modules/private/websites/tools/peertube/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   env = config.myEnv.tools.peertube;
   4   cfg = config.myServices.websites.tools.peertube;
   5   pcfg = config.immaeServices.peertube;
   6 in {
   7   options.myServices.websites.tools.peertube = {
   8     enable = lib.mkEnableOption "enable Peertube's website";
   9   };
  10
  11   config = lib.mkIf cfg.enable {
  12     myServices.chatonsProperties.hostings.peertube = {
  13       file.datetime = "2022-08-21T20:00:00";
  14       hosting = {
  15         name = "Peertube";
  16         description = "Free software to take back control of your videos";
  17         website = "https://peertube.immae.eu/";
  18         logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
  19         type = "INSTANCE";
  20         status.level = "OK";
  21         status.description = "OK";
  22         registration.load = "OPEN";
  23         install.type = "PACKAGE";
  24       };
  25     };
  26     myServices.chatonsProperties.services.peertube = {
  27       file.datetime = "2022-08-21T20:00:00";
  28       service = {
  29         name = "Peertube";
  30         description = "Free software to take back control of your videos";
  31         website = "https://peertube.immae.eu/";
  32         logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
  33         status.level = "OK";
  34         status.description = "OK";
  35         registration."" = ["MEMBER" "CLIENT"];
  36         registration.load = "OPEN";
  37         install.type = "PACKAGE";
  38       };
  39       software = {
  40         name = "Peertube";
  41         website = "https://joinpeertube.org/";
  42         license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE";
  43         license.name = "GNU Affero General Public License";
  44         version = pcfg.package.version;
  45         source.url = "https://github.com/Chocobozzz/PeerTube";
  46       };
  47     };
  48     immaeServices.peertube = {
  49       enable = true;
  50       configFile = config.secrets.fullPaths."webapps/tools-peertube";
  51     };
  52     users.users.peertube.extraGroups = [ "keys" ];
  53
  54     secrets.keys."webapps/tools-peertube" = {
  55       user = "peertube";
  56       group = "peertube";
  57       permissions = "0640";
  58       text = ''
  59         listen:
  60           hostname: 'localhost'
  61           port: ${toString config.myEnv.ports.peertube}
  62         webserver:
  63           https: true
  64           hostname: 'peertube.immae.eu'
  65           port: 443
  66         database:
  67           hostname: '${env.postgresql.socket}'
  68           port: 5432
  69           suffix: '_prod'
  70           username: '${env.postgresql.user}'
  71           password: '${env.postgresql.password}'
  72           pool:
  73             max: 5
  74         redis:
  75           socket: '${env.redis.socket}'
  76           auth: null
  77           db: ${env.redis.db}
  78         smtp:
  79           transport: sendmail
  80           sendmail: '/run/wrappers/bin/sendmail'
  81           from_address: 'peertube@tools.immae.eu'
  82         storage:
  83           tmp: '${pcfg.dataDir}/storage/tmp/'
  84           avatars: '${pcfg.dataDir}/storage/avatars/'
  85           videos: '${pcfg.dataDir}/storage/videos/'
  86           streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
  87           redundancy: '${pcfg.dataDir}/storage/videos/'
  88           logs: '${pcfg.dataDir}/storage/logs/'
  89           previews: '${pcfg.dataDir}/storage/previews/'
  90           thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
  91           torrents: '${pcfg.dataDir}/storage/torrents/'
  92           captions: '${pcfg.dataDir}/storage/captions/'
  93           cache: '${pcfg.dataDir}/storage/cache/'
  94           plugins: '${pcfg.dataDir}/storage/plugins/'
  95           client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
  96         '';
  97     };
  98
  99     services.websites.env.tools.modules = [
 100       "headers" "proxy" "proxy_http" "proxy_wstunnel"
 101     ];
 102     services.filesWatcher.peertube = {
 103       restart = true;
 104       paths = [ pcfg.configFile ];
 105     };
 106
 107     services.websites.env.tools.vhostConfs.peertube = {
 108       certName    = "eldiron";
 109       addToCerts  = true;
 110       hosts       = [ "peertube.immae.eu" ];
 111       root        = null;
 112       extraConfig = [ ''
 113           RewriteEngine On
 114
 115           RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
 116           RewriteCond %{QUERY_STRING} transport=websocket    [NC]
 117           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
 118
 119           RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
 120           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
 121
 122           ProxyPass /        http://localhost:${toString env.listenPort}/
 123           ProxyPassReverse / http://localhost:${toString env.listenPort}/
 124
 125           ProxyPreserveHost On
 126           RequestHeader set X-Real-IP %{REMOTE_ADDR}s
 127       '' ];
 128     };
 129   };
 130 }