Move Peertube configuration to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-10 14:21:26 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-10 14:35:00 +0200
commit: d42bbbe6f510fce233ecb66d44d205761390b56e (patch)
tree: b90b82317b73898d1e0904646b82bd5f4e5b9816
parent: 996a68c2ec15260dd0c6e8d3d60460e32571d3b7 (diff)
download: Nix-d42bbbe6f510fce233ecb66d44d205761390b56e.tar.gz
Nix-d42bbbe6f510fce233ecb66d44d205761390b56e.tar.zst
Nix-d42bbbe6f510fce233ecb66d44d205761390b56e.zip
4 files changed, 119 insertions, 65 deletions
diff --git a/modules/default.nix b/modules/default.nix
index 3cc4149..fa67144 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,4 +2,5 @@
  myids = ./myids.nix;
  mediagoblin = ./webapps/mediagoblin.nix;
+  peertube = ./webapps/peertube.nix;
 }
diff --git a/modules/myids.nix b/modules/myids.nix
index a3e5879..bd6caf3 100644
--- a/modules/myids.nix
+++ b/modules/myids.nix
@@ -2,9 +2,11 @@
 {
  config = {
    ids.uids = {
+      peertube = 394;
      mediagoblin = 397;
    };
    ids.gids = {
+      peertube = 394;
      mediagoblin = 397;
    };
  };
diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix
new file mode 100644
index 0000000..7c96076
--- /dev/null
+++ b/modules/webapps/peertube.nix
@@ -0,0 +1,100 @@
+{ lib, pkgs, config, ... }:
+let
+  name = "peertube";
+  cfg = config.services.peertube;
+  uid = config.ids.uids.peertube;
+  gid = config.ids.gids.peertube;
+in
+{
+  options.services.peertube = {
+    enable = lib.mkEnableOption "Enable Peertube’s service";
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+      description = "User account under which Peertube runs";
+    };
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+      description = "Group under which Peertube runs";
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/${name}";
+      description = ''
+        The directory where Peertube stores its data.
+      '';
+    };
+    configFile = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        The configuration file path for Peertube.
+        '';
+    };
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.webapps.peertube;
+      description = ''
+        Peertube package to use.
+        '';
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
+      inherit name;
+      inherit uid;
+      group = cfg.group;
+      description = "Peertube user";
+      home = cfg.dataDir;
+      useDefaultShell = true;
+    });
+    users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
+      inherit name;
+      inherit gid;
+    });
+    systemd.services.peertube = {
+      description = "Peertube";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
+      environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config";
+      environment.NODE_ENV = "production";
+      environment.HOME = cfg.package;
+      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+      script = ''
+        exec npm run start
+      '';
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = cfg.package;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectControlGroups = true;
+        Restart = "always";
+        Type = "simple";
+        TimeoutSec = 60;
+      };
+      unitConfig.RequiresMountsFor = cfg.dataDir;
+    };
+    system.activationScripts.peertube = {
+      deps = [ "users" ];
+      text = ''
+      install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
+      install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config
+      ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
+      '';
+    };
+  };
+}
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix
index 813df25..9a56a85 100644
--- a/nixops/modules/websites/tools/peertube.nix
+++ b/nixops/modules/websites/tools/peertube.nix
@@ -1,60 +1,20 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
