X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Fpeertube%2Fdefault.nix;h=0ebe4e79b41e655459288e24b3ca6ba128c3beb2;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/systems/eldiron/websites/peertube/default.nix b/systems/eldiron/websites/peertube/default.nix new file mode 100644 index 0000000..0ebe4e7 --- /dev/null +++ b/systems/eldiron/websites/peertube/default.nix @@ -0,0 +1,147 @@ +{ lib, pkgs, config, ... }: +let + env = config.myEnv.tools.peertube; + cfg = config.myServices.websites.tools.peertube; + pcfg = config.immaeServices.peertube; +in { + options.myServices.websites.tools.peertube = { + enable = lib.mkEnableOption "enable Peertube's website"; + }; + + config = lib.mkIf cfg.enable { + myServices.dns.zones."immae.eu".subdomains.peertube = + with config.myServices.dns.helpers; ips servers.eldiron.ips.main; + + myServices.chatonsProperties.hostings.peertube = { + file.datetime = "2022-08-21T20:00:00"; + hosting = { + name = "Peertube"; + description = "Free software to take back control of your videos"; + website = "https://peertube.immae.eu/"; + logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png"; + type = "INSTANCE"; + status.level = "OK"; + status.description = "OK"; + registration.load = "OPEN"; + install.type = "PACKAGE"; + }; + }; + myServices.chatonsProperties.services.peertube = { + file.datetime = "2022-08-21T20:00:00"; + service = { + name = "Peertube"; + description = "Free software to take back control of your videos"; + website = "https://peertube.immae.eu/"; + logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png"; + status.level = "OK"; + status.description = "OK"; + registration."" = ["MEMBER" "CLIENT"]; + registration.load = "OPEN"; + install.type = "PACKAGE"; + }; + software = { + name = "Peertube"; + website = "https://joinpeertube.org/"; + license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE"; + license.name = "GNU Affero General Public License"; + version = pcfg.package.version; + source.url = "https://github.com/Chocobozzz/PeerTube"; + }; + }; + immaeServices.peertube = { + enable = true; + configFile = config.secrets.fullPaths."webapps/tools-peertube"; + }; + users.users.peertube.extraGroups = [ "keys" ]; + + secrets.keys."webapps/tools-peertube" = { + user = "peertube"; + group = "peertube"; + permissions = "0640"; + text = '' + listen: + hostname: 'localhost' + port: ${toString config.myEnv.ports.peertube} + webserver: + https: true + hostname: 'peertube.immae.eu' + port: 443 + database: + hostname: '${env.postgresql.socket}' + port: 5432 + suffix: '_prod' + username: '${env.postgresql.user}' + password: '${env.postgresql.password}' + pool: + max: 5 + redis: + socket: '${env.redis.socket}' + auth: null + db: ${env.redis.db} + smtp: + transport: sendmail + sendmail: '/run/wrappers/bin/sendmail' + from_address: 'peertube@tools.immae.eu' + storage: + tmp: '${pcfg.dataDir}/storage/tmp/' + avatars: '${pcfg.dataDir}/storage/avatars/' + videos: '${pcfg.dataDir}/storage/videos/' + streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/' + redundancy: '${pcfg.dataDir}/storage/videos/' + logs: '${pcfg.dataDir}/storage/logs/' + previews: '${pcfg.dataDir}/storage/previews/' + thumbnails: '${pcfg.dataDir}/storage/thumbnails/' + torrents: '${pcfg.dataDir}/storage/torrents/' + captions: '${pcfg.dataDir}/storage/captions/' + cache: '${pcfg.dataDir}/storage/cache/' + plugins: '${pcfg.dataDir}/storage/plugins/' + client_overrides: '${pcfg.dataDir}/storage/client-overrides/' + ''; + }; + + services.websites.env.tools.modules = [ + "headers" "proxy" "proxy_http" "proxy_wstunnel" + ]; + services.filesWatcher.peertube = { + restart = true; + paths = [ pcfg.configFile ]; + }; + + security.acme.certs.eldiron.extraDomainNames = [ "peertube.immae.eu" ]; + services.websites.env.tools.vhostConfs.peertube = { + certName = "eldiron"; + hosts = [ "peertube.immae.eu" ]; + root = null; + extraConfig = [ '' + RewriteEngine On + + RewriteCond %{REQUEST_URI} ^/socket.io [NC] + RewriteCond %{QUERY_STRING} transport=websocket [NC] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] + + RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] + RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] + + ProxyPass / http://localhost:${toString env.listenPort}/ + ProxyPassReverse / http://localhost:${toString env.listenPort}/ + + ProxyPreserveHost On + RequestHeader set X-Real-IP %{REMOTE_ADDR}s + '' ]; + }; + + myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; + myServices.monitoring.fromMasterObjects.service = [ + { + service_description = "peertube website is running on peertube.immae.eu"; + host_name = config.hostEnv.fqdn; + use = "external-web-service"; + check_command = ["check_https" "peertube.immae.eu" "/" "Immae’s PeerTube"]; + + servicegroups = "webstatus-webapps"; + _webstatus_name = "Peertube"; + _webstatus_url = "https://peertube.immae.eu/"; + } + ]; + }; +}