From e8de3384c8a5b1f1838ceb4feaea3d18f3305799 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2020 17:58:04 +0100 Subject: l tv: add ssl via streaming.lassul.us --- krebs/3modules/lass/default.nix | 1 + lass/2configs/tv.nix | 128 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 125 insertions(+), 4 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3466ef8eb..fccfd472f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,6 +44,7 @@ in { matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix index 8e208d5e5..0ca1b340f 100644 --- a/lass/2configs/tv.nix +++ b/lass/2configs/tv.nix @@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" '' application/vnd.apple.mpegurl m3u8; video/mp2t ts; } - root /tmp; + root /var/lib/rtmp/tmp; add_header Cache-Control no-cache; # CORS setup @@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" '' ''}; } + + location /records { + autoindex on; + root /var/lib/rtmp; + } } } @@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" '' live on; hls on; - hls_path /tmp/hls; + hls_path /var/lib/rtmp/tmp/hls; + hls_fragment 1; + hls_playlist_length 10; dash on; - dash_path /tmp/dash; + dash_path /var/lib/rtmp/tmp/dash; } } } ''; in { + + services.nginx = { + enable = true; + virtualHosts."streaming.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/hls".extraConfig = '' + # Serve HLS fragments + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."/dash".extraConfig = '' + # Serve DASH fragments + types { + application/dash+xml mpd; + video/mp4 mp4; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."= /dash.all.min.js".extraConfig = '' + default_type "text/javascript"; + alias ${pkgs.fetchurl { + url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js"; + sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c"; + }}; + ''; + locations."= /player".extraConfig = '' + default_type "text/html"; + alias ${pkgs.writeText "player.html" '' + + + + + lassulus livestream + + +
+ + +
+ + + + + ''}; + ''; + locations."/records".extraConfig = '' + autoindex on; + root /var/lib/rtmp; + ''; + }; + }; + + fileSystems."/var/lib/rtmp/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + users.users.rtmp = { - home = "/var/lib/rmtp"; + home = "/var/lib/rtmp"; uid = genid_uint31 "rtmp"; isNormalUser = true; createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + mic92.pubkey + palo.pubkey + ]; }; systemd.services.nginx-rtmp = { @@ -149,6 +261,14 @@ in { }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp ''; serviceConfig = { + ExecStartPre = pkgs.writers.writeDash "setup-rtmp" '' + mkdir -p /var/lib/rtmp/tmp/hls + mkdir -p /var/lib/rtmp/tmp/dash + chown rtmp:users /var/lib/rtmp/tmp/hls + chown rtmp:users /var/lib/rtmp/tmp/dash + chmod 755 /var/lib/rtmp/tmp/hls + chmod 755 /var/lib/rtmp/tmp/dash + ''; User = "rtmp"; }; }; -- cgit v1.2.3