]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | env = config.myEnv.tools.peertube; | |
4 | cfg = config.myServices.websites.tools.peertube; | |
5 | pcfg = config.services.peertube; | |
6 | in { | |
7 | options.myServices.websites.tools.peertube = { | |
8 | enable = lib.mkEnableOption "enable Peertube's website"; | |
9 | }; | |
10 | ||
11 | config = lib.mkIf cfg.enable { | |
12 | services.duplyBackup.profiles.peertube = { | |
13 | rootDir = pcfg.dataDir; | |
14 | }; | |
15 | services.peertube = { | |
16 | enable = true; | |
17 | configFile = "/var/secrets/webapps/tools-peertube"; | |
18 | package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; }; | |
19 | }; | |
20 | users.users.peertube.extraGroups = [ "keys" ]; | |
21 | ||
22 | secrets.keys = [{ | |
23 | dest = "webapps/tools-peertube"; | |
24 | user = "peertube"; | |
25 | group = "peertube"; | |
26 | permissions = "0640"; | |
27 | text = '' | |
28 | listen: | |
29 | hostname: 'localhost' | |
30 | port: ${toString config.myEnv.ports.peertube} | |
31 | webserver: | |
32 | https: true | |
33 | hostname: 'peertube.immae.eu' | |
34 | port: 443 | |
35 | rates_limit: | |
36 | api: | |
37 | # 50 attempts in 10 seconds | |
38 | window: 10 seconds | |
39 | max: 50 | |
40 | login: | |
41 | # 15 attempts in 5 min | |
42 | window: 5 minutes | |
43 | max: 15 | |
44 | signup: | |
45 | # 2 attempts in 5 min (only succeeded attempts are taken into account) | |
46 | window: 5 minutes | |
47 | max: 2 | |
48 | ask_send_email: | |
49 | # 3 attempts in 5 min | |
50 | window: 5 minutes | |
51 | max: 3 | |
52 | trust_proxy: | |
53 | - 'loopback' | |
54 | database: | |
55 | hostname: '${env.postgresql.socket}' | |
56 | port: 5432 | |
57 | suffix: '_prod' | |
58 | username: '${env.postgresql.user}' | |
59 | password: '${env.postgresql.password}' | |
60 | pool: | |
61 | max: 5 | |
62 | redis: | |
63 | socket: '${env.redis.socket}' | |
64 | auth: null | |
65 | db: ${env.redis.db} | |
66 | auth: | |
67 | local: | |
68 | enabled: true | |
69 | ldap: | |
70 | enabled: true | |
71 | ldap_only: false | |
72 | url: ldaps://${env.ldap.host}/${env.ldap.base} | |
73 | bind_dn: ${env.ldap.dn} | |
74 | bind_password: ${env.ldap.password} | |
75 | base: ${env.ldap.base} | |
76 | mail_entry: "mail" | |
77 | user_filter: "${env.ldap.filter}" | |
78 | smtp: | |
79 | transport: sendmail | |
80 | sendmail: '/run/wrappers/bin/sendmail' | |
81 | hostname: null | |
82 | port: 465 # If you use StartTLS: 587 | |
83 | username: null | |
84 | password: null | |
85 | tls: true # If you use StartTLS: false | |
86 | disable_starttls: false | |
87 | ca_file: null # Used for self signed certificates | |
88 | from_address: 'peertube@tools.immae.eu' | |
89 | email: | |
90 | body: | |
91 | signature: "PeerTube" | |
92 | subject: | |
93 | prefix: "[PeerTube]" | |
94 | storage: | |
95 | tmp: '${pcfg.dataDir}/storage/tmp/' | |
96 | avatars: '${pcfg.dataDir}/storage/avatars/' | |
97 | videos: '${pcfg.dataDir}/storage/videos/' | |
98 | streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/' | |
99 | redundancy: '${pcfg.dataDir}/storage/videos/' | |
100 | logs: '${pcfg.dataDir}/storage/logs/' | |
101 | previews: '${pcfg.dataDir}/storage/previews/' | |
102 | thumbnails: '${pcfg.dataDir}/storage/thumbnails/' | |
103 | torrents: '${pcfg.dataDir}/storage/torrents/' | |
104 | captions: '${pcfg.dataDir}/storage/captions/' | |
105 | cache: '${pcfg.dataDir}/storage/cache/' | |
106 | plugins: '${pcfg.dataDir}/storage/plugins/' | |
107 | log: | |
108 | level: 'info' | |
109 | rotation: | |
110 | enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate | |
111 | maxFileSize: 12MB | |
112 | maxFiles: 20 | |
113 | anonymizeIP: false | |
114 | search: | |
115 | remote_uri: | |
116 | users: true | |
117 | anonymous: false | |
118 | trending: | |
119 | videos: | |
120 | interval_days: 7 | |
121 | redundancy: | |
122 | videos: | |
123 | check_interval: '1 hour' # How often you want to check new videos to cache | |
124 | strategies: # Just uncomment strategies you want | |
125 | csp: | |
126 | enabled: false | |
