X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fpeertube%2Fdefault.nix;h=68c992f64ff7fe65b1566845d98ab0e9b426108c;hb=5315b439af1f72c3282549508ae58d86d66e38ec;hp=dee1b81db79968a7750a0bca62a6f6bd01fb0dfb;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index dee1b81..68c992f 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let - env = myconfig.env.tools.peertube; + env = config.myEnv.tools.peertube; cfg = config.myServices.websites.tools.peertube; pcfg = config.services.peertube; in { @@ -11,26 +11,22 @@ in { config = lib.mkIf cfg.enable { services.peertube = { enable = true; - configFile = "/var/secrets/webapps/tools-peertube"; - package = pkgs.webapps.peertube.override { ldap = true; }; + configFile = config.secrets.fullPaths."webapps/tools-peertube"; }; users.users.peertube.extraGroups = [ "keys" ]; - secrets.keys = [{ - dest = "webapps/tools-peertube"; + secrets.keys."webapps/tools-peertube" = { user = "peertube"; group = "peertube"; permissions = "0640"; text = '' listen: hostname: 'localhost' - port: ${env.listenPort} + port: ${toString config.myEnv.ports.peertube} webserver: https: true hostname: 'peertube.immae.eu' port: 443 - trust_proxy: - - 'loopback' database: hostname: '${env.postgresql.socket}' port: 5432 @@ -42,31 +38,16 @@ in { redis: socket: '${env.redis.socket}' auth: null - db: ${env.redis.db_index} - ldap: - enable: true - ldap_only: false - url: ldaps://${env.ldap.host}/${env.ldap.base} - bind_dn: ${env.ldap.dn} - bind_password: ${env.ldap.password} - base: ${env.ldap.base} - mail_entry: "mail" - user_filter: "${env.ldap.filter}" + db: ${env.redis.db} smtp: transport: sendmail sendmail: '/run/wrappers/bin/sendmail' - hostname: null - port: 465 # If you use StartTLS: 587 - username: null - password: null - tls: true # If you use StartTLS: false - disable_starttls: false - ca_file: null # Used for self signed certificates from_address: 'peertube@tools.immae.eu' storage: tmp: '${pcfg.dataDir}/storage/tmp/' avatars: '${pcfg.dataDir}/storage/avatars/' videos: '${pcfg.dataDir}/storage/videos/' + streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/' redundancy: '${pcfg.dataDir}/storage/videos/' logs: '${pcfg.dataDir}/storage/logs/' previews: '${pcfg.dataDir}/storage/previews/' @@ -74,86 +55,20 @@ in { torrents: '${pcfg.dataDir}/storage/torrents/' captions: '${pcfg.dataDir}/storage/captions/' cache: '${pcfg.dataDir}/storage/cache/' - log: - level: 'info' - search: - remote_uri: - users: true - anonymous: false - trending: - videos: - interval_days: 7 - redundancy: - videos: - check_interval: '1 hour' # How often you want to check new videos to cache - strategies: # Just uncomment strategies you want - # Following are saved in local-production.json - cache: - previews: - size: 500 # Max number of previews you want to cache - captions: - size: 500 # Max number of video captions/subtitles you want to cache - admin: - email: 'peertube@tools.immae.eu' - contact_form: - enabled: true - signup: - enabled: false - limit: 10 - requires_email_verification: false - filters: - cidr: - whitelist: [] - blacklist: [] - user: - video_quota: -1 - video_quota_daily: -1 - transcoding: - enabled: false - allow_additional_extensions: true - threads: 1 - resolutions: - 240p: false - 360p: false - 480p: true - 720p: true - 1080p: true - hls: - enabled: false - import: - videos: - http: - enabled: true - torrent: - enabled: false - instance: - name: 'Immae’s PeerTube' - short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' - description: ''' - terms: ''' - default_client_route: '/videos/trending' - default_nsfw_policy: 'blur' - customizations: - javascript: ''' - css: ''' - robots: | - User-agent: * - Disallow: - securitytxt: - "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" - services: - # You can provide a reporting endpoint for Content Security Policy violations - csp-logger: - twitter: - username: '@_immae' - whitelisted: false + plugins: '${pcfg.dataDir}/storage/plugins/' + client_overrides: '${pcfg.dataDir}/storage/client-overrides/' ''; - }]; + }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; - services.websites.tools.vhostConfs.peertube = { + services.filesWatcher.peertube = { + restart = true; + paths = [ pcfg.configFile ]; + }; + + services.websites.env.tools.vhostConfs.peertube = { certName = "eldiron"; addToCerts = true; hosts = [ "peertube.immae.eu" ]; @@ -163,13 +78,13 @@ in { RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] - ProxyPass / http://localhost:${env.listenPort}/ - ProxyPassReverse / http://localhost:${env.listenPort}/ + ProxyPass / http://localhost:${toString env.listenPort}/ + ProxyPassReverse / http://localhost:${toString env.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s