Add syden peertube website

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-13 10:27:35 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-13 10:27:35 +0200
commit: 8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31 (patch)
tree: f589287acf41fe528ed47c10180415e3694a54e6 /modules/private
parent: 27b4bbf9ad21d511c5a2e96d0723f2a65e1118a1 (diff)
download: Nix-8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31.tar.gz
Nix-8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31.tar.zst
Nix-8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31.zip
4 files changed, 147 insertions, 0 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix
index ece6907..dafec47 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -44,6 +44,7 @@ set = {
  papaSurveillance = ./websites/papa/surveillance.nix;
  piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
  piedsjalouxProd = ./websites/piedsjaloux/production.nix;
+  sydenPeertube = ./websites/syden/peertube.nix;
  cloudTool = ./websites/tools/cloud;
  davTool = ./websites/tools/dav;
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 77e9c8d..29ea173 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -917,6 +917,16 @@ in
              };
            };
          };
+          syden_peertube = mkOption {
+            description = "Peertube Syden configuration";
+            type = submodule {
+              options = {
+                listenPort = mkOption { type = port; description = "Port to listen to"; };
+                postgresql = mkPsqlOptions "Peertube";
+                redis = mkRedisOptions "Peertube";
+              };
+            };
+          };
          phpldapadmin = mkOption {
            description = "phpLdapAdmin configuration";
            type = submodule {
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index f9689ec..3d43b11 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -266,6 +266,8 @@ in
      piedsjaloux.integration.enable = true;
      piedsjaloux.production.enable = true;
+      syden.peertube.enable = true;
      tools.cloud.enable = true;
      tools.dav.enable = true;
      tools.db.enable = true;
diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix
new file mode 100644
index 0000000..2ad7217
--- /dev/null
+++ b/modules/private/websites/syden/peertube.nix
@@ -0,0 +1,134 @@
+{ lib, pkgs, config, ... }:
+let
+  scfg = config.myServices.websites.syden.peertube;
+  name = "peertube";
+  dataDir = "/var/lib/syden_peertube";
+  package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; };
+  env = config.myEnv.tools.syden_peertube;
+in
+{
+  options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
+  config = lib.mkIf scfg.enable {
+    services.duplyBackup.profiles.syden_peertube = {
+      rootDir = dataDir;
+    };
+    users.users.peertube = {
+      uid = config.ids.uids.peertube;
+      group = "peertube";
+      description = "Peertube user";
+      useDefaultShell = true;
+      extraGroups = [ "keys" ];
+    };
+    users.groups.peertube.gid = config.ids.gids.peertube;
+    secrets.keys = [{
+      dest = "webapps/syden-peertube";
+      user = "peertube";
+      group = "peertube";
+      permissions = "0640";
+      text = ''
+        listen:
+          hostname: 'localhost'
+          port: ${toString env.listenPort}
+        webserver:
+          https: true
+          hostname: 'syden.immae.eu'
+          port: 443
+        database:
+          hostname: '${env.postgresql.socket}'
+          port: 5432
+          suffix: '_syden'
+          username: '${env.postgresql.user}'
+          password: '${env.postgresql.password}'
+          pool:
+            max: 5
+        redis:
+          socket: '${env.redis.socket}'
+          auth: null
+          db: ${env.redis.db}
+        smtp:
+          transport: sendmail
+          sendmail: '/run/wrappers/bin/sendmail'
+          from_address: 'peertube@tools.immae.eu'
+        storage:
+          tmp: '${dataDir}/storage/tmp/'
+          avatars: '${dataDir}/storage/avatars/'
+          videos: '${dataDir}/storage/videos/'
+          streaming_playlists: '${dataDir}/storage/streaming-playlists/'
+          redundancy: '${dataDir}/storage/videos/'
+          logs: '${dataDir}/storage/logs/'
+          previews: '${dataDir}/storage/previews/'
+          thumbnails: '${dataDir}/storage/thumbnails/'
+          torrents: '${dataDir}/storage/torrents/'
+          captions: '${dataDir}/storage/captions/'
+          cache: '${dataDir}/storage/cache/'
+          plugins: '${dataDir}/storage/plugins/'
+        '';
+    }];
+    services.filesWatcher.syden_peertube = {
+      restart = true;
+      paths = [ "/var/secrets/webapps/syden-peertube" ];
+    };
+    systemd.services.syden_peertube = {
+      description = "Peertube";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
+      environment.NODE_CONFIG_DIR = "${dataDir}/config";
+      environment.NODE_ENV = "production";
+      environment.HOME = package;
+      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+      script = ''
+        install -m 0750 -d ${dataDir}/config
+        ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml
+        ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
+        exec npm run start
+      '';
+      serviceConfig = {
+        User = "peertube";
+        Group = "peertube";
+        WorkingDirectory = package;
+        StateDirectory = "syden_peertube";
+        StateDirectoryMode = 0750;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectControlGroups = true;
+        Restart = "always";
+        Type = "simple";
+        TimeoutSec = 60;
+      };
+      unitConfig.RequiresMountsFor = dataDir;
+    };
+    services.websites.env.production.vhostConfs.syden_peertube = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "syden.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+          RewriteEngine On
+          RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
+          RewriteCond %{QUERY_STRING} transport=websocket    [NC]
+          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
+          RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
+          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
+          ProxyPass /        http://localhost:${toString env.listenPort}/
+          ProxyPassReverse / http://localhost:${toString env.listenPort}/
+          ProxyPreserveHost On
+          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+      '' ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-13 10:27:35 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-13 10:27:35 +0200
commit	8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31 (patch)
tree	f589287acf41fe528ed47c10180415e3694a54e6 /modules/private
parent	27b4bbf9ad21d511c5a2e96d0723f2a65e1118a1 (diff)
download	Nix-8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31.tar.gz Nix-8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31.tar.zst Nix-8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31.zip

