From 8a05c7fb2e7aad81ce4eb31b5173f4dabf353e31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Mon, 13 Apr 2020 10:27:35 +0200
Subject: Add syden peertube website

---
 modules/private/websites/syden/peertube.nix | 134 ++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)
 create mode 100644 modules/private/websites/syden/peertube.nix

(limited to 'modules/private/websites/syden')

diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix
new file mode 100644
index 0000000..2ad7217
--- /dev/null
+++ b/modules/private/websites/syden/peertube.nix
@@ -0,0 +1,134 @@
+{ lib, pkgs, config, ... }:
+let
+  scfg = config.myServices.websites.syden.peertube;
+  name = "peertube";
+  dataDir = "/var/lib/syden_peertube";
+  package = pkgs.webapps.peertube.override { sendmail = true; syden = true; light = "fr-FR"; };
+  env = config.myEnv.tools.syden_peertube;
+in
+{
+  options.myServices.websites.syden.peertube.enable = lib.mkEnableOption "enable Syden's website";
+
+  config = lib.mkIf scfg.enable {
+    services.duplyBackup.profiles.syden_peertube = {
+      rootDir = dataDir;
+    };
+    users.users.peertube = {
+      uid = config.ids.uids.peertube;
+      group = "peertube";
+      description = "Peertube user";
+      useDefaultShell = true;
+      extraGroups = [ "keys" ];
+    };
+    users.groups.peertube.gid = config.ids.gids.peertube;
+
+    secrets.keys = [{
+      dest = "webapps/syden-peertube";
+      user = "peertube";
+      group = "peertube";
+      permissions = "0640";
+      text = ''
+        listen:
+          hostname: 'localhost'
+          port: ${toString env.listenPort}
+        webserver:
+          https: true
+          hostname: 'syden.immae.eu'
+          port: 443
+        database:
+          hostname: '${env.postgresql.socket}'
+          port: 5432
+          suffix: '_syden'
+          username: '${env.postgresql.user}'
+          password: '${env.postgresql.password}'
+          pool:
+            max: 5
+        redis:
+          socket: '${env.redis.socket}'
+          auth: null
+          db: ${env.redis.db}
+        smtp:
+          transport: sendmail
+          sendmail: '/run/wrappers/bin/sendmail'
+          from_address: 'peertube@tools.immae.eu'
+        storage:
+          tmp: '${dataDir}/storage/tmp/'
+          avatars: '${dataDir}/storage/avatars/'
+          videos: '${dataDir}/storage/videos/'
+          streaming_playlists: '${dataDir}/storage/streaming-playlists/'
+          redundancy: '${dataDir}/storage/videos/'
+          logs: '${dataDir}/storage/logs/'
+          previews: '${dataDir}/storage/previews/'
+          thumbnails: '${dataDir}/storage/thumbnails/'
+          torrents: '${dataDir}/storage/torrents/'
+          captions: '${dataDir}/storage/captions/'
+          cache: '${dataDir}/storage/cache/'
+          plugins: '${dataDir}/storage/plugins/'
+        '';
+    }];
+
+    services.filesWatcher.syden_peertube = {
+      restart = true;
+      paths = [ "/var/secrets/webapps/syden-peertube" ];
+    };
+
+    systemd.services.syden_peertube = {
+      description = "Peertube";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
+
+      environment.NODE_CONFIG_DIR = "${dataDir}/config";
+      environment.NODE_ENV = "production";
+      environment.HOME = package;
+
+      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+
+      script = ''
+        install -m 0750 -d ${dataDir}/config
+        ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml
+        ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
+        exec npm run start
+      '';
+
+      serviceConfig = {
+        User = "peertube";
+        Group = "peertube";
+        WorkingDirectory = package;
+        StateDirectory = "syden_peertube";
+        StateDirectoryMode = 0750;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectControlGroups = true;
+        Restart = "always";
+        Type = "simple";
+        TimeoutSec = 60;
+      };
+
+      unitConfig.RequiresMountsFor = dataDir;
+    };
+
+    services.websites.env.production.vhostConfs.syden_peertube = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "syden.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+          RewriteEngine On
+
+          RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
+          RewriteCond %{QUERY_STRING} transport=websocket    [NC]
+          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
+
+          RewriteCond %{REQUEST_URI}  ^/tracker/socket       [NC]
+          RewriteRule /(.*)           ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
+
+          ProxyPass /        http://localhost:${toString env.listenPort}/
+          ProxyPassReverse / http://localhost:${toString env.listenPort}/
+
+          ProxyPreserveHost On
+          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+      '' ];
+    };
+  };
+}
-- 
cgit v1.2.3