-  peertube = pkgs.webapps.peertube.override { ldap = true; };
-  varDir = "/var/lib/peertube";
  env = myconfig.env.tools.peertube;
  cfg = config.services.myWebsites.tools.peertube;
+  pcfg = config.services.peertube;
 in {
  options.services.myWebsites.tools.peertube = {
    enable = lib.mkEnableOption "enable Peertube's website";
  };
  config = lib.mkIf cfg.enable {
-    ids.uids.peertube = env.user.uid;
+    services.peertube = {
-    ids.gids.peertube = env.user.gid;
+      enable = true;
+      configFile = "/var/secrets/webapps/tools-peertube";
-    users.users.peertube = {
+      package = pkgs.webapps.peertube.override { ldap = true; };
-      name = "peertube";
-      uid = config.ids.uids.peertube;
-      group = "peertube";
-      description = "Peertube user";
-      home = varDir;
-      useDefaultShell = true;
-      extraGroups = [ "keys" ];
-    };
-    users.groups.peertube.gid = config.ids.gids.peertube;
-    systemd.services.peertube = {
-      description = "Peertube";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" ];
-      environment.NODE_CONFIG_DIR = "${varDir}/config";
-      environment.NODE_ENV = "production";
-      environment.HOME = peertube;
-      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-      script = ''
-        exec npm run start
-      '';
-      serviceConfig = {
-        User = "peertube";
-        Group = "peertube";
-        WorkingDirectory = peertube;
-        PrivateTmp = true;
-        ProtectHome = true;
-        ProtectControlGroups = true;
-        Restart = "always";
-        Type = "simple";
-        TimeoutSec = 60;
-      };
-      unitConfig.RequiresMountsFor = varDir;
    };
+    users.users.peertube.extraGroups = [ "keys" ];
    mySecrets.keys = [{
      dest = "webapps/tools-peertube";
@@ -104,16 +64,16 @@ in {
          ca_file: null # Used for self signed certificates
          from_address: 'peertube@tools.immae.eu'
        storage:
-          tmp: '${varDir}/storage/tmp/'
+          tmp: '${pcfg.dataDir}/storage/tmp/'
-          avatars: '${varDir}/storage/avatars/'
+          avatars: '${pcfg.dataDir}/storage/avatars/'
-          videos: '${varDir}/storage/videos/'
+          videos: '${pcfg.dataDir}/storage/videos/'
-          redundancy: '${varDir}/storage/videos/'
+          redundancy: '${pcfg.dataDir}/storage/videos/'
-          logs: '${varDir}/storage/logs/'
+          logs: '${pcfg.dataDir}/storage/logs/'
-          previews: '${varDir}/storage/previews/'
+          previews: '${pcfg.dataDir}/storage/previews/'
-          thumbnails: '${varDir}/storage/thumbnails/'
+          thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
-          torrents: '${varDir}/storage/torrents/'
+          torrents: '${pcfg.dataDir}/storage/torrents/'
-          captions: '${varDir}/storage/captions/'
+          captions: '${pcfg.dataDir}/storage/captions/'
-          cache: '${varDir}/storage/cache/'
+          cache: '${pcfg.dataDir}/storage/cache/'
        log:
          level: 'info'
        search:
@@ -190,15 +150,6 @@ in {
        '';
    }];
-    system.activationScripts.peertube = {
-      deps = [ "users" ];
-      text = ''
-        install -m 0750 -o peertube -g peertube -d ${varDir}
-        install -m 0750 -o peertube -g peertube -d ${varDir}/config
-        ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
-        '';
-    };
    services.myWebsites.tools.modules = [
      "headers" "proxy" "proxy_http" "proxy_wstunnel"
    ];
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-10 14:21:26 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-10 14:35:00 +0200
commit	d42bbbe6f510fce233ecb66d44d205761390b56e (patch)
tree	b90b82317b73898d1e0904646b82bd5f4e5b9816
parent	996a68c2ec15260dd0c6e8d3d60460e32571d3b7 (diff)
