]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/peertube/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add specification for the private config file as a module.
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / peertube / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.peertube;
4 cfg = config.myServices.websites.tools.peertube;
5 pcfg = config.services.peertube;
6 in {
7 options.myServices.websites.tools.peertube = {
8 enable = lib.mkEnableOption "enable Peertube's website";
9 };
10
11 config = lib.mkIf cfg.enable {
12 services.duplyBackup.profiles.peertube = {
13 rootDir = pcfg.dataDir;
14 };
15 services.peertube = {
16 enable = true;
17 configFile = "/var/secrets/webapps/tools-peertube";
18 package = pkgs.webapps.peertube.override { ldap = true; };
19 };
20 users.users.peertube.extraGroups = [ "keys" ];
21
22 secrets.keys = [{
23 dest = "webapps/tools-peertube";
24 user = "peertube";
25 group = "peertube";
26 permissions = "0640";
27 text = ''
28 listen:
29 hostname: 'localhost'
30 port: ${toString config.myEnv.ports.peertube}
31 webserver:
32 https: true
33 hostname: 'peertube.immae.eu'
34 port: 443
35 trust_proxy:
36 - 'loopback'
37 database:
38 hostname: '${env.postgresql.socket}'
39 port: 5432
40 suffix: '_prod'
41 username: '${env.postgresql.user}'
42 password: '${env.postgresql.password}'
43 pool:
44 max: 5
45 redis:
46 socket: '${env.redis.socket}'
47 auth: null
48 db: ${env.redis.db}
49 ldap:
50 enable: true
51 ldap_only: false
52 url: ldaps://${env.ldap.host}/${env.ldap.base}
53 bind_dn: ${env.ldap.dn}
54 bind_password: ${env.ldap.password}
55 base: ${env.ldap.base}
56 mail_entry: "mail"
57 user_filter: "${env.ldap.filter}"
58 smtp:
59 transport: sendmail
60 sendmail: '/run/wrappers/bin/sendmail'
61 hostname: null
62 port: 465 # If you use StartTLS: 587
63 username: null
64 password: null
65 tls: true # If you use StartTLS: false
66 disable_starttls: false
67 ca_file: null # Used for self signed certificates
68 from_address: 'peertube@tools.immae.eu'
69 storage:
70 tmp: '${pcfg.dataDir}/storage/tmp/'
71 avatars: '${pcfg.dataDir}/storage/avatars/'
72 videos: '${pcfg.dataDir}/storage/videos/'
73 redundancy: '${pcfg.dataDir}/storage/videos/'
74 logs: '${pcfg.dataDir}/storage/logs/'
75 previews: '${pcfg.dataDir}/storage/previews/'
76 thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
77 torrents: '${pcfg.dataDir}/storage/torrents/'
78 captions: '${pcfg.dataDir}/storage/captions/'
79 cache: '${pcfg.dataDir}/storage/cache/'
80 log:
81 level: 'info'
82 search:
83 remote_uri:
84 users: true
85 anonymous: false
86 trending:
87 videos:
88 interval_days: 7
89 redundancy:
90 videos:
91 check_interval: '1 hour' # How often you want to check new videos to cache
92 strategies: # Just uncomment strategies you want
93 # Following are saved in local-production.json
94 cache:
95 previews:
96 size: 500 # Max number of previews you want to cache
97 captions:
98 size: 500 # Max number of video captions/subtitles you want to cache
99 admin:
100 email: 'peertube@tools.immae.eu'
101 contact_form:
102 enabled: true
103 signup:
104 enabled: false
105 limit: 10
106 requires_email_verification: false
107 filters:
108 cidr:
109 whitelist: []
110 blacklist: []
111 user:
112 video_quota: -1
113 video_quota_daily: -1
114 transcoding:
115 enabled: false
116 allow_additional_extensions: true
117 threads: 1
118 resolutions:
119 240p: false
120 360p: false
121 480p: true
122 720p: true
123 1080p: true
124 hls:
125 enabled: false
126 import:
127 videos:
128 http:
129 enabled: true
130 torrent:
131 enabled: false
132 instance:
133 name: 'Immae’s PeerTube'
134 short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
135 description: '''
136 terms: '''
137 default_client_route: '/videos/trending'
138 default_nsfw_policy: 'blur'
139 customizations:
140 javascript: '''
141 css: '''
142 robots: |
143 User-agent: *
144 Disallow:
145 securitytxt:
146 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
147 services:
148 # You can provide a reporting endpoint for Content Security Policy violations
149 csp-logger:
150 twitter:
151 username: '@_immae'
152 whitelisted: false
153 '';
154 }];
155
156 services.websites.env.tools.modules = [
157 "headers" "proxy" "proxy_http" "proxy_wstunnel"
158 ];
159 services.filesWatcher.peertube = {
160 restart = true;
161 paths = [ pcfg.configFile ];
162 };
163
164 services.websites.env.tools.vhostConfs.peertube = {
165 certName = "eldiron";
166 addToCerts = true;
167 hosts = [ "peertube.immae.eu" ];
168 root = null;
169 extraConfig = [ ''
170 RewriteEngine On
171
172 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
173 RewriteCond %{QUERY_STRING} transport=websocket [NC]
174 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
175
176 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
177 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
178
179 ProxyPass / http://localhost:${toString env.listenPort}/
180 ProxyPassReverse / http://localhost:${toString env.listenPort}/
181
182 ProxyPreserveHost On
183 RequestHeader set X-Real-IP %{REMOTE_ADDR}s
184 '' ];
185 };
186 };
187 }
My infrastructure configuration