l tv: add ssl via streaming.lassul.us

2020-12-30 17:58:04 +01:00 · 2020-12-30 17:58:04 +01:00 · e8de3384c8
commit e8de3384c8
parent 50a3903825
2 changed files with 125 additions and 4 deletions
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@ -44,6 +44,7 @@ in {
          matrix              60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
          paste               60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
          radio               60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+          streaming           60 IN A      ${config.krebs.hosts.prism.nets.internet.ip4.addr}
        '';
      };
      nets = rec {
--- a/lass/2configs/tv.nix
+++ b/lass/2configs/tv.nix
@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
          application/vnd.apple.mpegurl m3u8;
          video/mp2t ts;
        }
-        root /tmp;
+        root /var/lib/rtmp/tmp;
        add_header Cache-Control no-cache;

        # CORS setup
@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
          </html>
        ''};
      }
+
+      location /records {
+        autoindex on;
+        root /var/lib/rtmp;
+      }
    }
  }

@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" ''
        live on;

        hls on;
-        hls_path /tmp/hls;
+        hls_path /var/lib/rtmp/tmp/hls;
+        hls_fragment 1;
+        hls_playlist_length 10;

        dash on;
-        dash_path /tmp/dash;
+        dash_path /var/lib/rtmp/tmp/dash;
      }
    }
  }
 '';

 in {
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."streaming.lassul.us" = {
+      enableACME = true;
+      addSSL = true;
+      locations."/hls".extraConfig = ''
+        # Serve HLS fragments
+        types {
+          application/vnd.apple.mpegurl m3u8;
+          video/mp2t ts;
+        }
+        root /var/lib/rtmp/tmp;
+
+        # Allow CORS preflight requests
+        if ($request_method = 'OPTIONS') {
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Max-Age' 1728000;
+          add_header 'Content-Type' 'text/plain charset=UTF-8';
+          add_header 'Content-Length' 0;
+          return 204;
+        }
+
+        if ($request_method != 'OPTIONS') {
+          add_header Cache-Control no-cache;
+
+          # CORS setup
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Expose-Headers' 'Content-Length';
+        }
+      '';
+      locations."/dash".extraConfig = ''
+        # Serve DASH fragments
+        types {
+          application/dash+xml mpd;
+          video/mp4 mp4;
+        }
+        root /var/lib/rtmp/tmp;
+
+        # Allow CORS preflight requests
+        if ($request_method = 'OPTIONS') {
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Max-Age' 1728000;
+          add_header 'Content-Type' 'text/plain charset=UTF-8';
+          add_header 'Content-Length' 0;
+          return 204;
+        }
+        if ($request_method != 'OPTIONS') {
+          add_header Cache-Control no-cache;
+
+          # CORS setup
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Expose-Headers' 'Content-Length';
+        }
+      '';
+      locations."= /dash.all.min.js".extraConfig = ''
+        default_type "text/javascript";
+        alias ${pkgs.fetchurl {
+          url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js";
+          sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c";
+        }};
+      '';
+      locations."= /player".extraConfig = ''
+        default_type "text/html";
+        alias ${pkgs.writeText "player.html" ''
+          <!DOCTYPE html>
+          <html lang="en">
+            <head>
+              <meta charset="utf-8">
+              <title>lassulus livestream</title>
+            </head>
+            <body>
+              <div>
+                <video id="player" controls></video>
+                </video>
+              </div>
+              <script src="/dash.all.min.js"></script>
+              <script>
+                (function(){
+                  var url = "/dash/nixos.mpd";
+                  var player = dashjs.MediaPlayer().create();
+                  player.initialize(document.querySelector("#player"), url, true);
+                })();
+              </script>
+            </body>
+          </html>
+        ''};
+      '';
+      locations."/records".extraConfig = ''
+        autoindex on;
+        root /var/lib/rtmp;
+      '';
+    };
+  };
+
+  fileSystems."/var/lib/rtmp/tmp" = {
+    device = "tmpfs";
+    fsType = "tmpfs";
+    options = [ "nosuid" "nodev" "noatime" ];
+  };
+
  users.users.rtmp = {
-    home = "/var/lib/rmtp";
+    home = "/var/lib/rtmp";
    uid = genid_uint31 "rtmp";
    isNormalUser = true;
    createHome = true;
+    openssh.authorizedKeys.keys = with config.krebs.users; [
+      mic92.pubkey
+      palo.pubkey
+    ];
  };

  systemd.services.nginx-rtmp = {
@ -149,6 +261,14 @@ in {
      }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp
    '';
    serviceConfig = {
+      ExecStartPre = pkgs.writers.writeDash "setup-rtmp" ''
+        mkdir -p /var/lib/rtmp/tmp/hls
+        mkdir -p /var/lib/rtmp/tmp/dash
+        chown rtmp:users /var/lib/rtmp/tmp/hls
+        chown rtmp:users /var/lib/rtmp/tmp/dash
+        chmod 755 /var/lib/rtmp/tmp/hls
+        chmod 755 /var/lib/rtmp/tmp/dash
+      '';
      User = "rtmp";
    };
  };