X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fpeertube%2Fdefault.nix;h=445030c792b343ba3eb7d1c3a987f28ce7e35184;hb=b639cc33725fed62988b616909843bea7f7aebe3;hp=dee1b81db79968a7750a0bca62a6f6bd01fb0dfb;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index dee1b81..445030c 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let - env = myconfig.env.tools.peertube; + env = config.myEnv.tools.peertube; cfg = config.myServices.websites.tools.peertube; pcfg = config.services.peertube; in { @@ -9,10 +9,13 @@ in { }; config = lib.mkIf cfg.enable { + services.duplyBackup.profiles.peertube = { + rootDir = pcfg.dataDir; + }; services.peertube = { enable = true; configFile = "/var/secrets/webapps/tools-peertube"; - package = pkgs.webapps.peertube.override { ldap = true; }; + package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; }; }; users.users.peertube.extraGroups = [ "keys" ]; @@ -24,11 +27,28 @@ in { text = '' listen: hostname: 'localhost' - port: ${env.listenPort} + port: ${toString config.myEnv.ports.peertube} webserver: https: true hostname: 'peertube.immae.eu' port: 443 + rates_limit: + api: + # 50 attempts in 10 seconds + window: 10 seconds + max: 50 + login: + # 15 attempts in 5 min + window: 5 minutes + max: 15 + signup: + # 2 attempts in 5 min (only succeeded attempts are taken into account) + window: 5 minutes + max: 2 + ask_send_email: + # 3 attempts in 5 min + window: 5 minutes + max: 3 trust_proxy: - 'loopback' database: @@ -42,16 +62,19 @@ in { redis: socket: '${env.redis.socket}' auth: null - db: ${env.redis.db_index} - ldap: - enable: true - ldap_only: false - url: ldaps://${env.ldap.host}/${env.ldap.base} - bind_dn: ${env.ldap.dn} - bind_password: ${env.ldap.password} - base: ${env.ldap.base} - mail_entry: "mail" - user_filter: "${env.ldap.filter}" + db: ${env.redis.db} + auth: + local: + enabled: true + ldap: + enabled: true + ldap_only: false + url: ldaps://${env.ldap.host}/${env.ldap.base} + bind_dn: ${env.ldap.dn} + bind_password: ${env.ldap.password} + base: ${env.ldap.base} + mail_entry: "mail" + user_filter: "${env.ldap.filter}" smtp: transport: sendmail sendmail: '/run/wrappers/bin/sendmail' @@ -63,10 +86,16 @@ in { disable_starttls: false ca_file: null # Used for self signed certificates from_address: 'peertube@tools.immae.eu' + email: + body: + signature: "PeerTube" + subject: + prefix: "[PeerTube]" storage: tmp: '${pcfg.dataDir}/storage/tmp/' avatars: '${pcfg.dataDir}/storage/avatars/' videos: '${pcfg.dataDir}/storage/videos/' + streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/' redundancy: '${pcfg.dataDir}/storage/videos/' logs: '${pcfg.dataDir}/storage/logs/' previews: '${pcfg.dataDir}/storage/previews/' @@ -74,8 +103,14 @@ in { torrents: '${pcfg.dataDir}/storage/torrents/' captions: '${pcfg.dataDir}/storage/captions/' cache: '${pcfg.dataDir}/storage/cache/' + plugins: '${pcfg.dataDir}/storage/plugins/' log: level: 'info' + rotation: + enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate + maxFileSize: 12MB + maxFiles: 20 + anonymizeIP: false search: remote_uri: users: true @@ -87,6 +122,26 @@ in { videos: check_interval: '1 hour' # How often you want to check new videos to cache strategies: # Just uncomment strategies you want + csp: + enabled: false + report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! + report_uri: + tracker: + enabled: true + private: true + reject_too_many_announces: false + history: + videos: + max_age: -1 + views: + videos: + remote: + max_age: -1 + plugins: + index: + enabled: true + check_latest_versions_interval: '12 hours' + url: 'https://packages.joinpeertube.org' # Following are saved in local-production.json cache: previews: @@ -111,13 +166,18 @@ in { transcoding: enabled: false allow_additional_extensions: true + allow_audio_files: true threads: 1 resolutions: + 0p: false 240p: false 360p: false 480p: true 720p: true 1080p: true + 2160p: false + webtorrent: + enabled: true hls: enabled: false import: @@ -126,13 +186,27 @@ in { enabled: true torrent: enabled: false + auto_blacklist: + videos: + of_users: + enabled: false instance: name: 'Immae’s PeerTube' short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' description: ''' terms: ''' + code_of_conduct: ''' + moderation_information: ''' + creation_reason: ''' + administrator: ''' + maintenance_lifetime: ''' + business_model: ''' + hardware_information: ''' + languages: + categories: default_client_route: '/videos/trending' - default_nsfw_policy: 'blur' + is_nsfw: false + default_nsfw_policy: 'do_not_list' customizations: javascript: ''' css: ''' @@ -142,18 +216,34 @@ in { securitytxt: "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" services: - # You can provide a reporting endpoint for Content Security Policy violations - csp-logger: twitter: username: '@_immae' whitelisted: false + followers: + instance: + enabled: true + manual_approval: false + followings: + instance: + auto_follow_back: + enabled: false + auto_follow_index: + enabled: false + index_url: 'https://instances.joinpeertube.org' + theme: + default: 'default' ''; }]; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; - services.websites.tools.vhostConfs.peertube = { + services.filesWatcher.peertube = { + restart = true; + paths = [ pcfg.configFile ]; + }; + + services.websites.env.tools.vhostConfs.peertube = { certName = "eldiron"; addToCerts = true; hosts = [ "peertube.immae.eu" ]; @@ -163,13 +253,13 @@ in { RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] - ProxyPass / http://localhost:${env.listenPort}/ - ProxyPassReverse / http://localhost:${env.listenPort}/ + ProxyPass / http://localhost:${toString env.listenPort}/ + ProxyPassReverse / http://localhost:${toString env.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s