-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
- env = myconfig.env.tools.peertube;
+ env = config.myEnv.tools.peertube;
cfg = config.myServices.websites.tools.peertube;
pcfg = config.services.peertube;
in {
services.peertube = {
enable = true;
configFile = "/var/secrets/webapps/tools-peertube";
- package = pkgs.webapps.peertube.override { ldap = true; };
+ package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; };
};
users.users.peertube.extraGroups = [ "keys" ];
text = ''
listen:
hostname: 'localhost'
- port: ${env.listenPort}
+ port: ${toString config.myEnv.ports.peertube}
webserver:
https: true
hostname: 'peertube.immae.eu'
port: 443
+ rates_limit:
+ api:
+ # 50 attempts in 10 seconds
+ window: 10 seconds
+ max: 50
+ login:
+ # 15 attempts in 5 min
+ window: 5 minutes
+ max: 15
+ signup:
+ # 2 attempts in 5 min (only succeeded attempts are taken into account)
+ window: 5 minutes
+ max: 2
+ ask_send_email:
+ # 3 attempts in 5 min
+ window: 5 minutes
+ max: 3
trust_proxy:
- 'loopback'
database:
redis:
socket: '${env.redis.socket}'
auth: null
- db: ${env.redis.db_index}
- ldap:
- enable: true
- ldap_only: false
- url: ldaps://${env.ldap.host}/${env.ldap.base}
- bind_dn: ${env.ldap.dn}
- bind_password: ${env.ldap.password}
- base: ${env.ldap.base}
- mail_entry: "mail"
- user_filter: "${env.ldap.filter}"
+ db: ${env.redis.db}
+ auth:
+ local:
+ enabled: true
+ ldap:
+ enabled: true
+ ldap_only: false
+ url: ldaps://${env.ldap.host}/${env.ldap.base}
+ bind_dn: ${env.ldap.dn}
+ bind_password: ${env.ldap.password}
+ base: ${env.ldap.base}
+ mail_entry: "mail"
+ user_filter: "${env.ldap.filter}"
smtp:
transport: sendmail
sendmail: '/run/wrappers/bin/sendmail'
disable_starttls: false
ca_file: null # Used for self signed certificates
from_address: 'peertube@tools.immae.eu'
+ email:
+ body:
+ signature: "PeerTube"
+ subject:
+ prefix: "[PeerTube]"
storage:
tmp: '${pcfg.dataDir}/storage/tmp/'
avatars: '${pcfg.dataDir}/storage/avatars/'
videos: '${pcfg.dataDir}/storage/videos/'
+ streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
redundancy: '${pcfg.dataDir}/storage/videos/'
logs: '${pcfg.dataDir}/storage/logs/'
previews: '${pcfg.dataDir}/storage/previews/'
torrents: '${pcfg.dataDir}/storage/torrents/'
captions: '${pcfg.dataDir}/storage/captions/'
cache: '${pcfg.dataDir}/storage/cache/'
+ plugins: '${pcfg.dataDir}/storage/plugins/'
log:
level: 'info'
+ rotation:
+ enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
+ maxFileSize: 12MB
+ maxFiles: 20
+ anonymizeIP: false
search:
remote_uri:
users: true
videos:
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
+ csp:
+ enabled: false
+ report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
+ report_uri:
+ tracker:
+ enabled: true
+ private: true
+ reject_too_many_announces: false
+ history:
+ videos:
+ max_age: -1
+ views:
+ videos:
+ remote:
+ max_age: -1
+ plugins:
+ index:
+ enabled: true
+ check_latest_versions_interval: '12 hours'
+ url: 'https://packages.joinpeertube.org'
# Following are saved in local-production.json
cache:
previews:
transcoding:
enabled: false
allow_additional_extensions: true
+ allow_audio_files: true
threads: 1
resolutions:
+ 0p: false
240p: false
360p: false
480p: true
720p: true
1080p: true
+ 2160p: false
+ webtorrent:
+ enabled: true
hls:
enabled: false
import:
enabled: true
torrent:
enabled: false
+ auto_blacklist:
+ videos:
+ of_users:
+ enabled: false
instance:
name: 'Immae’s PeerTube'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: '''
terms: '''
+ code_of_conduct: '''
+ moderation_information: '''
+ creation_reason: '''
+ administrator: '''
+ maintenance_lifetime: '''
+ business_model: '''
+ hardware_information: '''
+ languages:
+ categories:
default_client_route: '/videos/trending'
- default_nsfw_policy: 'blur'
+ is_nsfw: false
+ default_nsfw_policy: 'do_not_list'
customizations:
javascript: '''
css: '''
securitytxt:
"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
services:
- # You can provide a reporting endpoint for Content Security Policy violations
- csp-logger:
twitter:
username: '@_immae'
whitelisted: false
+ followers:
+ instance:
+ enabled: true
+ manual_approval: false
+ followings:
+ instance:
+ auto_follow_back:
+ enabled: false
+ auto_follow_index:
+ enabled: false
+ index_url: 'https://instances.joinpeertube.org'
+ theme:
+ default: 'default'
'';
}];
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
- RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+ RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
- RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+ RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
- ProxyPass / http://localhost:${env.listenPort}/
- ProxyPassReverse / http://localhost:${env.listenPort}/
+ ProxyPass / http://localhost:${toString env.listenPort}/
+ ProxyPassReverse / http://localhost:${toString env.listenPort}/
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s