./tools/mediagoblin.nix
./tools/diaspora.nix
./tools/ether.nix
- ./tools/peertube
+ ./tools/peertube.nix
# built using:
# sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
# Removed allGranted
--- /dev/null
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ peertube = pkgs.webapps.peertube;
+ varDir = "/var/lib/peertube";
+ env = myconfig.env.tools.peertube;
+ cfg = config.services.myWebsites.tools.peertube;
+in {
+ options.services.myWebsites.tools.peertube = {
+ enable = lib.mkEnableOption "enable Peertube's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ ids.uids.peertube = env.user.uid;
+ ids.gids.peertube = env.user.gid;
+
+ users.users.peertube = {
+ name = "peertube";
+ uid = config.ids.uids.peertube;
+ group = "peertube";
+ description = "Peertube user";
+ home = varDir;
+ useDefaultShell = true;
+ extraGroups = [ "keys" ];
+ };
+
+ users.groups.peertube.gid = config.ids.gids.peertube;
+
+ systemd.services.peertube = {
+ description = "Peertube";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_CONFIG_DIR = "${varDir}/config";
+ environment.NODE_ENV = "production";
+ environment.HOME = peertube;
+
+ path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+
+ script = ''
+ exec npm run start
+ '';
+
+ serviceConfig = {
+ User = "peertube";
+ Group = "peertube";
+ WorkingDirectory = peertube;
+ PrivateTmp = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ Restart = "always";
+ Type = "simple";
+ TimeoutSec = 60;
+ };
+
+ unitConfig.RequiresMountsFor = varDir;
+ };
+
+ mySecrets.keys = [{
+ dest = "webapps/tools-peertube";
+ user = "peertube";
+ group = "peertube";
+ permissions = "0640";
+ text = ''
+ listen:
+ hostname: 'localhost'
+ port: ${env.listenPort}
+ webserver:
+ https: true
+ hostname: 'peertube.immae.eu'
+ port: 443
+ trust_proxy:
+ - 'loopback'
+ database:
+ hostname: '${env.postgresql.socket}'
+ port: 5432
+ suffix: '_prod'
+ username: '${env.postgresql.user}'
+ password: '${env.postgresql.password}'
+ pool:
+ max: 5
+ redis:
+ socket: '${env.redis.socket}'
+ auth: null
+ db: ${env.redis.db_index}
+ ldap:
+ enable: true
+ ldap_only: false
+ url: ldaps://${env.ldap.host}/${env.ldap.base}
+ bind_dn: ${env.ldap.dn}
+ bind_password: ${env.ldap.password}
+ base: ${env.ldap.base}
+ mail_entry: "mail"
+ user_filter: "${env.ldap.filter}"
+ smtp:
+ transport: sendmail
+ sendmail: '/run/wrappers/bin/sendmail'
+ hostname: null
+ port: 465 # If you use StartTLS: 587
+ username: null
+ password: null
+ tls: true # If you use StartTLS: false
+ disable_starttls: false
+ ca_file: null # Used for self signed certificates
+ from_address: 'peertube@tools.immae.eu'
+ storage:
+ tmp: '${varDir}/storage/tmp/'
+ avatars: '${varDir}/storage/avatars/'
+ videos: '${varDir}/storage/videos/'
+ redundancy: '${varDir}/storage/videos/'
+ logs: '${varDir}/storage/logs/'
+ previews: '${varDir}/storage/previews/'
+ thumbnails: '${varDir}/storage/thumbnails/'
+ torrents: '${varDir}/storage/torrents/'
+ captions: '${varDir}/storage/captions/'
+ cache: '${varDir}/storage/cache/'
+ log:
+ level: 'info'
+ search:
+ remote_uri:
+ users: true
+ anonymous: false
+ trending:
+ videos:
+ interval_days: 7
+ redundancy:
+ videos:
+ check_interval: '1 hour' # How often you want to check new videos to cache
+ strategies: # Just uncomment strategies you want
+ # Following are saved in local-production.json
+ cache:
+ previews:
+ size: 500 # Max number of previews you want to cache
+ captions:
+ size: 500 # Max number of video captions/subtitles you want to cache
+ admin:
+ email: 'peertube@tools.immae.eu'
+ contact_form:
+ enabled: true
+ signup:
+ enabled: false
+ limit: 10
+ requires_email_verification: false
+ filters:
+ cidr:
+ whitelist: []
+ blacklist: []
+ user:
