{pkgs, outputs, ...}: { services.nginx = { enable = true; package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; }); recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { # Landing page "${outputs.secrets.jimDomain}" = { enableACME = true; addSSL = true; root = "/var/www/Jimbo-Landing-Page"; locations = { "/.well-known/matrix/client" = { extraConfig = '' default_type application/json; return 200 ' { "m.homeserver": { "base_url": "https://matrix.${outputs.secrets.jimDomain}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { "url": "https://matrix.${outputs.secrets.jimDomain}" } }'; ''; }; "/.well-known/matrix/server" = { extraConfig = '' default_type application/json; return 200 '{"m.server": "matrix.${outputs.secrets.jimDomain}:443"}'; ''; }; }; }; }; appendConfig = '' rtmp { server { listen 1935; chunk_size 4096; allow publish all; application stream { record off; live on; allow play all; hls on; hls_path /var/www/Jimbo-Landing-Page/streams/hls/; hls_fragment_naming system; hls_fragment 3; hls_playlist_length 40; } } } ''; }; # Allow Nginx to read and write to paths systemd.services.nginx.serviceConfig = { ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; }; # Open HTTP and HTTPs ports networking.firewall = { allowedTCPPorts = [ 80 443 # Nginx ]; }; }