Upgrade peertube to latest version

2 files changed, 96 insertions, 13 deletions

diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix
index 0bacfd1..445030c 100644
--- a/modules/private/websites/tools/peertube/default.nix
+++ b/modules/private/websites/tools/peertube/default.nix
@@ -15,7 +15,7 @@ in {
     services.peertube = {
       enable = true;
       configFile = "/var/secrets/webapps/tools-peertube";
-      package = pkgs.webapps.peertube.override { ldap = true; };
+      package = pkgs.webapps.peertube.override { ldap = true; sendmail = true; light = "fr-FR"; };
     };
     users.users.peertube.extraGroups = [ "keys" ];
 
@@ -32,6 +32,23 @@ in {
           https: true
           hostname: 'peertube.immae.eu'
           port: 443
+        rates_limit:
+          api:
+            # 50 attempts in 10 seconds
+            window: 10 seconds
+            max: 50
+          login:
+            # 15 attempts in 5 min
+            window: 5 minutes
+            max: 15
+          signup:
+            # 2 attempts in 5 min (only succeeded attempts are taken into account)
+            window: 5 minutes
+            max: 2
+          ask_send_email:
+            # 3 attempts in 5 min
+            window: 5 minutes
+            max: 3
         trust_proxy:
           - 'loopback'
         database:
@@ -46,15 +63,18 @@ in {
           socket: '${env.redis.socket}'
           auth: null
           db: ${env.redis.db}
-        ldap:
-          enable: true
-          ldap_only: false
-          url: ldaps://${env.ldap.host}/${env.ldap.base}
-          bind_dn: ${env.ldap.dn}
-          bind_password: ${env.ldap.password}
-          base: ${env.ldap.base}
-          mail_entry: "mail"
-          user_filter: "${env.ldap.filter}"
+        auth:
+          local:
+            enabled: true
+          ldap:
+            enabled: true
+            ldap_only: false
+            url: ldaps://${env.ldap.host}/${env.ldap.base}
+            bind_dn: ${env.ldap.dn}
+            bind_password: ${env.ldap.password}
+            base: ${env.ldap.base}
+            mail_entry: "mail"
+            user_filter: "${env.ldap.filter}"
         smtp:
           transport: sendmail
           sendmail: '/run/wrappers/bin/sendmail'
@@ -66,10 +86,16 @@ in {
           disable_starttls: false
           ca_file: null # Used for self signed certificates
           from_address: 'peertube@tools.immae.eu'
+        email:
+          body:
+            signature: "PeerTube"
+          subject:
+            prefix: "[PeerTube]"
         storage:
           tmp: '${pcfg.dataDir}/storage/tmp/'
           avatars: '${pcfg.dataDir}/storage/avatars/'
           videos: '${pcfg.dataDir}/storage/videos/'
+          streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/'
           redundancy: '${pcfg.dataDir}/storage/videos/'
           logs: '${pcfg.dataDir}/storage/logs/'
           previews: '${pcfg.dataDir}/storage/previews/'
@@ -77,8 +103,14 @@ in {
           torrents: '${pcfg.dataDir}/storage/torrents/'
           captions: '${pcfg.dataDir}/storage/captions/'
           cache: '${pcfg.dataDir}/storage/cache/'
+          plugins: '${pcfg.dataDir}/storage/plugins/'
         log:
           level: 'info'
+          rotation:
+            enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
+            maxFileSize: 12MB
+            maxFiles: 20
+          anonymizeIP: false
         search:
           remote_uri:
             users: true
@@ -90,6 +122,26 @@ in {
           videos:
             check_interval: '1 hour' # How often you want to check new videos to cache
             strategies: # Just uncomment strategies you want
+        csp:
+          enabled: false
+          report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
+          report_uri:
+        tracker:
+          enabled: true
+          private: true
+          reject_too_many_announces: false
+        history:
+          videos:
+            max_age: -1
+        views:
+          videos:
+            remote:
+              max_age: -1
+        plugins:
+          index:
+            enabled: true
+            check_latest_versions_interval: '12 hours'
+            url: 'https://packages.joinpeertube.org'
         # Following are saved in local-production.json
         cache:
           previews:
@@ -114,13 +166,18 @@ in {
         transcoding:
           enabled: false
           allow_additional_extensions: true
+          allow_audio_files: true
           threads: 1
           resolutions:
+            0p: false
             240p: false
             360p: false
             480p: true
             720p: true
             1080p: true
+            2160p: false
+          webtorrent:
+            enabled: true
           hls:
             enabled: false
         import:
@@ -129,13 +186,27 @@ in {
               enabled: true
             torrent:
               enabled: false
+        auto_blacklist:
+          videos:
+            of_users:
+              enabled: false
         instance:
           name: 'Immae’s PeerTube'
           short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
           description: '''
           terms: '''
+          code_of_conduct: '''
+          moderation_information: '''
+          creation_reason: '''
+          administrator: '''
+          maintenance_lifetime: '''
+          business_model: '''
+          hardware_information: '''
+          languages:
+          categories:
           default_client_route: '/videos/trending'
-          default_nsfw_policy: 'blur'
+          is_nsfw: false
+          default_nsfw_policy: 'do_not_list'
           customizations:
             javascript: '''
             css: '''
@@ -145,11 +216,22 @@ in {
           securitytxt:
             "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
         services:
-          # You can provide a reporting endpoint for Content Security Policy violations
-          csp-logger:
           twitter:
             username: '@_immae'
             whitelisted: false
+        followers:
+          instance:
+            enabled: true
+            manual_approval: false
+        followings:
+          instance:
+            auto_follow_back:
+              enabled: false
+            auto_follow_index:
+              enabled: false
+              index_url: 'https://instances.joinpeertube.org'
+        theme:
+          default: 'default'
         '';
     }];
 
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 5e0d446..46a28e7 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -299,6 +299,7 @@ in {
         user = "wwwrun";
         group = "wwwrun";
         settings = ldap.phpFpm.pool;
+        phpPackage = pkgs.php74;
       };
       kanboard = {
         user = "wwwrun";