+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- env = config.myEnv.tools.peertube;
- cfg = config.myServices.websites.tools.peertube;
- pcfg = config.services.peertube;
-in {
- options.myServices.websites.tools.peertube = {
- enable = lib.mkEnableOption "enable Peertube's website";
- };
-
- config = lib.mkIf cfg.enable {
- services.peertube = {
- enable = true;
- configFile = config.secrets.fullPaths."webapps/tools-peertube";
- };
- users.users.peertube.extraGroups = [ "keys" ];
-
- secrets.keys."webapps/tools-peertube" = {
- user = "peertube";
- group = "peertube";
- permissions = "0640";
- text = ''
- listen:
- hostname: 'localhost'
- port: ${toString config.myEnv.ports.peertube}
- webserver:
- https: true
- hostname: 'peertube.immae.eu'
- port: 443
- database:
- hostname: '${env.postgresql.socket}'
- port: 5432
- suffix: '_prod'
- username: '${env.postgresql.user}'
- password: '${env.postgresql.password}'
- pool:
- max: 5
- redis:
- socket: '${env.redis.socket}'
- auth: null
- db: ${env.redis.db}
- smtp:
- transport: sendmail
- sendmail: '/run/wrappers/bin/sendmail'
- from_address: 'peertube@tools.immae.eu'
- storage:
- tmp: '${pcfg.dataDir}/storage/tmp/'
- avatars: '${pcfg.dataDir}/storage/avatars/'
- videos: '${pcfg.dataDir}/storage/videos/'
- streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
- redundancy: '${pcfg.dataDir}/storage/videos/'
- logs: '${pcfg.dataDir}/storage/logs/'
- previews: '${pcfg.dataDir}/storage/previews/'
- thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
- torrents: '${pcfg.dataDir}/storage/torrents/'
- captions: '${pcfg.dataDir}/storage/captions/'
- cache: '${pcfg.dataDir}/storage/cache/'
- plugins: '${pcfg.dataDir}/storage/plugins/'
- client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
- '';
- };
-
- services.websites.env.tools.modules = [
- "headers" "proxy" "proxy_http" "proxy_wstunnel"
- ];
- services.filesWatcher.peertube = {
- restart = true;
- paths = [ pcfg.configFile ];
- };
-
- services.websites.env.tools.vhostConfs.peertube = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "peertube.immae.eu" ];
- root = null;
- extraConfig = [ ''
- RewriteEngine On
-
- RewriteCond %{REQUEST_URI} ^/socket.io [NC]
- RewriteCond %{QUERY_STRING} transport=websocket [NC]
- RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
-
- RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
- RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
-
- ProxyPass / http://localhost:${toString env.listenPort}/
- ProxyPassReverse / http://localhost:${toString env.listenPort}/
-
- ProxyPreserveHost On
- RequestHeader set X-Real-IP %{REMOTE_ADDR}s
- '' ];
- };
- };
-}