diff --git a/hosts/bomberman/system/default.nix b/hosts/bomberman/system/default.nix index 47480b2..71bd351 100644 --- a/hosts/bomberman/system/default.nix +++ b/hosts/bomberman/system/default.nix @@ -15,6 +15,7 @@ ../../../modules/system/programs/security ../../../modules/system/services/common ../../../modules/system/services/server/acme + ../../../modules/system/services/server/webhost/nginx ../../../modules/system/services/server/mailserver/simplenix # Misc diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 8c79ef2..c5b5f71 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -9,9 +9,9 @@ ./minecraft ./misc ./mysql - ./nginx ./social ./transmission ./vaultwarden + ./webhost ]; } diff --git a/modules/system/services/server/nginx/default.nix b/modules/system/services/server/nginx/default.nix deleted file mode 100644 index 9238232..0000000 --- a/modules/system/services/server/nginx/default.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ pkgs, config, ... }: -{ - services.nginx = { - enable = true; - package = (pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; - }); - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - # Landing page - "${config.secrets.jimDomain}" = { - enableACME = true; - addSSL = true; - root = "/var/www/Jimbo-Landing-Page"; - locations = { - "/.well-known/matrix/client" = { - extraConfig = '' - default_type application/json; - return 200 ' - { - "m.homeserver": { - "base_url": "https://matrix.${config.secrets.jimDomain}" - }, - "m.identity_server": { - "base_url": "https://matrix.org" - }, - "org.matrix.msc3575.proxy": { - "url": "https://matrix.${config.secrets.jimDomain}" - } - }'; - ''; - }; - "/.well-known/matrix/server" = { - extraConfig = '' - default_type application/json; - return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}'; - ''; - }; - }; - }; - }; - appendConfig = '' - rtmp { - server { - listen 1935; - chunk_size 4096; - allow publish all; - application stream { - record off; - live on; - allow play all; - hls on; - hls_path /var/www/Jimbo-Landing-Page/streams/hls/; - hls_fragment_naming system; - hls_fragment 3; - hls_playlist_length 40; - } - } - } - ''; - }; - - # Allow Nginx to read and write to paths - systemd.services.nginx.serviceConfig = { - ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; - }; - - # Open HTTP and HTTPs ports - networking.firewall.allowedTCPPorts = [ - 80 443 - ]; -} diff --git a/modules/system/services/server/webhost/default.nix b/modules/system/services/server/webhost/default.nix new file mode 100644 index 0000000..a34929f --- /dev/null +++ b/modules/system/services/server/webhost/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./nginx + ./rtmp + ./virtualhosts + ]; +} diff --git a/modules/system/services/server/webhost/nginx/default.nix b/modules/system/services/server/webhost/nginx/default.nix new file mode 100644 index 0000000..a84c14d --- /dev/null +++ b/modules/system/services/server/webhost/nginx/default.nix @@ -0,0 +1,14 @@ +{ pkgs, config, ... }: +{ + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + }; + + networking.firewall.allowedTCPPorts = [ + 80 443 + ]; +} diff --git a/modules/system/services/server/webhost/rtmp/default.nix b/modules/system/services/server/webhost/rtmp/default.nix new file mode 100644 index 0000000..547b327 --- /dev/null +++ b/modules/system/services/server/webhost/rtmp/default.nix @@ -0,0 +1,27 @@ +{ pkgs, config, ... }: +{ + services.nginx = { + package = (pkgs.nginx.override { + modules = with pkgs.nginxModules; [ rtmp ]; + }); + appendConfig = '' + rtmp { + server { + listen 1935; + chunk_size 4096; + allow publish all; + application stream { + record off; + live on; + allow play all; + hls on; + hls_path /var/www/Jimbo-Landing-Page/streams/hls/; + hls_fragment_naming system; + hls_fragment 3; + hls_playlist_length 40; + } + } + } + ''; + }; +} diff --git a/modules/system/services/server/webhost/virtualhosts/default.nix b/modules/system/services/server/webhost/virtualhosts/default.nix new file mode 100644 index 0000000..33e6bd3 --- /dev/null +++ b/modules/system/services/server/webhost/virtualhosts/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ./jimDomain + ]; +} diff --git a/modules/system/services/server/webhost/virtualhosts/jimDomain/default.nix b/modules/system/services/server/webhost/virtualhosts/jimDomain/default.nix new file mode 100644 index 0000000..0d36d87 --- /dev/null +++ b/modules/system/services/server/webhost/virtualhosts/jimDomain/default.nix @@ -0,0 +1,39 @@ +{ pkgs, config, ... }: +{ + services.nginx.virtualHosts = { + "${config.secrets.jimDomain}" = { + enableACME = true; + addSSL = true; + root = "/var/www/Jimbo-Landing-Page"; + locations = { + "/.well-known/matrix/client" = { + extraConfig = '' + default_type application/json; + return 200 ' + { + "m.homeserver": { + "base_url": "https://matrix.${config.secrets.jimDomain}" + }, + "m.identity_server": { + "base_url": "https://matrix.org" + }, + "org.matrix.msc3575.proxy": { + "url": "https://matrix.${config.secrets.jimDomain}" + } + }'; + ''; + }; + "/.well-known/matrix/server" = { + extraConfig = '' + default_type application/json; + return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}'; + ''; + }; + }; + }; + }; + + systemd.services.nginx.serviceConfig = { + ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; + }; +}