]>
Commit | Line | Data |
---|---|---|
8a05c7fb IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | scfg = config.myServices.websites.syden.peertube; | |
4 | name = "peertube"; | |
5 | dataDir = "/var/lib/syden_peertube"; | |
3d11eafc | 6 | package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).packages.x86_64-linux.peertube_syden; |
8a05c7fb IB |
7 | env = config.myEnv.tools.syden_peertube; |
8 | in | |
9 | { | |
10 | options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website"; | |
11 | ||
12 | config = lib.mkIf scfg.enable { | |
8a05c7fb IB |
13 | users.users.peertube = { |
14 | uid = config.ids.uids.peertube; | |
15 | group = "peertube"; | |
16 | description = "Peertube user"; | |
17 | useDefaultShell = true; | |
18 | extraGroups = [ "keys" ]; | |
19 | }; | |
20 | users.groups.peertube.gid = config.ids.gids.peertube; | |
21 | ||
4c4652aa | 22 | secrets.keys."websites/syden/peertube" = { |
8a05c7fb IB |
23 | user = "peertube"; |
24 | group = "peertube"; | |
25 | permissions = "0640"; | |
26 | text = '' | |
27 | listen: | |
28 | hostname: 'localhost' | |
29 | port: ${toString env.listenPort} | |
30 | webserver: | |
31 | https: true | |
a8c07ade | 32 | hostname: 'record-links.immae.eu' |
8a05c7fb IB |
33 | port: 443 |
34 | database: | |
35 | hostname: '${env.postgresql.socket}' | |
36 | port: 5432 | |
37 | suffix: '_syden' | |
38 | username: '${env.postgresql.user}' | |
39 | password: '${env.postgresql.password}' | |
40 | pool: | |
41 | max: 5 | |
42 | redis: | |
43 | socket: '${env.redis.socket}' | |
44 | auth: null | |
45 | db: ${env.redis.db} | |
46 | smtp: | |
47 | transport: sendmail | |
48 | sendmail: '/run/wrappers/bin/sendmail' | |
49 | from_address: 'peertube@tools.immae.eu' | |
50 | storage: | |
51 | tmp: '${dataDir}/storage/tmp/' | |
52 | avatars: '${dataDir}/storage/avatars/' | |
53 | videos: '${dataDir}/storage/videos/' | |
54 | streaming_playlists: '${dataDir}/storage/streaming-playlists/' | |
55 | redundancy: '${dataDir}/storage/videos/' | |
56 | logs: '${dataDir}/storage/logs/' | |
57 | previews: '${dataDir}/storage/previews/' | |
58 | thumbnails: '${dataDir}/storage/thumbnails/' | |
59 | torrents: '${dataDir}/storage/torrents/' | |
60 | captions: '${dataDir}/storage/captions/' | |
61 | cache: '${dataDir}/storage/cache/' | |
62 | plugins: '${dataDir}/storage/plugins/' | |
ce950269 | 63 | client_overrides: '${dataDir}/storage/client-overrides/' |
8a05c7fb | 64 | ''; |
4c4652aa | 65 | }; |
8a05c7fb IB |
66 | |
67 | services.filesWatcher.syden_peertube = { | |
68 | restart = true; | |
d3452fc5 | 69 | paths = [ config.secrets.fullPaths."websites/syden/peertube" ]; |
8a05c7fb IB |
70 | }; |
71 | ||
72 | systemd.services.syden_peertube = { | |
73 | description = "Peertube"; | |
74 | wantedBy = [ "multi-user.target" ]; | |
75 | after = [ "network.target" "postgresql.service" ]; | |
76 | wants = [ "postgresql.service" ]; | |
77 | ||
78 | environment.NODE_CONFIG_DIR = "${dataDir}/config"; | |
79 | environment.NODE_ENV = "production"; | |
80 | environment.HOME = package; | |
81 | ||
82 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | |
83 | ||
84 | script = '' | |
85 | install -m 0750 -d ${dataDir}/config | |
d3452fc5 | 86 | ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml |
8a05c7fb IB |
87 | ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml |
88 | exec npm run start | |
89 | ''; | |
90 | ||
91 | serviceConfig = { | |
92 | User = "peertube"; | |
93 | Group = "peertube"; | |
94 | WorkingDirectory = package; | |
95 | StateDirectory = "syden_peertube"; | |
96 | StateDirectoryMode = 0750; | |
97 | PrivateTmp = true; | |
98 | ProtectHome = true; | |
99 | ProtectControlGroups = true; | |
100 | Restart = "always"; | |
101 | Type = "simple"; | |
102 | TimeoutSec = 60; | |
103 | }; | |
104 | ||
105 | unitConfig.RequiresMountsFor = dataDir; | |
106 | }; | |
107 | ||
108 | services.websites.env.production.vhostConfs.syden_peertube = { | |
d3452fc5 IB |
109 | certName = "syden"; |
110 | addToCerts = true; | |
a8c07ade IB |
111 | certMainHost = "record-links.immae.eu"; |
112 | hosts = [ "record-links.immae.eu" ]; | |
d3452fc5 IB |
113 | root = null; |
114 | extraConfig = [ '' | |
8a05c7fb IB |
115 | RewriteEngine On |
116 | ||
117 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | |
118 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | |
119 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
120 | ||
121 | RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] | |
122 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | |
123 | ||
124 | ProxyPass / http://localhost:${toString env.listenPort}/ | |
125 | ProxyPassReverse / http://localhost:${toString env.listenPort}/ | |
126 | ||
127 | ProxyPreserveHost On | |
128 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | |
129 | '' ]; | |
130 | }; | |
131 | }; | |
132 | } |