X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube.nix;h=ab5e08a18c27f8517e7e8de0b67e36059bc3f6f8;hb=1a7188052f235fb632700478fad0108e4306107d;hp=813df25fb0a9fd829a3f38112affde6f4f173238;hpb=598aaa373c359046ee08ab5e7576ebaa4f0331e0;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 813df25..ab5e08a 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix @@ -1,62 +1,22 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - peertube = pkgs.webapps.peertube.override { ldap = true; }; - varDir = "/var/lib/peertube"; env = myconfig.env.tools.peertube; cfg = config.services.myWebsites.tools.peertube; + pcfg = config.services.peertube; in { options.services.myWebsites.tools.peertube = { enable = lib.mkEnableOption "enable Peertube's website"; }; config = lib.mkIf cfg.enable { - ids.uids.peertube = env.user.uid; - ids.gids.peertube = env.user.gid; - - users.users.peertube = { - name = "peertube"; - uid = config.ids.uids.peertube; - group = "peertube"; - description = "Peertube user"; - home = varDir; - useDefaultShell = true; - extraGroups = [ "keys" ]; - }; - - users.groups.peertube.gid = config.ids.gids.peertube; - - systemd.services.peertube = { - description = "Peertube"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - wants = [ "postgresql.service" ]; - - environment.NODE_CONFIG_DIR = "${varDir}/config"; - environment.NODE_ENV = "production"; - environment.HOME = peertube; - - path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; - - script = '' - exec npm run start - ''; - - serviceConfig = { - User = "peertube"; - Group = "peertube"; - WorkingDirectory = peertube; - PrivateTmp = true; - ProtectHome = true; - ProtectControlGroups = true; - Restart = "always"; - Type = "simple"; - TimeoutSec = 60; - }; - - unitConfig.RequiresMountsFor = varDir; + services.peertube = { + enable = true; + configFile = "/var/secrets/webapps/tools-peertube"; + package = pkgs.webapps.peertube.override { ldap = true; }; }; + users.users.peertube.extraGroups = [ "keys" ]; - mySecrets.keys = [{ + secrets.keys = [{ dest = "webapps/tools-peertube"; user = "peertube"; group = "peertube"; @@ -104,16 +64,16 @@ in { ca_file: null # Used for self signed certificates from_address: 'peertube@tools.immae.eu' storage: - tmp: '${varDir}/storage/tmp/' - avatars: '${varDir}/storage/avatars/' - videos: '${varDir}/storage/videos/' - redundancy: '${varDir}/storage/videos/' - logs: '${varDir}/storage/logs/' - previews: '${varDir}/storage/previews/' - thumbnails: '${varDir}/storage/thumbnails/' - torrents: '${varDir}/storage/torrents/' - captions: '${varDir}/storage/captions/' - cache: '${varDir}/storage/cache/' + tmp: '${pcfg.dataDir}/storage/tmp/' + avatars: '${pcfg.dataDir}/storage/avatars/' + videos: '${pcfg.dataDir}/storage/videos/' + redundancy: '${pcfg.dataDir}/storage/videos/' + logs: '${pcfg.dataDir}/storage/logs/' + previews: '${pcfg.dataDir}/storage/previews/' + thumbnails: '${pcfg.dataDir}/storage/thumbnails/' + torrents: '${pcfg.dataDir}/storage/torrents/' + captions: '${pcfg.dataDir}/storage/captions/' + cache: '${pcfg.dataDir}/storage/cache/' log: level: 'info' search: @@ -190,15 +150,6 @@ in { ''; }]; - system.activationScripts.peertube = { - deps = [ "users" ]; - text = '' - install -m 0750 -o peertube -g peertube -d ${varDir} - install -m 0750 -o peertube -g peertube -d ${varDir}/config - ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml - ''; - }; - services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ];