diff options
-rw-r--r-- | modules/default.nix | 1 | ||||
-rw-r--r-- | modules/myids.nix | 2 | ||||
-rw-r--r-- | modules/webapps/peertube.nix | 100 | ||||
-rw-r--r-- | nixops/modules/websites/tools/peertube.nix | 81 |
4 files changed, 119 insertions, 65 deletions
diff --git a/modules/default.nix b/modules/default.nix index 3cc4149..fa67144 100644 --- a/modules/default.nix +++ b/modules/default.nix | |||
@@ -2,4 +2,5 @@ | |||
2 | myids = ./myids.nix; | 2 | myids = ./myids.nix; |
3 | 3 | ||
4 | mediagoblin = ./webapps/mediagoblin.nix; | 4 | mediagoblin = ./webapps/mediagoblin.nix; |
5 | peertube = ./webapps/peertube.nix; | ||
5 | } | 6 | } |
diff --git a/modules/myids.nix b/modules/myids.nix index a3e5879..bd6caf3 100644 --- a/modules/myids.nix +++ b/modules/myids.nix | |||
@@ -2,9 +2,11 @@ | |||
2 | { | 2 | { |
3 | config = { | 3 | config = { |
4 | ids.uids = { | 4 | ids.uids = { |
5 | peertube = 394; | ||
5 | mediagoblin = 397; | 6 | mediagoblin = 397; |
6 | }; | 7 | }; |
7 | ids.gids = { | 8 | ids.gids = { |
9 | peertube = 394; | ||
8 | mediagoblin = 397; | 10 | mediagoblin = 397; |
9 | }; | 11 | }; |
10 | }; | 12 | }; |
diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix new file mode 100644 index 0000000..7c96076 --- /dev/null +++ b/modules/webapps/peertube.nix | |||
@@ -0,0 +1,100 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | name = "peertube"; | ||
4 | cfg = config.services.peertube; | ||
5 | |||
6 | uid = config.ids.uids.peertube; | ||
7 | gid = config.ids.gids.peertube; | ||
8 | in | ||
9 | { | ||
10 | options.services.peertube = { | ||
11 | enable = lib.mkEnableOption "Enable Peertube’s service"; | ||
12 | user = lib.mkOption { | ||
13 | type = lib.types.str; | ||
14 | default = name; | ||
15 | description = "User account under which Peertube runs"; | ||
16 | }; | ||
17 | group = lib.mkOption { | ||
18 | type = lib.types.str; | ||
19 | default = name; | ||
20 | description = "Group under which Peertube runs"; | ||
21 | }; | ||
22 | dataDir = lib.mkOption { | ||
23 | type = lib.types.path; | ||
24 | default = "/var/lib/${name}"; | ||
25 | description = '' | ||
26 | The directory where Peertube stores its data. | ||
27 | ''; | ||
28 | }; | ||
29 | configFile = lib.mkOption { | ||
30 | type = lib.types.path; | ||
31 | description = '' | ||
32 | The configuration file path for Peertube. | ||
33 | ''; | ||
34 | }; | ||
35 | package = lib.mkOption { | ||
36 | type = lib.types.package; | ||
37 | default = pkgs.webapps.peertube; | ||
38 | description = '' | ||
39 | Peertube package to use. | ||
40 | ''; | ||
41 | }; | ||
42 | }; | ||
43 | |||
44 | config = lib.mkIf cfg.enable { | ||
45 | users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { | ||
46 | inherit name; | ||
47 | inherit uid; | ||
48 | group = cfg.group; | ||
49 | description = "Peertube user"; | ||
50 | home = cfg.dataDir; | ||
51 | useDefaultShell = true; | ||
52 | }); | ||
53 | users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { | ||
54 | inherit name; | ||
55 | inherit gid; | ||
56 | }); | ||
57 | |||
58 | systemd.services.peertube = { | ||
59 | description = "Peertube"; | ||
60 | wantedBy = [ "multi-user.target" ]; | ||
61 | after = [ "network.target" "postgresql.service" ]; | ||
62 | wants = [ "postgresql.service" ]; | ||
63 | |||
64 | environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config"; | ||
65 | environment.NODE_ENV = "production"; | ||
66 | environment.HOME = cfg.package; | ||
67 | |||
68 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | ||
69 | |||
70 | script = '' | ||
71 | exec npm run start | ||
72 | ''; | ||
73 | |||
74 | serviceConfig = { | ||
75 | User = cfg.user; | ||
76 | Group = cfg.group; | ||
77 | WorkingDirectory = cfg.package; | ||
78 | PrivateTmp = true; | ||
79 | ProtectHome = true; | ||
80 | ProtectControlGroups = true; | ||
81 | Restart = "always"; | ||
82 | Type = "simple"; | ||
83 | TimeoutSec = 60; | ||
84 | }; | ||
85 | |||
86 | unitConfig.RequiresMountsFor = cfg.dataDir; | ||
87 | }; | ||
88 | |||
89 | system.activationScripts.peertube = { | ||
90 | deps = [ "users" ]; | ||
91 | text = '' | ||
92 | install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} | ||
93 | install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config | ||
94 | ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml | ||
95 | ''; | ||
96 | }; | ||
97 | |||
98 | }; | ||
99 | } | ||
100 | |||
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 813df25..9a56a85 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix | |||
