summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/green-host.nix19
-rw-r--r--lass/2configs/jitsi.nix21
-rw-r--r--lass/2configs/tv.nix128
3 files changed, 164 insertions, 4 deletions
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
new file mode 100644
index 000000000..1f17c78c8
--- /dev/null
+++ b/lass/2configs/green-host.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass/2configs/container-networking.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ ];
+ lass.sync-containers.containers.green = {
+ peers = [
+ "icarus"
+ "shodan"
+ "skynet"
+ "mors"
+ "littleT"
+ ];
+ hostIp = "10.233.2.15";
+ localIp = "10.233.2.16";
+ format = "ecryptfs";
+ };
+}
diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix
new file mode 100644
index 000000000..1435ccb5c
--- /dev/null
+++ b/lass/2configs/jitsi.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+{
+
+ services.jitsi-meet = {
+ enable = true;
+ hostName = "jitsi.lassul.us";
+ config = {
+ enableWelcomePage = true;
+ requireDisplayName = true;
+ };
+ interfaceConfig = {
+ SHOW_JITSI_WATERMARK = false;
+ SHOW_WATERMARK_FOR_GUESTS = false;
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 10000"; target = "ACCEPT"; }
+ ];
+}
diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix
index 8e208d5e5..0ca1b340f 100644
--- a/lass/2configs/tv.nix
+++ b/lass/2configs/tv.nix
@@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
- root /tmp;
+ root /var/lib/rtmp/tmp;
add_header Cache-Control no-cache;
# CORS setup
@@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
</html>
''};
}
+
+ location /records {
+ autoindex on;
+ root /var/lib/rtmp;
+ }
}
}
@@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
live on;
hls on;
- hls_path /tmp/hls;
+ hls_path /var/lib/rtmp/tmp/hls;
+ hls_fragment 1;
+ hls_playlist_length 10;
dash on;
- dash_path /tmp/dash;
+ dash_path /var/lib/rtmp/tmp/dash;
}
}
}
'';
in {
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."streaming.lassul.us" = {
+ enableACME = true;
+ addSSL = true;
+ locations."/hls".extraConfig = ''
+ # Serve HLS fragments
+ types {
+ application/vnd.apple.mpegurl m3u8;
+ video/mp2t ts;
+ }
+ root /var/lib/rtmp/tmp;
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+
+ if ($request_method != 'OPTIONS') {
+ add_header Cache-Control no-cache;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+ }
+ '';
+ locations."/dash".extraConfig = ''
+ # Serve DASH fragments
+ types {
+ application/dash+xml mpd;
+ video/mp4 mp4;
+ }
+ root /var/lib/rtmp/tmp;
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ if ($request_method != 'OPTIONS') {
+ add_header Cache-Control no-cache;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+ }
+ '';
+ locations."= /dash.all.min.js".extraConfig = ''
+ default_type "text/javascript";
+ alias ${pkgs.fetchurl {
+ url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
+ sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
+ }};
+ '';
+ locations."= /player".extraConfig = ''
+ default_type "text/html";
+ alias ${pkgs.writeText "player.html" ''
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>lassulus livestream</title>
+ </head>
+ <body>
+ <div>
+ <video id="player" controls></video>
+ </video>
+ </div>
+ <script src="/dash.all.min.js"></script>
+ <script>
+ (function(){
+ var url = "/dash/nixos.mpd";
+ var player = dashjs.MediaPlayer().create();
+ player.initialize(document.querySelector("#player"), url, true);
+ })();
+ </script>
+ </body>
+ </html>
+ ''};
+ '';
+ locations."/records".extraConfig = ''
+ autoindex on;
+ root /var/lib/rtmp;
+ '';
+ };
+ };
+
+ fileSystems."/var/lib/rtmp/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = [ "nosuid" "nodev" "noatime" ];
+ };
+
users.users.rtmp = {
- home = "/var/lib/rmtp";
+ home = "/var/lib/rtmp";
uid = genid_uint31 "rtmp";
isNormalUser = true;
createHome = true;
+ openssh.authorizedKeys.keys = with config.krebs.users; [
+ mic92.pubkey
+ palo.pubkey
+ ];
};
systemd.services.nginx-rtmp = {
@@ -149,6 +261,14 @@ in {
}}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
'';
serviceConfig = {
+ ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
+ mkdir -p /var/lib/rtmp/tmp/hls
+ mkdir -p /var/lib/rtmp/tmp/dash
+ chown rtmp:users /var/lib/rtmp/tmp/hls
+ chown rtmp:users /var/lib/rtmp/tmp/dash
+ chmod 755 /var/lib/rtmp/tmp/hls
+ chmod 755 /var/lib/rtmp/tmp/dash
+ '';
User = "rtmp";
};
};