{ lib, pkgs, config, ... }: let scfg = config.myServices.websites.syden.peertube; name = "peertube"; dataDir = "/var/lib/syden_peertube"; package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).default; env = config.myEnv.tools.syden_peertube; in { options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website"; config = lib.mkIf scfg.enable { services.duplyBackup.profiles.syden_peertube = { rootDir = dataDir; remotes = ["eriomem" "ovh"]; }; users.users.peertube = { uid = config.ids.uids.peertube; group = "peertube"; description = "Peertube user"; useDefaultShell = true; extraGroups = [ "keys" ]; }; users.groups.peertube.gid = config.ids.gids.peertube; secrets.keys = [{ dest = "websites/syden/peertube"; user = "peertube"; group = "peertube"; permissions = "0640"; text = '' listen: hostname: 'localhost' port: ${toString env.listenPort} webserver: https: true hostname: 'record-links.immae.eu' port: 443 database: hostname: '${env.postgresql.socket}' port: 5432 suffix: '_syden' username: '${env.postgresql.user}' password: '${env.postgresql.password}' pool: max: 5 redis: socket: '${env.redis.socket}' auth: null db: ${env.redis.db} smtp: transport: sendmail sendmail: '/run/wrappers/bin/sendmail' from_address: 'peertube@tools.immae.eu' storage: tmp: '${dataDir}/storage/tmp/' avatars: '${dataDir}/storage/avatars/' videos: '${dataDir}/storage/videos/' streaming_playlists: '${dataDir}/storage/streaming-playlists/' redundancy: '${dataDir}/storage/videos/' logs: '${dataDir}/storage/logs/' previews: '${dataDir}/storage/previews/' thumbnails: '${dataDir}/storage/thumbnails/' torrents: '${dataDir}/storage/torrents/' captions: '${dataDir}/storage/captions/' cache: '${dataDir}/storage/cache/' plugins: '${dataDir}/storage/plugins/' client_overrides: '${dataDir}/storage/client-overrides/' ''; }]; services.filesWatcher.syden_peertube = { restart = true; paths = [ config.secrets.fullPaths."websites/syden/peertube" ]; }; systemd.services.syden_peertube = { description = "Peertube"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" "postgresql.service" ]; wants = [ "postgresql.service" ]; environment.NODE_CONFIG_DIR = "${dataDir}/config"; environment.NODE_ENV = "production"; environment.HOME = package; path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; script = '' install -m 0750 -d ${dataDir}/config ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml exec npm run start ''; serviceConfig = { User = "peertube"; Group = "peertube"; WorkingDirectory = package; StateDirectory = "syden_peertube"; StateDirectoryMode = 0750; PrivateTmp = true; ProtectHome = true; ProtectControlGroups = true; Restart = "always"; Type = "simple"; TimeoutSec = 60; }; unitConfig.RequiresMountsFor = dataDir; }; services.websites.env.production.vhostConfs.syden_peertube = { certName = "syden"; addToCerts = true; certMainHost = "record-links.immae.eu"; hosts = [ "record-links.immae.eu" ]; root = null; extraConfig = [ '' RewriteEngine On RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] ProxyPass / http://localhost:${toString env.listenPort}/ ProxyPassReverse / http://localhost:${toString env.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s '' ]; }; }; }