]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/peertube/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix peertube default configuration
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / peertube / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.peertube;
4 cfg = config.myServices.websites.tools.peertube;
5 pcfg = config.services.peertube;
6 in {
7 options.myServices.websites.tools.peertube = {
8 enable = lib.mkEnableOption "enable Peertube's website";
9 };
10
11 config = lib.mkIf cfg.enable {
12 services.duplyBackup.profiles.peertube = {
13 rootDir = pcfg.dataDir;
14 };
15 services.peertube = {
16 enable = true;
17 configFile = "/var/secrets/webapps/tools-peertube";
18 package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; };
19 };
20 users.users.peertube.extraGroups = [ "keys" ];
21
22 secrets.keys = [{
23 dest = "webapps/tools-peertube";
24 user = "peertube";
25 group = "peertube";
26 permissions = "0640";
27 text = ''
28 listen:
29 hostname: 'localhost'
30 port: ${toString config.myEnv.ports.peertube}
31 webserver:
32 https: true
33 hostname: 'peertube.immae.eu'
34 port: 443
35 database:
36 hostname: '${env.postgresql.socket}'
37 port: 5432
38 suffix: '_prod'
39 username: '${env.postgresql.user}'
40 password: '${env.postgresql.password}'
41 pool:
42 max: 5
43 redis:
44 socket: '${env.redis.socket}'
45 auth: null
46 db: ${env.redis.db}
47 auth:
48 local:
49 enabled: true
50 ldap:
51 enabled: true
52 ldap_only: false
53 url: ldaps://${env.ldap.host}/${env.ldap.base}
54 bind_dn: ${env.ldap.dn}
55 bind_password: ${env.ldap.password}
56 base: ${env.ldap.base}
57 mail_entry: "mail"
58 user_filter: "${env.ldap.filter}"
59 smtp:
60 transport: sendmail
61 sendmail: '/run/wrappers/bin/sendmail'
62 from_address: 'peertube@tools.immae.eu'
63 storage:
64 tmp: '${pcfg.dataDir}/storage/tmp/'
65 avatars: '${pcfg.dataDir}/storage/avatars/'
66 videos: '${pcfg.dataDir}/storage/videos/'
67 streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
68 redundancy: '${pcfg.dataDir}/storage/videos/'
69 logs: '${pcfg.dataDir}/storage/logs/'
70 previews: '${pcfg.dataDir}/storage/previews/'
71 thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
72 torrents: '${pcfg.dataDir}/storage/torrents/'
73 captions: '${pcfg.dataDir}/storage/captions/'
74 cache: '${pcfg.dataDir}/storage/cache/'
75 plugins: '${pcfg.dataDir}/storage/plugins/'
76 '';
77 }];
78
79 services.websites.env.tools.modules = [
80 "headers" "proxy" "proxy_http" "proxy_wstunnel"
81 ];
82 services.filesWatcher.peertube = {
83 restart = true;
84 paths = [ pcfg.configFile ];
85 };
86
87 services.websites.env.tools.vhostConfs.peertube = {
88 certName = "eldiron";
89 addToCerts = true;
90 hosts = [ "peertube.immae.eu" ];
91 root = null;
92 extraConfig = [ ''
93 RewriteEngine On
94
95 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
96 RewriteCond %{QUERY_STRING} transport=websocket [NC]
97 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
98
99 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
100 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
101
102 ProxyPass / http://localhost:${toString env.listenPort}/
103 ProxyPassReverse / http://localhost:${toString env.listenPort}/
104
105 ProxyPreserveHost On
106 RequestHeader set X-Real-IP %{REMOTE_ADDR}s
107 '' ];
108 };
109 };
110 }
My infrastructure configuration