+ video_quota: -1
+ video_quota_daily: -1
+ transcoding:
+ enabled: false
+ allow_additional_extensions: true
+ threads: 1
+ resolutions:
+ 240p: false
+ 360p: false
+ 480p: true
+ 720p: true
+ 1080p: true
+ hls:
+ enabled: false
+ import:
+ videos:
+ http:
+ enabled: true
+ torrent:
+ enabled: false
+ instance:
+ name: 'Immae’s PeerTube'
+ short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
+ description: '''
+ terms: '''
+ default_client_route: '/videos/trending'
+ default_nsfw_policy: 'blur'
+ customizations:
+ javascript: '''
+ css: '''
+ robots: |
+ User-agent: *
+ Disallow:
+ securitytxt:
+ "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
+ services:
+ # You can provide a reporting endpoint for Content Security Policy violations
+ csp-logger:
+ twitter:
+ username: '@_immae'
+ whitelisted: false
+ '';
+ }];
+
+ system.activationScripts.peertube = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0750 -o peertube -g peertube -d ${varDir}
+ install -m 0750 -o peertube -g peertube -d ${varDir}/config
+ ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
+ '';
+ };
+
+ services.myWebsites.tools.modules = [
+ "headers" "proxy" "proxy_http" "proxy_wstunnel"
+ ];
+ security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.peertube = {
+ certName = "eldiron";
+ hosts = [ "peertube.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ ProxyPass / http://localhost:${env.listenPort}/
+ ProxyPassReverse / http://localhost:${env.listenPort}/
+
+ ProxyPreserveHost On
+ RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+
+ ProxyPass /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket
+ ProxyPassReverse /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket
+
+ ProxyPass /socket.io ws://127.0.0.1:${env.listenPort}/socket.io
+ ProxyPassReverse /socket.io ws://127.0.0.1:${env.listenPort}/socket.io
+ '' ];
+ };
+ };
+}
+++ /dev/null
-{ lib, pkgs, config, myconfig, mylibs, ... }:
-let
- peertube = pkgs.callPackage ./peertube.nix {
- inherit (mylibs) fetchedGithub;
- env = myconfig.env.tools.peertube;
- };
-
- cfg = config.services.myWebsites.tools.peertube;
-in {
- options.services.myWebsites.tools.peertube = {
- enable = lib.mkEnableOption "enable Peertube's website";
- };
-
- config = lib.mkIf cfg.enable {
- ids.uids.peertube = myconfig.env.tools.peertube.user.uid;
- ids.gids.peertube = myconfig.env.tools.peertube.user.gid;
-
- users.users.peertube = {
- name = "peertube";
- uid = config.ids.uids.peertube;
- group = "peertube";
- description = "Peertube user";
- home = peertube.varDir;
- useDefaultShell = true;
- extraGroups = [ "keys" ];
- };
-
- users.groups.peertube.gid = config.ids.gids.peertube;
-
- systemd.services.peertube = {
- description = "Peertube";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" ];
- wants = [ "postgresql.service" ];
-
- environment.NODE_CONFIG_DIR = "${peertube.varDir}/config";
- environment.NODE_ENV = "production";
- environment.HOME = peertube.webappDir;
-
- path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-
- script = ''
- exec npm run start
- '';
-
- serviceConfig = {
- User = "peertube";
- Group = "peertube";
- WorkingDirectory = peertube.webappDir;
- PrivateTmp = true;
- ProtectHome = true;
- ProtectControlGroups = true;
- Restart = "always";
- Type = "simple";
- TimeoutSec = 60;
- };
-
- unitConfig.RequiresMountsFor = peertube.varDir;
- };
-
- mySecrets.keys = [{
- dest = "webapps/tools-peertube";
- user = "peertube";
- group = "peertube";
- permissions = "0640";
- text = peertube.config;
- }];
-
- system.activationScripts.peertube = {
- deps = [ "users" ];
- text = ''
- install -m 0750 -o peertube -g peertube -d ${peertube.varDir}
- install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config
