aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/private/default.nix1
-rw-r--r--modules/private/environment.nix10
-rw-r--r--modules/private/websites/default.nix2
-rw-r--r--modules/private/websites/syden/peertube.nix134
4 files changed, 147 insertions, 0 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix
index ece6907..dafec47 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -44,6 +44,7 @@ set = {
44 papaSurveillance = ./websites/papa/surveillance.nix; 44 papaSurveillance = ./websites/papa/surveillance.nix;
45 piedsjalouxInte = ./websites/piedsjaloux/integration.nix; 45 piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
46 piedsjalouxProd = ./websites/piedsjaloux/production.nix; 46 piedsjalouxProd = ./websites/piedsjaloux/production.nix;
47 sydenPeertube = ./websites/syden/peertube.nix;
47 48
48 cloudTool = ./websites/tools/cloud; 49 cloudTool = ./websites/tools/cloud;
49 davTool = ./websites/tools/dav; 50 davTool = ./websites/tools/dav;
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 77e9c8d..29ea173 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -917,6 +917,16 @@ in
917 }; 917 };
918 }; 918 };
919 }; 919 };
920 syden_peertube = mkOption {
921 description = "Peertube Syden configuration";
922 type = submodule {
923 options = {
924 listenPort = mkOption { type = port; description = "Port to listen to"; };
925 postgresql = mkPsqlOptions "Peertube";
926 redis = mkRedisOptions "Peertube";
927 };
928 };
929 };
920 phpldapadmin = mkOption { 930 phpldapadmin = mkOption {
921 description = "phpLdapAdmin configuration"; 931 description = "phpLdapAdmin configuration";
922 type = submodule { 932 type = submodule {
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index f9689ec..3d43b11 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -266,6 +266,8 @@ in
266 piedsjaloux.integration.enable = true; 266 piedsjaloux.integration.enable = true;
267 piedsjaloux.production.enable = true; 267 piedsjaloux.production.enable = true;
268 268
269 syden.peertube.enable = true;
270
269 tools.cloud.enable = true; 271 tools.cloud.enable = true;
270 tools.dav.enable = true; 272 tools.dav.enable = true;
271 tools.db.enable = true; 273 tools.db.enable = true;
diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix
new file mode 100644
index 0000000..2ad7217
--- /dev/null
+++ b/modules/private/websites/syden/peertube.nix
@@ -0,0 +1,134 @@
1{ lib, pkgs, config, ... }:
2let
3 scfg = config.myServices.websites.syden.peertube;
4 name = "peertube";
5 dataDir = "/var/lib/syden_peertube";
6 package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; };
7 env = config.myEnv.tools.syden_peertube;
8in
9{
10 options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
11
12 config = lib.mkIf scfg.enable {
13 services.duplyBackup.profiles.syden_peertube = {
14 rootDir = dataDir;
15 };
16 users.users.peertube = {
17 uid = config.ids.uids.peertube;
18 group = "peertube";
19 description = "Peertube user";
20 useDefaultShell = true;
21 extraGroups = [ "keys" ];
22 };
23 users.groups.peertube.gid = config.ids.gids.peertube;
24
25 secrets.keys = [{
26 dest = "webapps/syden-peertube";
27 user = "peertube";
28 group = "peertube";
29 permissions = "0640";
30 text = ''
31 listen:
32 hostname: 'localhost'
33 port: ${toString env.listenPort}
34 webserver:
35 https: true
36 hostname: 'syden.immae.eu'
37 port: 443
38 database:
39 hostname: '${env.postgresql.socket}'
40 port: 5432
41 suffix: '_syden'
42 username: '${env.postgresql.user}'
43 password: '${env.postgresql.password}'
44 pool:
45 max: 5
46 redis:
47 socket: '${env.redis.socket}'
48 auth: null
49 db: ${env.redis.db}
50 smtp:
51 transport: sendmail
52 sendmail: '/run/wrappers/bin/sendmail'
53 from_address: 'peertube@tools.immae.eu'
54 storage:
55 tmp: '${dataDir}/storage/tmp/'
56 avatars: '${dataDir}/storage/avatars/'
57 videos: '${dataDir}/storage/videos/'
58 streaming_playlists: '${dataDir}/storage/streaming-playlists/'
59 redundancy: '${dataDir}/storage/videos/'
60 logs: '${dataDir}/storage/logs/'
61 previews: '${dataDir}/storage/previews/'
62 thumbnails: '${dataDir}/storage/thumbnails/'
63 torrents: '${dataDir}/storage/torrents/'
64 captions: '${dataDir}/storage/captions/'
65 cache: '${dataDir}/storage/cache/'
66 plugins: '${dataDir}/storage/plugins/'
67 '';
68 }];
69
70 services.filesWatcher.syden_peertube = {
71 restart = true;
72 paths = [ "/var/secrets/webapps/syden-peertube" ];
73 };
74
75 systemd.services.syden_peertube = {
76 description = "Peertube";
77 wantedBy = [ "multi-user.target" ];
78 after = [ "network.target" "postgresql.service" ];
79 wants = [ "postgresql.service" ];
80
81 environment.NODE_CONFIG_DIR = "${dataDir}/config";
82 environment.NODE_ENV = "production";
83 environment.HOME = package;
84
85 path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
86
87 script = ''
88 install -m 0750 -d ${dataDir}/config
89 ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml
90 ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
91 exec npm run start
92 '';
93
94 serviceConfig = {
95 User = "peertube";
96 Group = "peertube";
97 WorkingDirectory = package;
98 StateDirectory = "syden_peertube";
99 StateDirectoryMode = 0750;
100 PrivateTmp = true;
101 ProtectHome = true;
102 ProtectControlGroups = true;
103 Restart = "always";
104 Type = "simple";
105 TimeoutSec = 60;
106 };
107
108 unitConfig.RequiresMountsFor = dataDir;
109 };
110
111 services.websites.env.production.vhostConfs.syden_peertube = {
112 certName = "eldiron";
113 addToCerts = true;
114 hosts = [ "syden.immae.eu" ];
115 root = null;
116 extraConfig = [ ''
117 RewriteEngine On
118
119 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
120 RewriteCond %{QUERY_STRING} transport=websocket [NC]
121 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
122
123 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
124 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
125
126 ProxyPass / http://localhost:${toString env.listenPort}/
127 ProxyPassReverse / http://localhost:${toString env.listenPort}/
128
129 ProxyPreserveHost On
130 RequestHeader set X-Real-IP %{REMOTE_ADDR}s
131 '' ];
132 };
133 };
134}