modules/private/websites/tools/peertube/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   env = config.myEnv.tools.peertube;
   4   cfg = config.myServices.websites.tools.peertube;
   5   pcfg = config.services.peertube;
   6 in {
   7   options.myServices.websites.tools.peertube = {
   8     enable = lib.mkEnableOption "enable Peertube's website";
   9   };
  10
  11   config = lib.mkIf cfg.enable {
  12     services.duplyBackup.profiles.peertube = {
  13       rootDir = pcfg.dataDir;
  14     };
  15     services.peertube = {
  16       enable = true;
  17       configFile = "/var/secrets/webapps/tools-peertube";
  18     };
  19     users.users.peertube.extraGroups = [ "keys" ];
  20
  21     secrets.keys = [{
  22       dest = "webapps/tools-peertube";
  23       user = "peertube";
  24       group = "peertube";
  25       permissions = "0640";
  26       text = ''
  27         listen:
  28           hostname: 'localhost'
  29           port: ${toString config.myEnv.ports.peertube}
  30         webserver:
  31           https: true
  32           hostname: 'peertube.immae.eu'
  33           port: 443
  34         database:
  35           hostname: '${env.postgresql.socket}'
  36           port: 5432
  37           suffix: '_prod'
  38           username: '${env.postgresql.user}'
  39           password: '${env.postgresql.password}'
  40           pool:
  41             max: 5
  42         redis:
  43           socket: '${env.redis.socket}'
  44           auth: null
  45           db: ${env.redis.db}
  46         smtp:
  47           transport: sendmail
  48           sendmail: '/run/wrappers/bin/sendmail'
  49           from_address: 'peertube@tools.immae.eu'
  50         storage:
  51           tmp: '${pcfg.dataDir}/storage/tmp/'
  52           avatars: '${pcfg.dataDir}/storage/avatars/'
  53           videos: '${pcfg.dataDir}/storage/videos/'
  54           streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
  55           redundancy: '${pcfg.dataDir}/storage/videos/'
  56           logs: '${pcfg.dataDir}/storage/logs/'
  57           previews: '${pcfg.dataDir}/storage/previews/'
  58           thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
  59           torrents: '${pcfg.dataDir}/storage/torrents/'
  60           captions: '${pcfg.dataDir}/storage/captions/'
  61           cache: '${pcfg.dataDir}/storage/cache/'
  62           plugins: '${pcfg.dataDir}/storage/plugins/'
  63           client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
  64         '';
  65     }];
  66
  67     services.websites.env.tools.modules = [
  68       "headers" "proxy" "proxy_http" "proxy_wstunnel"
  69     ];
  70     services.filesWatcher.peertube = {
  71       restart = true;
  72       paths = [ pcfg.configFile ];
  73     };
  74
  75     services.websites.env.tools.vhostConfs.peertube = {
  76       certName    = "eldiron";
  77       addToCerts  = true;
  78       hosts       = [ "peertube.immae.eu" ];
  79       root        = null;
  80       extraConfig = [ ''
  81           RewriteEngine On
  82
  83           RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
  84           RewriteCond %{QUERY_STRING} transport=websocket    [NC]
  85           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
  86
  87           RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
  88           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
  89
  90           ProxyPass /        http://localhost:${toString env.listenPort}/
  91           ProxyPassReverse / http://localhost:${toString env.listenPort}/
  92
  93           ProxyPreserveHost On
  94           RequestHeader set X-Real-IP %{REMOTE_ADDR}s
  95       '' ];
  96     };
  97   };
  98 }