Modularize nginx
This commit is contained in:
parent
9d322d435c
commit
e451e70b93
|
@ -15,6 +15,7 @@
|
|||
../../../modules/system/programs/security
|
||||
../../../modules/system/services/common
|
||||
../../../modules/system/services/server/acme
|
||||
../../../modules/system/services/server/webhost/nginx
|
||||
../../../modules/system/services/server/mailserver/simplenix
|
||||
|
||||
# Misc
|
||||
|
|
|
@ -9,9 +9,9 @@
|
|||
./minecraft
|
||||
./misc
|
||||
./mysql
|
||||
./nginx
|
||||
./social
|
||||
./transmission
|
||||
./vaultwarden
|
||||
./webhost
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = (pkgs.nginx.override {
|
||||
modules = with pkgs.nginxModules; [ rtmp ];
|
||||
});
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
# Landing page
|
||||
"${config.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "/var/www/Jimbo-Landing-Page";
|
||||
locations = {
|
||||
"/.well-known/matrix/client" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.${config.secrets.jimDomain}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://matrix.org"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://matrix.${config.secrets.jimDomain}"
|
||||
}
|
||||
}';
|
||||
'';
|
||||
};
|
||||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
appendConfig = ''
|
||||
rtmp {
|
||||
server {
|
||||
listen 1935;
|
||||
chunk_size 4096;
|
||||
allow publish all;
|
||||
application stream {
|
||||
record off;
|
||||
live on;
|
||||
allow play all;
|
||||
hls on;
|
||||
hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
|
||||
hls_fragment_naming system;
|
||||
hls_fragment 3;
|
||||
hls_playlist_length 40;
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
# Allow Nginx to read and write to paths
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
|
||||
};
|
||||
|
||||
# Open HTTP and HTTPs ports
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80 443
|
||||
];
|
||||
}
|
8
modules/system/services/server/webhost/default.nix
Normal file
8
modules/system/services/server/webhost/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./nginx
|
||||
./rtmp
|
||||
./virtualhosts
|
||||
];
|
||||
}
|
14
modules/system/services/server/webhost/nginx/default.nix
Normal file
14
modules/system/services/server/webhost/nginx/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80 443
|
||||
];
|
||||
}
|
27
modules/system/services/server/webhost/rtmp/default.nix
Normal file
27
modules/system/services/server/webhost/rtmp/default.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
package = (pkgs.nginx.override {
|
||||
modules = with pkgs.nginxModules; [ rtmp ];
|
||||
});
|
||||
appendConfig = ''
|
||||
rtmp {
|
||||
server {
|
||||
listen 1935;
|
||||
chunk_size 4096;
|
||||
allow publish all;
|
||||
application stream {
|
||||
record off;
|
||||
live on;
|
||||
allow play all;
|
||||
hls on;
|
||||
hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
|
||||
hls_fragment_naming system;
|
||||
hls_fragment 3;
|
||||
hls_playlist_length 40;
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./jimDomain
|
||||
];
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"${config.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "/var/www/Jimbo-Landing-Page";
|
||||
locations = {
|
||||
"/.well-known/matrix/client" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.${config.secrets.jimDomain}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://matrix.org"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://matrix.${config.secrets.jimDomain}"
|
||||
}
|
||||
}';
|
||||
'';
|
||||
};
|
||||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue