--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ scfg = config.myServices.websites.syden.peertube;
+ name = "peertube";
+ dataDir = "/var/lib/syden_peertube";
+ package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; };
+ env = config.myEnv.tools.syden_peertube;
+in
+{
+ options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
+
+ config = lib.mkIf scfg.enable {
+ services.duplyBackup.profiles.syden_peertube = {
+ rootDir = dataDir;
+ };
+ users.users.peertube = {
+ uid = config.ids.uids.peertube;
+ group = "peertube";
+ description = "Peertube user";
+ useDefaultShell = true;
+ extraGroups = [ "keys" ];
+ };
+ users.groups.peertube.gid = config.ids.gids.peertube;
+
+ secrets.keys = [{
+ dest = "webapps/syden-peertube";
+ user = "peertube";
+ group = "peertube";
+ permissions = "0640";
+ text = ''
+ listen:
+ hostname: 'localhost'
+ port: ${toString env.listenPort}
+ webserver:
+ https: true
+ hostname: 'syden.immae.eu'
+ port: 443
+ database:
+ hostname: '${env.postgresql.socket}'
+ port: 5432
+ suffix: '_syden'
+ username: '${env.postgresql.user}'
+ password: '${env.postgresql.password}'
+ pool:
+ max: 5
+ redis:
+ socket: '${env.redis.socket}'
+ auth: null
+ db: ${env.redis.db}
+ smtp:
+ transport: sendmail
+ sendmail: '/run/wrappers/bin/sendmail'
+ from_address: 'peertube@tools.immae.eu'
+ storage:
+ tmp: '${dataDir}/storage/tmp/'
+ avatars: '${dataDir}/storage/avatars/'
+ videos: '${dataDir}/storage/videos/'
+ streaming_playlists: '${dataDir}/storage/streaming-playlists/'
+ redundancy: '${dataDir}/storage/videos/'
+ logs: '${dataDir}/storage/logs/'
+ previews: '${dataDir}/storage/previews/'
+ thumbnails: '${dataDir}/storage/thumbnails/'
+ torrents: '${dataDir}/storage/torrents/'
+ captions: '${dataDir}/storage/captions/'
+ cache: '${dataDir}/storage/cache/'
+ plugins: '${dataDir}/storage/plugins/'
+ '';
+ }];
+
+ services.filesWatcher.syden_peertube = {
+ restart = true;
+ paths = [ "/var/secrets/webapps/syden-peertube" ];
+ };
+
+ systemd.services.syden_peertube = {
+ description = "Peertube";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_CONFIG_DIR = "${dataDir}/config";
+ environment.NODE_ENV = "production";
+ environment.HOME = package;
+
+ path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+
+ script = ''
+ install -m 0750 -d ${dataDir}/config
+ ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml
+ ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
+ exec npm run start
+ '';
+
+ serviceConfig = {
+ User = "peertube";
+ Group = "peertube";
+ WorkingDirectory = package;
+ StateDirectory = "syden_peertube";
+ StateDirectoryMode = 0750;
+ PrivateTmp = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ Restart = "always";
+ Type = "simple";
+ TimeoutSec = 60;
+ };
+
+ unitConfig.RequiresMountsFor = dataDir;
+ };
+
+ services.websites.env.production.vhostConfs.syden_peertube = {
+ certName = "eldiron";
+ addToCerts = true;
+ hosts = [ "syden.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ RewriteEngine On
+
+ RewriteCond %{REQUEST_URI} ^/socket.io [NC]
+ RewriteCond %{QUERY_STRING} transport=websocket [NC]
+ RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
+
+ RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
+ RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
+
+ ProxyPass / http://localhost:${toString env.listenPort}/
+ ProxyPassReverse / http://localhost:${toString env.listenPort}/
+
+ ProxyPreserveHost On
+ RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+ '' ];
+ };
+ };
+}