{pkgs, ...}: { services.nginx = let secrets = import ../modules/secrets.nix; in { enable = true; package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; }); recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { # Landing page "${secrets.jimDomain}" = { enableACME = true; addSSL = true; root = ./websites/Jimbo-Landing-Page; locations = { "/.well-known/matrix/client" = { extraConfig = '' default_type application/json; return 200 ' { "m.homeserver": { "base_url": "https://matrix.${secrets.jimDomain}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { "url": "https://matrix.${secrets.jimDomain}" } }'; ''; }; "/.well-known/matrix/server" = { extraConfig = '' default_type application/json; return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}'; ''; }; }; }; # Bluemap Proxy, TODO, move this into the nix-minecraft flake configs "bluemap.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:31010"; proxyWebsockets = true; }; }; }; appendConfig = '' rtmp { server { listen 1935; chunk_size 4096; allow publish all; application stream { record off; live on; allow play all; hls on; hls_path /var/www/jimweb/streams/hls; hls_fragment_naming system; hls_fragment 3; hls_playlist_length 40; } } } ''; }; # Allow Nginx to read and write to paths systemd.services.nginx.serviceConfig = { ReadWritePaths = [ "/var/www/jimweb/streams/hls/" ]; }; }