diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index 6335b06..8fe13c4 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -10,6 +10,9 @@ littlelink-m3tam3re = { file = ../../secrets/littlelink-m3tam3re.age; }; + restreamer-env = { + file = ../../secrets/restreamer-env.age; + }; searx = { file = ../../secrets/searx.age; }; diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix index 69620d4..2e820a8 100644 --- a/hosts/m3-atlas/services/containers/default.nix +++ b/hosts/m3-atlas/services/containers/default.nix @@ -3,6 +3,7 @@ ./baserow.nix ./ghost.nix ./littlelink.nix + ./restreamer.nix ]; system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' if ! /run/current-system/sw/bin/podman network exists web; then diff --git a/hosts/m3-atlas/services/containers/restreamer.nix b/hosts/m3-atlas/services/containers/restreamer.nix new file mode 100644 index 0000000..6947aeb --- /dev/null +++ b/hosts/m3-atlas/services/containers/restreamer.nix @@ -0,0 +1,26 @@ +{config, ...}: { + virtualisation.oci-containers.containers."restreamer" = { + image = "docker.io/datarhei/restreamer:latest"; + environmentFiles = [config.age.secrets.restreamer-env.path]; + ports = ["127.0.0.1:3006:8080" "1935:1935" "1936:1936"]; + volumes = ["restreamer_data:/restreamer/db"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.13" "--network=web"]; + }; + # Traefik configuration specific to baserow + services.traefik.dynamicConfigOptions.http = { + services.restreamer.loadBalancer.servers = [ + { + url = "http://localhost:3006/"; + } + ]; + + routers.restreamer = { + rule = "Host(`stream.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "restreamer"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-kratos/default.nix b/hosts/m3-kratos/default.nix index 53ff859..36a9237 100644 --- a/hosts/m3-kratos/default.nix +++ b/hosts/m3-kratos/default.nix @@ -48,10 +48,4 @@ podman.enable = true; virtualisation.enable = true; }; - services.ollama = { - environmentVariables = { - HCC_AMDGPU_TARGET = "gfx1100"; - }; - rocmOverrideGfx = "11.0.0"; - }; } diff --git a/secrets.nix b/secrets.nix index 6a228fb..21ecf33 100644 --- a/secrets.nix +++ b/secrets.nix @@ -23,6 +23,7 @@ in { "secrets/ghost-env.age".publicKeys = systems ++ users; "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users; + "secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users; "secrets/traefik.age".publicKeys = systems ++ users; diff --git a/secrets/restreamer-env.age b/secrets/restreamer-env.age new file mode 100644 index 0000000..804ed1d --- /dev/null +++ b/secrets/restreamer-env.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 4NLKrw rJfd8bz40XuJgInAxML9OuvJ+Pc3hIMpLyvmnHouDHs +++88yaJiOgOiyFtLaJhQ/AXJvQ/9ade5IFFDPN7R5RI +-> ssh-ed25519 5kwcsA dHznZFpnGrtLkt/y3gt7gmonZtyj8yHnxsRgGnB6D38 +pgcy6Gb8ou2AqJlxe157PnJpd0HdgTRHvsHjIUHwy80 +-> ssh-ed25519 9d4YIQ dXoON+BMGjlxAp5Ab85AYk6zqUebg5ZM/SqfMn+dMCs +ni4mQpfuPT1mwH5U2qV/Uy2HGQzFjdY09l18Q1wmtEg +-> ssh-ed25519 3Bcr1w FSohcVWdZOZc4Fb5Z3Swv+qohUlIxTRuIlWBt1YkokY +TbuBZxBecknCKBU1zpGmXhpbkgxeUrllyyUNZ6gWWqI +-> ssh-rsa DQlE7w +GWrqYdjxBDQzoIHw4AuGtov3zpWC1eu9Y1o+56pXNUJ1r4lq05KtKJ84dKSWrIkS +2OUZIsdeCZK1pFUiMXVZDj+9zYyd+RDiYimSYOvR58irFYi9U14Jtwn+8jWpl0WH +3R3n51+zrf0IHNSuUd8Dt9zq1dHS2ZozBb2kNo3TPAGzGhOl25osTUHDvDKxIg4X ++S4hieNrltwV/Hp1CCZgkByn64u143yNfBaPr1YOUCaFsRMoaWYdbKOw0Gm8ys73 +zK2Bdluh9yfUUBmZrOTzwdHBHJX4l7RR8fBK70CWRwxCP2bYa3XSDBhPtz6SHHKA +hRG+XCROGtLiJGjBqPPgUm9EEMruZSX+D4FpmofofKCvnVXUAXembCtchqIoCUFk +8hxdaYaRac/uB6M5KTkSxS/RAzAFUoCvAn4Vf3csqerxLpifLegtY4FL+ry3aDrx +9wWj9Heaep550sGMlAnL9MXbKloNvrKqWPbtWMm9t47CZ/mMDRzCwgWId++f2Hhc + +--- aa8rXiFLzWBOGqG0XMpcomb2/H6J9LRVA6744a9uOIQ +ii1n +=pxUVZMRkN +3"ox,T:q-lU6MHxICϹuKɵizE,mK8` \ No newline at end of file