- ln -sf /var/secrets/webapps/tools-peertube ${peertube.varDir}/config/production.yaml
- '';
- };
-
- services.myWebsites.tools.modules = [
- "headers" "proxy" "proxy_http" "proxy_wstunnel"
- ];
- security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
- services.myWebsites.tools.vhostConfs.peertube = {
- certName = "eldiron";
- hosts = [ "peertube.immae.eu" ];
- root = null;
- extraConfig = [ ''
- ProxyPass / http://localhost:${peertube.listenPort}/
- ProxyPassReverse / http://localhost:${peertube.listenPort}/
-
- ProxyPreserveHost On
- RequestHeader set X-Real-IP %{REMOTE_ADDR}s
-
- ProxyPass /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket
- ProxyPassReverse /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket
-
- ProxyPass /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io
- ProxyPassReverse /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io
- '' ];
- };
- };
-}
+++ /dev/null
-{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
-let
- varDir = "/var/lib/peertube";
- listenPort = env.listenPort;
- # Doesn't seem to work
- # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
- # patches = [ ./ldap.patch ];
- # installPhase = ''
- # mkdir $out
- # cp package.json yarn.lock $out/
- # '';
- # });
- # yarnModules = pkgs.yarn2nix.mkYarnModules {
- # name = "peertube-yarn-modules";
- # packageJSON = "${patchedPackages}/package.json";
- # yarnLock = "${patchedPackages}/yarn.lock";
- # yarnNix = ./yarn-packages.nix;
- # };
- patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
- __noChroot = true;
- patches = [
- ./ldap.patch
- ./sendmail.patch
- ];
- buildPhase = ''
- export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
- export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
- export HOME=$PWD
- yarn install --pure-lockfile
- npm run build:server
- '';
- installPhase = ''
- mkdir $out
- cp -a dist/server $out
- '';
- buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
- });
- webappDir = stdenv.mkDerivation rec {
- __noChroot = true;
- version = "v1.2.0";
- name = "peertube-${version}";
- src = fetchzip {
- url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
- sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
- };
- patches = [ ./ldap_yarn.patch ];
- buildPhase = ''
- export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
- export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
- export HOME=$PWD
- yarn install --production --pure-lockfile
- rm -rf dist/server && cp -a ${patchedServer}/server dist
- '';
- installPhase = ''
- mkdir $out
- cp -a * $out
- '';
- buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
- };
- config = ''
- listen:
- hostname: 'localhost'
- port: ${env.listenPort}
- webserver:
- https: true
- hostname: 'peertube.immae.eu'
- port: 443
- trust_proxy:
- - 'loopback'
- database:
- hostname: '${env.postgresql.socket}'
- port: 5432
- suffix: '_prod'
- username: '${env.postgresql.user}'
- password: '${env.postgresql.password}'
- pool:
- max: 5
- redis:
- socket: '${env.redis.socket}'
- auth: null
- db: ${env.redis.db_index}
- ldap:
- enable: true
- ldap_only: false
- url: ldaps://${env.ldap.host}/${env.ldap.base}
- bind_dn: ${env.ldap.dn}
- bind_password: ${env.ldap.password}
- base: ${env.ldap.base}
- mail_entry: "mail"
- user_filter: "${env.ldap.filter}"
- smtp:
- transport: sendmail
- sendmail: '/run/wrappers/bin/sendmail'
- hostname: null
- port: 465 # If you use StartTLS: 587
- username: null
- password: null
- tls: true # If you use StartTLS: false
- disable_starttls: false
- ca_file: null # Used for self signed certificates
- from_address: 'peertube@tools.immae.eu'
- storage:
- tmp: '${varDir}/storage/tmp/'
- avatars: '${varDir}/storage/avatars/'
- videos: '${varDir}/storage/videos/'
