diff --git a/config/default.nix b/config/default.nix index 32f965f..585f5b5 100755 --- a/config/default.nix +++ b/config/default.nix @@ -21,6 +21,7 @@ "nextcloud" "nginx" "ollama" + "owncast" "peertube" "postgresql" "samba" diff --git a/config/instance.nix b/config/instance.nix index 7448653..09ab65f 100755 --- a/config/instance.nix +++ b/config/instance.nix @@ -9,6 +9,7 @@ let minecraftLabel = "Minecraft"; nextcloudLabel = "Nextcloud"; ollamaLabel = "Ollama"; + owncastLabel = "Owncast"; peertubeLabel = "PeerTube"; postgresLabel = "PostgreSQL"; sambaLabel = "Samba"; @@ -27,6 +28,7 @@ let minecraftName = "minecraft"; nextcloudName = "nextcloud"; ollamaName = "ollama"; + owncastName = "owncast"; peertubeName = "peertube"; postgresName = "postgres"; sambaName = "samba"; @@ -217,6 +219,28 @@ in { key = "${sslPath}/${ollamaName}.${domain0}/key.pem"; }; }; + owncast = let + owncastSubdomain = "stream"; + in { + label = owncastLabel; + name = owncastName; + sops = { + path0 = "${sops}/${owncastName}"; + }; + subdomain = owncastSubdomain; + paths = { + path0 = "${servicePath}/${owncastLabel}"; + path1 = "/mnt/media/storage/${owncastName}"; + }; + ports = { + port0 = 9454; + port1 = 1935; + }; + ssl = { + cert = "${sslPath}/${owncastSubdomain}.${domain1}/fullchain.pem"; + key = "${sslPath}/${owncastSubdomain}.${domain1}/key.pem"; + }; + }; peertube = { label = peertubeLabel; name = peertubeName; diff --git a/nixos/modules/services/acme.nix b/nixos/modules/services/acme.nix index 6c3f4d6..38138d4 100755 --- a/nixos/modules/services/acme.nix +++ b/nixos/modules/services/acme.nix @@ -15,7 +15,7 @@ instanceName = service: (instance.${service}.subdomain); - domain0ServiceNames = [ + domain0SubdomainNames = [ "nextcloud" "jellyfin" "minecraft" @@ -24,17 +24,18 @@ "vaultwarden" ]; - domain1ServiceNames = [ + domain1SubdomainNames = [ "nextcloud" "castopod" "forgejo" "matrix" + "owncast" "peertube" "writefreely" ]; - domain0Subdomains = map instanceName domain0ServiceNames; - domain1Subdomains = map instanceName domain1ServiceNames; + domain0Subdomains = map instanceName domain0SubdomainNames; + domain1Subdomains = map instanceName domain1SubdomainNames; domainRoot = [ domain.url0 diff --git a/nixos/modules/services/default.nix b/nixos/modules/services/default.nix index 96c1463..a2d3a87 100755 --- a/nixos/modules/services/default.nix +++ b/nixos/modules/services/default.nix @@ -11,6 +11,7 @@ ./ollama.nix ./peertube.nix ./postgresql.nix + ./owncast.nix ./samba.nix ./vaultwarden.nix diff --git a/nixos/modules/services/owncast.nix b/nixos/modules/services/owncast.nix new file mode 100644 index 0000000..0aad9c3 --- /dev/null +++ b/nixos/modules/services/owncast.nix @@ -0,0 +1,47 @@ +{flake, ...}: let + inherit (flake.config.people) user0; + inherit (flake.config.people.${user0}) domain; + inherit (flake.config.system.device) server wildcard; + inherit (flake.config.service.instance.owncast) paths ports subdomain ssl name; + localhost = wildcard.ip.address0; + host = "${subdomain}.${domain.url1}"; +in { + services = { + owncast = { + enable = true; + listen = localhost; + port = ports.port0; + openFirewall = true; + }; + caddy = { + virtualHosts = { + "${host}" = { + extraConfig = '' + reverse_proxy ${localhost}:${toString ports.port0} + + tls ${ssl.cert} ${ssl.key} + ''; + }; + }; + }; + }; + fileSystems."/var/lib/${name}" = { + device = paths.path0; + fsType = "none"; + options = ["bind"]; + depends = [server.storage0.mount]; + }; + + systemd.tmpfiles.rules = [ + "Z ${paths.path0} 755 ${name} ${name} -" + ]; + + networking = { + firewall = { + allowedTCPPorts = [ + ports.port0 + ports.port1 + ]; + }; + }; +}