diff options
Diffstat (limited to 'nixops/modules/websites/tools/peertube.nix')
-rw-r--r-- | nixops/modules/websites/tools/peertube.nix | 225 |
1 files changed, 225 insertions, 0 deletions
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix new file mode 100644 index 0000000..e15f638 --- /dev/null +++ b/nixops/modules/websites/tools/peertube.nix | |||
@@ -0,0 +1,225 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | ||
2 | let | ||
3 | peertube = pkgs.webapps.peertube; | ||
4 | varDir = "/var/lib/peertube"; | ||
5 | env = myconfig.env.tools.peertube; | ||
6 | cfg = config.services.myWebsites.tools.peertube; | ||
7 | in { | ||
8 | options.services.myWebsites.tools.peertube = { | ||
9 | enable = lib.mkEnableOption "enable Peertube's website"; | ||
10 | }; | ||
11 | |||
12 | config = lib.mkIf cfg.enable { | ||
13 | ids.uids.peertube = env.user.uid; | ||
14 | ids.gids.peertube = env.user.gid; | ||
15 | |||
16 | users.users.peertube = { | ||
17 | name = "peertube"; | ||
18 | uid = config.ids.uids.peertube; | ||
19 | group = "peertube"; | ||
20 | description = "Peertube user"; | ||
21 | home = varDir; | ||
22 | useDefaultShell = true; | ||
23 | extraGroups = [ "keys" ]; | ||
24 | }; | ||
25 | |||
26 | users.groups.peertube.gid = config.ids.gids.peertube; | ||
27 | |||
28 | systemd.services.peertube = { | ||
29 | description = "Peertube"; | ||
30 | wantedBy = [ "multi-user.target" ]; | ||
31 | after = [ "network.target" "postgresql.service" ]; | ||
32 | wants = [ "postgresql.service" ]; | ||
33 | |||
34 | environment.NODE_CONFIG_DIR = "${varDir}/config"; | ||
35 | environment.NODE_ENV = "production"; | ||
36 | environment.HOME = peertube; | ||
37 | |||
38 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | ||
39 | |||
40 | script = '' | ||
41 | exec npm run start | ||
42 | ''; | ||
43 | |||
44 | serviceConfig = { | ||
45 | User = "peertube"; | ||
46 | Group = "peertube"; | ||
47 | WorkingDirectory = peertube; | ||
48 | PrivateTmp = true; | ||
49 | ProtectHome = true; | ||
50 | ProtectControlGroups = true; | ||
51 | Restart = "always"; | ||
52 | Type = "simple"; | ||
53 | TimeoutSec = 60; | ||
54 | }; | ||
55 | |||
56 | unitConfig.RequiresMountsFor = varDir; | ||
57 | }; | ||
58 | |||
59 | mySecrets.keys = [{ | ||
60 | dest = "webapps/tools-peertube"; | ||
61 | user = "peertube"; | ||
62 | group = "peertube"; | ||
63 | permissions = "0640"; | ||
64 | text = '' | ||
65 | listen: | ||
66 | hostname: 'localhost' | ||
67 | port: ${env.listenPort} | ||
68 | webserver: | ||
69 | https: true | ||
70 | hostname: 'peertube.immae.eu' | ||
71 | port: 443 | ||
72 | trust_proxy: | ||
73 | - 'loopback' | ||
74 | database: | ||
75 | hostname: '${env.postgresql.socket}' | ||
76 | port: 5432 | ||
77 | suffix: '_prod' | ||
78 | username: '${env.postgresql.user}' | ||
79 | password: '${env.postgresql.password}' | ||
80 | pool: | ||
81 | max: 5 | ||
82 | redis: | ||
83 | socket: '${env.redis.socket}' | ||
84 | auth: null | ||
85 | db: ${env.redis.db_index} | ||
86 | ldap: | ||
87 | enable: true | ||
88 | ldap_only: false | ||
89 | url: ldaps://${env.ldap.host}/${env.ldap.base} | ||
90 | bind_dn: ${env.ldap.dn} | ||
91 | bind_password: ${env.ldap.password} | ||
92 | base: ${env.ldap.base} | ||
93 | mail_entry: "mail" | ||
94 | user_filter: "${env.ldap.filter}" | ||
95 | smtp: | ||
96 | transport: sendmail | ||
97 | sendmail: '/run/wrappers/bin/sendmail' | ||
98 | hostname: null | ||
99 | port: 465 # If you use StartTLS: 587 | ||
100 | username: null | ||
101 | password: null | ||
102 | tls: true # If you use StartTLS: false | ||
103 | disable_starttls: false | ||
104 | ca_file: null # Used for self signed certificates | ||
105 | from_address: 'peertube@tools.immae.eu' | ||
106 | storage: | ||
107 | tmp: '${varDir}/storage/tmp/' | ||
108 | avatars: '${varDir}/storage/avatars/' | ||
109 | videos: '${varDir}/storage/videos/' | ||
