--- /dev/null
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ peertube = pkgs.callPackage ./peertube.nix {
+ inherit (mylibs) fetchedGithub;
+ env = myconfig.env.tools.peertube;
+ };
+
+ cfg = config.services.myWebsites.tools.peertube;
+in {
+ options.services.myWebsites.tools.peertube = {
+ enable = lib.mkEnableOption "enable Peertube's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ ids.uids.peertube = myconfig.env.tools.peertube.user.uid;
+ ids.gids.peertube = myconfig.env.tools.peertube.user.gid;
+
+ users.users.peertube = {
+ name = "peertube";
+ uid = config.ids.uids.peertube;
+ group = "peertube";
+ description = "Peertube user";
+ home = peertube.webappDir;
+ useDefaultShell = true;
+ };
+
+ users.groups.peertube.gid = config.ids.gids.peertube;
+
+ systemd.services.peertube = {
+ description = "Peertube";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_CONFIG_DIR = "${peertube.varDir}/config";
+ environment.NODE_ENV = "production";
+ environment.HOME = peertube.webappDir;
+
+ path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+
+ script = ''
+ exec npm run start
+ '';
+
+ serviceConfig = {
+ User = "peertube";
+ Group = "peertube";
+ WorkingDirectory = peertube.webappDir;
+ PrivateTmp = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ Restart = "always";
+ Type = "simple";
+ TimeoutSec = 60;
+ };
+
+ unitConfig.RequiresMountsFor = peertube.varDir;
+ };
+
+ system.activationScripts.peertube = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0755 -o peertube -g peertube -d ${peertube.varDir}
+ install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config
+ install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml
+ '';
+ };
+
+ services.myWebsites.tools.modules = [
+ "headers" "proxy" "proxy_http" "proxy_wstunnel"
+ ];
+ security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.peertube = {
+ certName = "eldiron";
+ hosts = [ "peertube.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ ProxyPass / http://localhost:${peertube.listenPort}/
+ ProxyPassReverse / http://localhost:${peertube.listenPort}/
+
+ ProxyPreserveHost On
+ RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+
+ ProxyPass /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket
+ ProxyPassReverse /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket
+
+ ProxyPass /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io
+ ProxyPassReverse /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io
+ '' ];
+ };
+ };
+}