download	Nix-d42bbbe6f510fce233ecb66d44d205761390b56e.tar.gz Nix-d42bbbe6f510fce233ecb66d44d205761390b56e.tar.zst Nix-d42bbbe6f510fce233ecb66d44d205761390b56e.zip

diff --git a/modules/default.nix b/modules/default.nix index 3cc4149..fa67144 100644 --- a/modules/default.nix +++ b/modules/default.nix
@@ -2,4 +2,5 @@
2	myids = ./myids.nix;	2	myids = ./myids.nix;
3		3
4	mediagoblin = ./webapps/mediagoblin.nix;	4	mediagoblin = ./webapps/mediagoblin.nix;
		5	peertube = ./webapps/peertube.nix;
5	}	6	}


diff --git a/modules/myids.nix b/modules/myids.nix index a3e5879..bd6caf3 100644 --- a/modules/myids.nix +++ b/modules/myids.nix
@@ -2,9 +2,11 @@
2	{	2	{
3	config = {	3	config = {
4	ids.uids = {	4	ids.uids = {
		5	peertube = 394;
5	mediagoblin = 397;	6	mediagoblin = 397;
6	};	7	};
7	ids.gids = {	8	ids.gids = {
		9	peertube = 394;
8	mediagoblin = 397;	10	mediagoblin = 397;
9	};	11	};
10	};	12	};


diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix new file mode 100644 index 0000000..7c96076 --- /dev/null +++ b/modules/webapps/peertube.nix
@@ -0,0 +1,100 @@
		1	{ lib, pkgs, config, ... }:
		2	let
		3	name = "peertube";
		4	cfg = config.services.peertube;
		5
		6	uid = config.ids.uids.peertube;
		7	gid = config.ids.gids.peertube;
		8	in
		9	{
		10	options.services.peertube = {
		11	enable = lib.mkEnableOption "Enable Peertube’s service";
		12	user = lib.mkOption {
		13	type = lib.types.str;
		14	default = name;
		15	description = "User account under which Peertube runs";
		16	};
		17	group = lib.mkOption {
		18	type = lib.types.str;
		19	default = name;
		20	description = "Group under which Peertube runs";
		21	};
		22	dataDir = lib.mkOption {
		23	type = lib.types.path;
		24	default = "/var/lib/${name}";
		25	description = ''
		26	The directory where Peertube stores its data.
		27	'';
		28	};
		29	configFile = lib.mkOption {
		30	type = lib.types.path;
		31	description = ''
		32	The configuration file path for Peertube.
		33	'';
		34	};
		35	package = lib.mkOption {
		36	type = lib.types.package;
		37	default = pkgs.webapps.peertube;
		38	description = ''
		39	Peertube package to use.
		40	'';
		41	};
		42	};
		43
		44	config = lib.mkIf cfg.enable {
		45	users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
		46	inherit name;
		47	inherit uid;
		48	group = cfg.group;
		49	description = "Peertube user";
		50	home = cfg.dataDir;
		51	useDefaultShell = true;
		52	});
		53	users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
		54	inherit name;
		55	inherit gid;
		56	});
		57
		58	systemd.services.peertube = {
		59	description = "Peertube";
		60	wantedBy = [ "multi-user.target" ];
		61	after = [ "network.target" "postgresql.service" ];
		62	wants = [ "postgresql.service" ];
		63
		64	environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config";
		65	environment.NODE_ENV = "production";
		66	environment.HOME = cfg.package;
		67
		68	path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
		69
		70	script = ''
		71	exec npm run start
		72	'';
		73
		74	serviceConfig = {
		75	User = cfg.user;
		76	Group = cfg.group;
		77	WorkingDirectory = cfg.package;
		78	PrivateTmp = true;
		79	ProtectHome = true;
		80	ProtectControlGroups = true;
		81	Restart = "always";
		82	Type = "simple";
		83	TimeoutSec = 60;
		84	};
		85
		86	unitConfig.RequiresMountsFor = cfg.dataDir;
		87	};
		88
		89	system.activationScripts.peertube = {
		90	deps = [ "users" ];
		91	text = ''
		92	install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
		93	install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config
		94	ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
		95	'';
		96	};
		97
		98	};
		99	}
		100


diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 813df25..9a56a85 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix
@@ -1,60 +1,20 @@
1	{ lib, pkgs, config, myconfig, mylibs, ... }:	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