diff --git a/modules/private/default.nix b/modules/private/default.nix index ece6907..dafec47 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix
@@ -44,6 +44,7 @@ set = {
44	papaSurveillance = ./websites/papa/surveillance.nix;	44	papaSurveillance = ./websites/papa/surveillance.nix;
45	piedsjalouxInte = ./websites/piedsjaloux/integration.nix;	45	piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
46	piedsjalouxProd = ./websites/piedsjaloux/production.nix;	46	piedsjalouxProd = ./websites/piedsjaloux/production.nix;
		47	sydenPeertube = ./websites/syden/peertube.nix;
47		48
48	cloudTool = ./websites/tools/cloud;	49	cloudTool = ./websites/tools/cloud;
49	davTool = ./websites/tools/dav;	50	davTool = ./websites/tools/dav;


diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 77e9c8d..29ea173 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix
@@ -917,6 +917,16 @@ in
917	};	917	};
918	};	918	};
919	};	919	};
		920	syden_peertube = mkOption {
		921	description = "Peertube Syden configuration";
		922	type = submodule {
		923	options = {
		924	listenPort = mkOption { type = port; description = "Port to listen to"; };
		925	postgresql = mkPsqlOptions "Peertube";
		926	redis = mkRedisOptions "Peertube";
		927	};
		928	};
		929	};
920	phpldapadmin = mkOption {	930	phpldapadmin = mkOption {
921	description = "phpLdapAdmin configuration";	931	description = "phpLdapAdmin configuration";
922	type = submodule {	932	type = submodule {


diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index f9689ec..3d43b11 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix
@@ -266,6 +266,8 @@ in
266	piedsjaloux.integration.enable = true;	266	piedsjaloux.integration.enable = true;
267	piedsjaloux.production.enable = true;	267	piedsjaloux.production.enable = true;
268		268
		269	syden.peertube.enable = true;
		270
269	tools.cloud.enable = true;	271	tools.cloud.enable = true;
270	tools.dav.enable = true;	272	tools.dav.enable = true;
271	tools.db.enable = true;	273	tools.db.enable = true;


diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix new file mode 100644 index 0000000..2ad7217 --- /dev/null +++ b/modules/private/websites/syden/peertube.nix
@@ -0,0 +1,134 @@
		1	{ lib, pkgs, config, ... }:
		2	let
		3	scfg = config.myServices.websites.syden.peertube;
		4	name = "peertube";
		5	dataDir = "/var/lib/syden_peertube";
		6	package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; };
		7	env = config.myEnv.tools.syden_peertube;
		8	in
		9	{
		10	options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
		11
		12	config = lib.mkIf scfg.enable {
		13	services.duplyBackup.profiles.syden_peertube = {
		14	rootDir = dataDir;
		15	};
		16	users.users.peertube = {
		17	uid = config.ids.uids.peertube;
		18	group = "peertube";
		19	description = "Peertube user";
		20	useDefaultShell = true;
		21	extraGroups = [ "keys" ];
		22	};
		23	users.groups.peertube.gid = config.ids.gids.peertube;
		24
		25	secrets.keys = [{
		26	dest = "webapps/syden-peertube";
		27	user = "peertube";
		28	group = "peertube";
		29	permissions = "0640";
		30	text = ''
		31	listen:
		32	hostname: 'localhost'
		33	port: ${toString env.listenPort}
		34	webserver:
		35	https: true
		36	hostname: 'syden.immae.eu'
		37	port: 443
		38	database:
		39	hostname: '${env.postgresql.socket}'
		40	port: 5432
		41	suffix: '_syden'
		42	username: '${env.postgresql.user}'
		43	password: '${env.postgresql.password}'
		44	pool:
		45	max: 5
		46	redis:
		47	socket: '${env.redis.socket}'
		48	auth: null
		49	db: ${env.redis.db}
		50	smtp:
		51	transport: sendmail
		52	sendmail: '/run/wrappers/bin/sendmail'
		53	from_address: 'peertube@tools.immae.eu'
		54	storage:
		55	tmp: '${dataDir}/storage/tmp/'
		56	avatars: '${dataDir}/storage/avatars/'
		57	videos: '${dataDir}/storage/videos/'
		58	streaming_playlists: '${dataDir}/storage/streaming-playlists/'
		59	redundancy: '${dataDir}/storage/videos/'
		60	logs: '${dataDir}/storage/logs/'
		61	previews: '${dataDir}/storage/previews/'
		62	thumbnails: '${dataDir}/storage/thumbnails/'
		63	torrents: '${dataDir}/storage/torrents/'
		64	captions: '${dataDir}/storage/captions/'
		65	cache: '${dataDir}/storage/cache/'
		66	plugins: '${dataDir}/storage/plugins/'
		67	'';
		68	}];
		69
		70	services.filesWatcher.syden_peertube = {
		71	restart = true;
		72	paths = [ "/var/secrets/webapps/syden-peertube" ];
		73	};
		74
		75	systemd.services.syden_peertube = {
		76	description = "Peertube";
		77	wantedBy = [ "multi-user.target" ];
		78	after = [ "network.target" "postgresql.service" ];
		79	wants = [ "postgresql.service" ];
		80
		81	environment.NODE_CONFIG_DIR = "${dataDir}/config";
		82	environment.NODE_ENV = "production";
		83	environment.HOME = package;
		84
		85	path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
		86
		87	script = ''
		88	install -m 0750 -d ${dataDir}/config
		89	ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml
		90	ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
		91	exec npm run start
		92	'';
		93
		94	serviceConfig = {
		95	User = "peertube";
		96	Group = "peertube";
		97	WorkingDirectory = package;
		98	StateDirectory = "syden_peertube";
		99	StateDirectoryMode = 0750;
		100	PrivateTmp = true;
		101	ProtectHome = true;
		102	ProtectControlGroups = true;
		103	Restart = "always";
		104	Type = "simple";
		105	TimeoutSec = 60;
		106	};
		107
		108	unitConfig.RequiresMountsFor = dataDir;
		109	};
		110
		111	services.websites.env.production.vhostConfs.syden_peertube = {
		112	certName = "eldiron";
		113	addToCerts = true;
		114	hosts = [ "syden.immae.eu" ];
		115	root = null;
		116	extraConfig = [ ''
		117	RewriteEngine On
		118
		119	RewriteCond %{REQUEST_URI} ^/socket.io [NC]
		120	RewriteCond %{QUERY_STRING} transport=websocket [NC]
		121	RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
		122
		123	RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
		124	RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
		125
		126	ProxyPass / http://localhost:${toString env.listenPort}/
		127	ProxyPassReverse / http://localhost:${toString env.listenPort}/
		128
		129	ProxyPreserveHost On
		130	RequestHeader set X-Real-IP %{REMOTE_ADDR}s
		131	'' ];
		132	};
		133	};
		134	}