]>
Commit | Line | Data |
---|---|---|
0eaac6ba IB |
1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | |
3 | peertube = pkgs.callPackage ./peertube.nix { | |
4 | inherit (mylibs) fetchedGithub; | |
5 | env = myconfig.env.tools.peertube; | |
6 | }; | |
7 | ||
8 | cfg = config.services.myWebsites.tools.peertube; | |
9 | in { | |
10 | options.services.myWebsites.tools.peertube = { | |
11 | enable = lib.mkEnableOption "enable Peertube's website"; | |
12 | }; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
15 | ids.uids.peertube = myconfig.env.tools.peertube.user.uid; | |
16 | ids.gids.peertube = myconfig.env.tools.peertube.user.gid; | |
17 | ||
18 | users.users.peertube = { | |
19 | name = "peertube"; | |
20 | uid = config.ids.uids.peertube; | |
21 | group = "peertube"; | |
22 | description = "Peertube user"; | |
fe6f1528 | 23 | home = peertube.varDir; |
0eaac6ba | 24 | useDefaultShell = true; |
43fe68fb | 25 | extraGroups = [ "keys" ]; |
0eaac6ba IB |
26 | }; |
27 | ||
28 | users.groups.peertube.gid = config.ids.gids.peertube; | |
29 | ||
30 | systemd.services.peertube = { | |
31 | description = "Peertube"; | |
32 | wantedBy = [ "multi-user.target" ]; | |
32c84ff8 IB |
33 | after = [ "network.target" "postgresql.service" ]; |
34 | wants = [ "postgresql.service" ]; | |
0eaac6ba IB |
35 | |
36 | environment.NODE_CONFIG_DIR = "${peertube.varDir}/config"; | |
37 | environment.NODE_ENV = "production"; | |
38 | environment.HOME = peertube.webappDir; | |
39 | ||
40 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | |
41 | ||
42 | script = '' | |
43 | exec npm run start | |
44 | ''; | |
45 | ||
46 | serviceConfig = { | |
47 | User = "peertube"; | |
48 | Group = "peertube"; | |
49 | WorkingDirectory = peertube.webappDir; | |
50 | PrivateTmp = true; | |
51 | ProtectHome = true; | |
52 | ProtectControlGroups = true; | |
53 | Restart = "always"; | |
54 | Type = "simple"; | |
55 | TimeoutSec = 60; | |
56 | }; | |
57 | ||
58 | unitConfig.RequiresMountsFor = peertube.varDir; | |
59 | }; | |
60 | ||
32c84ff8 IB |
61 | mySecrets.keys = [{ |
62 | dest = "webapps/tools-peertube"; | |
4a65e38b IB |
63 | user = "peertube"; |
64 | group = "peertube"; | |
43fe68fb | 65 | permissions = "0640"; |
4a65e38b | 66 | text = peertube.config; |
32c84ff8 | 67 | }]; |
4a65e38b | 68 | |
0eaac6ba IB |
69 | system.activationScripts.peertube = { |
70 | deps = [ "users" ]; | |
71 | text = '' | |
4a65e38b IB |
72 | install -m 0750 -o peertube -g peertube -d ${peertube.varDir} |
73 | install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config | |
32c84ff8 | 74 | ln -sf /var/secrets/webapps/tools-peertube ${peertube.varDir}/config/production.yaml |
0eaac6ba IB |
75 | ''; |
76 | }; | |
77 | ||
78 | services.myWebsites.tools.modules = [ | |
79 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | |
80 | ]; | |
81 | security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; | |
82 | services.myWebsites.tools.vhostConfs.peertube = { | |
83 | certName = "eldiron"; | |
84 | hosts = [ "peertube.immae.eu" ]; | |
85 | root = null; | |
86 | extraConfig = [ '' | |
87 | ProxyPass / http://localhost:${peertube.listenPort}/ | |
88 | ProxyPassReverse / http://localhost:${peertube.listenPort}/ | |
89 | ||
90 | ProxyPreserveHost On | |
91 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | |
92 | ||
93 | ProxyPass /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket | |
94 | ProxyPassReverse /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket | |
95 | ||
96 | ProxyPass /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io | |
97 | ProxyPassReverse /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io | |
98 | '' ]; | |
99 | }; | |
100 | }; | |
101 | } |