X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube.nix;fp=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube.nix;h=0000000000000000000000000000000000000000;hb=4288c2f2431fb782b0d512b1b3749187f2374b6a;hp=12ab3c4312dea598778221637072af5588be4f53;hpb=f40f5b235b890f46770a22f005f8a0f664cf0562;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix deleted file mode 100644 index 12ab3c4..0000000 --- a/nixops/modules/websites/tools/peertube.nix +++ /dev/null @@ -1,179 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - env = myconfig.env.tools.peertube; - cfg = config.services.myWebsites.tools.peertube; - pcfg = config.services.peertube; -in { - options.services.myWebsites.tools.peertube = { - enable = lib.mkEnableOption "enable Peertube's website"; - }; - - config = lib.mkIf cfg.enable { - services.peertube = { - enable = true; - configFile = "/var/secrets/webapps/tools-peertube"; - package = pkgs.webapps.peertube.override { ldap = true; }; - }; - users.users.peertube.extraGroups = [ "keys" ]; - - secrets.keys = [{ - dest = "webapps/tools-peertube"; - user = "peertube"; - group = "peertube"; - permissions = "0640"; - text = '' - listen: - hostname: 'localhost' - port: ${env.listenPort} - webserver: - https: true - hostname: 'peertube.immae.eu' - port: 443 - trust_proxy: - - 'loopback' - database: - hostname: '${env.postgresql.socket}' - port: 5432 - suffix: '_prod' - username: '${env.postgresql.user}' - password: '${env.postgresql.password}' - pool: - max: 5 - redis: - socket: '${env.redis.socket}' - auth: null - db: ${env.redis.db_index} - ldap: - enable: true - ldap_only: false - url: ldaps://${env.ldap.host}/${env.ldap.base} - bind_dn: ${env.ldap.dn} - bind_password: ${env.ldap.password} - base: ${env.ldap.base} - mail_entry: "mail" - user_filter: "${env.ldap.filter}" - smtp: - transport: sendmail - sendmail: '/run/wrappers/bin/sendmail' - hostname: null - port: 465 # If you use StartTLS: 587 - username: null - password: null - tls: true # If you use StartTLS: false - disable_starttls: false - ca_file: null # Used for self signed certificates - from_address: 'peertube@tools.immae.eu' - storage: - tmp: '${pcfg.dataDir}/storage/tmp/' - avatars: '${pcfg.dataDir}/storage/avatars/' - videos: '${pcfg.dataDir}/storage/videos/' - redundancy: '${pcfg.dataDir}/storage/videos/' - logs: '${pcfg.dataDir}/storage/logs/' - previews: '${pcfg.dataDir}/storage/previews/' - thumbnails: '${pcfg.dataDir}/storage/thumbnails/' - torrents: '${pcfg.dataDir}/storage/torrents/' - captions: '${pcfg.dataDir}/storage/captions/' - cache: '${pcfg.dataDir}/storage/cache/' - log: - level: 'info' - search: - remote_uri: - users: true - anonymous: false - trending: - videos: - interval_days: 7 - redundancy: - videos: - check_interval: '1 hour' # How often you want to check new videos to cache - strategies: # Just uncomment strategies you want - # Following are saved in local-production.json - cache: - previews: - size: 500 # Max number of previews you want to cache - captions: - size: 500 # Max number of video captions/subtitles you want to cache - admin: - email: 'peertube@tools.immae.eu' - contact_form: - enabled: true - signup: - enabled: false - limit: 10 - requires_email_verification: false - filters: - cidr: - whitelist: [] - blacklist: [] - user: - video_quota: -1 - video_quota_daily: -1 - transcoding: - enabled: false - allow_additional_extensions: true - threads: 1 - resolutions: - 240p: false - 360p: false - 480p: true - 720p: true - 1080p: true - hls: - enabled: false - import: - videos: - http: - enabled: true - torrent: - enabled: false - instance: - name: 'Immae’s PeerTube' - short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' - description: ''' - terms: ''' - default_client_route: '/videos/trending' - default_nsfw_policy: 'blur' - customizations: - javascript: ''' - css: ''' - robots: | - User-agent: * - Disallow: - securitytxt: - "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" - services: - # You can provide a reporting endpoint for Content Security Policy violations - csp-logger: - twitter: - username: '@_immae' - whitelisted: false - ''; - }]; - - services.websites.tools.modules = [ - "headers" "proxy" "proxy_http" "proxy_wstunnel" - ]; - services.websites.tools.vhostConfs.peertube = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "peertube.immae.eu" ]; - root = null; - extraConfig = [ '' - RewriteEngine On - - RewriteCond %{REQUEST_URI} ^/socket.io [NC] - RewriteCond %{QUERY_STRING} transport=websocket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] - - RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] - RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] - - ProxyPass / http://localhost:${env.listenPort}/ - ProxyPassReverse / http://localhost:${env.listenPort}/ - - ProxyPreserveHost On - RequestHeader set X-Real-IP %{REMOTE_ADDR}s - '' ]; - }; - }; -}