From e5127d14d900e632dd8c6cc62b718dcdb043261f Mon Sep 17 00:00:00 2001
From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev>
Date: Sun, 16 May 2021 18:13:21 -0400
Subject: [PATCH] nginx rtmp livestreaming

---
 common/common.nix                |  1 +
 common/server/nginx-stream.nix   | 73 ++++++++++++++++++++++++++++++++
 common/server/nginx.nix          |  5 ++-
 machines/mitty/configuration.nix |  6 +++
 4 files changed, 83 insertions(+), 2 deletions(-)
 create mode 100644 common/server/nginx-stream.nix

diff --git a/common/common.nix b/common/common.nix
index 8c2851a..2dbf433 100644
--- a/common/common.nix
+++ b/common/common.nix
@@ -11,6 +11,7 @@
     ./server/thelounge.nix
     ./server/mumble.nix
     ./server/icecast.nix
+    ./server/nginx-stream.nix
     ./pc/de.nix
   ];
 
diff --git a/common/server/nginx-stream.nix b/common/server/nginx-stream.nix
new file mode 100644
index 0000000..a57e346
--- /dev/null
+++ b/common/server/nginx-stream.nix
@@ -0,0 +1,73 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.services.nginx.stream;
+  nginxWithRTMP = pkgs.nginx.override {
+    modules = [ pkgs.nginxModules.rtmp ];
+  };
+in {
+  options.services.nginx.stream = {
+    enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 1935;
+      description = "rtmp injest/serve port";
+    };
+    rtmpName = lib.mkOption {
+      type = lib.types.string;
+      default = "live";
+      description = "the name of the rtmp application";
+    };
+    hostname = lib.mkOption {
+      type = lib.types.string;
+      description = "the http host to serve hls";
+    };
+    httpLocation = lib.mkOption {
+      type = lib.types.string;
+      default = "/tmp/stream";
+      description = "the path of the tmp http files";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      services.nginx.enable = true;
+
+      package = nginxWithRTMP;
+
+      virtualHosts.${cfg.hostname} = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/stream".root = cfg.httpLocation;
+        extraConfig = ''
+          location /stat {
+            rtmp_stat all;
+          }
+        '';
+      };
+
+      appendConfig = ''
+        rtmp {
+          server {
+            listen 1935;
+            chunk_size 4096;
+            application ${cfg.rtmpName} {
+              allow publish 127.0.0.1;
+              deny publish all;
+              allow publish all;
+              live on;
+              record off;
+              hls on;
+              hls_path ${cfg.httpLocation}/hls;
+              dash on;
+              dash_path ${cfg.httpLocation}/dash;
+            }
+          }
+        }
+      '';
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      cfg.stream.port
+    ];
+  };
+}
\ No newline at end of file
diff --git a/common/server/nginx.nix b/common/server/nginx.nix
index a2ee97b..177f03d 100644
--- a/common/server/nginx.nix
+++ b/common/server/nginx.nix
@@ -1,7 +1,9 @@
 { lib, config, pkgs, ... }:
 
+let
+  cfg = config.services.nginx;
 {
-  config = lib.mkIf config.services.nginx.enable {
+  config = lib.mkIf cfg.enable {
     services.nginx = {
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
@@ -10,6 +12,5 @@
     };
 
     networking.firewall.allowedTCPPorts = [ 80 443 ];
-    networking.firewall.allowedUDPPorts = [ 80 443 ];
   };
 }
\ No newline at end of file
diff --git a/machines/mitty/configuration.nix b/machines/mitty/configuration.nix
index 3c5e273..f2c4944 100644
--- a/machines/mitty/configuration.nix
+++ b/machines/mitty/configuration.nix
@@ -33,6 +33,12 @@
     mount = "stream.mp3";
   };
 
+  services.nginx.stream =
+  {
+    enable = true;
+    hostname = "mitty.neet.dev";
+  }
+
   security.acme.acceptTerms = true;
   security.acme.email = "letsencrypt+5@tar.ninja";
 }