[perso/Immae/Config/Nix.git] / systems / eldiron / websites / peertube / default.nix

{ lib, pkgs, config,  ... }:
let
  env = config.myEnv.tools.peertube;
  cfg = config.myServices.websites.tools.peertube;
  pcfg = config.immaeServices.peertube;
in {
  options.myServices.websites.tools.peertube = {
    enable = lib.mkEnableOption "enable Peertube's website";
  };

  config = lib.mkIf cfg.enable {
    myServices.dns.zones."immae.eu".subdomains.peertube =
      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;

    myServices.chatonsProperties.hostings.peertube = {
      file.datetime = "2022-08-21T20:00:00";
      hosting = {
        name = "Peertube";
        description = "Free software to take back control of your videos";
        website = "https://peertube.immae.eu/";
        logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
        type = "INSTANCE";
        status.level = "OK";
        status.description = "OK";
        registration.load = "OPEN";
        install.type = "PACKAGE";
      };
    };
    myServices.chatonsProperties.services.peertube = {
      file.datetime = "2022-08-21T20:00:00";
      service = {
        name = "Peertube";
        description = "Free software to take back control of your videos";
        website = "https://peertube.immae.eu/";
        logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
        status.level = "OK";
        status.description = "OK";
        registration."" = ["MEMBER" "CLIENT"];
        registration.load = "OPEN";
        install.type = "PACKAGE";
      };
      software = {
        name = "Peertube";
        website = "https://joinpeertube.org/";
        license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE";
        license.name = "GNU Affero General Public License";
        version = pcfg.package.version;
        source.url = "https://github.com/Chocobozzz/PeerTube";
      };
    };
    immaeServices.peertube = {
      enable = true;
      configFile = config.secrets.fullPaths."webapps/tools-peertube";
    };
    users.users.peertube.extraGroups = [ "keys" ];

    secrets.keys."webapps/tools-peertube" = {
      user = "peertube";
      group = "peertube";
      permissions = "0640";
      text = ''
        listen:
          hostname: 'localhost'
          port: ${toString config.myEnv.ports.peertube}
        webserver:
          https: true
          hostname: 'peertube.immae.eu'
          port: 443
        database:
          hostname: '${env.postgresql.socket}'
          port: 5432
          suffix: '_prod'
          username: '${env.postgresql.user}'
          password: '${env.postgresql.password}'
          pool:
            max: 5
        redis:
          socket: '${env.redis.socket}'
          auth: null
          db: ${env.redis.db}
        smtp:
          transport: sendmail
          sendmail: '/run/wrappers/bin/sendmail'
          from_address: 'peertube@tools.immae.eu'
        storage:
          tmp: '${pcfg.dataDir}/storage/tmp/'
          avatars: '${pcfg.dataDir}/storage/avatars/'
          videos: '${pcfg.dataDir}/storage/videos/'
          streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
          redundancy: '${pcfg.dataDir}/storage/videos/'
          logs: '${pcfg.dataDir}/storage/logs/'
          previews: '${pcfg.dataDir}/storage/previews/'
          thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
          torrents: '${pcfg.dataDir}/storage/torrents/'
          captions: '${pcfg.dataDir}/storage/captions/'
          cache: '${pcfg.dataDir}/storage/cache/'
          plugins: '${pcfg.dataDir}/storage/plugins/'
          client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
        '';
    };

    services.websites.env.tools.modules = [
      "headers" "proxy" "proxy_http" "proxy_wstunnel"
    ];
    services.filesWatcher.peertube = {
      restart = true;
      paths = [ pcfg.configFile ];
    };

    security.acme.certs.eldiron.extraDomainNames = [ "peertube.immae.eu" ];
    services.websites.env.tools.vhostConfs.peertube = {
      certName    = "eldiron";
      hosts       = [ "peertube.immae.eu" ];
      root        = null;
      extraConfig = [ ''
          RewriteEngine On

          RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
          RewriteCond %{QUERY_STRING} transport=websocket    [NC]
          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]

          RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]

          ProxyPass /        http://localhost:${toString env.listenPort}/
          ProxyPassReverse / http://localhost:${toString env.listenPort}/

          ProxyPreserveHost On
          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
      '' ];
    };

    myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
    myServices.monitoring.fromMasterObjects.service = [
      {
        service_description = "peertube website is running on peertube.immae.eu";
        host_name = config.hostEnv.fqdn;
        use = "external-web-service";
        check_command = ["check_https" "peertube.immae.eu" "/" "<title>Immae’s PeerTube"];

