X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fpeertube%2Fdefault.nix;h=7dcc9985124551cd1c08b926c7d2935cbf9a7572;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=dd2853039a33db38beda72d1461cdbdd8e8ebed9;hpb=17f6eae9907a122d4472da727ae8b1ac1c40c027;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index dd28530..7dcc998 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let - env = myconfig.env.tools.peertube; + env = config.myEnv.tools.peertube; cfg = config.myServices.websites.tools.peertube; pcfg = config.services.peertube; in { @@ -9,10 +9,12 @@ in { }; config = lib.mkIf cfg.enable { + services.duplyBackup.profiles.peertube = { + rootDir = pcfg.dataDir; + }; services.peertube = { enable = true; - configFile = "/var/secrets/webapps/tools-peertube"; - package = pkgs.webapps.peertube.override { ldap = true; }; + configFile = config.secrets.fullPaths."webapps/tools-peertube"; }; users.users.peertube.extraGroups = [ "keys" ]; @@ -24,13 +26,11 @@ in { text = '' listen: hostname: 'localhost' - port: ${env.listenPort} + port: ${toString config.myEnv.ports.peertube} webserver: https: true hostname: 'peertube.immae.eu' port: 443 - trust_proxy: - - 'loopback' database: hostname: '${env.postgresql.socket}' port: 5432 @@ -42,31 +42,16 @@ in { redis: socket: '${env.redis.socket}' auth: null - db: ${env.redis.db_index} - ldap: - enable: true - ldap_only: false - url: ldaps://${env.ldap.host}/${env.ldap.base} - bind_dn: ${env.ldap.dn} - bind_password: ${env.ldap.password} - base: ${env.ldap.base} - mail_entry: "mail" - user_filter: "${env.ldap.filter}" + db: ${env.redis.db} smtp: transport: sendmail sendmail: '/run/wrappers/bin/sendmail' - hostname: null - port: 465 # If you use StartTLS: 587 - username: null - password: null - tls: true # If you use StartTLS: false - disable_starttls: false - ca_file: null # Used for self signed certificates from_address: 'peertube@tools.immae.eu' storage: tmp: '${pcfg.dataDir}/storage/tmp/' avatars: '${pcfg.dataDir}/storage/avatars/' videos: '${pcfg.dataDir}/storage/videos/' + streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/' redundancy: '${pcfg.dataDir}/storage/videos/' logs: '${pcfg.dataDir}/storage/logs/' previews: '${pcfg.dataDir}/storage/previews/' @@ -74,83 +59,12 @@ in { torrents: '${pcfg.dataDir}/storage/torrents/' captions: '${pcfg.dataDir}/storage/captions/' cache: '${pcfg.dataDir}/storage/cache/' - log: - level: 'info' - search: - remote_uri: - users: true - anonymous: false - trending: - videos: - interval_days: 7 - redundancy: - videos: - check_interval: '1 hour' # How often you want to check new videos to cache - strategies: # Just uncomment strategies you want - # Following are saved in local-production.json - cache: - previews: - size: 500 # Max number of previews you want to cache - captions: - size: 500 # Max number of video captions/subtitles you want to cache - admin: - email: 'peertube@tools.immae.eu' - contact_form: - enabled: true - signup: - enabled: false - limit: 10 - requires_email_verification: false - filters: - cidr: - whitelist: [] - blacklist: [] - user: - video_quota: -1 - video_quota_daily: -1 - transcoding: - enabled: false - allow_additional_extensions: true - threads: 1 - resolutions: - 240p: false - 360p: false - 480p: true - 720p: true - 1080p: true - hls: - enabled: false - import: - videos: - http: - enabled: true - torrent: - enabled: false - instance: - name: 'Immae’s PeerTube' - short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' - description: ''' - terms: ''' - default_client_route: '/videos/trending' - default_nsfw_policy: 'blur' - customizations: - javascript: ''' - css: ''' - robots: | - User-agent: * - Disallow: - securitytxt: - "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" - services: - # You can provide a reporting endpoint for Content Security Policy violations - csp-logger: - twitter: - username: '@_immae' - whitelisted: false + plugins: '${pcfg.dataDir}/storage/plugins/' + client_overrides: '${pcfg.dataDir}/storage/client-overrides/' ''; }]; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; services.filesWatcher.peertube = { @@ -158,7 +72,7 @@ in { paths = [ pcfg.configFile ]; }; - services.websites.tools.vhostConfs.peertube = { + services.websites.env.tools.vhostConfs.peertube = { certName = "eldiron"; addToCerts = true; hosts = [ "peertube.immae.eu" ]; @@ -168,13 +82,13 @@ in { RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] - ProxyPass / http://localhost:${env.listenPort}/ - ProxyPassReverse / http://localhost:${env.listenPort}/ + ProxyPass / http://localhost:${toString env.listenPort}/ + ProxyPassReverse / http://localhost:${toString env.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s