{ config, lib, pkgs, ... }:

{
  systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
  services.nginx = {
    additionalModules = [ pkgs.nginxModules.rtmp ];

    appendConfig = ''
      rtmp {
        server {
          listen 1935;
          chunk_size 512;
          application live {
            live on;
            record off;
            hls on;
            hls_path /var/www/stream.vapor.systems/hls;
            # hls_fragment 3;
            # hls_playlist_length 60;
            dash on;
            dash_path /var/www/stream.vapor.systems/dash;
          }
        }
      }
    '';

    virtualHosts = {
      "stream.vapor.systems" = {
        forceSSL = true;
        useACMEHost = "vapor.systems";
        locations = {
          "/" = {
            root = ./static;
          };

          "/hls" = {
            extraConfig = ''
              types {
                application/vnd.apple.mpegurl m3u8;
                video/mp2t ts;
              }
              root /var/www/stream.vapor.systems/;
              add_header Cache-Control no-cache;
              add_header Access-Control-Allow-Origin *;
            '';
          };

          "/dash" = {
            extraConfig = ''
              root /var/www/stream.vapor.systems/;
              add_header Cache-Control no-cache;
              add_header Access-Control-Allow-Origin *;
            '';
          };
        };
      };
    };
  };

  security.acme.certs = {
    "vapor.systems" = {
      extraDomainNames = [ "*.vapor.systems" ];
    };
  };
}