127 | report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! | |
128 | report_uri: | |
129 | tracker: | |
130 | enabled: true | |
131 | private: true | |
132 | reject_too_many_announces: false | |
133 | history: | |
134 | videos: | |
135 | max_age: -1 | |
136 | views: | |
137 | videos: | |
138 | remote: | |
139 | max_age: -1 | |
140 | plugins: | |
141 | index: | |
142 | enabled: true | |
143 | check_latest_versions_interval: '12 hours' | |
144 | url: 'https://packages.joinpeertube.org' | |
145 | # Following are saved in local-production.json | |
146 | cache: | |
147 | previews: | |
148 | size: 500 # Max number of previews you want to cache | |
149 | captions: | |
150 | size: 500 # Max number of video captions/subtitles you want to cache | |
151 | admin: | |
152 | email: 'peertube@tools.immae.eu' | |
153 | contact_form: | |
154 | enabled: true | |
155 | signup: | |
156 | enabled: false | |
157 | limit: 10 | |
158 | requires_email_verification: false | |
159 | filters: | |
160 | cidr: | |
161 | whitelist: [] | |
162 | blacklist: [] | |
163 | user: | |
164 | video_quota: -1 | |
165 | video_quota_daily: -1 | |
166 | transcoding: | |
167 | enabled: false | |
168 | allow_additional_extensions: true | |
169 | allow_audio_files: true | |
170 | threads: 1 | |
171 | resolutions: | |
172 | 0p: false | |
173 | 240p: false | |
174 | 360p: false | |
175 | 480p: true | |
176 | 720p: true | |
177 | 1080p: true | |
178 | 2160p: false | |
179 | webtorrent: | |
180 | enabled: true | |
181 | hls: | |
182 | enabled: false | |
183 | import: | |
184 | videos: | |
185 | http: | |
186 | enabled: true | |
187 | torrent: | |
188 | enabled: false | |
189 | auto_blacklist: | |
190 | videos: | |
191 | of_users: | |
192 | enabled: false | |
193 | instance: | |
194 | name: 'Immae’s PeerTube' | |
195 | short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' | |
196 | description: ''' | |
197 | terms: ''' | |
198 | code_of_conduct: ''' | |
199 | moderation_information: ''' | |
200 | creation_reason: ''' | |
201 | administrator: ''' | |
202 | maintenance_lifetime: ''' | |
203 | business_model: ''' | |
204 | hardware_information: ''' | |
205 | languages: | |
206 | categories: | |
207 | default_client_route: '/videos/trending' | |
208 | is_nsfw: false | |
209 | default_nsfw_policy: 'do_not_list' | |
210 | customizations: | |
211 | javascript: ''' | |
212 | css: ''' | |
213 | robots: | | |
214 | User-agent: * | |
215 | Disallow: | |
216 | securitytxt: | |
217 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | |
218 | services: | |
219 | twitter: | |
220 | username: '@_immae' | |
221 | whitelisted: false | |
222 | followers: | |
223 | instance: | |
224 | enabled: true | |
225 | manual_approval: false | |
226 | followings: | |
227 | instance: | |
228 | auto_follow_back: | |
229 | enabled: false | |
230 | auto_follow_index: | |
231 | enabled: false | |
232 | index_url: 'https://instances.joinpeertube.org' | |
233 | theme: | |
234 | default: 'default' | |
235 | ''; | |
236 | }]; | |
237 | ||
238 | services.websites.env.tools.modules = [ | |
239 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | |
240 | ]; | |
241 | services.filesWatcher.peertube = { | |
242 | restart = true; | |
243 | paths = [ pcfg.configFile ]; | |
244 | }; | |
245 | ||
246 | services.websites.env.tools.vhostConfs.peertube = { | |
247 | certName = "eldiron"; | |
248 | addToCerts = true; | |
249 | hosts = [ "peertube.immae.eu" ]; | |
250 | root = null; | |
251 | extraConfig = [ '' | |
252 | RewriteEngine On | |
253 | ||
254 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
255 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
256 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
257 | ||
258 | RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] | |
259 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
260 | ||
261 | ProxyPass / http://localhost:${toString env.listenPort}/ | |
262 | ProxyPassReverse / http://localhost:${toString env.listenPort}/ | |
263 | ||
264 | ProxyPreserveHost On | |
265 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | |
266 | '' ]; | |
267 | }; | |
268 | }; | |
269 | } |