        servicegroups = "webstatus-webapps";
        _webstatus_name = "Peertube";
        _webstatus_url = "https://peertube.immae.eu/";
      }
    ];
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
f3a8fab5	2	let
ab8f306d	3	env = config.myEnv.tools.peertube;
4288c2f2	4	cfg = config.myServices.websites.tools.peertube;
1a64deeb	5	pcfg = config.immaeServices.peertube;
f3a8fab5	6	in {
4288c2f2	7	options.myServices.websites.tools.peertube = {
f3a8fab5 IB	8	enable = lib.mkEnableOption "enable Peertube's website";
	9	};
	10
	11	config = lib.mkIf cfg.enable {
1a64deeb IB	12	myServices.dns.zones."immae.eu".subdomains.peertube =
	13	with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
	14
	15	myServices.chatonsProperties.hostings.peertube = {
	16	file.datetime = "2022-08-21T20:00:00";
	17	hosting = {
	18	name = "Peertube";
	19	description = "Free software to take back control of your videos";
	20	website = "https://peertube.immae.eu/";
	21	logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
	22	type = "INSTANCE";
	23	status.level = "OK";
	24	status.description = "OK";
	25	registration.load = "OPEN";
	26	install.type = "PACKAGE";
	27	};
	28	};
	29	myServices.chatonsProperties.services.peertube = {
	30	file.datetime = "2022-08-21T20:00:00";
	31	service = {
	32	name = "Peertube";
	33	description = "Free software to take back control of your videos";
	34	website = "https://peertube.immae.eu/";
	35	logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
	36	status.level = "OK";
	37	status.description = "OK";
	38	registration."" = ["MEMBER" "CLIENT"];
	39	registration.load = "OPEN";
	40	install.type = "PACKAGE";
	41	};
	42	software = {
	43	name = "Peertube";
	44	website = "https://joinpeertube.org/";
	45	license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE";
	46	license.name = "GNU Affero General Public License";
	47	version = pcfg.package.version;
	48	source.url = "https://github.com/Chocobozzz/PeerTube";
	49	};
	50	};
	51	immaeServices.peertube = {
d42bbbe6	52	enable = true;
da30ae4f	53	configFile = config.secrets.fullPaths."webapps/tools-peertube";
f3a8fab5	54	};
d42bbbe6	55	users.users.peertube.extraGroups = [ "keys" ];
f3a8fab5	56
4c4652aa	57	secrets.keys."webapps/tools-peertube" = {
f3a8fab5 IB	58	user = "peertube";
	59	group = "peertube";
	60	permissions = "0640";
	61	text = ''
	62	listen:
	63	hostname: 'localhost'
ab8f306d	64	port: ${toString config.myEnv.ports.peertube}
f3a8fab5 IB	65	webserver:
	66	https: true
	67	hostname: 'peertube.immae.eu'
	68	port: 443
f3a8fab5 IB	69	database:
	70	hostname: '${env.postgresql.socket}'
	71	port: 5432
	72	suffix: '_prod'
	73	username: '${env.postgresql.user}'
	74	password: '${env.postgresql.password}'
	75	pool:
	76	max: 5
	77	redis:
	78	socket: '${env.redis.socket}'
	79	auth: null
ab8f306d	80	db: ${env.redis.db}
f3a8fab5 IB	81	smtp:
	82	transport: sendmail
	83	sendmail: '/run/wrappers/bin/sendmail'
f3a8fab5 IB	84	from_address: 'peertube@tools.immae.eu'
f3a8fab5 IB	85	storage:
d42bbbe6 IB	86	tmp: '${pcfg.dataDir}/storage/tmp/'
	87	avatars: '${pcfg.dataDir}/storage/avatars/'
	88	videos: '${pcfg.dataDir}/storage/videos/'
b639cc33	89	streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
d42bbbe6 IB	90	redundancy: '${pcfg.dataDir}/storage/videos/'
	91	logs: '${pcfg.dataDir}/storage/logs/'
	92	previews: '${pcfg.dataDir}/storage/previews/'
	93	thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
	94	torrents: '${pcfg.dataDir}/storage/torrents/'
	95	captions: '${pcfg.dataDir}/storage/captions/'
	96	cache: '${pcfg.dataDir}/storage/cache/'
b639cc33	97	plugins: '${pcfg.dataDir}/storage/plugins/'
3d11eafc	98	client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
f3a8fab5	99	'';
4c4652aa	100	};
f3a8fab5	101
29f8cb85	102	services.websites.env.tools.modules = [
f3a8fab5 IB	103	"headers" "proxy" "proxy_http" "proxy_wstunnel"
f3a8fab5 IB	104	];
17f6eae9 IB	105	services.filesWatcher.peertube = {
	106	restart = true;
	107	paths = [ pcfg.configFile ];
	108	};
	109
1a64deeb	110	security.acme.certs.eldiron.extraDomainNames = [ "peertube.immae.eu" ];
29f8cb85	111	services.websites.env.tools.vhostConfs.peertube = {
f3a8fab5 IB	112	certName = "eldiron";
	113	hosts = [ "peertube.immae.eu" ];
	114	root = null;
	115	extraConfig = [ ''
f826c67c IB	116	RewriteEngine On
	117
	118	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
	119	RewriteCond %{QUERY_STRING} transport=websocket [NC]
ab8f306d	120	RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
f826c67c IB	121
f826c67c IB	122	RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
ab8f306d	123	RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
f826c67c	124
ab8f306d IB	125	ProxyPass / http://localhost:${toString env.listenPort}/
ab8f306d IB	126	ProxyPassReverse / http://localhost:${toString env.listenPort}/
f3a8fab5 IB	127
	128	ProxyPreserveHost On
	129	RequestHeader set X-Real-IP %{REMOTE_ADDR}s
f3a8fab5 IB	130	'' ];
f3a8fab5 IB	131	};
1a64deeb IB	132
	133	myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
	134	myServices.monitoring.fromMasterObjects.service = [
	135	{
	136	service_description = "peertube website is running on peertube.immae.eu";
	137	host_name = config.hostEnv.fqdn;
	138	use = "external-web-service";
	139	check_command = ["check_https" "peertube.immae.eu" "/" "<title>Immae’s PeerTube"];
	140
	141	servicegroups = "webstatus-webapps";
	142	_webstatus_name = "Peertube";
	143	_webstatus_url = "https://peertube.immae.eu/";
	144	}
	145	];
f3a8fab5 IB	146	};
f3a8fab5 IB	147	}