1 { lib, pkgs, config, ... }:
3 env = config.myEnv.tools.peertube;
4 cfg = config.myServices.websites.tools.peertube;
5 pcfg = config.services.peertube;
7 options.myServices.websites.tools.peertube = {
8 enable = lib.mkEnableOption "enable Peertube's website";
11 config = lib.mkIf cfg.enable {
12 services.duplyBackup.profiles.peertube = {
13 rootDir = pcfg.dataDir;
17 configFile = "/var/secrets/webapps/tools-peertube";
18 package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; };
20 users.users.peertube.extraGroups = [ "keys" ];
23 dest = "webapps/tools-peertube";
30 port: ${toString config.myEnv.ports.peertube}
33 hostname: 'peertube.immae.eu'
37 # 50 attempts in 10 seconds
41 # 15 attempts in 5 min
45 # 2 attempts in 5 min (only succeeded attempts are taken into account)
55 hostname: '${env.postgresql.socket}'
58 username: '${env.postgresql.user}'
59 password: '${env.postgresql.password}'
63 socket: '${env.redis.socket}'
72 url: ldaps://${env.ldap.host}/${env.ldap.base}
73 bind_dn: ${env.ldap.dn}
74 bind_password: ${env.ldap.password}
75 base: ${env.ldap.base}
77 user_filter: "${env.ldap.filter}"
80 sendmail: '/run/wrappers/bin/sendmail'
82 port: 465 # If you use StartTLS: 587
85 tls: true # If you use StartTLS: false
86 disable_starttls: false
87 ca_file: null # Used for self signed certificates
88 from_address: 'peertube@tools.immae.eu'
95 tmp: '${pcfg.dataDir}/storage/tmp/'
96 avatars: '${pcfg.dataDir}/storage/avatars/'
97 videos: '${pcfg.dataDir}/storage/videos/'
98 streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
99 redundancy: '${pcfg.dataDir}/storage/videos/'
100 logs: '${pcfg.dataDir}/storage/logs/'
101 previews: '${pcfg.dataDir}/storage/previews/'
102 thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
103 torrents: '${pcfg.dataDir}/storage/torrents/'
104 captions: '${pcfg.dataDir}/storage/captions/'
105 cache: '${pcfg.dataDir}/storage/cache/'
106 plugins: '${pcfg.dataDir}/storage/plugins/'
110 enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
123 check_interval: '1 hour' # How often you want to check new videos to cache
124 strategies: # Just uncomment strategies you want
127 report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
132 reject_too_many_announces: false
143 check_latest_versions_interval: '12 hours'
144 url: 'https://packages.joinpeertube.org'
145 # Following are saved in local-production.json
148 size: 500 # Max number of previews you want to cache
150 size: 500 # Max number of video captions/subtitles you want to cache
152 email: 'peertube@tools.immae.eu'
158 requires_email_verification: false
165 video_quota_daily: -1
168 allow_additional_extensions: true
169 allow_audio_files: true
194 name: 'Immae’s PeerTube'
195 short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
199 moderation_information: '''
202 maintenance_lifetime: '''
204 hardware_information: '''
207 default_client_route: '/videos/trending'
209 default_nsfw_policy: 'do_not_list'
217 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
225 manual_approval: false
232 index_url: 'https://instances.joinpeertube.org'
238 services.websites.env.tools.modules = [
239 "headers" "proxy" "proxy_http" "proxy_wstunnel"
241 services.filesWatcher.peertube = {
243 paths = [ pcfg.configFile ];
246 services.websites.env.tools.vhostConfs.peertube = {
247 certName = "eldiron";
249 hosts = [ "peertube.immae.eu" ];
254 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
255 RewriteCond %{QUERY_STRING} transport=websocket [NC]
256 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
258 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
259 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
261 ProxyPass / http://localhost:${toString env.listenPort}/
262 ProxyPassReverse / http://localhost:${toString env.listenPort}/
265 RequestHeader set X-Real-IP %{REMOTE_ADDR}s