[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / peertube / peertube.nix

{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
let
  varDir = "/var/lib/peertube";
  listenPort = env.listenPort;
  # Doesn't seem to work
  # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
  #   patches = [ ./ldap.patch ];
  #   installPhase = ''
  #     mkdir $out
  #     cp package.json yarn.lock $out/
  #     '';
  # });
  # yarnModules = pkgs.yarn2nix.mkYarnModules {
  #   name = "peertube-yarn-modules";
  #   packageJSON = "${patchedPackages}/package.json";
  #   yarnLock = "${patchedPackages}/yarn.lock";
  #   yarnNix = ./yarn-packages.nix;
  # };
  patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
    __noChroot = true;
    patches = [
      ./ldap.patch
      ./sendmail.patch
    ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --pure-lockfile
      npm run build:server
      '';
    installPhase = ''
      mkdir $out
      cp -a dist/server $out
      '';
    buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
  });
  webappDir = stdenv.mkDerivation rec {
    __noChroot = true;
    version = "v1.2.0";
    name = "peertube-${version}";
    src = fetchzip {
      url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
      sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
    };
    patches = [ ./ldap_yarn.patch ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --production --pure-lockfile
      rm -rf dist/server && cp -a ${patchedServer}/server dist
      '';
    installPhase = ''
      mkdir $out
      cp -a * $out
      '';
    buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
  };
  config = ''
    listen:
      hostname: 'localhost'
      port: ${env.listenPort}
    webserver:
      https: true
      hostname: 'peertube.immae.eu'
      port: 443
    trust_proxy:
      - 'loopback'
    database:
      hostname: '${env.postgresql.socket}'
      port: 5432
      suffix: '_prod'
      username: '${env.postgresql.user}'
      password: '${env.postgresql.password}'
      pool:
        max: 5
    redis:
      socket: '${env.redis.socket}'
      auth: null
      db: ${env.redis.db_index}
    ldap:
      enable: true
      ldap_only: false
      url: ldaps://${env.ldap.host}/${env.ldap.base}
      bind_dn: ${env.ldap.dn}
      bind_password: ${env.ldap.password}
      base: ${env.ldap.base}
      mail_entry: "mail"
      user_filter: "${env.ldap.filter}"
    smtp:
      transport: sendmail
      sendmail: '/run/wrappers/bin/sendmail'
      hostname: null
      port: 465 # If you use StartTLS: 587
      username: null
      password: null
      tls: true # If you use StartTLS: false
      disable_starttls: false
      ca_file: null # Used for self signed certificates
      from_address: 'peertube@tools.immae.eu'
    storage:
      tmp: '${varDir}/storage/tmp/'
      avatars: '${varDir}/storage/avatars/'
      videos: '${varDir}/storage/videos/'
      redundancy: '${varDir}/storage/videos/'
      logs: '${varDir}/storage/logs/'
      previews: '${varDir}/storage/previews/'
      thumbnails: '${varDir}/storage/thumbnails/'
      torrents: '${varDir}/storage/torrents/'
      captions: '${varDir}/storage/captions/'
      cache: '${varDir}/storage/cache/'
    log:
      level: 'info'
    search:
      remote_uri:
        users: true
        anonymous: false
    trending:
      videos:
        interval_days: 7
    redundancy:
      videos:
        check_interval: '1 hour' # How often you want to check new videos to cache
        strategies: # Just uncomment strategies you want
    # Following are saved in local-production.json
    cache:
      previews:
        size: 500 # Max number of previews you want to cache
      captions:
        size: 500 # Max number of video captions/subtitles you want to cache
    admin:
      email: 'peertube@tools.immae.eu'
    contact_form:
      enabled: true
    signup:
      enabled: false
      limit: 10
      requires_email_verification: false
      filters:
        cidr:
          whitelist: []
          blacklist: []
    user:
      video_quota: -1
      video_quota_daily: -1
    transcoding:
      enabled: false
      allow_additional_extensions: true
      threads: 1
      resolutions:
        240p: false
        360p: false
        480p: true
        720p: true
        1080p: true
      hls:
        enabled: false
    import:
      videos:
        http:
          enabled: true
        torrent:
          enabled: false
    instance:
      name: 'Immae&#x2019;s PeerTube'
      short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
      description: '''
      terms: '''
      default_client_route: '/videos/trending'
      default_nsfw_policy: 'blur'
      customizations:
        javascript: '''
        css: '''
      robots: |
        User-agent: *
        Disallow:
      securitytxt:
        "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
    services:
      # You can provide a reporting endpoint for Content Security Policy violations
      csp-logger:
      twitter:
        username: '@_immae'
        whitelisted: false
    '';
in
  {
    inherit varDir webappDir config listenPort;
  }
Commit	Line	Data
