diff options
Diffstat (limited to 'nixops')
-rw-r--r-- | nixops/modules/websites/tools/peertube.nix | 81 |
1 files changed, 16 insertions, 65 deletions
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 813df25..9a56a85 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix | |||
@@ -1,60 +1,20 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | peertube = pkgs.webapps.peertube.override { ldap = true; }; | ||
4 | varDir = "/var/lib/peertube"; | ||
5 | env = myconfig.env.tools.peertube; | 3 | env = myconfig.env.tools.peertube; |
6 | cfg = config.services.myWebsites.tools.peertube; | 4 | cfg = config.services.myWebsites.tools.peertube; |
5 | pcfg = config.services.peertube; | ||
7 | in { | 6 | in { |
8 | options.services.myWebsites.tools.peertube = { | 7 | options.services.myWebsites.tools.peertube = { |
9 | enable = lib.mkEnableOption "enable Peertube's website"; | 8 | enable = lib.mkEnableOption "enable Peertube's website"; |
10 | }; | 9 | }; |
11 | 10 | ||
12 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
13 | ids.uids.peertube = env.user.uid; | 12 | services.peertube = { |
14 | ids.gids.peertube = env.user.gid; | 13 | enable = true; |
15 | 14 | configFile = "/var/secrets/webapps/tools-peertube"; | |
16 | users.users.peertube = { | 15 | package = pkgs.webapps.peertube.override { ldap = true; }; |
17 | name = "peertube"; | ||
18 | uid = config.ids.uids.peertube; | ||
19 | group = "peertube"; | ||
20 | description = "Peertube user"; | ||
21 | home = varDir; | ||
22 | useDefaultShell = true; | ||
23 | extraGroups = [ "keys" ]; | ||
24 | }; | ||
25 | |||
26 | users.groups.peertube.gid = config.ids.gids.peertube; | ||
27 | |||
28 | systemd.services.peertube = { | ||
29 | description = "Peertube"; | ||
30 | wantedBy = [ "multi-user.target" ]; | ||
31 | after = [ "network.target" "postgresql.service" ]; | ||
32 | wants = [ "postgresql.service" ]; | ||
33 | |||
34 | environment.NODE_CONFIG_DIR = "${varDir}/config"; | ||
35 | environment.NODE_ENV = "production"; | ||
36 | environment.HOME = peertube; | ||
37 | |||
38 | path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; | ||
39 | |||
40 | script = '' | ||
41 | exec npm run start | ||
42 | ''; | ||
43 | |||
44 | serviceConfig = { | ||
45 | User = "peertube"; | ||
46 | Group = "peertube"; | ||
47 | WorkingDirectory = peertube; | ||
48 | PrivateTmp = true; | ||
49 | ProtectHome = true; | ||
50 | ProtectControlGroups = true; | ||
51 | Restart = "always"; | ||
52 | Type = "simple"; | ||
53 | TimeoutSec = 60; | ||
54 | }; | ||
55 | |||
56 | unitConfig.RequiresMountsFor = varDir; | ||
57 | }; | 16 | }; |
17 | users.users.peertube.extraGroups = [ "keys" ]; | ||
58 | 18 | ||
59 | mySecrets.keys = [{ | 19 | mySecrets.keys = [{ |
60 | dest = "webapps/tools-peertube"; | 20 | dest = "webapps/tools-peertube"; |
@@ -104,16 +64,16 @@ in { | |||
104 | ca_file: null # Used for self signed certificates | 64 | ca_file: null # Used for self signed certificates |
105 | from_address: 'peertube@tools.immae.eu' | 65 | from_address: 'peertube@tools.immae.eu' |
106 | storage: | 66 | storage: |
107 | tmp: '${varDir}/storage/tmp/' | 67 | tmp: '${pcfg.dataDir}/storage/tmp/' |
108 | avatars: '${varDir}/storage/avatars/' | 68 | avatars: '${pcfg.dataDir}/storage/avatars/' |
109 | videos: '${varDir}/storage/videos/' | 69 | videos: '${pcfg.dataDir}/storage/videos/' |
110 | redundancy: '${varDir}/storage/videos/' | 70 | redundancy: '${pcfg.dataDir}/storage/videos/' |
111 | logs: '${varDir}/storage/logs/' | 71 | logs: '${pcfg.dataDir}/storage/logs/' |
112 | previews: '${varDir}/storage/previews/' | 72 | previews: '${pcfg.dataDir}/storage/previews/' |
113 | thumbnails: '${varDir}/storage/thumbnails/' | 73 | thumbnails: '${pcfg.dataDir}/storage/thumbnails/' |
114 | torrents: '${varDir}/storage/torrents/' | 74 | torrents: '${pcfg.dataDir}/storage/torrents/' |
115 | captions: '${varDir}/storage/captions/' | 75 | captions: '${pcfg.dataDir}/storage/captions/' |
116 | cache: '${varDir}/storage/cache/' | 76 | cache: '${pcfg.dataDir}/storage/cache/' |
117 | log: | 77 | log: |
118 | level: 'info' | 78 | level: 'info' |
119 | search: | 79 | search: |
@@ -190,15 +150,6 @@ in { | |||
190 | ''; | 150 | ''; |
191 | }]; | 151 | }]; |
192 | 152 | ||
193 | system.activationScripts.peertube = { | ||
194 | deps = [ "users" ]; | ||
195 | text = '' | ||
196 | install -m 0750 -o peertube -g peertube -d ${varDir} | ||
197 | install -m 0750 -o peertube -g peertube -d ${varDir}/config | ||
198 | ln -sf /var/secrets/webapps/tools-peertube ${varDir}/config/production.yaml | ||
199 | ''; | ||
200 | }; | ||
201 | |||
202 | services.myWebsites.tools.modules = [ | 153 | services.myWebsites.tools.modules = [ |
203 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | 154 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
204 | ]; | 155 | ]; |