-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
- env = myconfig.env.tools.peertube;
+ env = config.myEnv.tools.peertube;
cfg = config.myServices.websites.tools.peertube;
pcfg = config.services.peertube;
in {
};
config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.peertube = {
+ rootDir = pcfg.dataDir;
+ };
services.peertube = {
enable = true;
- configFile = "/var/secrets/webapps/tools-peertube";
- package = pkgs.webapps.peertube.override { ldap = true; };
+ configFile = config.secrets.fullPaths."webapps/tools-peertube";
};
users.users.peertube.extraGroups = [ "keys" ];
- secrets.keys = [{
- dest = "webapps/tools-peertube";
+ secrets.keys."webapps/tools-peertube" = {
user = "peertube";
group = "peertube";
permissions = "0640";
text = ''
listen:
hostname: 'localhost'
- port: ${env.listenPort}
+ port: ${toString config.myEnv.ports.peertube}
webserver:
https: true
hostname: 'peertube.immae.eu'
port: 443
- trust_proxy:
- - 'loopback'
database:
hostname: '${env.postgresql.socket}'
port: 5432
redis:
socket: '${env.redis.socket}'
auth: null
- db: ${env.redis.db_index}
- ldap:
- enable: true
- ldap_only: false
- url: ldaps://${env.ldap.host}/${env.ldap.base}
- bind_dn: ${env.ldap.dn}
- bind_password: ${env.ldap.password}
- base: ${env.ldap.base}
- mail_entry: "mail"
- user_filter: "${env.ldap.filter}"
+ db: ${env.redis.db}
smtp:
transport: sendmail
sendmail: '/run/wrappers/bin/sendmail'
- hostname: null
- port: 465 # If you use StartTLS: 587
- username: null
- password: null
- tls: true # If you use StartTLS: false
- disable_starttls: false
- ca_file: null # Used for self signed certificates
from_address: 'peertube@tools.immae.eu'
storage:
tmp: '${pcfg.dataDir}/storage/tmp/'
avatars: '${pcfg.dataDir}/storage/avatars/'
videos: '${pcfg.dataDir}/storage/videos/'
+ streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
redundancy: '${pcfg.dataDir}/storage/videos/'
logs: '${pcfg.dataDir}/storage/logs/'
previews: '${pcfg.dataDir}/storage/previews/'
torrents: '${pcfg.dataDir}/storage/torrents/'
captions: '${pcfg.dataDir}/storage/captions/'
cache: '${pcfg.dataDir}/storage/cache/'
- log:
- level: 'info'
- search:
- remote_uri:
- users: true
- anonymous: false
- trending:
- videos:
- interval_days: 7
- redundancy:
- videos:
- check_interval: '1 hour' # How often you want to check new videos to cache
- strategies: # Just uncomment strategies you want
- # Following are saved in local-production.json
- cache:
- previews:
- size: 500 # Max number of previews you want to cache
- captions:
- size: 500 # Max number of video captions/subtitles you want to cache
- admin:
- email: 'peertube@tools.immae.eu'
- contact_form:
- enabled: true
- signup:
- enabled: false
- limit: 10
- requires_email_verification: false
- filters:
- cidr:
- whitelist: []
- blacklist: []
- user:
- video_quota: -1
- video_quota_daily: -1
- transcoding:
- enabled: false
- allow_additional_extensions: true
- threads: 1
- resolutions:
- 240p: false
- 360p: false
- 480p: true
- 720p: true
- 1080p: true
- hls:
- enabled: false
- import:
- videos:
- http:
- enabled: true
- torrent:
- enabled: false
- instance:
- name: 'Immae’s PeerTube'
- short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
- description: '''
- terms: '''
- default_client_route: '/videos/trending'
- default_nsfw_policy: 'blur'
- customizations:
- javascript: '''
- css: '''
- robots: |
- User-agent: *
- Disallow:
- securitytxt:
- "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
- services:
- # You can provide a reporting endpoint for Content Security Policy violations
- csp-logger:
- twitter:
- username: '@_immae'
- whitelisted: false
+ plugins: '${pcfg.dataDir}/storage/plugins/'
+ client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
'';
- }];
+ };
services.websites.env.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
- RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+ RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
- RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L]
+ RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
- ProxyPass / http://localhost:${env.listenPort}/
- ProxyPassReverse / http://localhost:${env.listenPort}/
+ ProxyPass / http://localhost:${toString env.listenPort}/
+ ProxyPassReverse / http://localhost:${toString env.listenPort}/
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
projects / perso / Immae / Config / Nix.git / blobdiff