0eaac6ba IB	1	{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
	2	let
	3	varDir = "/var/lib/peertube";
	4	listenPort = env.listenPort;
	5	# Doesn't seem to work
	6	# patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
	7	# patches = [ ./ldap.patch ];
	8	# installPhase = ''
	9	# mkdir $out
	10	# cp package.json yarn.lock $out/
	11	# '';
	12	# });
	13	# yarnModules = pkgs.yarn2nix.mkYarnModules {
	14	# name = "peertube-yarn-modules";
	15	# packageJSON = "${patchedPackages}/package.json";
	16	# yarnLock = "${patchedPackages}/yarn.lock";
	17	# yarnNix = ./yarn-packages.nix;
	18	# };
	19	patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
	20	__noChroot = true;
	21	patches = [
	22	./ldap.patch
	23	./sendmail.patch
	24	];
	25	buildPhase = ''
	26	export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
	27	export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
	28	export HOME=$PWD
	29	yarn install --pure-lockfile
	30	npm run build:server
	31	'';
	32	installPhase = ''
	33	mkdir $out
	34	cp -a dist/server $out
	35	'';
	36	buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
	37	});
	38	webappDir = stdenv.mkDerivation rec {
	39	__noChroot = true;
	40	version = "v1.2.0";
	41	name = "peertube-${version}";
	42	src = fetchzip {
	43	url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
	44	sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
	45	};
	46	patches = [ ./ldap_yarn.patch ];
	47	buildPhase = ''
	48	export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
	49	export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
	50	export HOME=$PWD
	51	yarn install --production --pure-lockfile
	52	rm -rf dist/server && cp -a ${patchedServer}/server dist
	53	'';
	54	installPhase = ''
	55	mkdir $out
	56	cp -a * $out
	57	'';
	58	buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
	59	};
4a65e38b IB	60	config = ''
	61	listen:
	62	hostname: 'localhost'
	63	port: ${env.listenPort}
	64	webserver:
	65	https: true
	66	hostname: 'peertube.immae.eu'
	67	port: 443
	68	trust_proxy:
	69	- 'loopback'
	70	database:
	71	hostname: '${env.postgresql.socket}'
	72	port: 5432
	73	suffix: '_prod'
	74	username: '${env.postgresql.user}'
	75	password: '${env.postgresql.password}'
	76	pool:
	77	max: 5
	78	redis:
	79	socket: '${env.redis.socket}'
	80	auth: null
	81	db: ${env.redis.db_index}
	82	ldap:
	83	enable: true
	84	ldap_only: false
	85	url: ldaps://${env.ldap.host}/${env.ldap.base}
	86	bind_dn: ${env.ldap.dn}
	87	bind_password: ${env.ldap.password}
	88	base: ${env.ldap.base}
	89	mail_entry: "mail"
	90	user_filter: "${env.ldap.filter}"
	91	smtp:
	92	transport: sendmail
	93	sendmail: '/run/wrappers/bin/sendmail'
	94	hostname: null
	95	port: 465 # If you use StartTLS: 587
	96	username: null
	97	password: null
	98	tls: true # If you use StartTLS: false
	99	disable_starttls: false
	100	ca_file: null # Used for self signed certificates
	101	from_address: 'peertube@tools.immae.eu'
	102	storage:
	103	tmp: '${varDir}/storage/tmp/'
	104	avatars: '${varDir}/storage/avatars/'
	105	videos: '${varDir}/storage/videos/'
	106	redundancy: '${varDir}/storage/videos/'
	107	logs: '${varDir}/storage/logs/'
	108	previews: '${varDir}/storage/previews/'
	109	thumbnails: '${varDir}/storage/thumbnails/'
	110	torrents: '${varDir}/storage/torrents/'
	111	captions: '${varDir}/storage/captions/'
	112	cache: '${varDir}/storage/cache/'
	113	log:
	114	level: 'info'
	115	search:
	116	remote_uri:
	117	users: true
	118	anonymous: false
	119	trending:
	120	videos:
	121	interval_days: 7
	122	redundancy:
	123	videos:
124	check_interval: '1 hour' # How often you want to check new videos to cache
125	strategies: # Just uncomment strategies you want
126	# Following are saved in local-production.json
127	cache:
128	previews:
129	size: 500 # Max number of previews you want to cache
130	captions:
131	size: 500 # Max number of video captions/subtitles you want to cache
132	admin:
133	email: 'peertube@tools.immae.eu'
134	contact_form:
135	enabled: true
136	signup:
137	enabled: false
138	limit: 10
139	requires_email_verification: false
140	filters:
141	cidr:
142	whitelist: []
143	blacklist: []
144	user:
145	video_quota: -1
146	video_quota_daily: -1
147	transcoding:
148	enabled: false
149	allow_additional_extensions: true
150	threads: 1
151	resolutions:
152	240p: false
153	360p: false
154	480p: true
155	720p: true
156	1080p: true
157	hls:
158	enabled: false
159	import:
160	videos:
161	http:
0eaac6ba	162	enabled: true
4a65e38b	163	torrent:
0eaac6ba	164	enabled: false
4a65e38b IB	165	instance:
	166	name: 'Immae’s PeerTube'
	167	short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
	168	description: '''
	169	terms: '''
	170	default_client_route: '/videos/trending'
	171	default_nsfw_policy: 'blur'
	172	customizations:
	173	javascript: '''
	174	css: '''
	175	robots: \|
	176	User-agent: *
	177	Disallow:
	178	securitytxt:
	179	"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
	180	services:
	181	# You can provide a reporting endpoint for Content Security Policy violations
	182	csp-logger:
	183	twitter:
	184	username: '@_immae'
	185	whitelisted: false
	186	'';
0eaac6ba IB	187	in
	188	{
	189	inherit varDir webappDir config listenPort;
	190	}