]>
Commit | Line | Data |
---|---|---|
8a05c7fb IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | scfg = config.myServices.websites.syden.peertube; | |
4 | name = "peertube"; | |
5 | dataDir = "/var/lib/syden_peertube"; | |
6 | package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; }; | |
7 | env = config.myEnv.tools.syden_peertube; | |
8 | in | |
9 | { | |
10 | options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website"; | |
11 | ||
12 | config = lib.mkIf scfg.enable { | |
13 | services.duplyBackup.profiles.syden_peertube = { | |
14 | rootDir = dataDir; | |
5a61f6ad | 15 | remotes = ["eriomem" "ovh"]; |
8a05c7fb IB |
16 | }; |
17 | users.users.peertube = { | |
18 | uid = config.ids.uids.peertube; | |
19 | group = "peertube"; | |
20 | description = "Peertube user"; | |
21 | useDefaultShell = true; | |
22 | extraGroups = [ "keys" ]; | |
23 | }; | |
24 | users.groups.peertube.gid = config.ids.gids.peertube; | |
25 | ||
26 | secrets.keys = [{ | |
d3452fc5 | 27 | dest = "websites/syden/peertube"; |
8a05c7fb IB |
28 | user = "peertube"; |
29 | group = "peertube"; | |
30 | permissions = "0640"; | |
31 | text = '' | |
32 | listen: | |
33 | hostname: 'localhost' | |
34 | port: ${toString env.listenPort} | |
35 | webserver: | |
36 | https: true | |
a8c07ade | 37 | hostname: 'record-links.immae.eu' |
8a05c7fb IB |
38 | port: 443 |
39 | database: | |
40 | hostname: '${env.postgresql.socket}' | |
41 | port: 5432 | |
42 | suffix: '_syden' | |
43 | username: '${env.postgresql.user}' | |
44 | password: '${env.postgresql.password}' | |
45 | pool: | |
46 | max: 5 | |
47 | redis: | |
48 | socket: '${env.redis.socket}' | |
49 | auth: null | |
50 | db: ${env.redis.db} | |
51 | smtp: | |
52 | transport: sendmail | |
53 | sendmail: '/run/wrappers/bin/sendmail' | |
54 | from_address: 'peertube@tools.immae.eu' | |
55 | storage: | |
56 | tmp: '${dataDir}/storage/tmp/' | |
57 | avatars: '${dataDir}/storage/avatars/' | |
58 | videos: '${dataDir}/storage/videos/' | |
59 | streaming_playlists: '${dataDir}/storage/streaming-playlists/' | |
60 | redundancy: '${dataDir}/storage/videos/' | |
61 | logs: '${dataDir}/storage/logs/' | |
62 | previews: '${dataDir}/storage/previews/' | |
63 | thumbnails: '${dataDir}/storage/thumbnails/' | |
64 | torrents: '${dataDir}/storage/torrents/' | |
65 | captions: '${dataDir}/storage/captions/' | |
66 | cache: '${dataDir}/storage/cache/' | |
67 | plugins: '${dataDir}/storage/plugins/' | |
68 | ''; | |
69 | }]; | |
70 | ||
71 | services.filesWatcher.syden_peertube = { | |
72 | restart = true; | |
d3452fc5 | 73 | paths = [ config.secrets.fullPaths."websites/syden/peertube" ]; |
8a05c7fb IB |
74 | }; |
75 | ||
76 | systemd.services.syden_peertube = { | |
77 | description = "Peertube"; | |
78 | wantedBy = [ "multi-user.target" ]; | |
79 | after = [ "network.target" "postgresql.service" ]; | |
80 | wants = [ "postgresql.service" ]; | |
81 | ||
82 | environment.NODE_CONFIG_DIR = "${dataDir}/config"; | |
83 | environment.NODE_ENV = "production"; | |
84 | environment.HOME = package; | |
85 | ||
86 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | |
87 | ||
88 | script = '' | |
89 | install -m 0750 -d ${dataDir}/config | |
d3452fc5 | 90 | ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml |
8a05c7fb IB |
91 | ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml |
92 | exec npm run start | |
93 | ''; | |
94 | ||
95 | serviceConfig = { | |
96 | User = "peertube"; | |
97 | Group = "peertube"; | |
98 | WorkingDirectory = package; | |
99 | StateDirectory = "syden_peertube"; | |
100 | StateDirectoryMode = 0750; | |
101 | PrivateTmp = true; | |
102 | ProtectHome = true; | |
103 | ProtectControlGroups = true; | |
104 | Restart = "always"; | |
105 | Type = "simple"; | |
106 | TimeoutSec = 60; | |
107 | }; | |
108 | ||
109 | unitConfig.RequiresMountsFor = dataDir; | |
110 | }; | |
111 | ||
112 | services.websites.env.production.vhostConfs.syden_peertube = { | |
d3452fc5 IB |
113 | certName = "syden"; |
114 | addToCerts = true; | |
a8c07ade IB |
115 | certMainHost = "record-links.immae.eu"; |
116 | hosts = [ "record-links.immae.eu" ]; | |
d3452fc5 IB |
117 | root = null; |
118 | extraConfig = [ '' | |
8a05c7fb IB |
119 | RewriteEngine On |
120 | ||
121 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
122 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
123 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
124 | ||
125 | RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] | |
126 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
127 | ||
128 | ProxyPass / http://localhost:${toString env.listenPort}/ | |
129 | ProxyPassReverse / http://localhost:${toString env.listenPort}/ | |
130 | ||
131 | ProxyPreserveHost On | |
132 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | |
133 | '' ]; | |
134 | }; | |
135 | }; | |
136 | } |