@@ -1,60 +1,20 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | peertube = pkgs.webapps.peertube.override { ldap = true; }; | ||
4 | varDir = "/var/lib/peertube"; | ||
5 | env = myconfig.env.tools.peertube; | 3 | env = myconfig.env.tools.peertube; |
6 | cfg = config.services.myWebsites.tools.peertube; | 4 | cfg = config.services.myWebsites.tools.peertube; |
5 | pcfg = config.services.peertube; | ||
7 | in { | 6 | in { |
8 | options.services.myWebsites.tools.peertube = { | 7 | options.services.myWebsites.tools.peertube = { |
9 | enable = lib.mkEnableOption "enable Peertube's website"; | 8 | enable = lib.mkEnableOption "enable Peertube's website"; |
10 | }; | 9 | }; |
11 | 10 | ||
12 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
13 | ids.uids.peertube = env.user.uid; | 12 | services.peertube = { |
14 | ids.gids.peertube = env.user.gid; | 13 | enable = true; |
15 | 14 | configFile = "/var/secrets/webapps/tools-peertube"; | |
16 | users.users.peertube = { | 15 | package = pkgs.webapps.peertube.override { ldap = true; }; |
17 | name = "peertube"; | ||
18 | uid = config.ids.uids.peertube; | ||
19 | group = "peertube"; | ||
20 | description = "Peertube user"; | ||
21 | home = varDir; | ||
22 | useDefaultShell = true; | ||
23 | extraGroups = [ "keys" ]; | ||
24 | }; | ||
25 | |||
26 | users.groups.peertube.gid = config.ids.gids.peertube; | ||
27 | |||
28 | systemd.services.peertube = { | ||
29 | description = "Peertube"; | ||
30 | wantedBy = [ "multi-user.target" ]; | ||
31 | after = [ "network.target" "postgresql.service" ]; | ||
32 | wants = [ "postgresql.service" ]; | ||
33 | |||
34 | environment.NODE_CONFIG_DIR = "${varDir}/config"; | ||
35 | environment.NODE_ENV = "production"; | ||
36 | environment.HOME = peertube; | ||
37 | |||
38 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | ||
39 | |||
40 | script = '' | ||
41 | exec npm run start | ||
42 | ''; | ||
43 | |||
44 | serviceConfig = { | ||
45 | User = "peertube"; | ||
46 | Group = "peertube"; | ||
47 | WorkingDirectory = peertube; | ||
48 | PrivateTmp = true; | ||
49 | ProtectHome = true; | ||
50 | ProtectControlGroups = true; | ||
51 | Restart = "always"; | ||
52 | Type = "simple"; | ||
53 | TimeoutSec = 60; | ||
54 | }; | ||
55 | |||
56 | unitConfig.RequiresMountsFor = varDir; | ||
57 | }; | 16 | }; |
17 | users.users.peertube.extraGroups = [ "keys" ]; | ||
58 | 18 | ||
59 | mySecrets.keys = [{ | 19 | mySecrets.keys = [{ |
60 | dest = "webapps/tools-peertube"; | 20 | dest = "webapps/tools-peertube"; |
@@ -104,16 +64,16 @@ in { | |||
104 | ca_file: null # Used for self signed certificates | 64 | ca_file: null # Used for self signed certificates |
105 | from_address: 'peertube@tools.immae.eu' | 65 | from_address: 'peertube@tools.immae.eu' |
106 | storage: | 66 | storage: |
107 | tmp: '${varDir}/storage/tmp/' | 67 | tmp: '${pcfg.dataDir}/storage/tmp/' |
108 | avatars: '${varDir}/storage/avatars/' | 68 | avatars: '${pcfg.dataDir}/storage/avatars/' |
109 | videos: '${varDir}/storage/videos/' | 69 | videos: '${pcfg.dataDir}/storage/videos/' |
110 | redundancy: '${varDir}/storage/videos/' | 70 | redundancy: '${pcfg.dataDir}/storage/videos/' |
111 | logs: '${varDir}/storage/logs/' | 71 | logs: '${pcfg.dataDir}/storage/logs/' |
112 | previews: '${varDir}/storage/previews/' | 72 | previews: '${pcfg.dataDir}/storage/previews/' |
113 | thumbnails: '${varDir}/storage/thumbnails/' | 73 | thumbnails: '${pcfg.dataDir}/storage/thumbnails/' |
114 | torrents: '${varDir}/storage/torrents/' | 74 | torrents: '${pcfg.dataDir}/storage/torrents/' |
115 | captions: '${varDir}/storage/captions/' | 75 | captions: '${pcfg.dataDir}/storage/captions/' |
116 | cache: '${varDir}/storage/cache/' | 76 | cache: '${pcfg.dataDir}/storage/cache/' |
117 | log: | 77 | log: |
118 | level: 'info' | 78 | level: 'info' |
119 | search: | 79 | search: |
@@ -190,15 +150,6 @@ in { | |||
190 | ''; | 150 | ''; |
191 | }]; | 151 | }]; |
192 | 152 | ||
193 | system.activationScripts.peertube = { | ||
194 | deps = [ "users" ]; | ||
195 | text = '' | ||
196 | install -m 0750 -o peertube -g peertube -d ${varDir} | ||
197 | install -m 0750 -o peertube -g peertube -d ${varDir}/config | ||
198 | ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml | ||
199 | ''; | ||
200 | }; | ||
201 | |||
202 | services.myWebsites.tools.modules = [ | 153 | services.myWebsites.tools.modules = [ |
203 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | 154 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
204 | ]; | 155 | ]; |