From d42bbbe6f510fce233ecb66d44d205761390b56e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 10 May 2019 14:21:26 +0200 Subject: [PATCH] Move Peertube configuration to modules --- modules/default.nix | 1 + modules/myids.nix | 2 + modules/webapps/peertube.nix | 100 +++++++++++++++++++++ nixops/modules/websites/tools/peertube.nix | 81 ++++------------- 4 files changed, 119 insertions(+), 65 deletions(-) create mode 100644 modules/webapps/peertube.nix diff --git a/modules/default.nix b/modules/default.nix index 3cc4149..fa67144 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,4 +2,5 @@ myids = ./myids.nix; mediagoblin = ./webapps/mediagoblin.nix; + peertube = ./webapps/peertube.nix; } diff --git a/modules/myids.nix b/modules/myids.nix index a3e5879..bd6caf3 100644 --- a/modules/myids.nix +++ b/modules/myids.nix @@ -2,9 +2,11 @@ { config = { ids.uids = { + peertube = 394; mediagoblin = 397; }; ids.gids = { + peertube = 394; mediagoblin = 397; }; }; diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix new file mode 100644 index 0000000..7c96076 --- /dev/null +++ b/modules/webapps/peertube.nix @@ -0,0 +1,100 @@ +{ lib, pkgs, config, ... }: +let + name = "peertube"; + cfg = config.services.peertube; + + uid = config.ids.uids.peertube; + gid = config.ids.gids.peertube; +in +{ + options.services.peertube = { + enable = lib.mkEnableOption "Enable Peertube’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Peertube runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Peertube runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Peertube stores its data. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The configuration file path for Peertube. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.peertube; + description = '' + Peertube package to use. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Peertube user"; + home = cfg.dataDir; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.peertube = { + description = "Peertube"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "postgresql.service" ]; + wants = [ "postgresql.service" ]; + + environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config"; + environment.NODE_ENV = "production"; + environment.HOME = cfg.package; + + path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; + + script = '' + exec npm run start + ''; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.package; + PrivateTmp = true; + ProtectHome = true; + ProtectControlGroups = true; + Restart = "always"; + Type = "simple"; + TimeoutSec = 60; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + system.activationScripts.peertube = { + deps = [ "users" ]; + text = '' + install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} + install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config + ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml + ''; + }; + + }; +} + diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 813df25..9a56a85 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix @@ -1,60 +1,20 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - peertube = pkgs.webapps.peertube.override { ldap = true; }; - varDir = "/var/lib/peertube"; env = myconfig.env.tools.peertube; cfg = config.services.myWebsites.tools.peertube; + pcfg = config.services.peertube; in { options.services.myWebsites.tools.peertube = { enable = lib.mkEnableOption "enable Peertube's website"; }; config = lib.mkIf cfg.enable { - ids.uids.peertube = env.user.uid; - ids.gids.peertube = env.user.gid; - - users.users.peertube = { - name = "peertube"; - uid = config.ids.uids.peertube; - group = "peertube"; - description = "Peertube user"; - home = varDir; - useDefaultShell = true; - extraGroups = [ "keys" ]; - }; - - users.groups.peertube.gid = config.ids.gids.peertube; - - systemd.services.peertube = { - description = "Peertube"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - wants = [ "postgresql.service" ]; - - environment.NODE_CONFIG_DIR = "${varDir}/config"; - environment.NODE_ENV = "production"; - environment.HOME = peertube; - - path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; - - script = '' - exec npm run start - ''; - - serviceConfig = { - User = "peertube"; - Group = "peertube"; - WorkingDirectory = peertube; - PrivateTmp = true; - ProtectHome = true; - ProtectControlGroups = true; - Restart = "always"; - Type = "simple"; - TimeoutSec = 60; - }; - - unitConfig.RequiresMountsFor = varDir; + services.peertube = { + enable = true; + configFile = "/var/secrets/webapps/tools-peertube"; + package = pkgs.webapps.peertube.override { ldap = true; }; }; + users.users.peertube.extraGroups = [ "keys" ]; mySecrets.keys = [{ dest = "webapps/tools-peertube"; @@ -104,16 +64,16 @@ in { ca_file: null # Used for self signed certificates from_address: 'peertube@tools.immae.eu' storage: - tmp: '${varDir}/storage/tmp/' - avatars: '${varDir}/storage/avatars/' - videos: '${varDir}/storage/videos/' - redundancy: '${varDir}/storage/videos/' - logs: '${varDir}/storage/logs/' - previews: '${varDir}/storage/previews/' - thumbnails: '${varDir}/storage/thumbnails/' - torrents: '${varDir}/storage/torrents/' - captions: '${varDir}/storage/captions/' - cache: '${varDir}/storage/cache/' + tmp: '${pcfg.dataDir}/storage/tmp/' + avatars: '${pcfg.dataDir}/storage/avatars/' + videos: '${pcfg.dataDir}/storage/videos/' + redundancy: '${pcfg.dataDir}/storage/videos/' + logs: '${pcfg.dataDir}/storage/logs/' + previews: '${pcfg.dataDir}/storage/previews/' + thumbnails: '${pcfg.dataDir}/storage/thumbnails/' + torrents: '${pcfg.dataDir}/storage/torrents/' + captions: '${pcfg.dataDir}/storage/captions/' + cache: '${pcfg.dataDir}/storage/cache/' log: level: 'info' search: @@ -190,15 +150,6 @@ in { ''; }]; - system.activationScripts.peertube = { - deps = [ "users" ]; - text = '' - install -m 0750 -o peertube -g peertube -d ${varDir} - install -m 0750 -o peertube -g peertube -d ${varDir}/config - ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml - ''; - }; - services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; -- 2.41.0