blob: 0bacfd1ebe48a4292db9c98654dfd3987f4b0b9c (
plain) (
tree)
|
|
{ lib, pkgs, config, ... }:
let
env = config.myEnv.tools.peertube;
cfg = config.myServices.websites.tools.peertube;
pcfg = config.services.peertube;
in {
options.myServices.websites.tools.peertube = {
enable = lib.mkEnableOption "enable Peertube's website";
};
config = lib.mkIf cfg.enable {
services.duplyBackup.profiles.peertube = {
rootDir = pcfg.dataDir;
};
services.peertube = {
enable = true;
configFile = "/var/secrets/webapps/tools-peertube";
package = pkgs.webapps.peertube.override { ldap = true; };
};
users.users.peertube.extraGroups = [ "keys" ];
secrets.keys = [{
dest = "webapps/tools-peertube";
user = "peertube";
group = "peertube";
permissions = "0640";
text = ''
listen:
hostname: 'localhost'
port: ${toString config.myEnv.ports.peertube}
webserver:
https: true
hostname: 'peertube.immae.eu'
port: 443
trust_proxy:
- 'loopback'
database:
hostname: '${env.postgresql.socket}'
port: 5432
suffix: '_prod'
username: '${env.postgresql.user}'
password: '${env.postgresql.password}'
pool:
max: 5
redis:
socket: '${env.redis.socket}'
auth: null
db: ${env.redis.db}
ldap:
enable: true
ldap_only: false
url: ldaps://${env.ldap.host}/${env.ldap.base}
bind_dn: ${env.ldap.dn}
bind_password: ${env.ldap.password}
base: ${env.ldap.base}
mail_entry: "mail"
user_filter: "${env.ldap.filter}"
smtp:
transport: sendmail
sendmail: '/run/wrappers/bin/sendmail'
hostname: null
port: 465 # If you use StartTLS: 587
username: null
password: null
tls: true # If you use StartTLS: false
disable_starttls: false
ca_file: null # Used for self signed certificates
from_address: 'peertube@tools.immae.eu'
storage:
tmp: '${pcfg.dataDir}/storage/tmp/'
avatars: '${pcfg.dataDir}/storage/avatars/'
videos: '${pcfg.dataDir}/storage/videos/'
redundancy: '${pcfg.dataDir}/storage/videos/'
logs: '${pcfg.dataDir}/storage/logs/'
previews: '${pcfg.dataDir}/storage/previews/'
thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
torrents: '${pcfg.dataDir}/storage/torrents/'
captions: '${pcfg.dataDir}/storage/captions/'
cache: '${pcfg.dataDir}/storage/cache/'
log:
level: 'info'
search:
remote_uri:
users: true
anonymous: false
trending:
videos:
interval_days: 7
redundancy:
videos:
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
# Following are saved in local-production.json
cache:
previews:
size: 500 # Max number of previews you want to cache
captions:
size: 500 # Max number of video captions/subtitles you want to cache
admin:
email: 'peertube@tools.immae.eu'
contact_form:
enabled: true
signup:
enabled: false
limit: 10
requires_email_verification: false
filters:
cidr:
whitelist: []
blacklist: []
user:
video_quota: -1
video_quota_daily: -1
transcoding:
enabled: false
allow_additional_extensions: true
threads: 1
resolutions:
240p: false
360p: false
480p: true
720p: true
1080p: true
hls:
enabled: false
import:
videos:
http:
enabled: true
torrent:
enabled: false
instance:
name: 'Immae’s PeerTube'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: '''
terms: '''
default_client_route: '/videos/trending'
default_nsfw_policy: 'blur'
customizations:
javascript: '''
css: '''
robots: |
User-agent: *
Disallow:
securitytxt:
"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
services:
# You can provide a reporting endpoint for Content Security Policy violations
csp-logger:
twitter:
username: '@_immae'
whitelisted: false
'';
}];
services.websites.env.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
services.filesWatcher.peertube = {
restart = true;
paths = [ pcfg.configFile ];
};
services.websites.env.tools.vhostConfs.peertube = {
certName = "eldiron";
addToCerts = true;
hosts = [ "peertube.immae.eu" ];
root = null;
extraConfig = [ ''
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
ProxyPass / http://localhost:${toString env.listenPort}/
ProxyPassReverse / http://localhost:${toString env.listenPort}/
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
'' ];
};
};
}
|