l tv: add ssl via streaming.lassul.us

This commit is contained in:
lassulus 2020-12-30 17:58:04 +01:00
parent 50a3903825
commit e8de3384c8
2 changed files with 125 additions and 4 deletions

View File

@ -44,6 +44,7 @@ in {
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {

View File

@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /tmp;
root /var/lib/rtmp/tmp;
add_header Cache-Control no-cache;
# CORS setup
@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
</html>
''};
}
location /records {
autoindex on;
root /var/lib/rtmp;
}
}
}
@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
live on;
hls on;
hls_path /tmp/hls;
hls_path /var/lib/rtmp/tmp/hls;
hls_fragment 1;
hls_playlist_length 10;
dash on;
dash_path /tmp/dash;
dash_path /var/lib/rtmp/tmp/dash;
}
}
}
'';
in {
services.nginx = {
enable = true;
virtualHosts."streaming.lassul.us" = {
enableACME = true;
addSSL = true;
locations."/hls".extraConfig = ''
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /var/lib/rtmp/tmp;
# Allow CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method != 'OPTIONS') {
add_header Cache-Control no-cache;
# CORS setup
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length';
}
'';
locations."/dash".extraConfig = ''
# Serve DASH fragments
types {
application/dash+xml mpd;
video/mp4 mp4;
}
root /var/lib/rtmp/tmp;
# Allow CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method != 'OPTIONS') {
add_header Cache-Control no-cache;
# CORS setup
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length';
}
'';
locations."= /dash.all.min.js".extraConfig = ''
default_type "text/javascript";
alias ${pkgs.fetchurl {
url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
}};
'';
locations."= /player".extraConfig = ''
default_type "text/html";
alias ${pkgs.writeText "player.html" ''
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>lassulus livestream</title>
</head>
<body>
<div>
<video id="player" controls></video>
</video>
</div>
<script src="/dash.all.min.js"></script>
<script>
(function(){
var url = "/dash/nixos.mpd";
var player = dashjs.MediaPlayer().create();
player.initialize(document.querySelector("#player"), url, true);
})();
</script>
</body>
</html>
''};
'';
locations."/records".extraConfig = ''
autoindex on;
root /var/lib/rtmp;
'';
};
};
fileSystems."/var/lib/rtmp/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "nosuid" "nodev" "noatime" ];
};
users.users.rtmp = {
home = "/var/lib/rmtp";
home = "/var/lib/rtmp";
uid = genid_uint31 "rtmp";
isNormalUser = true;
createHome = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
mic92.pubkey
palo.pubkey
];
};
systemd.services.nginx-rtmp = {
@ -149,6 +261,14 @@ in {
}}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
'';
serviceConfig = {
ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
mkdir -p /var/lib/rtmp/tmp/hls
mkdir -p /var/lib/rtmp/tmp/dash
chown rtmp:users /var/lib/rtmp/tmp/hls
chown rtmp:users /var/lib/rtmp/tmp/dash
chmod 755 /var/lib/rtmp/tmp/hls
chmod 755 /var/lib/rtmp/tmp/dash
'';
User = "rtmp";
};
};