path: root/nixops/modules/websites/tools/peertube/peertube.nix



{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
let
  varDir = "/var/lib/peertube";
  listenPort = env.listenPort;
  # Doesn't seem to work
  # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
  #   patches = [ ./ldap.patch ];
  #   installPhase = ''
  #     mkdir $out
  #     cp package.json yarn.lock $out/
  #     '';
  # });
  # yarnModules = pkgs.yarn2nix.mkYarnModules {
  #   name = "peertube-yarn-modules";
  #   packageJSON = "${patchedPackages}/package.json";
  #   yarnLock = "${patchedPackages}/yarn.lock";
  #   yarnNix = ./yarn-packages.nix;
  # };
  patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
    __noChroot = true;
    patches = [
      ./ldap.patch
      ./sendmail.patch
    ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --pure-lockfile
      npm run build:server
      '';
    installPhase = ''
      mkdir $out
      cp -a dist/server $out
      '';
    buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
  });
  webappDir = stdenv.mkDerivation rec {
    __noChroot = true;
    version = "v1.2.0";
    name = "peertube-${version}";
    src = fetchzip {
      url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
      sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
    };
    patches = [ ./ldap_yarn.patch ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --production --pure-lockfile
      rm -rf dist/server && cp -a ${patchedServer}/server dist
      '';
    installPhase = ''
      mkdir $out
      cp -a * $out
      '';
    buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
  };
  config = ''
    listen:
      hostname: 'localhost'
      port: ${env.listenPort}
    webserver:
      https: true
      hostname: 'peertube.immae.eu'
      port: 443
    trust_proxy:
      - 'loopback'
    database:
      hostname: '${env.postgresql.socket}'
      port: 5432
      suffix: '_prod'
      username: '${env.postgresql.user}'
      password: '${env.postgresql.password}'
      pool:
        max: 5
    redis:
      socket: '${env.redis.socket}'
      auth: null
      db: ${env.redis.db_index}
    ldap:
      enable: true
      ldap_only: false
      url: ldaps://${env.ldap.host}/${env.ldap.base}
      bind_dn: ${env.ldap.dn}
      bind_password: ${env.ldap.password}
      base: ${env.ldap.base}
      mail_entry: "mail"
      user_filter: "${env.ldap.filter}"
    smtp:
      transport: sendmail
      sendmail: '/run/wrappers/bin/sendmail'
      hostname: null
      port: 465 # If you use StartTLS: 587
      username: null
      password: null
      tls: true # If you use StartTLS: false
      disable_starttls: false
      ca_file: null # Used for self signed certificates
      from_address: 'peertube@tools.immae.eu'
    storage:
      tmp: '${varDir}/storage/tmp/'
      avatars: '${varDir}/storage/avatars/'
      videos: '${varDir}/storage/videos/'
      redundancy: '${varDir}/storage/videos/'
      logs: '${varDir}/storage/logs/'
      previews: '${varDir}/storage/previews/'
      thumbnails: '${varDir}/storage/thumbnails/'
      torrents: '${varDir}/storage/torrents/'
      captions: '${varDir}/storage/captions/'
      cache: '${varDir}/storage/cache/'
    log:
      level: 'info'
    search:
      remote_uri:
        users: true
        anonymous: false
    trending:
      videos:
        interval_days: 7
    redundancy:
      videos:
        check_interval: '1 hour' # How often you want to check new videos to cache
        strategies: # Just uncomment strategies you want
    # Following are saved in local-production.json
    cache:
      previews:
        size: 500 # Max number of previews you want to cache
      captions:
        size: 500 # Max number of video captions/subtitles you want to cache
    admin:
      email: 'peertube@tools.immae.eu'
    contact_form:
      enabled: true
    signup:
      enabled: false
      limit: 10
      requires_email_verification: false
      filters:
        cidr:
          whitelist: []
          blacklist: []
    user:
      video_quota: -1
      video_quota_daily: -1
    transcoding:
      enabled: false
      allow_additional_extensions: true
      threads: 1
      resolutions:
        240p: false
        360p: false
        480p: true
        720p: true
        1080p: true
      hls:
        enabled: false
    import:
      videos:
        http:
          enabled: true
        torrent:
          enabled: false
    instance:
      name: 'Immae&#x2019;s PeerTube'
      short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
      description: '''
      terms: '''
      default_client_route: '/videos/trending'
      default_nsfw_policy: 'blur'
      customizations:
        javascript: '''
        css: '''
      robots: |
        User-agent: *
        Disallow:
      securitytxt:
        "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
    services:
      # You can provide a reporting endpoint for Content Security Policy violations
      csp-logger:
      twitter:
        username: '@_immae'
        whitelisted: false
    '';
in
  {
    inherit varDir webappDir config listenPort;
  }
{ env, fetchedGithub, fetchurl, fetchzip, stdenv, writeText, pkgs, cacert }:
