diff options
Diffstat (limited to 'modules/private/websites/syden')
-rw-r--r-- | modules/private/websites/syden/peertube.nix | 132 |
1 files changed, 0 insertions, 132 deletions
diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix deleted file mode 100644 index 64d4a5d..0000000 --- a/modules/private/websites/syden/peertube.nix +++ /dev/null | |||
@@ -1,132 +0,0 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | scfg = config.myServices.websites.syden.peertube; | ||
4 | name = "peertube"; | ||
5 | dataDir = "/var/lib/syden_peertube"; | ||
6 | package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).packages.x86_64-linux.peertube_syden; | ||
7 | env = config.myEnv.tools.syden_peertube; | ||
8 | in | ||
9 | { | ||
10 | options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website"; | ||
11 | |||
12 | config = lib.mkIf scfg.enable { | ||
13 | users.users.peertube = { | ||
14 | uid = config.ids.uids.peertube; | ||
15 | group = "peertube"; | ||
16 | description = "Peertube user"; | ||
17 | useDefaultShell = true; | ||
18 | extraGroups = [ "keys" ]; | ||
19 | }; | ||
20 | users.groups.peertube.gid = config.ids.gids.peertube; | ||
21 | |||
22 | secrets.keys."websites/syden/peertube" = { | ||
23 | user = "peertube"; | ||
24 | group = "peertube"; | ||
25 | permissions = "0640"; | ||
26 | text = '' | ||
27 | listen: | ||
28 | hostname: 'localhost' | ||
29 | port: ${toString env.listenPort} | ||
30 | webserver: | ||
31 | https: true | ||
32 | hostname: 'record-links.immae.eu' | ||
33 | port: 443 | ||
34 | database: | ||
35 | hostname: '${env.postgresql.socket}' | ||
36 | port: 5432 | ||
37 | suffix: '_syden' | ||
38 | username: '${env.postgresql.user}' | ||
39 | password: '${env.postgresql.password}' | ||
40 | pool: | ||
41 | max: 5 | ||
42 | redis: | ||
43 | socket: '${env.redis.socket}' | ||
44 | auth: null | ||
45 | db: ${env.redis.db} | ||
46 | smtp: | ||
47 | transport: sendmail | ||
48 | sendmail: '/run/wrappers/bin/sendmail' | ||
49 | from_address: 'peertube@tools.immae.eu' | ||
50 | storage: | ||
51 | tmp: '${dataDir}/storage/tmp/' | ||
52 | avatars: '${dataDir}/storage/avatars/' | ||
53 | videos: '${dataDir}/storage/videos/' | ||
54 | streaming_playlists: '${dataDir}/storage/streaming-playlists/' | ||
55 | redundancy: '${dataDir}/storage/videos/' | ||
56 | logs: '${dataDir}/storage/logs/' | ||
57 | previews: '${dataDir}/storage/previews/' | ||
58 | thumbnails: '${dataDir}/storage/thumbnails/' | ||
59 | torrents: '${dataDir}/storage/torrents/' | ||
60 | captions: '${dataDir}/storage/captions/' | ||
61 | cache: '${dataDir}/storage/cache/' | ||
62 | plugins: '${dataDir}/storage/plugins/' | ||
63 | client_overrides: '${dataDir}/storage/client-overrides/' | ||
64 | ''; | ||
65 | }; | ||
66 | |||
67 | services.filesWatcher.syden_peertube = { | ||
68 | restart = true; | ||
69 | paths = [ config.secrets.fullPaths."websites/syden/peertube" ]; | ||
70 | }; | ||
71 | |||
72 | systemd.services.syden_peertube = { | ||
73 | description = "Peertube"; | ||
74 | wantedBy = [ "multi-user.target" ]; | ||
75 | after = [ "network.target" "postgresql.service" ]; | ||
76 | wants = [ "postgresql.service" ]; | ||
77 | |||
78 | environment.NODE_CONFIG_DIR = "${dataDir}/config"; | ||
79 | environment.NODE_ENV = "production"; | ||
80 | environment.HOME = package; | ||
81 | |||
82 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | ||
83 | |||
84 | script = '' | ||
85 | install -m 0750 -d ${dataDir}/config | ||
86 | ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml | ||
87 | ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml | ||
88 | exec npm run start | ||
89 | ''; | ||
90 | |||
91 | serviceConfig = { | ||
92 | User = "peertube"; | ||
93 | Group = "peertube"; | ||
94 | WorkingDirectory = package; | ||
95 | StateDirectory = "syden_peertube"; | ||
96 | StateDirectoryMode = 0750; | ||
97 | PrivateTmp = true; | ||
98 | ProtectHome = true; | ||
99 | ProtectControlGroups = true; | ||
100 | Restart = "always"; | ||
101 | Type = "simple"; | ||
102 | TimeoutSec = 60; | ||
103 | }; | ||
104 | |||
105 | unitConfig.RequiresMountsFor = dataDir; | ||
106 | }; | ||
107 | |||
108 | services.websites.env.production.vhostConfs.syden_peertube = { | ||
109 | certName = "syden"; | ||
110 | addToCerts = true; | ||
111 | certMainHost = "record-links.immae.eu"; | ||
112 | hosts = [ "record-links.immae.eu" ]; | ||
113 | root = null; | ||
114 | extraConfig = [ '' | ||
115 | RewriteEngine On | ||
116 | |||
117 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | ||
118 | RewriteCond %{QUERY_STRING} transport=websocket [NC] | ||
119 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | ||
120 | |||
121 | RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] | ||
122 | RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] | ||
123 | |||
124 | ProxyPass / http://localhost:${toString env.listenPort}/ | ||
125 | ProxyPassReverse / http://localhost:${toString env.listenPort}/ | ||
126 | |||
127 | ProxyPreserveHost On | ||
128 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | ||
129 | '' ]; | ||
130 | }; | ||
131 | }; | ||
132 | } | ||