--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ name = "peertube";
+ cfg = config.services.peertube;
+
+ uid = config.ids.uids.peertube;
+ gid = config.ids.gids.peertube;
+in
+{
+ options.services.peertube = {
+ enable = lib.mkEnableOption "Enable Peertube’s service";
+ user = lib.mkOption {
+ type = lib.types.str;
+ default = name;
+ description = "User account under which Peertube runs";
+ };
+ group = lib.mkOption {
+ type = lib.types.str;
+ default = name;
+ description = "Group under which Peertube runs";
+ };
+ dataDir = lib.mkOption {
+ type = lib.types.path;
+ default = "/var/lib/${name}";
+ description = ''
+ The directory where Peertube stores its data.
+ '';
+ };
+ configFile = lib.mkOption {
+ type = lib.types.path;
+ description = ''
+ The configuration file path for Peertube.
+ '';
+ };
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = pkgs.webapps.peertube;
+ description = ''
+ Peertube package to use.
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
+ inherit name;
+ inherit uid;
+ group = cfg.group;
+ description = "Peertube user";
+ home = cfg.dataDir;
+ useDefaultShell = true;
+ });
+ users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
+ inherit name;
+ inherit gid;
+ });
+
+ systemd.services.peertube = {
+ description = "Peertube";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config";
+ environment.NODE_ENV = "production";
+ environment.HOME = cfg.package;
+
+ path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+
+ script = ''
+ exec npm run start
+ '';
+
+ serviceConfig = {
+ User = cfg.user;
+ Group = cfg.group;
+ WorkingDirectory = cfg.package;
+ PrivateTmp = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ Restart = "always";
+ Type = "simple";
+ TimeoutSec = 60;
+ };
+
+ unitConfig.RequiresMountsFor = cfg.dataDir;
+ };
+
+ system.activationScripts.peertube = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
+ install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config
+ ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
+ '';
+ };
+
+ };
+}
+
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- peertube = pkgs.webapps.peertube.override { ldap = true; };
- varDir = "/var/lib/peertube";
env = myconfig.env.tools.peertube;
cfg = config.services.myWebsites.tools.peertube;
+ pcfg = config.services.peertube;
in {
options.services.myWebsites.tools.peertube = {
enable = lib.mkEnableOption "enable Peertube's website";
};
config = lib.mkIf cfg.enable {
- ids.uids.peertube = env.user.uid;
- ids.gids.peertube = env.user.gid;
-
- users.users.peertube = {
- name = "peertube";
- uid = config.ids.uids.peertube;
- group = "peertube";
- description = "Peertube user";
- home = varDir;
- useDefaultShell = true;
- extraGroups = [ "keys" ];
- };
-
- users.groups.peertube.gid = config.ids.gids.peertube;
-
- systemd.services.peertube = {
- description = "Peertube";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
- wants = [ "postgresql.service" ];
-
- environment.NODE_CONFIG_DIR = "${varDir}/config";
- environment.NODE_ENV = "production";
- environment.HOME = peertube;
-
- path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-
- script = ''
- exec npm run start
- '';
-
- serviceConfig = {
- User = "peertube";
- Group = "peertube";
- WorkingDirectory = peertube;
- PrivateTmp = true;
- ProtectHome = true;
- ProtectControlGroups = true;
- Restart = "always";
- Type = "simple";
- TimeoutSec = 60;
- };
-
- unitConfig.RequiresMountsFor = varDir;
+ services.peertube = {
+ enable = true;
+ configFile = "/var/secrets/webapps/tools-peertube";
+ package = pkgs.webapps.peertube.override { ldap = true; };
};
+ users.users.peertube.extraGroups = [ "keys" ];
mySecrets.keys = [{
dest = "webapps/tools-peertube";
ca_file: null # Used for self signed certificates
from_address: 'peertube@tools.immae.eu'
storage:
- tmp: '${varDir}/storage/tmp/'
- avatars: '${varDir}/storage/avatars/'
- videos: '${varDir}/storage/videos/'
- redundancy: '${varDir}/storage/videos/'
- logs: '${varDir}/storage/logs/'
- previews: '${varDir}/storage/previews/'
- thumbnails: '${varDir}/storage/thumbnails/'
- torrents: '${varDir}/storage/torrents/'
- captions: '${varDir}/storage/captions/'
- cache: '${varDir}/storage/cache/'
+ tmp: '${pcfg.dataDir}/storage/tmp/'
+ avatars: '${pcfg.dataDir}/storage/avatars/'
+ videos: '${pcfg.dataDir}/storage/videos/'
+ redundancy: '${pcfg.dataDir}/storage/videos/'
+ logs: '${pcfg.dataDir}/storage/logs/'
+ previews: '${pcfg.dataDir}/storage/previews/'
+ thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
+ torrents: '${pcfg.dataDir}/storage/torrents/'
+ captions: '${pcfg.dataDir}/storage/captions/'
+ cache: '${pcfg.dataDir}/storage/cache/'
log:
level: 'info'
search:
'';
}];
- system.activationScripts.peertube = {
- deps = [ "users" ];
- text = ''
- install -m 0750 -o peertube -g peertube -d ${varDir}
- install -m 0750 -o peertube -g peertube -d ${varDir}/config
- ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
- '';
- };
-
services.myWebsites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
projects / perso / Immae / Config / Nix.git / commitdiff