let
  varDir = "/var/lib/peertube";
  listenPort = env.listenPort;
  # Doesn't seem to work
  # patchedPackages = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
  #   patches = [ ./ldap.patch ];
  #   installPhase = ''
  #     mkdir $out
  #     cp package.json yarn.lock $out/
  #     '';
  # });
  # yarnModules = pkgs.yarn2nix.mkYarnModules {
  #   name = "peertube-yarn-modules";
  #   packageJSON = "${patchedPackages}/package.json";
  #   yarnLock = "${patchedPackages}/yarn.lock";
  #   yarnNix = ./yarn-packages.nix;
  # };
  patchedServer = stdenv.mkDerivation (fetchedGithub ./peertube.json // rec {
    __noChroot = true;
    patches = [
      ./ldap.patch
      ./sendmail.patch
    ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --pure-lockfile
      npm run build:server
      '';
    installPhase = ''
      mkdir $out
      cp -a dist/server $out
      '';
    buildInputs = [ pkgs.python pkgs.git pkgs.yarn pkgs.nodejs ];
  });
  webappDir = stdenv.mkDerivation rec {
    __noChroot = true;
    version = "v1.2.0";
    name = "peertube-${version}";
    src = fetchzip {
      url = "https://github.com/Chocobozzz/PeerTube/releases/download/${version}/${name}.zip";
      sha256 = "18fp3fy1crw67gdpc29nr38b5zy2f68l70w47zwp7dzhd8bbbipp";
    };
    patches = [ ./ldap_yarn.patch ];
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
      export HOME=$PWD
      yarn install --production --pure-lockfile
      rm -rf dist/server && cp -a ${patchedServer}/server dist
      '';
    installPhase = ''
      mkdir $out
      cp -a * $out
      '';
    buildInputs = [ pkgs.yarn pkgs.git pkgs.python ];
  };
  config = ''
    listen:
      hostname: 'localhost'
      port: ${env.listenPort}
    webserver:
      https: true
      hostname: 'peertube.immae.eu'
      port: 443
    trust_proxy:
      - 'loopback'
    database:
      hostname: '${env.postgresql.socket}'
      port: 5432
      suffix: '_prod'
      username: '${env.postgresql.user}'
      password: '${env.postgresql.password}'
      pool:
        max: 5
    redis:
      socket: '${env.redis.socket}'
      auth: null
      db: ${env.redis.db_index}
    ldap:
      enable: true
      ldap_only: false
      url: ldaps://${env.ldap.host}/${env.ldap.base}
      bind_dn: ${env.ldap.dn}
      bind_password: ${env.ldap.password}
      base: ${env.ldap.base}
      mail_entry: "mail"
      user_filter: "${env.ldap.filter}"
    smtp:
      transport: sendmail
      sendmail: '/run/wrappers/bin/sendmail'
      hostname: null
      port: 465 # If you use StartTLS: 587
      username: null
      password: null
      tls: true # If you use StartTLS: false
      disable_starttls: false
      ca_file: null # Used for self signed certificates
      from_address: 'peertube@tools.immae.eu'
    storage:
      tmp: '${varDir}/storage/tmp/'
      avatars: '${varDir}/storage/avatars/'
      videos: '${varDir}/storage/videos/'
      redundancy: '${varDir}/storage/videos/'
      logs: '${varDir}/storage/logs/'
      previews: '${varDir}/storage/previews/'
      thumbnails: '${varDir}/storage/thumbnails/'
      torrents: '${varDir}/storage/torrents/'
      captions: '${varDir}/storage/captions/'
      cache: '${varDir}/storage/cache/'
    log:
      level: 'info'
    search:
      remote_uri:
        users: true
        anonymous: false
    trending:
      videos:
        interval_days: 7
    redundancy:
      videos:
        check_interval: '1 hour' # How often you want to check new videos to cache
        strategies: # Just uncomment strategies you want
    # Following are saved in local-production.json
    cache:
      previews:
        size: 500 # Max number of previews you want to cache
      captions:
        size: 500 # Max number of video captions/subtitles you want to cache
    admin:
      email: 'peertube@tools.immae.eu'
    contact_form:
      enabled: true
    signup:
      enabled: false
      limit: 10
      requires_email_verification: false
      filters:
        cidr:
          whitelist: []
          blacklist: []
    user:
      video_quota: -1
      video_quota_daily: -1
    transcoding:
      enabled: false
      allow_additional_extensions: true
      threads: 1
      resolutions:
        240p: false
        360p: false
        480p: true
        720p: true
        1080p: true
      hls:
        enabled: false
    import:
      videos:
        http:
          enabled: true
        torrent:
          enabled: false
    instance:
      name: 'Immae&#x2019;s PeerTube'
      short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
      description: '''
      terms: '''
      default_client_route: '/videos/trending'
      default_nsfw_policy: 'blur'
      customizations:
        javascript: '''
        css: '''
      robots: |
        User-agent: *
        Disallow:
      securitytxt:
        "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
    services:
      # You can provide a reporting endpoint for Content Security Policy violations
      csp-logger:
      twitter:
        username: '@_immae'
        whitelisted: false
    '';
in
  {
    inherit varDir webappDir config listenPort;
  }