{ lib, pkgs, config, myconfig, mylibs, ... }: let env = myconfig.env.tools.peertube; cfg = config.services.myWebsites.tools.peertube; pcfg = config.services.peertube; in { options.services.myWebsites.tools.peertube = { enable = lib.mkEnableOption "enable Peertube's website"; }; config = lib.mkIf cfg.enable { services.peertube = { enable = true; configFile = "/var/secrets/webapps/tools-peertube"; package = pkgs.webapps.peertube.override { ldap = true; }; }; users.users.peertube.extraGroups = [ "keys" ]; secrets.keys = [{ dest = "webapps/tools-peertube"; user = "peertube"; group = "peertube"; permissions = "0640"; text = '' listen: hostname: 'localhost' port: ${env.listenPort} webserver: https: true hostname: 'peertube.immae.eu' port: 443 trust_proxy: - 'loopback' database: hostname: '${env.postgresql.socket}' port: 5432 suffix: '_prod' username: '${env.postgresql.user}' password: '${env.postgresql.password}' pool: max: 5 redis: socket: '${env.redis.socket}' auth: null db: ${env.redis.db_index} ldap: enable: true ldap_only: false url: ldaps://${env.ldap.host}/${env.ldap.base} bind_dn: ${env.ldap.dn} bind_password: ${env.ldap.password} base: ${env.ldap.base} mail_entry: "mail" user_filter: "${env.ldap.filter}" smtp: transport: sendmail sendmail: '/run/wrappers/bin/sendmail' hostname: null port: 465 # If you use StartTLS: 587 username: null password: null tls: true # If you use StartTLS: false disable_starttls: false ca_file: null # Used for self signed certificates from_address: 'peertube@tools.immae.eu' storage: tmp: '${pcfg.dataDir}/storage/tmp/' avatars: '${pcfg.dataDir}/storage/avatars/' videos: '${pcfg.dataDir}/storage/videos/' redundancy: '${pcfg.dataDir}/storage/videos/' logs: '${pcfg.dataDir}/storage/logs/' previews: '${pcfg.dataDir}/storage/previews/' thumbnails: '${pcfg.dataDir}/storage/thumbnails/' torrents: '${pcfg.dataDir}/storage/torrents/' captions: '${pcfg.dataDir}/storage/captions/' cache: '${pcfg.dataDir}/storage/cache/' log: level: 'info' search: remote_uri: users: true anonymous: false trending: videos: interval_days: 7 redundancy: videos: check_interval: '1 hour' # How often you want to check new videos to cache strategies: # Just uncomment strategies you want # Following are saved in local-production.json cache: previews: size: 500 # Max number of previews you want to cache captions: size: 500 # Max number of video captions/subtitles you want to cache admin: email: 'peertube@tools.immae.eu' contact_form: enabled: true signup: enabled: false limit: 10 requires_email_verification: false filters: cidr: whitelist: [] blacklist: [] user: video_quota: -1 video_quota_daily: -1 transcoding: enabled: false allow_additional_extensions: true threads: 1 resolutions: 240p: false 360p: false 480p: true 720p: true 1080p: true hls: enabled: false import: videos: http: enabled: true torrent: enabled: false instance: name: 'Immae’s PeerTube' short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' description: ''' terms: ''' default_client_route: '/videos/trending' default_nsfw_policy: 'blur' customizations: javascript: ''' css: ''' robots: | User-agent: * Disallow: securitytxt: "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" services: # You can provide a reporting endpoint for Content Security Policy violations csp-logger: twitter: username: '@_immae' whitelisted: false ''; }]; services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; services.myWebsites.tools.vhostConfs.peertube = { certName = "eldiron"; hosts = [ "peertube.immae.eu" ]; root = null; extraConfig = [ '' ProxyPass / http://localhost:${env.listenPort}/ ProxyPassReverse / http://localhost:${env.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s ProxyPass /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket ProxyPassReverse /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket ProxyPass /socket.io ws://127.0.0.1:${env.listenPort}/socket.io ProxyPassReverse /socket.io ws://127.0.0.1:${env.listenPort}/socket.io '' ]; }; }; }