path: root/nixops/modules/websites/tools/peertube/peertube.nix



{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
let
  varDir = "/var/lib/peertube";
  listenPort = env.listenPort;
  # Doesn't seem to work
  # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
  #   patches = [ ./ldap.patch ];
  #   installPhase = ''
  #     mkdir $out
  #     cp package.json yarn.lock $out/
  #     '';
  # });
  # yarnModules = pkgs.yarn2nix.mkYarnModules {
  #   name = "peertube-yarn-modules";
  #   packageJSON = "${patchedPackages}/package.json";
  #   yarnLock = "${patchedPackages}/yarn.lock";
  #   yarnNix = ./yarn-packages.nix;
  # };
  patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
    __noChroot = true;
    patches = [
      ./ldap.patch
      ./sendmail.patch
    ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --pure-lockfile
      npm run build:server
      '';
    installPhase = ''
      mkdir $out
      cp -a dist/server $out
      '';
    buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
  });
  webappDir = stdenv.mkDerivation rec {
    __noChroot = true;
    version = "v1.2.0";
    name = "peertube-${version}";
    src = fetchzip {
      url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
      sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
    };
    patches = [ ./ldap_yarn.patch ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --production --pure-lockfile
      rm -rf dist/server && cp -a ${patchedServer}/server dist
      '';
    installPhase = ''
      mkdir $out
      cp -a * $out
      '';
    buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
  };
  config = writeText "production.yaml" ''
        listen:
          hostname: 'localhost'
          port: ${env.listenPort}
        webserver:
          https: true
          hostname: 'peertube.immae.eu'
          port: 443
        trust_proxy:
          - 'loopback'
        database:
          hostname: '${env.postgresql.socket}'
          port: 5432
          suffix: '_prod'
          username: '${env.postgresql.user}'
          password: '${env.postgresql.password}'
          pool:
            max: 5
        redis:
          socket: '${env.redis.socket}'
          auth: null
          db: ${env.redis.db_index}
        ldap:
          enable: true
          ldap_only: false
          url: ldaps://${env.ldap.host}/${env.ldap.base}
          bind_dn: ${env.ldap.dn}
          bind_password: ${env.ldap.password}
          base: ${env.ldap.base}
          mail_entry: "mail"
          user_filter: "${env.ldap.filter}"
        smtp:
          transport: sendmail
          sendmail: '/run/wrappers/bin/sendmail'
          hostname: null
          port: 465 # If you use StartTLS: 587
          username: null
          password: null
          tls: true # If you use StartTLS: false
          disable_starttls: false
          ca_file: null # Used for self signed certificates
          from_address: 'peertube@immae.eu'
        storage:
          tmp: '${varDir}/storage/tmp/'
          avatars: '${varDir}/storage/avatars/'
          videos: '${varDir}/storage/videos/'
          redundancy: '${varDir}/storage/videos/'
          logs: '${varDir}/storage/logs/'
          previews: '${varDir}/storage/previews/'
          thumbnails: '${varDir}/storage/thumbnails/'
          torrents: '${varDir}/storage/torrents/'
          captions: '${varDir}/storage/captions/'
          cache: '${varDir}/storage/cache/'
        log:
          level: 'info'
        search:
          remote_uri:
            users: true
            anonymous: false
        trending:
          videos:
            interval_days: 7
        redundancy:
          videos:
            check_interval: '1 hour' # How often you want to check new videos to cache
            strategies: # Just uncomment strategies you want
        # Following are saved in local-production.json
        cache:
          previews:
            size: 500 # Max number of previews you want to cache
          captions:
            size: 500 # Max number of video captions/subtitles you want to cache
        admin:
          email: 'peertube@immae.eu'
        contact_form:
          enabled: true
        signup:
          enabled: false
          limit: 10
          requires_email_verification: false
          filters:
            cidr:
              whitelist: []
              blacklist: []
        user:
          video_quota: -1
          video_quota_daily: -1
        transcoding:
          enabled: false
          allow_additional_extensions: true
          threads: 1
          resolutions:
            240p: false
            360p: false
            480p: true
            720p: true
            1080p: true
          hls:
            enabled: false
        import:
          videos:
            http:
              enabled: true
            torrent:
              enabled: false
        instance:
          name: 'Immae’s PeerTube'
          short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
          description: '''
          terms: '''
          default_client_route: '/videos/trending'
          default_nsfw_policy: 'blur'
          customizations:
            javascript: '''
            css: '''
          robots: |
            User-agent: *
            Disallow:
          securitytxt:
            "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
        services:
          # You can provide a reporting endpoint for Content Security Policy violations
          csp-logger:
          twitter:
            username: '@_immae'
            whitelisted: false
        '';
in
  {
