modules/webapps/peertube.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   name = "peertube";
   4   cfg = config.services.peertube;
   5
   6   uid = config.ids.uids.peertube;
   7   gid = config.ids.gids.peertube;
   8 in
   9 {
  10   options.services.peertube = {
  11     enable = lib.mkEnableOption "Enable Peertube’s service";
  12     user = lib.mkOption {
  13       type = lib.types.str;
  14       default = name;
  15       description = "User account under which Peertube runs";
  16     };
  17     group = lib.mkOption {
  18       type = lib.types.str;
  19       default = name;
  20       description = "Group under which Peertube runs";
  21     };
  22     dataDir = lib.mkOption {
  23       type = lib.types.path;
  24       default = "/var/lib/${name}";
  25       description = ''
  26         The directory where Peertube stores its data.
  27       '';
  28     };
  29     configFile = lib.mkOption {
  30       type = lib.types.path;
  31       description = ''
  32         The configuration file path for Peertube.
  33         '';
  34     };
  35     package = lib.mkOption {
  36       type = lib.types.package;
  37       default = pkgs.webapps.peertube;
  38       description = ''
  39         Peertube package to use.
  40         '';
  41     };
  42     # Output variables
  43     systemdStateDirectory = lib.mkOption {
  44       type = lib.types.str;
  45       # Use ReadWritePaths= instead if varDir is outside of /var/lib
  46       default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
  47         lib.strings.removePrefix "/var/lib/" cfg.dataDir;
  48       description = ''
  49       Adjusted Peertube data directory for systemd
  50       '';
  51       readOnly = true;
  52     };
  53   };
  54
  55   config = lib.mkIf cfg.enable {
  56     users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
  57       inherit name;
  58       inherit uid;
  59       group = cfg.group;
  60       description = "Peertube user";
  61       home = cfg.dataDir;
  62       useDefaultShell = true;
  63     });
  64     users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
  65       inherit name;
  66       inherit gid;
  67     });
  68
  69     systemd.services.peertube = {
  70       description = "Peertube";
  71       wantedBy = [ "multi-user.target" ];
  72       after = [ "network.target" "postgresql.service" ];
  73       wants = [ "postgresql.service" ];
  74
  75       environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config";
  76       environment.NODE_ENV = "production";
  77       environment.HOME = cfg.package;
  78
  79       path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
  80
  81       script = ''
  82         install -m 0750 -d ${cfg.dataDir}/config
  83         ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
  84         exec npm run start
  85       '';
  86
  87       serviceConfig = {
  88         User = cfg.user;
  89         Group = cfg.group;
  90         WorkingDirectory = cfg.package;
  91         StateDirectory = cfg.systemdStateDirectory;
  92         StateDirectoryMode = 0750;
  93         PrivateTmp = true;
  94         ProtectHome = true;
  95         ProtectControlGroups = true;
  96         Restart = "always";
  97         Type = "simple";
  98         TimeoutSec = 60;
  99       };
 100
 101       unitConfig.RequiresMountsFor = cfg.dataDir;
 102     };
 103   };
 104 }
 105