X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube.nix;h=6cc6d3834b25f4f07c1138f8e09484743a8263d9;hb=daf64e3f7de98e4267823d14fa34891b27b5f657;hp=813df25fb0a9fd829a3f38112affde6f4f173238;hpb=598aaa373c359046ee08ab5e7576ebaa4f0331e0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix
index 813df25..6cc6d38 100644
--- a/nixops/modules/websites/tools/peertube.nix
+++ b/nixops/modules/websites/tools/peertube.nix
@@ -1,62 +1,22 @@
-{ lib, pkgs, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig,  ... }:
 let
-  peertube = pkgs.webapps.peertube.override { ldap = true; };
-  varDir = "/var/lib/peertube";
   env = myconfig.env.tools.peertube;
   cfg = config.services.myWebsites.tools.peertube;
+  pcfg = config.services.peertube;
 in {
   options.services.myWebsites.tools.peertube = {
     enable = lib.mkEnableOption "enable Peertube's website";
   };
 
   config = lib.mkIf cfg.enable {
-    ids.uids.peertube = env.user.uid;
-    ids.gids.peertube = env.user.gid;
-
-    users.users.peertube = {
-      name = "peertube";
-      uid = config.ids.uids.peertube;
-      group = "peertube";
-      description = "Peertube user";
-      home = varDir;
-      useDefaultShell = true;
-      extraGroups = [ "keys" ];
-    };
-
-    users.groups.peertube.gid = config.ids.gids.peertube;
-
-    systemd.services.peertube = {
-      description = "Peertube";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" ];
-
-      environment.NODE_CONFIG_DIR = "${varDir}/config";
-      environment.NODE_ENV = "production";
-      environment.HOME = peertube;
-
-      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-
-      script = ''
-        exec npm run start
-      '';
-
-      serviceConfig = {
-        User = "peertube";
-        Group = "peertube";
-        WorkingDirectory = peertube;
-        PrivateTmp = true;
-        ProtectHome = true;
-        ProtectControlGroups = true;
-        Restart = "always";
-        Type = "simple";
-        TimeoutSec = 60;
-      };
-
-      unitConfig.RequiresMountsFor = varDir;
+    services.peertube = {
+      enable = true;
+      configFile = "/var/secrets/webapps/tools-peertube";
+      package = pkgs.webapps.peertube.override { ldap = true; };
     };
+    users.users.peertube.extraGroups = [ "keys" ];
 
-    mySecrets.keys = [{
+    secrets.keys = [{
       dest = "webapps/tools-peertube";
       user = "peertube";
       group = "peertube";
@@ -104,16 +64,16 @@ in {
           ca_file: null # Used for self signed certificates
           from_address: 'peertube@tools.immae.eu'
         storage:
-          tmp: '${varDir}/storage/tmp/'
-          avatars: '${varDir}/storage/avatars/'
-          videos: '${varDir}/storage/videos/'
-          redundancy: '${varDir}/storage/videos/'
-          logs: '${varDir}/storage/logs/'
-          previews: '${varDir}/storage/previews/'
-          thumbnails: '${varDir}/storage/thumbnails/'
-          torrents: '${varDir}/storage/torrents/'
-          captions: '${varDir}/storage/captions/'
-          cache: '${varDir}/storage/cache/'
+          tmp: '${pcfg.dataDir}/storage/tmp/'
+          avatars: '${pcfg.dataDir}/storage/avatars/'
+          videos: '${pcfg.dataDir}/storage/videos/'
+          redundancy: '${pcfg.dataDir}/storage/videos/'
+          logs: '${pcfg.dataDir}/storage/logs/'
+          previews: '${pcfg.dataDir}/storage/previews/'
+          thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
+          torrents: '${pcfg.dataDir}/storage/torrents/'
+          captions: '${pcfg.dataDir}/storage/captions/'
+          cache: '${pcfg.dataDir}/storage/cache/'
         log:
           level: 'info'
         search:
@@ -190,35 +150,29 @@ in {
         '';
     }];
 
-    system.activationScripts.peertube = {
-      deps = [ "users" ];
-      text = ''
-        install -m 0750 -o peertube -g peertube -d ${varDir}
-        install -m 0750 -o peertube -g peertube -d ${varDir}/config
-        ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
-        '';
-    };
-
-    services.myWebsites.tools.modules = [
+    services.websites.tools.modules = [
       "headers" "proxy" "proxy_http" "proxy_wstunnel"
     ];
     security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
-    services.myWebsites.tools.vhostConfs.peertube = {
+    services.websites.tools.vhostConfs.peertube = {
       certName    = "eldiron";
       hosts       = [ "peertube.immae.eu" ];
       root        = null;
       extraConfig = [ ''
+          RewriteEngine On
+
+          RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
+          RewriteCond %{QUERY_STRING} transport=websocket    [NC]
+          RewriteRule /(.*)           ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+
+          RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
+          RewriteRule /(.*)           ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+
           ProxyPass /        http://localhost:${env.listenPort}/
           ProxyPassReverse / http://localhost:${env.listenPort}/
 
           ProxyPreserveHost On
           RequestHeader set X-Real-IP %{REMOTE_ADDR}s
-
-          ProxyPass /tracker/socket        ws://127.0.0.1:${env.listenPort}/tracker/socket
-          ProxyPassReverse /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket
-
-          ProxyPass /socket.io        ws://127.0.0.1:${env.listenPort}/socket.io
-          ProxyPassReverse /socket.io ws://127.0.0.1:${env.listenPort}/socket.io
       '' ];
     };
   };