modules/private/websites/tools/peertube/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   env = config.myEnv.tools.peertube;
   4   cfg = config.myServices.websites.tools.peertube;
   5   pcfg = config.services.peertube;
   6 in {
   7   options.myServices.websites.tools.peertube = {
   8     enable = lib.mkEnableOption "enable Peertube's website";
   9   };
  10
  11   config = lib.mkIf cfg.enable {
  12     services.peertube = {
  13       enable = true;
  14       configFile = config.secrets.fullPaths."webapps/tools-peertube";
  15     };
  16     users.users.peertube.extraGroups = [ "keys" ];
  17
  18     secrets.keys."webapps/tools-peertube" = {
  19       user = "peertube";
  20       group = "peertube";
  21       permissions = "0640";
  22       text = ''
  23         listen:
  24           hostname: 'localhost'
  25           port: ${toString config.myEnv.ports.peertube}
  26         webserver:
  27           https: true
  28           hostname: 'peertube.immae.eu'
  29           port: 443
  30         database:
  31           hostname: '${env.postgresql.socket}'
  32           port: 5432
  33           suffix: '_prod'
  34           username: '${env.postgresql.user}'
  35           password: '${env.postgresql.password}'
  36           pool:
  37             max: 5
  38         redis:
  39           socket: '${env.redis.socket}'
  40           auth: null
  41           db: ${env.redis.db}
  42         smtp:
  43           transport: sendmail
  44           sendmail: '/run/wrappers/bin/sendmail'
  45           from_address: 'peertube@tools.immae.eu'
  46         storage:
  47           tmp: '${pcfg.dataDir}/storage/tmp/'
  48           avatars: '${pcfg.dataDir}/storage/avatars/'
  49           videos: '${pcfg.dataDir}/storage/videos/'
  50           streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
  51           redundancy: '${pcfg.dataDir}/storage/videos/'
  52           logs: '${pcfg.dataDir}/storage/logs/'
  53           previews: '${pcfg.dataDir}/storage/previews/'
  54           thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
  55           torrents: '${pcfg.dataDir}/storage/torrents/'
  56           captions: '${pcfg.dataDir}/storage/captions/'
  57           cache: '${pcfg.dataDir}/storage/cache/'
  58           plugins: '${pcfg.dataDir}/storage/plugins/'
  59           client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
  60         '';
  61     };
  62
  63     services.websites.env.tools.modules = [
  64       "headers" "proxy" "proxy_http" "proxy_wstunnel"
  65     ];
  66     services.filesWatcher.peertube = {
  67       restart = true;
  68       paths = [ pcfg.configFile ];
  69     };
  70
  71     services.websites.env.tools.vhostConfs.peertube = {
  72       certName    = "eldiron";
  73       addToCerts  = true;
  74       hosts       = [ "peertube.immae.eu" ];
  75       root        = null;
  76       extraConfig = [ ''
  77           RewriteEngine On
  78
  79           RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
  80           RewriteCond %{QUERY_STRING} transport=websocket    [NC]
  81           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
  82
  83           RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
  84           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
  85
  86           ProxyPass /        http://localhost:${toString env.listenPort}/
  87           ProxyPassReverse / http://localhost:${toString env.listenPort}/
  88
  89           ProxyPreserveHost On
  90           RequestHeader set X-Real-IP %{REMOTE_ADDR}s
  91       '' ];
  92     };
  93   };
  94 }