aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/default.nix1
-rw-r--r--modules/myids.nix2
-rw-r--r--modules/webapps/peertube.nix100
-rw-r--r--nixops/modules/websites/tools/peertube.nix81
4 files changed, 119 insertions, 65 deletions
diff --git a/modules/default.nix b/modules/default.nix
index 3cc4149..fa67144 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,4 +2,5 @@
2 myids = ./myids.nix; 2 myids = ./myids.nix;
3 3
4 mediagoblin = ./webapps/mediagoblin.nix; 4 mediagoblin = ./webapps/mediagoblin.nix;
5 peertube = ./webapps/peertube.nix;
5} 6}
diff --git a/modules/myids.nix b/modules/myids.nix
index a3e5879..bd6caf3 100644
--- a/modules/myids.nix
+++ b/modules/myids.nix
@@ -2,9 +2,11 @@
2{ 2{
3 config = { 3 config = {
4 ids.uids = { 4 ids.uids = {
5 peertube = 394;
5 mediagoblin = 397; 6 mediagoblin = 397;
6 }; 7 };
7 ids.gids = { 8 ids.gids = {
9 peertube = 394;
8 mediagoblin = 397; 10 mediagoblin = 397;
9 }; 11 };
10 }; 12 };
diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix
new file mode 100644
index 0000000..7c96076
--- /dev/null
+++ b/modules/webapps/peertube.nix
@@ -0,0 +1,100 @@
1{ lib, pkgs, config, ... }:
2let
3 name = "peertube";
4 cfg = config.services.peertube;
5
6 uid = config.ids.uids.peertube;
7 gid = config.ids.gids.peertube;
8in
9{
10 options.services.peertube = {
11 enable = lib.mkEnableOption "Enable Peertube’s service";
12 user = lib.mkOption {
13 type = lib.types.str;
14 default = name;
15 description = "User account under which Peertube runs";
16 };
17 group = lib.mkOption {
18 type = lib.types.str;
19 default = name;
20 description = "Group under which Peertube runs";
21 };
22 dataDir = lib.mkOption {
23 type = lib.types.path;
24 default = "/var/lib/${name}";
25 description = ''
26 The directory where Peertube stores its data.
27 '';
28 };
29 configFile = lib.mkOption {
30 type = lib.types.path;
31 description = ''
32 The configuration file path for Peertube.
33 '';
34 };
35 package = lib.mkOption {
36 type = lib.types.package;
37 default = pkgs.webapps.peertube;
38 description = ''
39 Peertube package to use.
40 '';
41 };
42 };
43
44 config = lib.mkIf cfg.enable {
45 users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
46 inherit name;
47 inherit uid;
48 group = cfg.group;
49 description = "Peertube user";
50 home = cfg.dataDir;
51 useDefaultShell = true;
52 });
53 users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
54 inherit name;
55 inherit gid;
56 });
57
58 systemd.services.peertube = {
59 description = "Peertube";
60 wantedBy = [ "multi-user.target" ];
61 after = [ "network.target" "postgresql.service" ];
62 wants = [ "postgresql.service" ];
63
64 environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config";
65 environment.NODE_ENV = "production";
66 environment.HOME = cfg.package;
67
68 path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
69
70 script = ''
71 exec npm run start
72 '';
73
74 serviceConfig = {
75 User = cfg.user;
76 Group = cfg.group;
77 WorkingDirectory = cfg.package;
78 PrivateTmp = true;
79 ProtectHome = true;
80 ProtectControlGroups = true;
81 Restart = "always";
82 Type = "simple";
83 TimeoutSec = 60;
84 };
85
86 unitConfig.RequiresMountsFor = cfg.dataDir;
87 };
88
89 system.activationScripts.peertube = {
90 deps = [ "users" ];
91 text = ''
92 install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
93 install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config
94 ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
95 '';
96 };
97
98 };
99}
100
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix
index 813df25..9a56a85 100644
--- a/nixops/modules/websites/tools/peertube.nix
+++ b/nixops/modules/websites/tools/peertube.nix
@@ -1,60 +1,20 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 peertube = pkgs.webapps.peertube.override { ldap = true; };