2	let	2	let
3	peertube = pkgs.webapps.peertube.override { ldap = true; };
4	varDir = "/var/lib/peertube";
5	env = myconfig.env.tools.peertube;	3	env = myconfig.env.tools.peertube;
6	cfg = config.services.myWebsites.tools.peertube;	4	cfg = config.services.myWebsites.tools.peertube;
		5	pcfg = config.services.peertube;
7	in {	6	in {
8	options.services.myWebsites.tools.peertube = {	7	options.services.myWebsites.tools.peertube = {
9	enable = lib.mkEnableOption "enable Peertube's website";	8	enable = lib.mkEnableOption "enable Peertube's website";
10	};	9	};
11		10
12	config = lib.mkIf cfg.enable {	11	config = lib.mkIf cfg.enable {
13	ids.uids.peertube = env.user.uid;	12	services.peertube = {
14	ids.gids.peertube = env.user.gid;	13	enable = true;
15		14	configFile = "/var/secrets/webapps/tools-peertube";
16	users.users.peertube = {	15	package = pkgs.webapps.peertube.override { ldap = true; };
17	name = "peertube";
18	uid = config.ids.uids.peertube;
19	group = "peertube";
20	description = "Peertube user";
21	home = varDir;
22	useDefaultShell = true;
23	extraGroups = [ "keys" ];
24	};
25
26	users.groups.peertube.gid = config.ids.gids.peertube;
27
28	systemd.services.peertube = {
29	description = "Peertube";
30	wantedBy = [ "multi-user.target" ];
31	after = [ "network.target" "postgresql.service" ];
32	wants = [ "postgresql.service" ];
33
34	environment.NODE_CONFIG_DIR = "${varDir}/config";
35	environment.NODE_ENV = "production";
36	environment.HOME = peertube;
37
38	path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
39
40	script = ''
41	exec npm run start
42	'';
43
44	serviceConfig = {
45	User = "peertube";
46	Group = "peertube";
47	WorkingDirectory = peertube;
48	PrivateTmp = true;
49	ProtectHome = true;
50	ProtectControlGroups = true;
51	Restart = "always";
52	Type = "simple";
53	TimeoutSec = 60;
54	};
55
56	unitConfig.RequiresMountsFor = varDir;
57	};	16	};
		17	users.users.peertube.extraGroups = [ "keys" ];
58		18
59	mySecrets.keys = [{	19	mySecrets.keys = [{
60	dest = "webapps/tools-peertube";	20	dest = "webapps/tools-peertube";
@@ -104,16 +64,16 @@ in {
104	ca_file: null # Used for self signed certificates	64	ca_file: null # Used for self signed certificates
105	from_address: 'peertube@tools.immae.eu'	65	from_address: 'peertube@tools.immae.eu'
106	storage:	66	storage:
107	tmp: '${varDir}/storage/tmp/'	67	tmp: '${pcfg.dataDir}/storage/tmp/'
108	avatars: '${varDir}/storage/avatars/'	68	avatars: '${pcfg.dataDir}/storage/avatars/'
109	videos: '${varDir}/storage/videos/'	69	videos: '${pcfg.dataDir}/storage/videos/'
110	redundancy: '${varDir}/storage/videos/'	70	redundancy: '${pcfg.dataDir}/storage/videos/'
111	logs: '${varDir}/storage/logs/'	71	logs: '${pcfg.dataDir}/storage/logs/'
112	previews: '${varDir}/storage/previews/'	72	previews: '${pcfg.dataDir}/storage/previews/'
113	thumbnails: '${varDir}/storage/thumbnails/'	73	thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
114	torrents: '${varDir}/storage/torrents/'	74	torrents: '${pcfg.dataDir}/storage/torrents/'
115	captions: '${varDir}/storage/captions/'	75	captions: '${pcfg.dataDir}/storage/captions/'
116	cache: '${varDir}/storage/cache/'	76	cache: '${pcfg.dataDir}/storage/cache/'
117	log:	77	log:
118	level: 'info'	78	level: 'info'
119	search:	79	search:
@@ -190,15 +150,6 @@ in {
190	'';	150	'';
191	}];	151	}];
192		152
193	system.activationScripts.peertube = {
194	deps = [ "users" ];
195	text = ''
196	install -m 0750 -o peertube -g peertube -d ${varDir}
197	install -m 0750 -o peertube -g peertube -d ${varDir}/config
198	ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
199	'';
200	};
201
202	services.myWebsites.tools.modules = [	153	services.myWebsites.tools.modules = [
203	"headers" "proxy" "proxy_http" "proxy_wstunnel"	154	"headers" "proxy" "proxy_http" "proxy_wstunnel"
204	];	155	];