Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Modularize nginx

Browse source
This commit is contained in:
Jimbo 2024-10-22 21:08:23 -04:00
parent 9d322d435c
commit e451e70b93
8 changed files with 96 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/bomberman/system/default.nix
View file

@ -15,6 +15,7 @@
../../../modules/system/programs/security ../../../modules/system/programs/security
../../../modules/system/services/common ../../../modules/system/services/common
../../../modules/system/services/server/acme ../../../modules/system/services/server/acme
../../../modules/system/services/server/webhost/nginx
../../../modules/system/services/server/mailserver/simplenix ../../../modules/system/services/server/mailserver/simplenix
# Misc # Misc

2
modules/system/services/server/default.nix
View file

@ -9,9 +9,9 @@
./minecraft ./minecraft
./misc ./misc
./mysql ./mysql
./nginx
./social ./social
./transmission ./transmission
./vaultwarden ./vaultwarden
./webhost
]; ];
} }

75
modules/system/services/server/nginx/default.nix
View file

@ -1,75 +0,0 @@
{ pkgs, config, ... }:
{
services.nginx = {
enable = true;
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
# Landing page
"${config.secrets.jimDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/Jimbo-Landing-Page";
locations = {
"/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${config.secrets.jimDomain}"
},
"m.identity_server": {
"base_url": "https://matrix.org"
},
"org.matrix.msc3575.proxy": {
"url": "https://matrix.${config.secrets.jimDomain}"
}
}';
'';
};
"/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}';
'';
};
};
};
};
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
hls on;
hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
}
}
}
'';
};
# Allow Nginx to read and write to paths
systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
};
# Open HTTP and HTTPs ports
networking.firewall.allowedTCPPorts = [
80 443
];
}

8
modules/system/services/server/webhost/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./nginx
./rtmp
./virtualhosts
];
}

14
modules/system/services/server/webhost/nginx/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, config, ... }:
{
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [
80 443
];
}

27
modules/system/services/server/webhost/rtmp/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, config, ... }:
{
services.nginx = {
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
hls on;
hls_path /var/www/Jimbo-Landing-Page/streams/hls/;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
}
}
}
'';
};
}

6
modules/system/services/server/webhost/virtualhosts/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./jimDomain
];
}

39
modules/system/services/server/webhost/virtualhosts/jimDomain/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, config, ... }:
{
services.nginx.virtualHosts = {
"${config.secrets.jimDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/Jimbo-Landing-Page";
locations = {
"/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
return 200 '
{
"m.homeserver": {
"base_url": "https://matrix.${config.secrets.jimDomain}"
},
"m.identity_server": {
"base_url": "https://matrix.org"
},
"org.matrix.msc3575.proxy": {
"url": "https://matrix.${config.secrets.jimDomain}"
}
}';
'';
};
"/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 '{"m.server": "matrix.${config.secrets.jimDomain}:443"}';
'';
};
};
};
};
systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
};
}