{ lib, pkgs, config, myconfig, mylibs, ... }: let peertube = pkgs.callPackage ./peertube.nix { inherit (mylibs) fetchedGithub; env = myconfig.env.tools.peertube; }; cfg = config.services.myWebsites.tools.peertube; in { options.services.myWebsites.tools.peertube = { enable = lib.mkEnableOption "enable Peertube's website"; }; config = lib.mkIf cfg.enable { ids.uids.peertube = myconfig.env.tools.peertube.user.uid; ids.gids.peertube = myconfig.env.tools.peertube.user.gid; users.users.peertube = { name = "peertube"; uid = config.ids.uids.peertube; group = "peertube"; description = "Peertube user"; home = peertube.varDir; useDefaultShell = true; extraGroups = [ "keys" ]; }; users.groups.peertube.gid = config.ids.gids.peertube; systemd.services.peertube = { description = "Peertube"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" "postgresql.service" ]; wants = [ "postgresql.service" ]; environment.NODE_CONFIG_DIR = "${peertube.varDir}/config"; environment.NODE_ENV = "production"; environment.HOME = peertube.webappDir; path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; script = '' exec npm run start ''; serviceConfig = { User = "peertube"; Group = "peertube"; WorkingDirectory = peertube.webappDir; PrivateTmp = true; ProtectHome = true; ProtectControlGroups = true; Restart = "always"; Type = "simple"; TimeoutSec = 60; }; unitConfig.RequiresMountsFor = peertube.varDir; }; mySecrets.keys = [{ dest = "webapps/tools-peertube"; user = "peertube"; group = "peertube"; permissions = "0640"; text = peertube.config; }]; system.activationScripts.peertube = { deps = [ "users" ]; text = '' install -m 0750 -o peertube -g peertube -d ${peertube.varDir} install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config ln -sf /var/secrets/webapps/tools-peertube ${peertube.varDir}/config/production.yaml ''; }; services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; services.myWebsites.tools.vhostConfs.peertube = { certName = "eldiron"; hosts = [ "peertube.immae.eu" ]; root = null; extraConfig = [ '' ProxyPass / http://localhost:${peertube.listenPort}/ ProxyPassReverse / http://localhost:${peertube.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s ProxyPass /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket ProxyPassReverse /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket ProxyPass /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io ProxyPassReverse /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io '' ]; }; }; }