "$1"
+ return 0
+ fi
+ fi
+ return 1
+ }
+
+ STATEDIR=$HOME
+ mkdir -p "$STATEDIR/items"
+
+ case "$Method $Request_URI" in
+ "GET /"*)
+ if item=$(find_item "''${Request_URI#/}"); then
+ uri=$(cat "$item")
+ printf 'HTTP/1.1 302 Found\r\n'
+ printf 'Content-Type: text/plain\r\n'
+ printf 'Connection: closed\r\n'
+ printf 'Location: %s\r\n' "$uri"
+ printf '\r\n'
+ exit
+ fi
+ ;;
+ "POST /")
+ uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
+ trap 'rm $uri >&2' EXIT
+
+ head -c "$req_content_length" \
+ | grep -Eo 'https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)' \
+ | head -1 \
+ > $uri
+ sha256=$(sha256sum -b "$uri" | cut -d\ -f1)
+ base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
+ item="$STATEDIR/items/$base32"
+ ref="http://$req_host/$base32"
+
+ if ! test -e "$item"; then
+ mkdir -v -p "$STATEDIR/items" >&2
+ cp -v $uri "$item" >&2
+ fi
+
+ base32short=$(echo "$base32" | cut -b-7)
+ if item=$(find_item "$base32short"); then
+ ref="http://$req_host/$base32short"
+ fi
+
+ printf 'HTTP/1.1 200 OK\r\n'
+ printf 'Content-Type: text/plain; charset=UTF-8\r\n'
+ printf 'Connection: close\r\n'
+ printf '\r\n'
+ printf '%s\n' "$ref"
+ exit
+ ;;
+ esac
+ ''}'';
+ };
}
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
new file mode 100644
index 000000000..1f17c78c8
--- /dev/null
+++ b/lass/2configs/green-host.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass/2configs/container-networking.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+ lass.sync-containers.containers.green = {
+ peers = [
+ "icarus"
+ "shodan"
+ "skynet"
+ "mors"
+ "littleT"
+ ];
+ hostIp = "10.233.2.15";
+ localIp = "10.233.2.16";
+ format = "ecryptfs";
+ };
+}
diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix
new file mode 100644
index 000000000..1435ccb5c
--- /dev/null
+++ b/lass/2configs/jitsi.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+{
+
+ services.jitsi-meet = {
+ enable = true;
+ hostName = "jitsi.lassul.us";
+ config = {
+ enableWelcomePage = true;
+ requireDisplayName = true;
+ };
+ interfaceConfig = {
+ SHOW_JITSI_WATERMARK = false;
+ SHOW_WATERMARK_FOR_GUESTS = false;
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix
index 8e208d5e5..0ca1b340f 100644
--- a/lass/2configs/tv.nix
+++ b/lass/2configs/tv.nix
@@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
- root /tmp;
+ root /var/lib/rtmp/tmp;
add_header Cache-Control no-cache;
# CORS setup
@@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
</html>
''};
}
+
+ location /records {
+ autoindex on;
+ root /var/lib/rtmp;
+ }
}
}
@@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
live on;
hls on;
- hls_path /tmp/hls;
+ hls_path /var/lib/rtmp/tmp/hls;
+ hls_fragment 1;
+ hls_playlist_length 10;
dash on;
- dash_path /tmp/dash;
+ dash_path /var/lib/rtmp/tmp/dash;
}
}
}
'';
in {
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."streaming.lassul.us" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/hls".extraConfig = ''
+ # Serve HLS fragments
+ types {
+ application/vnd.apple.mpegurl m3u8;
+ video/mp2t ts;
+ }
+ root /var/lib/rtmp/tmp;
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+
+ if ($request_method != 'OPTIONS') {
+ add_header Cache-Control no-cache;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+ }
+ '';
+ locations."/dash".extraConfig = ''
+ # Serve DASH fragments
+ types {
+ application/dash+xml mpd;
+ video/mp4 mp4;
+ }
+ root /var/lib/rtmp/tmp;
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ if ($request_method != 'OPTIONS') {
+ add_header Cache-Control no-cache;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+ }
+ '';
+ locations."= /dash.all.min.js".extraConfig = ''
+ default_type "text/javascript";
+ alias ${pkgs.fetchurl {
+ url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
+ sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
+ }};
+ '';
+ locations."= /player".extraConfig = ''
+ default_type "text/html";
+ alias ${pkgs.writeText "player.html" ''
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>lassulus livestream</title>
+ </head>
+ <body>
+ <div>
+ <video id="player" controls></video>
+ </video>
+ </div>
+ <script src="/dash.all.min.js"></script>
+ <script>
+ (function(){
+ var url = "/dash/nixos.mpd";
+ var player = dashjs.MediaPlayer().create();
+ player.initialize(document.querySelector("#player"), url, true);
+ })();
+ </script>
+ </body>
+ </html>
+ ''};
+ '';
+ locations."/records".extraConfig = ''
+ autoindex on;
+ root /var/lib/rtmp;
+ '';
+ };
+ };
+
+ fileSystems."/var/lib/rtmp/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = [ "nosuid" "nodev" "noatime" ];
+ };
+
users.users.rtmp = {
- home = "/var/lib/rmtp";
+ home = "/var/lib/rtmp";
uid = genid_uint31 "rtmp";
isNormalUser = true;
createHome = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ mic92.pubkey
+ palo.pubkey
+ ];
};
systemd.services.nginx-rtmp = {
@@ -149,6 +261,14 @@ in {
}}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
'';
serviceConfig = {
+ ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
+ mkdir -p /var/lib/rtmp/tmp/hls
+ mkdir -p /var/lib/rtmp/tmp/dash
+ chown rtmp:users /var/lib/rtmp/tmp/hls
+ chown rtmp:users /var/lib/rtmp/tmp/dash
+ chmod 755 /var/lib/rtmp/tmp/hls
+ chmod 755 /var/lib/rtmp/tmp/dash
+ '';
User = "rtmp";
};
};