]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | scfg = config.myServices.websites.syden.peertube; | |
4 | name = "peertube"; | |
5 | dataDir = "/var/lib/syden_peertube"; | |
6 | package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; }; | |
7 | env = config.myEnv.tools.syden_peertube; | |
8 | in | |
9 | { | |
10 | options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website"; | |
11 | ||
12 | config = lib.mkIf scfg.enable { | |
13 | services.duplyBackup.profiles.syden_peertube = { | |
14 | rootDir = dataDir; | |
15 | }; | |
16 | users.users.peertube = { | |
17 | uid = config.ids.uids.peertube; | |
18 | group = "peertube"; | |
19 | description = "Peertube user"; | |
20 | useDefaultShell = true; | |
21 | extraGroups = [ "keys" ]; | |
22 | }; | |
23 | users.groups.peertube.gid = config.ids.gids.peertube; | |
24 | ||
25 | secrets.keys = [{ | |
26 | dest = "websites/syden/peertube"; | |
27 | user = "peertube"; | |
28 | group = "peertube"; | |
29 | permissions = "0640"; | |
30 | text = '' | |
31 | listen: | |
32 | hostname: 'localhost' | |
33 | port: ${toString env.listenPort} | |
34 | webserver: | |
35 | https: true | |
36 | hostname: 'record-links.immae.eu' | |
37 | port: 443 | |
38 | database: | |
39 | hostname: '${env.postgresql.socket}' | |
40 | port: 5432 | |
41 | suffix: '_syden' | |
42 | username: '${env.postgresql.user}' | |
43 | password: '${env.postgresql.password}' | |
44 | pool: | |
45 | max: 5 | |
46 | redis: | |
47 | socket: '${env.redis.socket}' | |
48 | auth: null | |
49 | db: ${env.redis.db} | |
50 | smtp: | |
51 | transport: sendmail | |
52 | sendmail: '/run/wrappers/bin/sendmail' | |
53 | from_address: 'peertube@tools.immae.eu' | |
54 | storage: | |
55 | tmp: '${dataDir}/storage/tmp/' | |
56 | avatars: '${dataDir}/storage/avatars/' | |
57 | videos: '${dataDir}/storage/videos/' | |
58 | streaming_playlists: '${dataDir}/storage/streaming-playlists/' | |
59 | redundancy: '${dataDir}/storage/videos/' | |
60 | logs: '${dataDir}/storage/logs/' | |
61 | previews: '${dataDir}/storage/previews/' | |
62 | thumbnails: '${dataDir}/storage/thumbnails/' | |
63 | torrents: '${dataDir}/storage/torrents/' | |
64 | captions: '${dataDir}/storage/captions/' | |
65 | cache: '${dataDir}/storage/cache/' | |
66 | plugins: '${dataDir}/storage/plugins/' | |
67 | ''; | |
68 | }]; | |
69 | ||
70 | services.filesWatcher.syden_peertube = { | |
71 | restart = true; | |
72 | paths = [ config.secrets.fullPaths."websites/syden/peertube" ]; | |
73 | }; | |
74 | ||
75 | systemd.services.syden_peertube = { | |
76 | description = "Peertube"; | |
77 | wantedBy = [ "multi-user.target" ]; | |
78 | after = [ "network.target" "postgresql.service" ]; | |
79 | wants = [ "postgresql.service" ]; | |
80 | ||
81 | environment.NODE_CONFIG_DIR = "${dataDir}/config"; | |
82 | environment.NODE_ENV = "production"; | |
83 | environment.HOME = package; | |
84 | ||
85 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | |
86 | ||
87 | script = '' | |
88 | install -m 0750 -d ${dataDir}/config | |
89 | ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml | |
90 | ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml | |
91 | exec npm run start | |
92 | ''; | |
93 | ||
94 | serviceConfig = { | |
95 | User = "peertube"; | |
96 | Group = "peertube"; | |
97 | WorkingDirectory = package; | |
98 | StateDirectory = "syden_peertube"; | |
99 | StateDirectoryMode = 0750; | |
100 | PrivateTmp = true; | |
101 | ProtectHome = true; | |
102 | ProtectControlGroups = true; | |
103 | Restart = "always"; | |
104 | Type = "simple"; | |
105 | TimeoutSec = 60; | |
106 | }; | |
107 | ||
108 | unitConfig.RequiresMountsFor = dataDir; | |
109 | }; | |
110 | ||
111 | services.websites.env.production.vhostConfs.syden_peertube = { | |
112 | certName = "syden"; | |
113 | addToCerts = true; | |
114 | certMainHost = "record-links.immae.eu"; | |
115 | hosts = [ "record-links.immae.eu" ]; | |
116 | root = null; | |
117 | extraConfig = [ '' | |
118 | RewriteEngine On | |
119 | ||
120 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
121 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
122 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
123 | ||
124 | RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] | |
125 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
126 | ||
127 | ProxyPass / http://localhost:${toString env.listenPort}/ | |
128 | ProxyPassReverse / http://localhost:${toString env.listenPort}/ | |
129 | ||
130 | ProxyPreserveHost On | |
131 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | |
132 | '' ]; | |
133 | }; | |
134 | }; | |
135 | } |