110 | redundancy: '${varDir}/storage/videos/' | ||
111 | logs: '${varDir}/storage/logs/' | ||
112 | previews: '${varDir}/storage/previews/' | ||
113 | thumbnails: '${varDir}/storage/thumbnails/' | ||
114 | torrents: '${varDir}/storage/torrents/' | ||
115 | captions: '${varDir}/storage/captions/' | ||
116 | cache: '${varDir}/storage/cache/' | ||
117 | log: | ||
118 | level: 'info' | ||
119 | search: | ||
120 | remote_uri: | ||
121 | users: true | ||
122 | anonymous: false | ||
123 | trending: | ||
124 | videos: | ||
125 | interval_days: 7 | ||
126 | redundancy: | ||
127 | videos: | ||
128 | check_interval: '1 hour' # How often you want to check new videos to cache | ||
129 | strategies: # Just uncomment strategies you want | ||
130 | # Following are saved in local-production.json | ||
131 | cache: | ||
132 | previews: | ||
133 | size: 500 # Max number of previews you want to cache | ||
134 | captions: | ||
135 | size: 500 # Max number of video captions/subtitles you want to cache | ||
136 | admin: | ||
137 | email: 'peertube@tools.immae.eu' | ||
138 | contact_form: | ||
139 | enabled: true | ||
140 | signup: | ||
141 | enabled: false | ||
142 | limit: 10 | ||
143 | requires_email_verification: false | ||
144 | filters: | ||
145 | cidr: | ||
146 | whitelist: [] | ||
147 | blacklist: [] | ||
148 | user: | ||
149 | video_quota: -1 | ||
150 | video_quota_daily: -1 | ||
151 | transcoding: | ||
152 | enabled: false | ||
153 | allow_additional_extensions: true | ||
154 | threads: 1 | ||
155 | resolutions: | ||
156 | 240p: false | ||
157 | 360p: false | ||
158 | 480p: true | ||
159 | 720p: true | ||
160 | 1080p: true | ||
161 | hls: | ||
162 | enabled: false | ||
163 | import: | ||
164 | videos: | ||
165 | http: | ||
166 | enabled: true | ||
167 | torrent: | ||
168 | enabled: false | ||
169 | instance: | ||
170 | name: 'Immae’s PeerTube' | ||
171 | short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' | ||
172 | description: ''' | ||
173 | terms: ''' | ||
174 | default_client_route: '/videos/trending' | ||
175 | default_nsfw_policy: 'blur' | ||
176 | customizations: | ||
177 | javascript: ''' | ||
178 | css: ''' | ||
179 | robots: | | ||
180 | User-agent: * | ||
181 | Disallow: | ||
182 | securitytxt: | ||
183 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | ||
184 | services: | ||
185 | # You can provide a reporting endpoint for Content Security Policy violations | ||
186 | csp-logger: | ||
187 | twitter: | ||
188 | username: '@_immae' | ||
189 | whitelisted: false | ||
190 | ''; | ||
191 | }]; | ||
192 | |||
193 | system.activationScripts.peertube = { | ||
194 | deps = [ "users" ]; | ||
195 | text = '' | ||
196 | install -m 0750 -o peertube -g peertube -d ${varDir} | ||
197 | install -m 0750 -o peertube -g peertube -d ${varDir}/config | ||
198 | ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml | ||
199 | ''; | ||
200 | }; | ||
201 | |||
202 | services.myWebsites.tools.modules = [ | ||
203 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | ||
204 | ]; | ||
205 | security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; | ||
206 | services.myWebsites.tools.vhostConfs.peertube = { | ||
207 | certName = "eldiron"; | ||
208 | hosts = [ "peertube.immae.eu" ]; | ||
209 | root = null; | ||
210 | extraConfig = [ '' | ||
211 | ProxyPass / http://localhost:${env.listenPort}/ | ||
212 | ProxyPassReverse / http://localhost:${env.listenPort}/ | ||
213 | |||
214 | ProxyPreserveHost On | ||
215 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | ||
216 | |||
217 | ProxyPass /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket | ||
218 | ProxyPassReverse /tracker/socket ws://127.0.0.1:${env.listenPort}/tracker/socket | ||
219 | |||
220 | ProxyPass /socket.io ws://127.0.0.1:${env.listenPort}/socket.io | ||
221 | ProxyPassReverse /socket.io ws://127.0.0.1:${env.listenPort}/socket.io | ||
222 | '' ]; | ||
223 | }; | ||
224 | }; | ||
225 | } | ||