- redundancy: '${varDir}/storage/videos/'
- logs: '${varDir}/storage/logs/'
- previews: '${varDir}/storage/previews/'
- thumbnails: '${varDir}/storage/thumbnails/'
- torrents: '${varDir}/storage/torrents/'
- captions: '${varDir}/storage/captions/'
- cache: '${varDir}/storage/cache/'
- log:
- level: 'info'
- search:
- remote_uri:
- users: true
- anonymous: false
- trending:
- videos:
- interval_days: 7
- redundancy:
- videos:
- check_interval: '1 hour' # How often you want to check new videos to cache
- strategies: # Just uncomment strategies you want
- # Following are saved in local-production.json
- cache:
- previews:
- size: 500 # Max number of previews you want to cache
- captions:
- size: 500 # Max number of video captions/subtitles you want to cache
- admin:
- email: 'peertube@tools.immae.eu'
- contact_form:
- enabled: true
- signup:
- enabled: false
- limit: 10
- requires_email_verification: false
- filters:
- cidr:
- whitelist: []
- blacklist: []
- user:
- video_quota: -1
- video_quota_daily: -1
- transcoding:
- enabled: false
- allow_additional_extensions: true
- threads: 1
- resolutions:
- 240p: false
- 360p: false
- 480p: true
- 720p: true
- 1080p: true
- hls:
- enabled: false
- import:
- videos:
- http:
- enabled: true
- torrent:
- enabled: false
- instance:
- name: 'Immae’s PeerTube'
- short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
- description: '''
- terms: '''
- default_client_route: '/videos/trending'
- default_nsfw_policy: 'blur'
- customizations:
- javascript: '''
- css: '''
- robots: |
- User-agent: *
- Disallow:
- securitytxt:
- "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
- services:
- # You can provide a reporting endpoint for Content Security Policy violations
- csp-logger:
- twitter:
- username: '@_immae'
- whitelisted: false
- '';
-in
- {
- inherit varDir webappDir config listenPort;
- }
--- /dev/null
+{ stdenv, fetchzip, cacert, mylibs, python, git, yarn, nodejs }:
+let
+ # Doesn't seem to work
+ # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
+ # patches = [ ./ldap.patch ];
+ # installPhase = ''
+ # mkdir $out
+ # cp package.json yarn.lock $out/
+ # '';
+ # });
+ # yarnModules = pkgs.yarn2nix.mkYarnModules {
+ # name = "peertube-yarn-modules";
+ # packageJSON = "${patchedPackages}/package.json";
+ # yarnLock = "${patchedPackages}/yarn.lock";
+ # yarnNix = ./yarn-packages.nix;
+ # };
+ patchedServer = stdenv.mkDerivation (mylibs.fetchedGithub ./peertube.json // rec {
+ __noChroot = true;
+ patches = [
+ ./ldap.patch
+ ./sendmail.patch
+ ];
+ buildPhase = ''
+ export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export HOME=$PWD
+ yarn install --pure-lockfile
+ npm run build:server
+ '';
+ installPhase = ''
+ mkdir $out
+ cp -a dist/server $out
+ '';
+ buildInputs = [ python git yarn nodejs ];
+ });
+in
+stdenv.mkDerivation rec {
+ __noChroot = true;
+ version = "v1.2.0";
+ name = "peertube-${version}";
+ src = fetchzip {
+ url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
+ sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
+ };
+ patches = [ ./ldap_yarn.patch ];
+ buildPhase = ''
+ export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export HOME=$PWD
+ yarn install --production --pure-lockfile
+ rm -rf dist/server && cp -a ${patchedServer}/server dist
+ '';
+ installPhase = ''
+ mkdir $out
+ cp -a * $out
+ '';
+ buildInputs = [ yarn git python ];
+}
lib.attrsets.genAttrs names
(name: callPackage (./nextcloud/apps + "/${name}.nix") { buildApp = nextcloud.buildApp; });
+ peertube = callPackage ../impure/peertube { inherit mylibs; };
phpldapadmin = callPackage ./phpldapadmin {};
rompr = callPackage ./rompr { inherit mylibs; };
projects / perso / Immae / Config / Nix.git / commitdiff
