systems/eldiron/websites/peertube/default.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   env = config.myEnv.tools.peertube;
   4   cfg = config.myServices.websites.tools.peertube;
   5   pcfg = config.immaeServices.peertube;
   6 in {
   7   options.myServices.websites.tools.peertube = {
   8     enable = lib.mkEnableOption "enable Peertube's website";
   9   };
  10
  11   config = lib.mkIf cfg.enable {
  12     myServices.dns.zones."immae.eu".subdomains.peertube =
  13       with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
  14
  15     myServices.chatonsProperties.hostings.peertube = {
  16       file.datetime = "2022-08-21T20:00:00";
  17       hosting = {
  18         name = "Peertube";
  19         description = "Free software to take back control of your videos";
  20         website = "https://peertube.immae.eu/";
  21         logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
  22         type = "INSTANCE";
  23         status.level = "OK";
  24         status.description = "OK";
  25         registration.load = "OPEN";
  26         install.type = "PACKAGE";
  27       };
  28     };
  29     myServices.chatonsProperties.services.peertube = {
  30       file.datetime = "2022-08-21T20:00:00";
  31       service = {
  32         name = "Peertube";
  33         description = "Free software to take back control of your videos";
  34         website = "https://peertube.immae.eu/";
  35         logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
  36         status.level = "OK";
  37         status.description = "OK";
  38         registration."" = ["MEMBER" "CLIENT"];
  39         registration.load = "OPEN";
  40         install.type = "PACKAGE";
  41       };
  42       software = {
  43         name = "Peertube";
  44         website = "https://joinpeertube.org/";
  45         license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE";
  46         license.name = "GNU Affero General Public License";
  47         version = pcfg.package.version;
  48         source.url = "https://github.com/Chocobozzz/PeerTube";
  49       };
  50     };
  51     immaeServices.peertube = {
  52       enable = true;
  53       configFile = config.secrets.fullPaths."webapps/tools-peertube";
  54     };
  55     users.users.peertube.extraGroups = [ "keys" ];
  56
  57     secrets.keys."webapps/tools-peertube" = {
  58       user = "peertube";
  59       group = "peertube";
  60       permissions = "0640";
  61       text = ''
  62         listen:
  63           hostname: 'localhost'
  64           port: ${toString config.myEnv.ports.peertube}
  65         webserver:
  66           https: true
  67           hostname: 'peertube.immae.eu'
  68           port: 443
  69         database:
  70           hostname: '${env.postgresql.socket}'
  71           port: 5432
  72           suffix: '_prod'
  73           username: '${env.postgresql.user}'
  74           password: '${env.postgresql.password}'
  75           pool:
  76             max: 5
  77         redis:
  78           socket: '${env.redis.socket}'
  79           auth: null
  80           db: ${env.redis.db}
  81         smtp:
  82           transport: sendmail
  83           sendmail: '/run/wrappers/bin/sendmail'
  84           from_address: 'peertube@tools.immae.eu'
  85         storage:
  86           tmp: '${pcfg.dataDir}/storage/tmp/'
  87           avatars: '${pcfg.dataDir}/storage/avatars/'
  88           videos: '${pcfg.dataDir}/storage/videos/'
  89           streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
  90           redundancy: '${pcfg.dataDir}/storage/videos/'
  91           logs: '${pcfg.dataDir}/storage/logs/'
  92           previews: '${pcfg.dataDir}/storage/previews/'
  93           thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
  94           torrents: '${pcfg.dataDir}/storage/torrents/'
  95           captions: '${pcfg.dataDir}/storage/captions/'
  96           cache: '${pcfg.dataDir}/storage/cache/'
  97           plugins: '${pcfg.dataDir}/storage/plugins/'
  98           client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
  99         '';
 100     };
 101
 102     services.websites.env.tools.modules = [
 103       "headers" "proxy" "proxy_http" "proxy_wstunnel"
 104     ];
 105     services.filesWatcher.peertube = {
 106       restart = true;
 107       paths = [ pcfg.configFile ];
 108     };
 109
 110     security.acme.certs.eldiron.extraDomainNames = [ "peertube.immae.eu" ];
 111     services.websites.env.tools.vhostConfs.peertube = {
 112       certName    = "eldiron";
 113       hosts       = [ "peertube.immae.eu" ];
 114       root        = null;
 115       extraConfig = [ ''
 116           RewriteEngine On
 117
 118           RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
 119           RewriteCond %{QUERY_STRING} transport=websocket    [NC]
 120           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
 121
 122           RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
 123           RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
 124
 125           ProxyPass /        http://localhost:${toString env.listenPort}/
 126           ProxyPassReverse / http://localhost:${toString env.listenPort}/
 127
 128           ProxyPreserveHost On
 129           RequestHeader set X-Real-IP %{REMOTE_ADDR}s
 130       '' ];
 131     };
 132
 133     myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
 134     myServices.monitoring.fromMasterObjects.service = [
 135       {
 136         service_description = "peertube website is running on peertube.immae.eu";
 137         host_name = config.hostEnv.fqdn;
 138         use = "external-web-service";
 139         check_command = ["check_https" "peertube.immae.eu" "/" "<title>Immae’s PeerTube"];
 140
 141         servicegroups = "webstatus-webapps";
 142         _webstatus_name = "Peertube";
 143         _webstatus_url = "https://peertube.immae.eu/";
 144       }
 145     ];
 146   };
 147 }