]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/peertube/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Upgrade peertube to latest version
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / peertube / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.peertube;
4 cfg = config.myServices.websites.tools.peertube;
5 pcfg = config.services.peertube;
6 in {
7 options.myServices.websites.tools.peertube = {
8 enable = lib.mkEnableOption "enable Peertube's website";
9 };
10
11 config = lib.mkIf cfg.enable {
12 services.duplyBackup.profiles.peertube = {
13 rootDir = pcfg.dataDir;
14 };
15 services.peertube = {
16 enable = true;
17 configFile = "/var/secrets/webapps/tools-peertube";
18 package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; };
19 };
20 users.users.peertube.extraGroups = [ "keys" ];
21
22 secrets.keys = [{
23 dest = "webapps/tools-peertube";
24 user = "peertube";
25 group = "peertube";
26 permissions = "0640";
27 text = ''
28 listen:
29 hostname: 'localhost'
30 port: ${toString config.myEnv.ports.peertube}
31 webserver:
32 https: true
33 hostname: 'peertube.immae.eu'
34 port: 443
35 rates_limit:
36 api:
37 # 50 attempts in 10 seconds
38 window: 10 seconds
39 max: 50
40 login:
41 # 15 attempts in 5 min
42 window: 5 minutes
43 max: 15
44 signup:
45 # 2 attempts in 5 min (only succeeded attempts are taken into account)
46 window: 5 minutes
47 max: 2
48 ask_send_email:
49 # 3 attempts in 5 min
50 window: 5 minutes
51 max: 3
52 trust_proxy:
53 - 'loopback'
54 database:
55 hostname: '${env.postgresql.socket}'
56 port: 5432
57 suffix: '_prod'
58 username: '${env.postgresql.user}'
59 password: '${env.postgresql.password}'
60 pool:
61 max: 5
62 redis:
63 socket: '${env.redis.socket}'
64 auth: null
65 db: ${env.redis.db}
66 auth:
67 local:
68 enabled: true
69 ldap:
70 enabled: true
71 ldap_only: false
72 url: ldaps://${env.ldap.host}/${env.ldap.base}
73 bind_dn: ${env.ldap.dn}
74 bind_password: ${env.ldap.password}
75 base: ${env.ldap.base}
76 mail_entry: "mail"
77 user_filter: "${env.ldap.filter}"
78 smtp:
79 transport: sendmail
80 sendmail: '/run/wrappers/bin/sendmail'
81 hostname: null
82 port: 465 # If you use StartTLS: 587
83 username: null
84 password: null
85 tls: true # If you use StartTLS: false
86 disable_starttls: false
87 ca_file: null # Used for self signed certificates
88 from_address: 'peertube@tools.immae.eu'
89 email:
90 body:
91 signature: "PeerTube"
92 subject:
93 prefix: "[PeerTube]"
94 storage:
95 tmp: '${pcfg.dataDir}/storage/tmp/'
96 avatars: '${pcfg.dataDir}/storage/avatars/'
97 videos: '${pcfg.dataDir}/storage/videos/'
98 streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
99 redundancy: '${pcfg.dataDir}/storage/videos/'
100 logs: '${pcfg.dataDir}/storage/logs/'
101 previews: '${pcfg.dataDir}/storage/previews/'
102 thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
103 torrents: '${pcfg.dataDir}/storage/torrents/'
104 captions: '${pcfg.dataDir}/storage/captions/'
105 cache: '${pcfg.dataDir}/storage/cache/'
106 plugins: '${pcfg.dataDir}/storage/plugins/'
107 log:
108 level: 'info'
109 rotation:
110 enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
111 maxFileSize: 12MB
112 maxFiles: 20
113 anonymizeIP: false
114 search:
115 remote_uri:
116 users: true
117 anonymous: false
118 trending:
119 videos:
120 interval_days: 7
121 redundancy:
122 videos:
123 check_interval: '1 hour' # How often you want to check new videos to cache
124 strategies: # Just uncomment strategies you want
125 csp:
126 enabled: false
127 report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
128 report_uri:
129 tracker:
130 enabled: true
131 private: true
132 reject_too_many_announces: false
133 history:
134 videos:
135 max_age: -1
136 views:
137 videos:
138 remote:
139 max_age: -1
140 plugins:
141 index:
142 enabled: true
143 check_latest_versions_interval: '12 hours'
144 url: 'https://packages.joinpeertube.org'
145 # Following are saved in local-production.json
146 cache:
147 previews:
148 size: 500 # Max number of previews you want to cache
149 captions:
150 size: 500 # Max number of video captions/subtitles you want to cache
151 admin:
152 email: 'peertube@tools.immae.eu'
153 contact_form:
154 enabled: true
155 signup:
156 enabled: false
157 limit: 10
158 requires_email_verification: false
159 filters:
160 cidr:
161 whitelist: []
162 blacklist: []
163 user:
164 video_quota: -1
165 video_quota_daily: -1
166 transcoding:
167 enabled: false
168 allow_additional_extensions: true
169 allow_audio_files: true
170 threads: 1
171 resolutions:
172 0p: false
173 240p: false
174 360p: false
175 480p: true
176 720p: true
177 1080p: true
178 2160p: false
179 webtorrent:
180 enabled: true
181 hls:
182 enabled: false
183 import:
184 videos:
185 http:
186 enabled: true
187 torrent:
188 enabled: false
189 auto_blacklist:
190 videos:
191 of_users:
192 enabled: false
193 instance:
194 name: 'Immae’s PeerTube'
195 short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
196 description: '''
197 terms: '''
198 code_of_conduct: '''
199 moderation_information: '''
200 creation_reason: '''
201 administrator: '''
202 maintenance_lifetime: '''
203 business_model: '''
204 hardware_information: '''
205 languages:
206 categories:
207 default_client_route: '/videos/trending'
208 is_nsfw: false
209 default_nsfw_policy: 'do_not_list'
210 customizations:
211 javascript: '''
212 css: '''
213 robots: |
214 User-agent: *
215 Disallow:
216 securitytxt:
217 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
218 services:
219 twitter:
220 username: '@_immae'
221 whitelisted: false
222 followers:
223 instance:
224 enabled: true
225 manual_approval: false
226 followings:
227 instance:
228 auto_follow_back:
229 enabled: false
230 auto_follow_index:
231 enabled: false
232 index_url: 'https://instances.joinpeertube.org'
233 theme:
234 default: 'default'
235 '';
236 }];
237
238 services.websites.env.tools.modules = [
239 "headers" "proxy" "proxy_http" "proxy_wstunnel"
240 ];
241 services.filesWatcher.peertube = {
242 restart = true;
243 paths = [ pcfg.configFile ];
244 };
245
246 services.websites.env.tools.vhostConfs.peertube = {
247 certName = "eldiron";
248 addToCerts = true;
249 hosts = [ "peertube.immae.eu" ];
250 root = null;
251 extraConfig = [ ''
252 RewriteEngine On
253
254 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
255 RewriteCond %{QUERY_STRING} transport=websocket [NC]
256 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
257
258 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
259 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
260
261 ProxyPass / http://localhost:${toString env.listenPort}/
262 ProxyPassReverse / http://localhost:${toString env.listenPort}/
263
264 ProxyPreserveHost On
265 RequestHeader set X-Real-IP %{REMOTE_ADDR}s
266 '' ];
267 };
268 };
269 }
My infrastructure configuration