1 { lib, pkgs, config, myconfig, mylibs, ... }:
3 peertube = pkgs.webapps.peertube;
4 varDir = "/var/lib/peertube";
5 env = myconfig.env.tools.peertube;
6 cfg = config.services.myWebsites.tools.peertube;
8 options.services.myWebsites.tools.peertube = {
9 enable = lib.mkEnableOption "enable Peertube's website";
12 config = lib.mkIf cfg.enable {
13 ids.uids.peertube = env.user.uid;
14 ids.gids.peertube = env.user.gid;
16 users.users.peertube = {
18 uid = config.ids.uids.peertube;
20 description = "Peertube user";
22 useDefaultShell = true;
23 extraGroups = [ "keys" ];
26 users.groups.peertube.gid = config.ids.gids.peertube;
28 systemd.services.peertube = {
29 description = "Peertube";
30 wantedBy = [ "multi-user.target" ];
31 after = [ "network.target" "postgresql.service" ];
32 wants = [ "postgresql.service" ];
34 environment.NODE_CONFIG_DIR = "${varDir}/config";
35 environment.NODE_ENV = "production";
36 environment.HOME = peertube;
38 path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
47 WorkingDirectory = peertube;
50 ProtectControlGroups = true;
56 unitConfig.RequiresMountsFor = varDir;
60 dest = "webapps/tools-peertube";
67 port: ${env.listenPort}
70 hostname: 'peertube.immae.eu'
75 hostname: '${env.postgresql.socket}'
78 username: '${env.postgresql.user}'
79 password: '${env.postgresql.password}'
83 socket: '${env.redis.socket}'
85 db: ${env.redis.db_index}
89 url: ldaps://${env.ldap.host}/${env.ldap.base}
90 bind_dn: ${env.ldap.dn}
91 bind_password: ${env.ldap.password}
92 base: ${env.ldap.base}
94 user_filter: "${env.ldap.filter}"
97 sendmail: '/run/wrappers/bin/sendmail'
99 port: 465 # If you use StartTLS: 587
102 tls: true # If you use StartTLS: false
103 disable_starttls: false
104 ca_file: null # Used for self signed certificates
105 from_address: 'peertube@tools.immae.eu'
107 tmp: '${varDir}/storage/tmp/'
108 avatars: '${varDir}/storage/avatars/'
109 videos: '${varDir}/storage/videos/'
110 redundancy: '${varDir}/storage/videos/'
111 logs: '${varDir}/storage/logs/'
112 previews: '${varDir}/storage/previews/'
113 thumbnails: '${varDir}/storage/thumbnails/'
114 torrents: '${varDir}/storage/torrents/'
115 captions: '${varDir}/storage/captions/'
116 cache: '${varDir}/storage/cache/'
128 check_interval: '1 hour' # How often you want to check new videos to cache
129 strategies: # Just uncomment strategies you want
130 # Following are saved in local-production.json
133 size: 500 # Max number of previews you want to cache
135 size: 500 # Max number of video captions/subtitles you want to cache
137 email: 'peertube@tools.immae.eu'
143 requires_email_verification: false
150 video_quota_daily: -1
153 allow_additional_extensions: true
170 name: 'Immae’s PeerTube'
171 short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
174 default_client_route: '/videos/trending'
175 default_nsfw_policy: 'blur'
183 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
185 # You can provide a reporting endpoint for Content Security Policy violations
193 system.activationScripts.peertube = {
196 install -m 0750 -o peertube -g peertube -d ${varDir}
197 install -m 0750 -o peertube -g peertube -d ${varDir}/config
198 ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
202 services.myWebsites.tools.modules = [
203 "headers" "proxy" "proxy_http" "proxy_wstunnel"
205 security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
206 services.myWebsites.tools.vhostConfs.peertube = {
207 certName = "eldiron";
208 hosts = [ "peertube.immae.eu" ];
211 ProxyPass / http://localhost:${env.listenPort}/
212 ProxyPassReverse / http://localhost:${env.listenPort}/
215 RequestHeader set X-Real-IP %{REMOTE_ADDR}s
217 ProxyPass /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket
218 ProxyPassReverse /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket
220 ProxyPass /socket.io ws://127.0.0.1:${env.listenPort}/socket.io
221 ProxyPassReverse /socket.io ws://127.0.0.1:${env.listenPort}/socket.io