blob: 64d4a5d8c3e371735e69d88301cebb2da10cc7d7 (
plain) (
tree)
|
|
{ lib, pkgs, config, ... }:
let
scfg = config.myServices.websites.syden.peertube;
name = "peertube";
dataDir = "/var/lib/syden_peertube";
package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).packages.x86_64-linux.peertube_syden;
env = config.myEnv.tools.syden_peertube;
in
{
options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
config = lib.mkIf scfg.enable {
users.users.peertube = {
uid = config.ids.uids.peertube;
group = "peertube";
description = "Peertube user";
useDefaultShell = true;
extraGroups = [ "keys" ];
};
users.groups.peertube.gid = config.ids.gids.peertube;
secrets.keys."websites/syden/peertube" = {
user = "peertube";
group = "peertube";
permissions = "0640";
text = ''
listen:
hostname: 'localhost'
port: ${toString env.listenPort}
webserver:
https: true
hostname: 'record-links.immae.eu'
port: 443
database:
hostname: '${env.postgresql.socket}'
port: 5432
suffix: '_syden'
username: '${env.postgresql.user}'
password: '${env.postgresql.password}'
pool:
max: 5
redis:
socket: '${env.redis.socket}'
auth: null
db: ${env.redis.db}
smtp:
transport: sendmail
sendmail: '/run/wrappers/bin/sendmail'
from_address: 'peertube@tools.immae.eu'
storage:
tmp: '${dataDir}/storage/tmp/'
avatars: '${dataDir}/storage/avatars/'
videos: '${dataDir}/storage/videos/'
streaming_playlists: '${dataDir}/storage/streaming-playlists/'
redundancy: '${dataDir}/storage/videos/'
logs: '${dataDir}/storage/logs/'
previews: '${dataDir}/storage/previews/'
thumbnails: '${dataDir}/storage/thumbnails/'
torrents: '${dataDir}/storage/torrents/'
captions: '${dataDir}/storage/captions/'
cache: '${dataDir}/storage/cache/'
plugins: '${dataDir}/storage/plugins/'
client_overrides: '${dataDir}/storage/client-overrides/'
'';
};
services.filesWatcher.syden_peertube = {
restart = true;
paths = [ config.secrets.fullPaths."websites/syden/peertube" ];
};
systemd.services.syden_peertube = {
description = "Peertube";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ];
wants = [ "postgresql.service" ];
environment.NODE_CONFIG_DIR = "${dataDir}/config";
environment.NODE_ENV = "production";
environment.HOME = package;
path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
script = ''
install -m 0750 -d ${dataDir}/config
ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml
ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
exec npm run start
'';
serviceConfig = {
User = "peertube";
Group = "peertube";
WorkingDirectory = package;
StateDirectory = "syden_peertube";
StateDirectoryMode = 0750;
PrivateTmp = true;
ProtectHome = true;
ProtectControlGroups = true;
Restart = "always";
Type = "simple";
TimeoutSec = 60;
};
unitConfig.RequiresMountsFor = dataDir;
};
services.websites.env.production.vhostConfs.syden_peertube = {
certName = "syden";
addToCerts = true;
certMainHost = "record-links.immae.eu";
hosts = [ "record-links.immae.eu" ];
root = null;
extraConfig = [ ''
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
ProxyPass / http://localhost:${toString env.listenPort}/
ProxyPassReverse / http://localhost:${toString env.listenPort}/
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
'' ];
};
};
}
|
