{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- peertube = pkgs.webapps.peertube.override { ldap = true; };
- varDir = "/var/lib/peertube";
env = myconfig.env.tools.peertube;
cfg = config.services.myWebsites.tools.peertube;
+ pcfg = config.services.peertube;
in {
options.services.myWebsites.tools.peertube = {
enable = lib.mkEnableOption "enable Peertube's website";
};
config = lib.mkIf cfg.enable {
- ids.uids.peertube = env.user.uid;
- ids.gids.peertube = env.user.gid;
-
- users.users.peertube = {
- name = "peertube";
- uid = config.ids.uids.peertube;
- group = "peertube";
- description = "Peertube user";
- home = varDir;
- useDefaultShell = true;
- extraGroups = [ "keys" ];
- };
-
- users.groups.peertube.gid = config.ids.gids.peertube;
-
- systemd.services.peertube = {
- description = "Peertube";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
- wants = [ "postgresql.service" ];
-
- environment.NODE_CONFIG_DIR = "${varDir}/config";
- environment.NODE_ENV = "production";
- environment.HOME = peertube;
-
- path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-
- script = ''
- exec npm run start
- '';
-
- serviceConfig = {
- User = "peertube";
- Group = "peertube";
- WorkingDirectory = peertube;
- PrivateTmp = true;
- ProtectHome = true;
- ProtectControlGroups = true;
- Restart = "always";
- Type = "simple";
- TimeoutSec = 60;
- };
-
- unitConfig.RequiresMountsFor = varDir;
+ services.peertube = {
+ enable = true;
+ configFile = "/var/secrets/webapps/tools-peertube";
+ package = pkgs.webapps.peertube.override { ldap = true; };
};
+ users.users.peertube.extraGroups = [ "keys" ];
mySecrets.keys = [{
dest = "webapps/tools-peertube";
ca_file: null # Used for self signed certificates
from_address: 'peertube@tools.immae.eu'
storage:
- tmp: '${varDir}/storage/tmp/'
- avatars: '${varDir}/storage/avatars/'
- videos: '${varDir}/storage/videos/'
- redundancy: '${varDir}/storage/videos/'
- logs: '${varDir}/storage/logs/'
- previews: '${varDir}/storage/previews/'
- thumbnails: '${varDir}/storage/thumbnails/'
- torrents: '${varDir}/storage/torrents/'
- captions: '${varDir}/storage/captions/'
- cache: '${varDir}/storage/cache/'
+ tmp: '${pcfg.dataDir}/storage/tmp/'
+ avatars: '${pcfg.dataDir}/storage/avatars/'
+ videos: '${pcfg.dataDir}/storage/videos/'
+ redundancy: '${pcfg.dataDir}/storage/videos/'
+ logs: '${pcfg.dataDir}/storage/logs/'
+ previews: '${pcfg.dataDir}/storage/previews/'
+ thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
+ torrents: '${pcfg.dataDir}/storage/torrents/'
+ captions: '${pcfg.dataDir}/storage/captions/'
+ cache: '${pcfg.dataDir}/storage/cache/'
log:
level: 'info'
search:
'';
}];
- system.activationScripts.peertube = {
- deps = [ "users" ];
- text = ''
- install -m 0750 -o peertube -g peertube -d ${varDir}
- install -m 0750 -o peertube -g peertube -d ${varDir}/config
- ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
- '';
- };
-
services.myWebsites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
projects / perso / Immae / Config / Nix.git / blobdiff