Modularize nginx

2024-10-22 21:08:23 -04:00 · 2024-10-22 21:08:23 -04:00 · e451e70b93
parent 9d322d435c
commit e451e70b93
8 changed files with 96 additions and 76 deletions
--- a/hosts/bomberman/system/default.nix
+++ b/hosts/bomberman/system/default.nix
@ -15,6 +15,7 @@
    ../../../modules/system/programs/security
    ../../../modules/system/services/common
    ../../../modules/system/services/server/acme
+    ../../../modules/system/services/server/webhost/nginx
    ../../../modules/system/services/server/mailserver/simplenix

    # Misc
--- a/modules/system/services/server/default.nix
+++ b/modules/system/services/server/default.nix
@ -9,9 +9,9 @@
    ./minecraft
    ./misc
    ./mysql
-    ./nginx
    ./social
    ./transmission
    ./vaultwarden
+    ./webhost
  ];
 }
--- a/modules/system/services/server/nginx/default.nix
+++ b/modules/system/services/server/nginx/default.nix
@ -1,75 +0,0 @@
-{ pkgs, config, ... }:
-{
-  services.nginx = {
-    enable = true;
-    package = (pkgs.nginx.override {
-      modules = with pkgs.nginxModules; [ rtmp ];
-    });
-    recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedProxySettings = true;
-    virtualHosts = {
-      # Landing page
-      "${config.secrets.jimDomain}" =  {
-        enableACME = true;
-        addSSL = true;
-        root = "/var/www/Jimbo-Landing-Page";
-        locations = {
-          "/.well-known/matrix/client" = {
-            extraConfig = ''
-              default_type application/json;
-              return 200 '
-              {
-                "m.homeserver": {
-                  "base_url": "https://matrix.${config.secrets.jimDomain}"
-                },
-                "m.identity_server": {
-                  "base_url": "https://matrix.org"
-                },
-                "org.matrix.msc3575.proxy": {
-                  "url": "https://matrix.${config.secrets.jimDomain}"
-                }
-              }';
-            '';
-          };
-          "/.well-known/matrix/server" = {
-            extraConfig = ''
-              default_type application/json;
-              return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}';
-            '';
-          };
-        };
-      };
-    };
-    appendConfig = ''
-      rtmp {
-        server {
-          listen 1935;
-          chunk_size 4096;
-          allow publish all;
-          application stream {
-            record off;
-            live on;
-            allow play all;
-            hls on;
-            hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
-            hls_fragment_naming system;
-            hls_fragment 3;
-            hls_playlist_length 40;
-          }
-        }
-      }
-    '';
-  };
-
-  # Allow Nginx to read and write to paths
-  systemd.services.nginx.serviceConfig = {
-    ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
-  };
-
-  # Open HTTP and HTTPs ports
-  networking.firewall.allowedTCPPorts = [
-    80 443
-  ];
-}
--- a/modules/system/services/server/webhost/default.nix
+++ b/modules/system/services/server/webhost/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./nginx
+    ./rtmp
+    ./virtualhosts
+  ];
+}
--- a/modules/system/services/server/webhost/nginx/default.nix
+++ b/modules/system/services/server/webhost/nginx/default.nix
@ -0,0 +1,14 @@
+{ pkgs, config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80 443
+  ];
+}
--- a/modules/system/services/server/webhost/rtmp/default.nix
+++ b/modules/system/services/server/webhost/rtmp/default.nix
@ -0,0 +1,27 @@
+{ pkgs, config, ... }:
+{
+  services.nginx = {
+    package = (pkgs.nginx.override {
+      modules = with pkgs.nginxModules; [ rtmp ];
+    });
+    appendConfig = ''
+      rtmp {
+        server {
+          listen 1935;
+          chunk_size 4096;
+          allow publish all;
+          application stream {
+            record off;
+            live on;
+            allow play all;
+            hls on;
+            hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
+            hls_fragment_naming system;
+            hls_fragment 3;
+            hls_playlist_length 40;
+          }
+        }
+      }
+    '';
+  };
+}
--- a/modules/system/services/server/webhost/virtualhosts/default.nix
+++ b/modules/system/services/server/webhost/virtualhosts/default.nix
@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [
+    ./jimDomain
+  ];
+}
--- a/modules/system/services/server/webhost/virtualhosts/jimDomain/default.nix
+++ b/modules/system/services/server/webhost/virtualhosts/jimDomain/default.nix
@ -0,0 +1,39 @@
+{ pkgs, config, ... }:
+{
+  services.nginx.virtualHosts = {
+    "${config.secrets.jimDomain}" =  {
+      enableACME = true;
+      addSSL = true;
+      root = "/var/www/Jimbo-Landing-Page";
+      locations = {
+        "/.well-known/matrix/client" = {
+          extraConfig = ''
+            default_type application/json;
+            return 200 '
+            {
+              "m.homeserver": {
+                "base_url": "https://matrix.${config.secrets.jimDomain}"
+              },
+              "m.identity_server": {
+                "base_url": "https://matrix.org"
+              },
+              "org.matrix.msc3575.proxy": {
+                "url": "https://matrix.${config.secrets.jimDomain}"
+              }
+            }';
+          '';
+        };
+        "/.well-known/matrix/server" = {
+          extraConfig = ''
+            default_type application/json;
+            return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}';
+          '';
+        };
+      };
+    };
+  };
+
+  systemd.services.nginx.serviceConfig = {
+    ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
+  };
+}