diff options
| author | Alyssa Ross <hi@alyssa.is> | 2024-03-25 14:45:09 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2024-03-25 14:45:09 +0100 |
| commit | 7f96093aaae206600ed52619c0dd3db0b97d1c52 (patch) | |
| tree | 5a96ffb85ff2a8e59f7f8b9c5f2be9c846bf31e8 | |
| parent | 2f5ca5adaf4bc825128334f50c82db9963dd92d2 (diff) | |
| download | nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.tar nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.tar.gz nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.tar.bz2 nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.tar.lz nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.tar.xz nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.tar.zst nixlib-7f96093aaae206600ed52619c0dd3db0b97d1c52.zip | |
modules/owncast-integration: init
| -rw-r--r-- | modules/server/default.nix | 2 | ||||
| -rw-r--r-- | modules/server/owncast-integration/default.nix | 18 | ||||
| -rw-r--r-- | modules/server/owncast-integration/hook.cgi.sh | 41 |
3 files changed, 60 insertions, 1 deletions
diff --git a/modules/server/default.nix b/modules/server/default.nix index f59ea9662667..388d5b8da63c 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { - imports = [ ../nix ../ssh ../users ]; + imports = [ ../nix ./owncast-integration ../ssh ../users ]; security.sudo.wheelNeedsPassword = false; diff --git a/modules/server/owncast-integration/default.nix b/modules/server/owncast-integration/default.nix new file mode 100644 index 000000000000..5d931188a8cb --- /dev/null +++ b/modules/server/owncast-integration/default.nix @@ -0,0 +1,18 @@ +{ lib, pkgs, ... }: + +{ + services.nginx.virtualHosts.default.locations."= /owncast" = { + proxyPass = "http://unix:/run/cgiserver/owncast-integration.sock"; + }; + + systemd.sockets.owncast-integration = { + wantedBy = [ "sockets.target" ]; + socketConfig.ListenStream = "/run/cgiserver/owncast-integration.sock"; + }; + + systemd.services.owncast-integration = { + path = with pkgs; [ curl jq libressl.nc ]; + serviceConfig.ExecStart = "${lib.getExe pkgs.cgiserver} -r /owncast ${pkgs.bash}/bin/sh ${./hook.cgi.sh}"; + serviceConfig.LoadCredential = [ "owncast-inbound" "owncast-outbound" ]; + }; +} diff --git a/modules/server/owncast-integration/hook.cgi.sh b/modules/server/owncast-integration/hook.cgi.sh new file mode 100644 index 000000000000..a11891a384bc --- /dev/null +++ b/modules/server/owncast-integration/hook.cgi.sh @@ -0,0 +1,41 @@ +#!/bin/sh -e + +echo "Content-Type:text/plain" + +if [ "$REQUEST_METHOD" != POST ]; then + echo "Status:405 Method Not Allowed" + echo + exit +fi + +# case and printenv are used here to ensure there isn't a test +# subprocess with the secret visible in its argv. +case "$(printenv HTTP_AUTHORIZATION | sed -n 's/^basic //ip' | base64 -d)" in + "$(cat -- "$CREDENTIALS_DIRECTORY/owncast-inbound")") + ;; + *) + echo "Status:401 Unauthorized" + echo + exit + ;; +esac + +echo "Status:204 No Content" +echo + +if [ "$(jq -r .type)" = STREAM_STARTED ]; then + nc -N ::1 18770 <<EOF +📺 Development stream started on https://live.qyliss.net/! +EOF + + ( + sleep 3600 + ( + printf "Authorization: Bearer " + cat -- "$CREDENTIALS_DIRECTORY/owncast-outbound" + ) | curl -sSH @- \ + --json '{"body":"My work is mostly funded through individual donations. Please consider supporting development of Spectrum and related projects via https://github.com/sponsors/alyssais or https://liberapay.com/qyliss. Thank you!"}' \ + --fail-with-body \ + https://live.qyliss.net/api/integrations/chat/system + ) & +fi |