blob: 0ebe4e79b41e655459288e24b3ca6ba128c3beb2 (
plain) (
tree)
|
|
{ lib, pkgs, config, ... }:
let
env = config.myEnv.tools.peertube;
cfg = config.myServices.websites.tools.peertube;
pcfg = config.immaeServices.peertube;
in {
options.myServices.websites.tools.peertube = {
enable = lib.mkEnableOption "enable Peertube's website";
};
config = lib.mkIf cfg.enable {
myServices.dns.zones."immae.eu".subdomains.peertube =
with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
myServices.chatonsProperties.hostings.peertube = {
file.datetime = "2022-08-21T20:00:00";
hosting = {
name = "Peertube";
description = "Free software to take back control of your videos";
website = "https://peertube.immae.eu/";
logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
type = "INSTANCE";
status.level = "OK";
status.description = "OK";
registration.load = "OPEN";
install.type = "PACKAGE";
};
};
myServices.chatonsProperties.services.peertube = {
file.datetime = "2022-08-21T20:00:00";
service = {
name = "Peertube";
description = "Free software to take back control of your videos";
website = "https://peertube.immae.eu/";
logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png";
status.level = "OK";
status.description = "OK";
registration."" = ["MEMBER" "CLIENT"];
registration.load = "OPEN";
install.type = "PACKAGE";
};
software = {
name = "Peertube";
website = "https://joinpeertube.org/";
license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE";
license.name = "GNU Affero General Public License";
version = pcfg.package.version;
source.url = "https://github.com/Chocobozzz/PeerTube";
};
};
immaeServices.peertube = {
enable = true;
configFile = config.secrets.fullPaths."webapps/tools-peertube";
};
users.users.peertube.extraGroups = [ "keys" ];
secrets.keys."webapps/tools-peertube" = {
user = "peertube";
group = "peertube";
permissions = "0640";
text = ''
listen:
hostname: 'localhost'
port: ${toString config.myEnv.ports.peertube}
webserver:
https: true
hostname: 'peertube.immae.eu'
port: 443
database:
hostname: '${env.postgresql.socket}'
port: 5432
suffix: '_prod'
username: '${env.postgresql.user}'
password: '${env.postgresql.password}'
pool:
max: 5
redis:
socket: '${env.redis.socket}'
auth: null
db: ${env.redis.db}
smtp:
transport: sendmail
sendmail: '/run/wrappers/bin/sendmail'
from_address: 'peertube@tools.immae.eu'
storage:
tmp: '${pcfg.dataDir}/storage/tmp/'
avatars: '${pcfg.dataDir}/storage/avatars/'
videos: '${pcfg.dataDir}/storage/videos/'
streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
redundancy: '${pcfg.dataDir}/storage/videos/'
logs: '${pcfg.dataDir}/storage/logs/'
previews: '${pcfg.dataDir}/storage/previews/'
thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
torrents: '${pcfg.dataDir}/storage/torrents/'
captions: '${pcfg.dataDir}/storage/captions/'
cache: '${pcfg.dataDir}/storage/cache/'
plugins: '${pcfg.dataDir}/storage/plugins/'
client_overrides: '${pcfg.dataDir}/storage/client-overrides/'
'';
};
services.websites.env.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
services.filesWatcher.peertube = {
restart = true;
paths = [ pcfg.configFile ];
};
security.acme.certs.eldiron.extraDomainNames = [ "peertube.immae.eu" ];
services.websites.env.tools.vhostConfs.peertube = {
certName = "eldiron";
hosts = [ "peertube.immae.eu" ];
root = null;
extraConfig = [ ''
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
ProxyPass / http://localhost:${toString env.listenPort}/
ProxyPassReverse / http://localhost:${toString env.listenPort}/
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
'' ];
};
myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
myServices.monitoring.fromMasterObjects.service = [
{
service_description = "peertube website is running on peertube.immae.eu";
host_name = config.hostEnv.fqdn;
use = "external-web-service";
check_command = ["check_https" "peertube.immae.eu" "/" "<title>Immae’s PeerTube"];
servicegroups = "webstatus-webapps";
_webstatus_name = "Peertube";
_webstatus_url = "https://peertube.immae.eu/";
}
];
};
}
|