4 varDir = "/var/lib/peertube";
5 env = myconfig.env.tools.peertube; 3 env = myconfig.env.tools.peertube;
6 cfg = config.services.myWebsites.tools.peertube; 4 cfg = config.services.myWebsites.tools.peertube;
5 pcfg = config.services.peertube;
7in { 6in {
8 options.services.myWebsites.tools.peertube = { 7 options.services.myWebsites.tools.peertube = {
9 enable = lib.mkEnableOption "enable Peertube's website"; 8 enable = lib.mkEnableOption "enable Peertube's website";
10 }; 9 };
11 10
12 config = lib.mkIf cfg.enable { 11 config = lib.mkIf cfg.enable {
13 ids.uids.peertube = env.user.uid; 12 services.peertube = {
14 ids.gids.peertube = env.user.gid; 13 enable = true;
15 14 configFile = "/var/secrets/webapps/tools-peertube";
16 users.users.peertube = { 15 package = pkgs.webapps.peertube.override { ldap = true; };
17 name = "peertube";
18 uid = config.ids.uids.peertube;
19 group = "peertube";
20 description = "Peertube user";
21 home = varDir;
22 useDefaultShell = true;
23 extraGroups = [ "keys" ];
24 };
25
26 users.groups.peertube.gid = config.ids.gids.peertube;
27
28 systemd.services.peertube = {
29 description = "Peertube";
30 wantedBy = [ "multi-user.target" ];
31 after = [ "network.target" "postgresql.service" ];
32 wants = [ "postgresql.service" ];
33
34 environment.NODE_CONFIG_DIR = "${varDir}/config";
35 environment.NODE_ENV = "production";
36 environment.HOME = peertube;
37
38 path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
39
40 script = ''
41 exec npm run start
42 '';
43
44 serviceConfig = {
45 User = "peertube";
46 Group = "peertube";
47 WorkingDirectory = peertube;
48 PrivateTmp = true;
49 ProtectHome = true;
50 ProtectControlGroups = true;
51 Restart = "always";
52 Type = "simple";
53 TimeoutSec = 60;
54 };
55
56 unitConfig.RequiresMountsFor = varDir;
57 }; 16 };
17 users.users.peertube.extraGroups = [ "keys" ];
58 18
59 mySecrets.keys = [{ 19 mySecrets.keys = [{
60 dest = "webapps/tools-peertube"; 20 dest = "webapps/tools-peertube";
@@ -104,16 +64,16 @@ in {
104 ca_file: null # Used for self signed certificates 64 ca_file: null # Used for self signed certificates
105 from_address: 'peertube@tools.immae.eu' 65 from_address: 'peertube@tools.immae.eu'
106 storage: 66 storage:
107 tmp: '${varDir}/storage/tmp/' 67 tmp: '${pcfg.dataDir}/storage/tmp/'
108 avatars: '${varDir}/storage/avatars/' 68 avatars: '${pcfg.dataDir}/storage/avatars/'
109 videos: '${varDir}/storage/videos/' 69 videos: '${pcfg.dataDir}/storage/videos/'
110 redundancy: '${varDir}/storage/videos/' 70 redundancy: '${pcfg.dataDir}/storage/videos/'
111 logs: '${varDir}/storage/logs/' 71 logs: '${pcfg.dataDir}/storage/logs/'
112 previews: '${varDir}/storage/previews/' 72 previews: '${pcfg.dataDir}/storage/previews/'
113 thumbnails: '${varDir}/storage/thumbnails/' 73 thumbnails: '${pcfg.dataDir}/storage/thumbnails/'
114 torrents: '${varDir}/storage/torrents/' 74 torrents: '${pcfg.dataDir}/storage/torrents/'
115 captions: '${varDir}/storage/captions/' 75 captions: '${pcfg.dataDir}/storage/captions/'
116 cache: '${varDir}/storage/cache/' 76 cache: '${pcfg.dataDir}/storage/cache/'
117 log: 77 log:
118 level: 'info' 78 level: 'info'
119 search: 79 search:
@@ -190,15 +150,6 @@ in {
190 ''; 150 '';
191 }]; 151 }];
192 152
193 system.activationScripts.peertube = {
194 deps = [ "users" ];
195 text = ''
196 install -m 0750 -o peertube -g peertube -d ${varDir}
197 install -m 0750 -o peertube -g peertube -d ${varDir}/config
198 ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml
199 '';
200 };
201
202 services.myWebsites.tools.modules = [ 153 services.myWebsites.tools.modules = [
203 "headers" "proxy" "proxy_http" "proxy_wstunnel" 154 "headers" "proxy" "proxy_http" "proxy_wstunnel"
204 ]; 155 ];