+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- scfg = config.myServices.websites.syden.peertube;
- name = "peertube";
- dataDir = "/var/lib/syden_peertube";
- package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).packages.x86_64-linux.peertube_syden;
- env = config.myEnv.tools.syden_peertube;
-in
-{
- options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
-
- config = lib.mkIf scfg.enable {
- users.users.peertube = {
- uid = config.ids.uids.peertube;
- group = "peertube";
- description = "Peertube user";
- useDefaultShell = true;
- extraGroups = [ "keys" ];
- };
- users.groups.peertube.gid = config.ids.gids.peertube;
-
- secrets.keys."websites/syden/peertube" = {
- user = "peertube";
- group = "peertube";
- permissions = "0640";
- text = ''
- listen:
- hostname: 'localhost'
- port: ${toString env.listenPort}
- webserver:
- https: true
- hostname: 'record-links.immae.eu'
- port: 443
- database:
- hostname: '${env.postgresql.socket}'
- port: 5432
- suffix: '_syden'
- username: '${env.postgresql.user}'
- password: '${env.postgresql.password}'
- pool:
- max: 5
- redis:
- socket: '${env.redis.socket}'
- auth: null
- db: ${env.redis.db}
- smtp:
- transport: sendmail
- sendmail: '/run/wrappers/bin/sendmail'
- from_address: 'peertube@tools.immae.eu'
- storage:
- tmp: '${dataDir}/storage/tmp/'
- avatars: '${dataDir}/storage/avatars/'
- videos: '${dataDir}/storage/videos/'
- streaming_playlists: '${dataDir}/storage/streaming-playlists/'
- redundancy: '${dataDir}/storage/videos/'
- logs: '${dataDir}/storage/logs/'
- previews: '${dataDir}/storage/previews/'
- thumbnails: '${dataDir}/storage/thumbnails/'
- torrents: '${dataDir}/storage/torrents/'
- captions: '${dataDir}/storage/captions/'
- cache: '${dataDir}/storage/cache/'
- plugins: '${dataDir}/storage/plugins/'
- client_overrides: '${dataDir}/storage/client-overrides/'
- '';
- };
-
- services.filesWatcher.syden_peertube = {
- restart = true;
- paths = [ config.secrets.fullPaths."websites/syden/peertube" ];
- };
-
- systemd.services.syden_peertube = {
- description = "Peertube";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
- wants = [ "postgresql.service" ];
-
- environment.NODE_CONFIG_DIR = "${dataDir}/config";
- environment.NODE_ENV = "production";
- environment.HOME = package;
-
- path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-
- script = ''
- install -m 0750 -d ${dataDir}/config
- ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml
- ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
- exec npm run start
- '';
-
- serviceConfig = {
- User = "peertube";
- Group = "peertube";
- WorkingDirectory = package;
- StateDirectory = "syden_peertube";
- StateDirectoryMode = 0750;
- PrivateTmp = true;
- ProtectHome = true;
- ProtectControlGroups = true;
- Restart = "always";
- Type = "simple";
- TimeoutSec = 60;
- };
-
- unitConfig.RequiresMountsFor = dataDir;
- };
-
- services.websites.env.production.vhostConfs.syden_peertube = {
- certName = "syden";
- addToCerts = true;
- certMainHost = "record-links.immae.eu";
- hosts = [ "record-links.immae.eu" ];
- root = null;
- extraConfig = [ ''
- RewriteEngine On
-
- RewriteCond %{REQUEST_URI} ^/socket.io [NC]
- RewriteCond %{QUERY_STRING} transport=websocket [NC]
- RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
-
- RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
- RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
-
- ProxyPass / http://localhost:${toString env.listenPort}/
- ProxyPassReverse / http://localhost:${toString env.listenPort}/
-
- ProxyPreserveHost On
- RequestHeader set X-Real-IP %{REMOTE_ADDR}s
- '' ];
- };
- };
-}