diff options
Diffstat (limited to 'nixops/modules/websites/tools/peertube/default.nix')
-rw-r--r-- | nixops/modules/websites/tools/peertube/default.nix | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix new file mode 100644 index 0000000..38c2608 --- /dev/null +++ b/nixops/modules/websites/tools/peertube/default.nix | |||
@@ -0,0 +1,92 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | ||
2 | let | ||
3 | peertube = pkgs.callPackage ./peertube.nix { | ||
4 | inherit (mylibs) fetchedGithub; | ||
5 | env = myconfig.env.tools.peertube; | ||
6 | }; | ||
7 | |||
8 | cfg = config.services.myWebsites.tools.peertube; | ||
9 | in { | ||
10 | options.services.myWebsites.tools.peertube = { | ||
11 | enable = lib.mkEnableOption "enable Peertube's website"; | ||
12 | }; | ||
13 | |||
14 | config = lib.mkIf cfg.enable { | ||
15 | ids.uids.peertube = myconfig.env.tools.peertube.user.uid; | ||
16 | ids.gids.peertube = myconfig.env.tools.peertube.user.gid; | ||
17 | |||
18 | users.users.peertube = { | ||
19 | name = "peertube"; | ||
20 | uid = config.ids.uids.peertube; | ||
21 | group = "peertube"; | ||
22 | description = "Peertube user"; | ||
23 | home = peertube.webappDir; | ||
24 | useDefaultShell = true; | ||
25 | }; | ||
26 | |||
27 | users.groups.peertube.gid = config.ids.gids.peertube; | ||
28 | |||
29 | systemd.services.peertube = { | ||
30 | description = "Peertube"; | ||
31 | wantedBy = [ "multi-user.target" ]; | ||
32 | after = [ "network.target" "postgresql.service" ]; | ||
33 | wants = [ "postgresql.service" ]; | ||
34 | |||
35 | environment.NODE_CONFIG_DIR = "${peertube.varDir}/config"; | ||
36 | environment.NODE_ENV = "production"; | ||
37 | environment.HOME = peertube.webappDir; | ||
38 | |||
39 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | ||
40 | |||
41 | script = '' | ||
42 | exec npm run start | ||
43 | ''; | ||
44 | |||
45 | serviceConfig = { | ||
46 | User = "peertube"; | ||
47 | Group = "peertube"; | ||
48 | WorkingDirectory = peertube.webappDir; | ||
49 | PrivateTmp = true; | ||
50 | ProtectHome = true; | ||
51 | ProtectControlGroups = true; | ||
52 | Restart = "always"; | ||
53 | Type = "simple"; | ||
54 | TimeoutSec = 60; | ||
55 | }; | ||
56 | |||
57 | unitConfig.RequiresMountsFor = peertube.varDir; | ||
58 | }; | ||
59 | |||
60 | system.activationScripts.peertube = { | ||
61 | deps = [ "users" ]; | ||
62 | text = '' | ||
63 | install -m 0755 -o peertube -g peertube -d ${peertube.varDir} | ||
64 | install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config | ||
65 | install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml | ||
66 | ''; | ||
67 | }; | ||
68 | |||
69 | services.myWebsites.tools.modules = [ | ||
70 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | ||
71 | ]; | ||
72 | security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; | ||
73 | services.myWebsites.tools.vhostConfs.peertube = { | ||
74 | certName = "eldiron"; | ||
75 | hosts = [ "peertube.immae.eu" ]; | ||
76 | root = null; | ||
77 | extraConfig = [ '' | ||
78 | ProxyPass / http://localhost:${peertube.listenPort}/ | ||
79 | ProxyPassReverse / http://localhost:${peertube.listenPort}/ | ||
80 | |||
81 | ProxyPreserveHost On | ||
82 | RequestHeader set X-Real-IP %{REMOTE_ADDR}s | ||
83 | |||
84 | ProxyPass /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket | ||
85 | ProxyPassReverse /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket | ||
86 | |||
87 | ProxyPass /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io | ||
88 | ProxyPassReverse /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io | ||
89 | '' ]; | ||
90 | }; | ||
91 | }; | ||
92 | } | ||