1 { lib, pkgs, config, ... }:
3 scfg = config.myServices.websites.syden.peertube;
5 dataDir = "/var/lib/syden_peertube";
6 package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).packages.x86_64-linux.peertube_syden;
7 env = config.myEnv.tools.syden_peertube;
10 options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
12 config = lib.mkIf scfg.enable {
13 services.duplyBackup.profiles.syden_peertube = {
15 remotes = ["eriomem" "ovh"];
17 users.users.peertube = {
18 uid = config.ids.uids.peertube;
20 description = "Peertube user";
21 useDefaultShell = true;
22 extraGroups = [ "keys" ];
24 users.groups.peertube.gid = config.ids.gids.peertube;
27 dest = "websites/syden/peertube";
34 port: ${toString env.listenPort}
37 hostname: 'record-links.immae.eu'
40 hostname: '${env.postgresql.socket}'
43 username: '${env.postgresql.user}'
44 password: '${env.postgresql.password}'
48 socket: '${env.redis.socket}'
53 sendmail: '/run/wrappers/bin/sendmail'
54 from_address: 'peertube@tools.immae.eu'
56 tmp: '${dataDir}/storage/tmp/'
57 avatars: '${dataDir}/storage/avatars/'
58 videos: '${dataDir}/storage/videos/'
59 streaming_playlists: '${dataDir}/storage/streaming-playlists/'
60 redundancy: '${dataDir}/storage/videos/'
61 logs: '${dataDir}/storage/logs/'
62 previews: '${dataDir}/storage/previews/'
63 thumbnails: '${dataDir}/storage/thumbnails/'
64 torrents: '${dataDir}/storage/torrents/'
65 captions: '${dataDir}/storage/captions/'
66 cache: '${dataDir}/storage/cache/'
67 plugins: '${dataDir}/storage/plugins/'
68 client_overrides: '${dataDir}/storage/client-overrides/'
72 services.filesWatcher.syden_peertube = {
74 paths = [ config.secrets.fullPaths."websites/syden/peertube" ];
77 systemd.services.syden_peertube = {
78 description = "Peertube";
79 wantedBy = [ "multi-user.target" ];
80 after = [ "network.target" "postgresql.service" ];
81 wants = [ "postgresql.service" ];
83 environment.NODE_CONFIG_DIR = "${dataDir}/config";
84 environment.NODE_ENV = "production";
85 environment.HOME = package;
87 path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
90 install -m 0750 -d ${dataDir}/config
91 ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml
92 ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
99 WorkingDirectory = package;
100 StateDirectory = "syden_peertube";
101 StateDirectoryMode = 0750;
104 ProtectControlGroups = true;
110 unitConfig.RequiresMountsFor = dataDir;
113 services.websites.env.production.vhostConfs.syden_peertube = {
116 certMainHost = "record-links.immae.eu";
117 hosts = [ "record-links.immae.eu" ];
122 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
123 RewriteCond %{QUERY_STRING} transport=websocket [NC]
124 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
126 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
127 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
129 ProxyPass / http://localhost:${toString env.listenPort}/
130 ProxyPassReverse / http://localhost:${toString env.listenPort}/
133 RequestHeader set X-Real-IP %{REMOTE_ADDR}s