]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | env = config.myEnv.tools.peertube; | |
4 | cfg = config.myServices.websites.tools.peertube; | |
5 | pcfg = config.services.peertube; | |
6 | in { | |
7 | options.myServices.websites.tools.peertube = { | |
8 | enable = lib.mkEnableOption "enable Peertube's website"; | |
9 | }; | |
10 | ||
11 | config = lib.mkIf cfg.enable { | |
12 | services.duplyBackup.profiles.peertube = { | |
13 | rootDir = pcfg.dataDir; | |
14 | }; | |
15 | services.peertube = { | |
16 | enable = true; | |
17 | configFile = "/var/secrets/webapps/tools-peertube"; | |
18 | package = pkgs.webapps.peertube.override { ldap = true; }; | |
19 | }; | |
20 | users.users.peertube.extraGroups = [ "keys" ]; | |
21 | ||
22 | secrets.keys = [{ | |
23 | dest = "webapps/tools-peertube"; | |
24 | user = "peertube"; | |
25 | group = "peertube"; | |
26 | permissions = "0640"; | |
27 | text = '' | |
28 | listen: | |
29 | hostname: 'localhost' | |
30 | port: ${toString config.myEnv.ports.peertube} | |
31 | webserver: | |
32 | https: true | |
33 | hostname: 'peertube.immae.eu' | |
34 | port: 443 | |
35 | trust_proxy: | |
36 | - 'loopback' | |
37 | database: | |
38 | hostname: '${env.postgresql.socket}' | |
39 | port: 5432 | |
40 | suffix: '_prod' | |
41 | username: '${env.postgresql.user}' | |
42 | password: '${env.postgresql.password}' | |
43 | pool: | |
44 | max: 5 | |
45 | redis: | |
46 | socket: '${env.redis.socket}' | |
47 | auth: null | |
48 | db: ${env.redis.db} | |
49 | ldap: | |
50 | enable: true | |
51 | ldap_only: false | |
52 | url: ldaps://${env.ldap.host}/${env.ldap.base} | |
53 | bind_dn: ${env.ldap.dn} | |
54 | bind_password: ${env.ldap.password} | |
55 | base: ${env.ldap.base} | |
56 | mail_entry: "mail" | |
57 | user_filter: "${env.ldap.filter}" | |
58 | smtp: | |
59 | transport: sendmail | |
60 | sendmail: '/run/wrappers/bin/sendmail' | |
61 | hostname: null | |
62 | port: 465 # If you use StartTLS: 587 | |
63 | username: null | |
64 | password: null | |
65 | tls: true # If you use StartTLS: false | |
66 | disable_starttls: false | |
67 | ca_file: null # Used for self signed certificates | |
68 | from_address: 'peertube@tools.immae.eu' | |
69 | storage: | |
70 | tmp: '${pcfg.dataDir}/storage/tmp/' | |
71 | avatars: '${pcfg.dataDir}/storage/avatars/' | |
72 | videos: '${pcfg.dataDir}/storage/videos/' | |
73 | redundancy: '${pcfg.dataDir}/storage/videos/' | |
74 | logs: '${pcfg.dataDir}/storage/logs/' | |
75 | previews: '${pcfg.dataDir}/storage/previews/' | |
76 | thumbnails: '${pcfg.dataDir}/storage/thumbnails/' | |
77 | torrents: '${pcfg.dataDir}/storage/torrents/' | |
78 | captions: '${pcfg.dataDir}/storage/captions/' | |
79 | cache: '${pcfg.dataDir}/storage/cache/' | |
80 | log: | |
81 | level: 'info' | |
82 | search: | |
83 | remote_uri: | |
84 | users: true | |
85 | anonymous: false | |
86 | trending: | |
87 | videos: | |
88 | interval_days: 7 | |
89 | redundancy: | |
90 | videos: | |
91 | check_interval: '1 hour' # How often you want to check new videos to cache | |
92 | strategies: # Just uncomment strategies you want | |
93 | # Following are saved in local-production.json | |
94 | cache: | |
95 | previews: | |
96 | size: 500 # Max number of previews you want to cache | |
97 | captions: | |
98 | size: 500 # Max number of video captions/subtitles you want to cache | |
99 | admin: | |
100 | email: 'peertube@tools.immae.eu' | |
101 | contact_form: | |
102 | enabled: true | |
103 | signup: | |
104 | enabled: false | |
105 | limit: 10 | |
106 | requires_email_verification: false | |
107 | filters: | |
108 | cidr: | |
109 | whitelist: [] | |
110 | blacklist: [] | |
111 | user: | |
112 | video_quota: -1 | |
113 | video_quota_daily: -1 | |
114 | transcoding: | |
115 | enabled: false | |
116 | allow_additional_extensions: true | |
117 | threads: 1 | |
118 | resolutions: | |
119 | 240p: false | |
120 | 360p: false | |
121 | 480p: true | |
122 | 720p: true | |
123 | 1080p: true | |
124 | hls: | |
125 | enabled: false | |
126 | import: | |
127 | videos: | |
128 | http: | |
129 | enabled: true | |
130 | torrent: | |
131 | enabled: false | |
132 | instance: | |
133 | name: 'Immae’s PeerTube' | |
134 | short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' | |
135 | description: ''' | |
136 | terms: ''' | |
137 | default_client_route: '/videos/trending' | |
138 | default_nsfw_policy: 'blur' | |
139 | customizations: | |
140 | javascript: ''' | |
141 | css: ''' | |
142 | robots: | | |
143 | User-agent: * | |
144 | Disallow: | |
145 | securitytxt: | |
146 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | |
147 | services: | |
148 | # You can provide a reporting endpoint for Content Security Policy violations | |
149 | csp-logger: | |
150 | twitter: | |
151 | username: '@_immae' | |
152 | whitelisted: false | |
153 | ''; | |
154 | }]; | |
155 | ||
156 | services.websites.env.tools.modules = [ | |
157 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | |
158 | ]; | |
159 | services.filesWatcher.peertube = { | |
160 | restart = true; | |
161 | paths = [ pcfg.configFile ]; | |
162 | }; | |
163 | ||
164 | services.websites.env.tools.vhostConfs.peertube = { | |
165 | certName = "eldiron"; | |
166 | addToCerts = true; | |
167 | hosts = [ "peertube.immae.eu" ]; | |
168 | root = null; | |
169 | extraConfig = [ '' | |
170 | RewriteEngine On | |
171 | ||
172 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
173 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
174 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
175 | ||
176 | RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] | |
177 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
178 | ||
179 | ProxyPass / http://localhost:${toString env.listenPort}/ | |
180 | ProxyPassReverse / http://localhost:${toString env.listenPort}/ | |
181 | ||
182 | ProxyPreserveHost On | |
183 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | |
184 | '' ]; | |
185 | }; | |
186 | }; | |
187 | } |