From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 4 Oct 2023 01:35:06 +0200
Subject: Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
---
 modules/private/websites/syden/peertube.nix | 132 ----------------------------
 1 file changed, 132 deletions(-)
 delete mode 100644 modules/private/websites/syden/peertube.nix

(limited to 'modules/private/websites/syden')

diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix
deleted file mode 100644
index 64d4a5d..0000000
--- a/modules/private/websites/syden/peertube.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
-  scfg = config.myServices.websites.syden.peertube;
-  name = "peertube";
-  dataDir = "/var/lib/syden_peertube";
-  package = (pkgs.mylibs.flakeCompat ../../../../flakes/private/peertube).packages.x86_64-linux.peertube_syden;
-  env = config.myEnv.tools.syden_peertube;
-in
-{
-  options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
-
-  config = lib.mkIf scfg.enable {
-    users.users.peertube = {
-      uid = config.ids.uids.peertube;
-      group = "peertube";
-      description = "Peertube user";
-      useDefaultShell = true;
-      extraGroups = [ "keys" ];
-    };
-    users.groups.peertube.gid = config.ids.gids.peertube;
-
-    secrets.keys."websites/syden/peertube" = {
-      user = "peertube";
-      group = "peertube";
-      permissions = "0640";
-      text = ''
-        listen:
-          hostname: 'localhost'
-          port: ${toString env.listenPort}
-        webserver:
-          https: true
-          hostname: 'record-links.immae.eu'
-          port: 443
-        database:
-          hostname: '${env.postgresql.socket}'
-          port: 5432
-          suffix: '_syden'
-          username: '${env.postgresql.user}'
-          password: '${env.postgresql.password}'
-          pool:
-            max: 5
-        redis:
-          socket: '${env.redis.socket}'
-          auth: null
-          db: ${env.redis.db}
-        smtp:
-          transport: sendmail
-          sendmail: '/run/wrappers/bin/sendmail'
-          from_address: 'peertube@tools.immae.eu'
-        storage:
-          tmp: '${dataDir}/storage/tmp/'
-          avatars: '${dataDir}/storage/avatars/'
-          videos: '${dataDir}/storage/videos/'
-          streaming_playlists: '${dataDir}/storage/streaming-playlists/'
-          redundancy: '${dataDir}/storage/videos/'
-          logs: '${dataDir}/storage/logs/'
-          previews: '${dataDir}/storage/previews/'
-          thumbnails: '${dataDir}/storage/thumbnails/'
-          torrents: '${dataDir}/storage/torrents/'
-          captions: '${dataDir}/storage/captions/'
-          cache: '${dataDir}/storage/cache/'
-          plugins: '${dataDir}/storage/plugins/'
-          client_overrides: '${dataDir}/storage/client-overrides/'
-        '';
-    };
-
-    services.filesWatcher.syden_peertube = {
-      restart = true;
-      paths = [ config.secrets.fullPaths."websites/syden/peertube" ];
-    };
-
-    systemd.services.syden_peertube = {
-      description = "Peertube";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" ];
-
-      environment.NODE_CONFIG_DIR = "${dataDir}/config";
-      environment.NODE_ENV = "production";
-      environment.HOME = package;
-
-      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
-
-      script = ''
-        install -m 0750 -d ${dataDir}/config
-        ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml
-        ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
-        exec npm run start
-      '';
-
-      serviceConfig = {
-        User = "peertube";
-        Group = "peertube";
-        WorkingDirectory = package;
-        StateDirectory = "syden_peertube";
-        StateDirectoryMode = 0750;
-        PrivateTmp = true;
-        ProtectHome = true;
-        ProtectControlGroups = true;
-        Restart = "always";
-        Type = "simple";
-        TimeoutSec = 60;
-      };
-
-      unitConfig.RequiresMountsFor = dataDir;
-    };
-
-    services.websites.env.production.vhostConfs.syden_peertube = {
-      certName     = "syden";
-      addToCerts   = true;
-      certMainHost = "record-links.immae.eu";
-      hosts        = [ "record-links.immae.eu" ];
-      root         = null;
-      extraConfig  = [ ''
-          RewriteEngine On
-
-          RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
-          RewriteCond %{QUERY_STRING} transport=websocket    [NC]
-          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
-
-          RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
-          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
-
-          ProxyPass /        http://localhost:${toString env.listenPort}/
-          ProxyPassReverse / http://localhost:${toString env.listenPort}/
-
-          ProxyPreserveHost On
-          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
-      '' ];
-    };
-  };
-}
-- 
cgit v1.2.3