blob: 445030c792b343ba3eb7d1c3a987f28ce7e35184 (
plain) (
tree)
|
|
{ lib, pkgs, config, ... }:
let
env = config.myEnv.tools.peertube;
cfg = config.myServices.websites.tools.peertube;
pcfg = config.services.peertube;
in {
options.myServices.websites.tools.peertube = {
enable = lib.mkEnableOption "enable Peertube's website";
};
config = lib.mkIf cfg.enable {
services.duplyBackup.profiles.peertube = {
rootDir = pcfg.dataDir;
};
services.peertube = {
enable = true;
configFile = "/var/secrets/webapps/tools-peertube";
package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; };
};
users.users.peertube.extraGroups = [ "keys" ];
secrets.keys = [{
dest = "webapps/tools-peertube";
user = "peertube";
group = "peertube";
permissions = "0640";
text = ''
listen:
hostname: 'localhost'
port: ${toString config.myEnv.ports.peertube}
webserver:
https: true
hostname: 'peertube.immae.eu'
port: 443
rates_limit:
api:
# 50 attempts in 10 seconds
window: 10 seconds
max: 50
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
signup:
# 2 attempts in 5 min (only succeeded attempts are taken into account)
window: 5 minutes
max: 2
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
trust_proxy:
- 'loopback'
database:
hostname: '${env.postgresql.socket}'
port: 5432
suffix: '_prod'
username: '${env.postgresql.user}'
password: '${env.postgresql.password}'
pool:
max: 5
redis:
socket: '${env.redis.socket}'
auth: null
db: ${env.redis.db}
auth:
local:
enabled: true
ldap:
enabled: true
ldap_only: false
url: ldaps://${env.ldap.host}/${env.ldap.base}
bind_dn: ${env.ldap.dn}
bind_password: ${env.ldap.password}
base: ${env.ldap.base}
mail_entry: "mail"
user_filter: "${env.ldap.filter}"
smtp:
transport: sendmail
sendmail: '/run/wrappers/bin/sendmail'
hostname: null
port: 465 # If you use StartTLS: 587
username: null
password: null
tls: true # If you use StartTLS: false
disable_starttls: false
ca_file: null # Used for self signed certificates
from_address: 'peertube@tools.immae.eu'
email:
body:
signature: "PeerTube"
subject:
prefix: "[PeerTube]"
storage:
tmp: '${pcfg.dataDir}/storage/tmp/'
avatars: '${pcfg.dataDir}/storage/avatars/'
videos: '${pcfg.dataDir}/storage/videos/'
streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
redundancy: '${pcfg.dataDir}/storage/videos/'
logs: '${pcfg.dataDir}/storage/logs/'
previews: '${pcfg.dataDir}/storage/previews/'
thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
torrents: '${pcfg.dataDir}/storage/torrents/'
captions: '${pcfg.dataDir}/storage/captions/'
cache: '${pcfg.dataDir}/storage/cache/'
plugins: '${pcfg.dataDir}/storage/plugins/'
log:
level: 'info'
rotation:
enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
maxFileSize: 12MB
maxFiles: 20
anonymizeIP: false
search:
remote_uri:
users: true
anonymous: false
trending:
videos:
interval_days: 7
redundancy:
videos:
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
csp:
enabled: false
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
report_uri:
tracker:
enabled: true
private: true
reject_too_many_announces: false
history:
videos:
max_age: -1
views:
videos:
remote:
max_age: -1
plugins:
index:
enabled: true
check_latest_versions_interval: '12 hours'
url: 'https://packages.joinpeertube.org'
# Following are saved in local-production.json
cache:
previews:
size: 500 # Max number of previews you want to cache
captions:
size: 500 # Max number of video captions/subtitles you want to cache
admin:
email: 'peertube@tools.immae.eu'
contact_form:
enabled: true
signup:
enabled: false
limit: 10
requires_email_verification: false
filters:
cidr:
whitelist: []
blacklist: []
user:
video_quota: -1
video_quota_daily: -1
transcoding:
enabled: false
allow_additional_extensions: true
allow_audio_files: true
threads: 1
resolutions:
0p: false
240p: false
360p: false
480p: true
720p: true
1080p: true
2160p: false
webtorrent:
enabled: true
hls:
enabled: false
import:
videos:
http:
enabled: true
torrent:
enabled: false
auto_blacklist:
videos:
of_users:
enabled: false
instance:
name: 'Immae’s PeerTube'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: '''
terms: '''
code_of_conduct: '''
moderation_information: '''
creation_reason: '''
administrator: '''
maintenance_lifetime: '''
business_model: '''
hardware_information: '''
languages:
categories:
default_client_route: '/videos/trending'
is_nsfw: false
default_nsfw_policy: 'do_not_list'
customizations:
javascript: '''
css: '''
robots: |
User-agent: *
Disallow:
securitytxt:
"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
services:
twitter:
username: '@_immae'
whitelisted: false
followers:
instance:
enabled: true
manual_approval: false
followings:
instance:
auto_follow_back:
enabled: false
auto_follow_index:
enabled: false
index_url: 'https://instances.joinpeertube.org'
theme:
default: 'default'
'';
}];
services.websites.env.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
services.filesWatcher.peertube = {
restart = true;
paths = [ pcfg.configFile ];
};
services.websites.env.tools.vhostConfs.peertube = {
certName = "eldiron";
addToCerts = true;
hosts = [ "peertube.immae.eu" ];
root = null;
extraConfig = [ ''
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
ProxyPass / http://localhost:${toString env.listenPort}/
ProxyPassReverse / http://localhost:${toString env.listenPort}/
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
'' ];
};
};
}
|