From 0eaac6ba283159841da70fdfd74cb0ef7c6203ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 14 Feb 2019 19:23:06 +0100
Subject: Add peertube tool

Fixes https://git.immae.eu/mantisbt/view.php?id=118
---
 nixops/modules/websites/tools/peertube/default.nix | 92 ++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 nixops/modules/websites/tools/peertube/default.nix

(limited to 'nixops/modules/websites/tools/peertube/default.nix')

diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix
new file mode 100644
index 0000000..38c2608
--- /dev/null
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -0,0 +1,92 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+  peertube = pkgs.callPackage ./peertube.nix {
+    inherit (mylibs) fetchedGithub;
+    env = myconfig.env.tools.peertube;
+  };
+
+  cfg = config.services.myWebsites.tools.peertube;
+in {
+  options.services.myWebsites.tools.peertube = {
+    enable = lib.mkEnableOption "enable Peertube's website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    ids.uids.peertube = myconfig.env.tools.peertube.user.uid;
+    ids.gids.peertube = myconfig.env.tools.peertube.user.gid;
+
+    users.users.peertube = {
+      name = "peertube";
+      uid = config.ids.uids.peertube;
+      group = "peertube";
+      description = "Peertube user";
+      home = peertube.webappDir;
+      useDefaultShell = true;
+    };
+
+    users.groups.peertube.gid = config.ids.gids.peertube;
+
+    systemd.services.peertube = {
+      description = "Peertube";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
+
+      environment.NODE_CONFIG_DIR = "${peertube.varDir}/config";
+      environment.NODE_ENV = "production";
+      environment.HOME = peertube.webappDir;
+
+      path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
+
+      script = ''
+        exec npm run start
+      '';
+
+      serviceConfig = {
+        User = "peertube";
+        Group = "peertube";
+        WorkingDirectory = peertube.webappDir;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectControlGroups = true;
+        Restart = "always";
+        Type = "simple";
+        TimeoutSec = 60;
+      };
+
+      unitConfig.RequiresMountsFor = peertube.varDir;
+    };
+
+    system.activationScripts.peertube = {
+      deps = [ "users" ];
+      text = ''
+        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}
+        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config
+        install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml
+        '';
+    };
+
+    services.myWebsites.tools.modules = [
+      "headers" "proxy" "proxy_http" "proxy_wstunnel"
+    ];
+    security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
+    services.myWebsites.tools.vhostConfs.peertube = {
+      certName    = "eldiron";
+      hosts       = [ "peertube.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+          ProxyPass /        http://localhost:${peertube.listenPort}/
+          ProxyPassReverse / http://localhost:${peertube.listenPort}/
+
+          ProxyPreserveHost On
+          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+
+          ProxyPass /tracker/socket        ws://127.0.0.1:${peertube.listenPort}/tracker/socket
+          ProxyPassReverse /tracker/socket ws://127.0.0.1:${peertube.listenPort}/tracker/socket
+
+          ProxyPass /socket.io        ws://127.0.0.1:${peertube.listenPort}/socket.io
+          ProxyPassReverse /socket.io ws://127.0.0.1:${peertube.listenPort}/socket.io
+      '' ];
+    };
+  };
+}
-- 
cgit v1.2.3