From 879481925b56a01fe4ca4b51005f0cfabff6a352 Mon Sep 17 00:00:00 2001
From: Myned <dev@bjork.tech>
Date: Sun, 2 Feb 2025 12:35:32 -0600
Subject: [PATCH] containers: add oryx

Signed-off-by: Myned <dev@bjork.tech>
---
 options/custom/containers/oryx.nix |  42 +++++++++++++++++++++++++++++
 profiles/server/default.nix        |   3 ++-
 secrets/secrets.nix                |   1 +
 secrets/server/oryx/.env           | Bin 0 -> 573 bytes
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 options/custom/containers/oryx.nix
 create mode 100644 secrets/server/oryx/.env

diff --git a/options/custom/containers/oryx.nix b/options/custom/containers/oryx.nix
new file mode 100644
index 0000000..1b793af
--- /dev/null
+++ b/options/custom/containers/oryx.nix
@@ -0,0 +1,42 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.custom.containers.oryx;
+in {
+  options.custom.containers.oryx.enable = mkOption {default = false;};
+
+  config = mkIf cfg.enable {
+    age.secrets = let
+      secret = filename: {
+        file = "${inputs.self}/secrets/${filename}";
+      };
+    in {
+      "${config.custom.profile}/oryx/.env" = secret "${config.custom.profile}/oryx/.env";
+    };
+
+    #?? arion-oryx pull
+    environment.shellAliases.arion-oryx = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.oryx.settings.out.dockerComposeYaml}";
+
+    virtualisation.arion.projects.oryx.settings.services = {
+      oryx.service = {
+        container_name = "oryx";
+        env_file = [config.age.secrets."${config.custom.profile}/oryx/.env".path];
+        image = "ossrs/oryx:5";
+
+        ports = [
+          "127.0.0.1:2022:2022" # HTTP
+          "1935:1935" # RTMP
+          "8000:8000/udp" # WebRTC
+          "10080:10080/udp" # SRT
+        ];
+
+        restart = "unless-stopped";
+        volumes = ["${config.custom.containers.directory}/oryx/data:/data"];
+      };
+    };
+  };
+}
diff --git a/profiles/server/default.nix b/profiles/server/default.nix
index 50a983e..2b57811 100644
--- a/profiles/server/default.nix
+++ b/profiles/server/default.nix
@@ -19,7 +19,8 @@
       mastodon.enable = true;
       netbox.enable = true;
       #// nextcloud.enable = true;
-      owncast.enable = true;
+      oryx.enable = true;
+      #// owncast.enable = true;
       #// redlib.enable = true;
       #// searxng.enable = true;
     };
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 04bfc7b..9d64ac3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -83,6 +83,7 @@ in {
   "server/netdata/parent.conf".publicKeys = server;
   "server/nextcloud/.env".publicKeys = server;
   "server/nextcloud/db.env".publicKeys = server;
+  "server/oryx/.env".publicKeys = server;
   "server/searxng/.env".publicKeys = server;
   "server/users/myned.pass".publicKeys = server;
   "server/users/root.pass".publicKeys = server;
diff --git a/secrets/server/oryx/.env b/secrets/server/oryx/.env
new file mode 100644
index 0000000000000000000000000000000000000000..8f07b558dd01b4800ccd270a690b684841c173c4
GIT binary patch
literal 573
zcmZ9_%WKnc007`kM5HK!I1gS7C?brsOV%c-2eHpIrLUxEx@<UY(>6`J{_=hm1>F>J
zP!RFpVN(=DJUCGid`(njJJc}`dQt?3Fz^8~C={9CecwOumBcDs1%l=(h9m>8tcgAg
z@xaF+U9ZE{3K|F?L5PT94T6STlfZL8U~0e}=3<QE)QVUg5LyOz6ek`nAS5Seutt)#
zWlzG+8v+n(qi789l4}MSKgzKZ86U&kah#8bD(Pa06PkE5wsq5MPFtoSKjIH$t&pbk
zVMd5(c6kaPOOT40cKJ{gLkg7y%SI|>O`vU$$;YK&QKnFJ+^6JpE)TGXXc`%=G{q!%
zhX_fM!6SCc0)?%cWMg$zgsccDpd2BJAgzsvbRcMgSe>Ixtw058iesj;z{qAZe$|yd
zWiI8)R>-G~vI?u(Xshm48)(oV%27w)l9ol$3?><x*`hr#3_~Q6%9~=05!ht78qe4U
z>M%(zghqHj6Smc$kK=83SQBwI?IEA^mtNoLzgb+ly|{;JudW|l#(Vq!d7JFO#v%DS
zUzWb*ey+hEx-)P0{gtNo-ni=9eev!(10A3r$i-X9^Ob9xr+)OPN8a9vUCod2UmMxO
zt(Wt!9*_Kf=DV~x8(nf%rY|QG$GWFGJJ+@uOlM(c;4^j3(LW7=+17IO{kyN`^Zt=9
pC+8+s=jDYf+lK}x2M0Pg{eQX-FWf&P-8(ul*?y{@-SJ}X`+pal+$#V8

literal 0
HcmV?d00001