{ lib, pkgs, config, ... }: let env = config.myEnv.tools.peertube; cfg = config.myServices.websites.tools.peertube; pcfg = config.immaeServices.peertube; in { options.myServices.websites.tools.peertube = { enable = lib.mkEnableOption "enable Peertube's website"; }; config = lib.mkIf cfg.enable { myServices.dns.zones."immae.eu".subdomains.peertube = with config.myServices.dns.helpers; ips servers.eldiron.ips.main; myServices.chatonsProperties.hostings.peertube = { file.datetime = "2022-08-21T20:00:00"; hosting = { name = "Peertube"; description = "Free software to take back control of your videos"; website = "https://peertube.immae.eu/"; logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png"; type = "INSTANCE"; status.level = "OK"; status.description = "OK"; registration.load = "OPEN"; install.type = "PACKAGE"; }; }; myServices.chatonsProperties.services.peertube = { file.datetime = "2022-08-21T20:00:00"; service = { name = "Peertube"; description = "Free software to take back control of your videos"; website = "https://peertube.immae.eu/"; logo = "https://peertube.immae.eu/client/assets/images/icons/icon-192x192.png"; status.level = "OK"; status.description = "OK"; registration."" = ["MEMBER" "CLIENT"]; registration.load = "OPEN"; install.type = "PACKAGE"; }; software = { name = "Peertube"; website = "https://joinpeertube.org/"; license.url = "https://github.com/Chocobozzz/PeerTube/blob/develop/LICENSE"; license.name = "GNU Affero General Public License"; version = pcfg.package.version; source.url = "https://github.com/Chocobozzz/PeerTube"; }; }; immaeServices.peertube = { enable = true; configFile = config.secrets.fullPaths."webapps/tools-peertube"; }; users.users.peertube.extraGroups = [ "keys" ]; secrets.keys."webapps/tools-peertube" = { user = "peertube"; group = "peertube"; permissions = "0640"; text = '' listen: hostname: 'localhost' port: ${toString config.myEnv.ports.peertube} webserver: https: true hostname: 'peertube.immae.eu' port: 443 database: hostname: '${env.postgresql.socket}' port: 5432 suffix: '_prod' username: '${env.postgresql.user}' password: '${env.postgresql.password}' pool: max: 5 redis: socket: '${env.redis.socket}' auth: null db: ${env.redis.db} smtp: transport: sendmail sendmail: '/run/wrappers/bin/sendmail' from_address: 'peertube@tools.immae.eu' storage: tmp: '${pcfg.dataDir}/storage/tmp/' avatars: '${pcfg.dataDir}/storage/avatars/' videos: '${pcfg.dataDir}/storage/videos/' streaming_playlists: '${pcfg.dataDir}/storage/streaming-playlists/' redundancy: '${pcfg.dataDir}/storage/videos/' logs: '${pcfg.dataDir}/storage/logs/' previews: '${pcfg.dataDir}/storage/previews/' thumbnails: '${pcfg.dataDir}/storage/thumbnails/' torrents: '${pcfg.dataDir}/storage/torrents/' captions: '${pcfg.dataDir}/storage/captions/' cache: '${pcfg.dataDir}/storage/cache/' plugins: '${pcfg.dataDir}/storage/plugins/' client_overrides: '${pcfg.dataDir}/storage/client-overrides/' ''; }; services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; services.filesWatcher.peertube = { restart = true; paths = [ pcfg.configFile ]; }; security.acme.certs.eldiron.extraDomainNames = [ "peertube.immae.eu" ]; services.websites.env.tools.vhostConfs.peertube = { certName = "eldiron"; hosts = [ "peertube.immae.eu" ]; root = null; extraConfig = [ '' RewriteEngine On RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L] ProxyPass / http://localhost:${toString env.listenPort}/ ProxyPassReverse / http://localhost:${toString env.listenPort}/ ProxyPreserveHost On RequestHeader set X-Real-IP %{REMOTE_ADDR}s '' ]; }; myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; myServices.monitoring.fromMasterObjects.service = [ { service_description = "peertube website is running on peertube.immae.eu"; host_name = config.hostEnv.fqdn; use = "external-web-service"; check_command = ["check_https" "peertube.immae.eu" "/" "