diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix index e4eb3ce..6231b0d 100644 --- a/hosts/m3-atlas/services/containers/default.nix +++ b/hosts/m3-atlas/services/containers/default.nix @@ -3,8 +3,9 @@ ./baserow.nix ./ghost.nix ./littlelink.nix + ./matomo.nix ./n8n.nix - ./restreamer.nix + # ./restreamer.nix ./slash.nix ]; system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' diff --git a/hosts/m3-atlas/services/containers/matomo.nix b/hosts/m3-atlas/services/containers/matomo.nix new file mode 100644 index 0000000..4560cfc --- /dev/null +++ b/hosts/m3-atlas/services/containers/matomo.nix @@ -0,0 +1,33 @@ +{ + virtualisation.oci-containers.containers."matomo" = { + image = "docker.io/matomo:latest"; + ports = ["127.0.0.1:3011:80"]; + volumes = ["matomo_data:/var/www/html"]; + environment = { + MATOMO_DATABASE_HOST = "mysql"; + MATOMO_DATABASE_USERNAME = "matomo"; + MATOMO_DATABASE_PASSWORD = "matomo"; + MATOMO_DATABASE_DBNAME = "matomo"; + MYSQL_DATABASE = "matomo"; + PHP_MEMORY_LIMIT = "2048M"; + }; + extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.15" "--network=web"]; + }; + # Traefik configuration specific to ghost + services.traefik.dynamicConfigOptions.http = { + services.matomo.loadBalancer.servers = [ + { + url = "http://localhost:3011/"; + } + ]; + + routers.matomo = { + rule = "Host(`stats.nemoti.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "matomo"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-atlas/services/containers/restreamer.nix b/hosts/m3-atlas/services/containers/restreamer.nix index 6947aeb..83ffbf8 100644 --- a/hosts/m3-atlas/services/containers/restreamer.nix +++ b/hosts/m3-atlas/services/containers/restreamer.nix @@ -2,25 +2,87 @@ virtualisation.oci-containers.containers."restreamer" = { image = "docker.io/datarhei/restreamer:latest"; environmentFiles = [config.age.secrets.restreamer-env.path]; - ports = ["127.0.0.1:3006:8080" "1935:1935" "1936:1936"]; + # Modified ports to include RTMPS + ports = [ + "127.0.0.1:3006:8080" + "127.0.0.1:1935:1935" + "127.0.0.1:1945:1945" + ]; volumes = ["restreamer_data:/restreamer/db"]; extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.13" "--network=web"]; }; - # Traefik configuration specific to baserow - services.traefik.dynamicConfigOptions.http = { - services.restreamer.loadBalancer.servers = [ - { - url = "http://localhost:3006/"; - } - ]; - routers.restreamer = { - rule = "Host(`stream.m3tam3re.com`)"; - tls = { - certResolver = "godaddy"; + # Traefik configuration + services.traefik = { + # Add static configuration for entry points + staticConfigOptions = { + entryPoints = { + websecure = { + address = ":443"; + }; + rtmp = { + address = ":1935"; + }; + rtmps = { + address = ":1945"; + }; + }; + }; + + dynamicConfigOptions = { + http = { + services.restreamer.loadBalancer.servers = [ + { + url = "http://localhost:3006/"; + } + ]; + + routers.restreamer = { + rule = "Host(`stream.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "restreamer"; + entrypoints = ["websecure"]; + }; + }; + + tcp = { + services = { + rtmp-service.loadBalancer.servers = [ + { + address = "localhost:1935"; + } + ]; + rtmps-service.loadBalancer.servers = [ + { + address = "localhost:1945"; + } + ]; + }; + + routers = { + rtmp = { + rule = "HostSNI(`*`)"; # Changed to accept all SNI + service = "rtmp-service"; + entryPoints = ["rtmp"]; + }; + rtmps = { + rule = "HostSNI(`stream.m3tam3re.com`)"; + service = "rtmps-service"; + entryPoints = ["rtmps"]; + tls = { + certResolver = "godaddy"; + passthrough = false; + }; + }; + }; }; - service = "restreamer"; - entrypoints = "websecure"; }; }; + + # Firewall configuration + networking.firewall = { + allowedTCPPorts = [80 443 1935 1945]; + }; } diff --git a/hosts/m3-atlas/services/mysql.nix b/hosts/m3-atlas/services/mysql.nix index c2b605d..0bcd657 100644 --- a/hosts/m3-atlas/services/mysql.nix +++ b/hosts/m3-atlas/services/mysql.nix @@ -9,9 +9,6 @@ initialScript = pkgs.writeText "initial-script.sql" '' CREATE USER 'ghost'@'10.89.%' IDENTIFIED BY 'ghost'; GRANT ALL PRIVILEGES ON ghost.* TO 'ghost'@'10.89.%'; - - CREATE USER 'matomo'@'10.89.%' IDENTIFIED BY 'password'; - GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'10.89.%'; ''; }; services.mysqlBackup = { diff --git a/hosts/m3-atlas/services/traefik.nix b/hosts/m3-atlas/services/traefik.nix index e6a6604..a54df2a 100644 --- a/hosts/m3-atlas/services/traefik.nix +++ b/hosts/m3-atlas/services/traefik.nix @@ -26,6 +26,12 @@ scheme = "https"; }; }; + rtmp = { + address = ":1935"; + }; + rtmps = { + address = ":1945"; + }; websecure = {address = ":443";}; }; };