    inherit varDir webappDir config listenPort;
  }
{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
let
  varDir = "/var/lib/peertube";
  listenPort = env.listenPort;
  # Doesn't seem to work
  # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
  #   patches = [ ./ldap.patch ];
  #   installPhase = ''
  #     mkdir $out
  #     cp package.json yarn.lock $out/
  #     '';
  # });
  # yarnModules = pkgs.yarn2nix.mkYarnModules {
  #   name = "peertube-yarn-modules";
  #   packageJSON = "${patchedPackages}/package.json";
  #   yarnLock = "${patchedPackages}/yarn.lock";
  #   yarnNix = ./yarn-packages.nix;
  # };
  patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
    __noChroot = true;
    patches = [
      ./ldap.patch
      ./sendmail.patch
    ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --pure-lockfile
      npm run build:server
      '';
    installPhase = ''
      mkdir $out
      cp -a dist/server $out
      '';
    buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
  });
  webappDir = stdenv.mkDerivation rec {
    __noChroot = true;
    version = "v1.2.0";
    name = "peertube-${version}";
    src = fetchzip {
      url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
      sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
    };
    patches = [ ./ldap_yarn.patch ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --production --pure-lockfile
      rm -rf dist/server && cp -a ${patchedServer}/server dist
      '';
    installPhase = ''
      mkdir $out
      cp -a * $out
      '';
    buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
  };
  config = writeText "production.yaml" ''
        listen:
          hostname: 'localhost'
          port: ${env.listenPort}
        webserver:
          https: true
          hostname: 'peertube.immae.eu'
          port: 443
        trust_proxy:
          - 'loopback'
        database:
          hostname: '${env.postgresql.socket}'
          port: 5432
          suffix: '_prod'
          username: '${env.postgresql.user}'
          password: '${env.postgresql.password}'
          pool:
            max: 5
        redis:
          socket: '${env.redis.socket}'
          auth: null
          db: ${env.redis.db_index}
        ldap:
          enable: true
          ldap_only: false
          url: ldaps://${env.ldap.host}/${env.ldap.base}
          bind_dn: ${env.ldap.dn}
          bind_password: ${env.ldap.password}
          base: ${env.ldap.base}
          mail_entry: "mail"
          user_filter: "${env.ldap.filter}"
        smtp:
          transport: sendmail
          sendmail: '/run/wrappers/bin/sendmail'
          hostname: null
          port: 465 # If you use StartTLS: 587
          username: null
          password: null
          tls: true # If you use StartTLS: false
          disable_starttls: false
          ca_file: null # Used for self signed certificates
          from_address: 'peertube@immae.eu'
        storage:
          tmp: '${varDir}/storage/tmp/'
          avatars: '${varDir}/storage/avatars/'
          videos: '${varDir}/storage/videos/'
          redundancy: '${varDir}/storage/videos/'
          logs: '${varDir}/storage/logs/'
          previews: '${varDir}/storage/previews/'
          thumbnails: '${varDir}/storage/thumbnails/'
          torrents: '${varDir}/storage/torrents/'
          captions: '${varDir}/storage/captions/'
          cache: '${varDir}/storage/cache/'
        log:
          level: 'info'
        search:
          remote_uri:
            users: true
            anonymous: false
        trending:
          videos:
            interval_days: 7
        redundancy:
          videos:
            check_interval: '1 hour' # How often you want to check new videos to cache
            strategies: # Just uncomment strategies you want
        # Following are saved in local-production.json
        cache:
          previews:
            size: 500 # Max number of previews you want to cache
          captions:
            size: 500 # Max number of video captions/subtitles you want to cache
        admin:
          email: 'peertube@immae.eu'
        contact_form:
          enabled: true
        signup:
          enabled: false
          limit: 10
          requires_email_verification: false
          filters:
            cidr:
              whitelist: []
              blacklist: []
        user:
          video_quota: -1
          video_quota_daily: -1
        transcoding:
          enabled: false
          allow_additional_extensions: true
          threads: 1
          resolutions:
            240p: false
            360p: false
            480p: true
            720p: true
            1080p: true
          hls:
            enabled: false
        import:
          videos:
            http:
              enabled: true
            torrent:
              enabled: false
        instance:
          name: 'Immae’s PeerTube'
          short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
          description: '''
          terms: '''
          default_client_route: '/videos/trending'
          default_nsfw_policy: 'blur'
          customizations:
            javascript: '''
            css: '''
          robots: |
            User-agent: *
            Disallow:
          securitytxt:
            "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
        services:
          # You can provide a reporting endpoint for Content Security Policy violations
          csp-logger:
          twitter:
            username: '@_immae'
            whitelisted: false
        '';
in
  {
    inherit varDir webappDir config listenPort;
  }