nix-home/nki-personal-do/peertube.nix

{ config, lib, pkgs, ... }:
let
  secrets = config.sops.secrets;
  cfg = config.services.peertube;

  user = "peertube";
  host = "peertube.dtth.ch";
  dataFolder = "/mnt/data/peertube";
  port = 19878;
in
{
  sops.secrets."peertube" = { owner = cfg.user; restartUnits = [ "peertube.service" ]; };
  sops.secrets."peertube-env" = { owner = cfg.user; restartUnits = [ "peertube.service" ]; };
  # database
  cloud.postgresql.databases = [ "peertube" ];
  # traefik
  cloud.traefik.hosts.peertube = {
    inherit port host;
    noCloudflare = true;
  };

  services.peertube = {
    enable = true;
    enableWebHttps = true;
    listenWeb = 443;
    listenHttp = port;
    localDomain = host;

    secrets.secretsFile = secrets."peertube".path;
    serviceEnvironmentFile = secrets."peertube-env".path;

    # Databases
    redis.createLocally = true;
    database = {
      host = "/run/postgresql";
    };

    # S3
    settings.object_storage = {
      enabled = true;

      region = "auto";

      proxy.proxify_private_files = false;

      web_videos = {
        bucket_name = "dtthtube";
        prefix = "web-videos/";
        base_url = "https://content.peertube.dtth.ch";
      };
      streaming_playlists = {
        bucket_name = "dtthtube";
        prefix = "hls-playlists/";
        base_url = "https://content.peertube.dtth.ch";
      };
    };

    # Storage
    settings.client.videos = {
      resumable_upload.max_chunk_size = "90MB";
    };

    # Trust proxy
    settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;

    # Federation
    settings.federation = {
      sign_federated_fetches = true;
      videos.federate_unlisted = true;
      videos.cleanup_remote_interactions = true;
    };

    dataDirs = [ "/var/lib/peertube" "/mnt/data/peertube" ];
  };

  systemd.services.peertube = {
    requires = [ "arion-authentik.service" ];
    after = [ "arion-authentik.service" ];
    unitConfig.RequiresMountsFor = [ dataFolder ];
  };
  systemd.tmpfiles.settings."10-peertube" = {
    # The service hard-codes a lot of paths here, so it's nicer if we just symlink
    "/var/lib/peertube"."L+" = {
      argument = dataFolder;
    };
    ${dataFolder}."d" = {
      user = user;
      group = user;
      mode = "0700";
    };
  };
}
Add peertube 2024-03-19 21:11:06 +00:00			`{ config, lib, pkgs, ... }:`
Set up peertube 2024-03-16 14:35:12 +00:00			`let`
			`secrets = config.sops.secrets;`
Add peertube 2024-03-19 21:11:06 +00:00			`cfg = config.services.peertube;`
Set up peertube 2024-03-16 14:35:12 +00:00
Update nixpkgs and default peertube data to external 2024-12-17 21:42:51 +00:00			`user = "peertube";`
Set up peertube 2024-03-16 14:35:12 +00:00			`host = "peertube.dtth.ch";`
Update nixpkgs and default peertube data to external 2024-12-17 21:42:51 +00:00			`dataFolder = "/mnt/data/peertube";`
Set up peertube 2024-03-16 14:35:12 +00:00			`port = 19878;`
			`in`
			`{`
Fix configuration bug in peertube 2024-04-18 21:06:40 +00:00			`sops.secrets."peertube" = { owner = cfg.user; restartUnits = [ "peertube.service" ]; };`
			`sops.secrets."peertube-env" = { owner = cfg.user; restartUnits = [ "peertube.service" ]; };`
Set up peertube 2024-03-16 14:35:12 +00:00			`# database`
			`cloud.postgresql.databases = [ "peertube" ];`
			`# traefik`
			`cloud.traefik.hosts.peertube = {`
			`inherit port host;`
Add peertube 2024-03-19 21:11:06 +00:00			`noCloudflare = true;`
Set up peertube 2024-03-16 14:35:12 +00:00			`};`

			`services.peertube = {`
			`enable = true;`
			`enableWebHttps = true;`
Add peertube 2024-03-19 21:11:06 +00:00			`listenWeb = 443;`
Set up peertube 2024-03-16 14:35:12 +00:00			`listenHttp = port;`
			`localDomain = host;`

Add peertube 2024-03-19 21:11:06 +00:00			`secrets.secretsFile = secrets."peertube".path;`
			`serviceEnvironmentFile = secrets."peertube-env".path;`

Set up peertube 2024-03-16 14:35:12 +00:00			`# Databases`
			`redis.createLocally = true;`
			`database = {`
			`host = "/run/postgresql";`
			`};`
Add peertube 2024-03-19 21:11:06 +00:00
			`# S3`
			`settings.object_storage = {`
			`enabled = true;`

			`region = "auto";`

			`proxy.proxify_private_files = false;`

			`web_videos = {`
			`bucket_name = "dtthtube";`
			`prefix = "web-videos/";`
			`base_url = "https://content.peertube.dtth.ch";`
			`};`
			`streaming_playlists = {`
			`bucket_name = "dtthtube";`
			`prefix = "hls-playlists/";`
			`base_url = "https://content.peertube.dtth.ch";`
			`};`
			`};`

			`# Storage`
			`settings.client.videos = {`
			`resumable_upload.max_chunk_size = "90MB";`
			`};`

			`# Trust proxy`
			`settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;`

			`# Federation`
			`settings.federation = {`
			`sign_federated_fetches = true;`
			`videos.federate_unlisted = true;`
			`videos.cleanup_remote_interactions = true;`
			`};`

			`dataDirs = [ "/var/lib/peertube" "/mnt/data/peertube" ];`
Set up peertube 2024-03-16 14:35:12 +00:00			`};`
Update peertube requirements 2024-12-08 23:39:01 +00:00
			`systemd.services.peertube = {`
			`requires = [ "arion-authentik.service" ];`
			`after = [ "arion-authentik.service" ];`
Update nixpkgs and default peertube data to external 2024-12-17 21:42:51 +00:00			`unitConfig.RequiresMountsFor = [ dataFolder ];`
			`};`
			`systemd.tmpfiles.settings."10-peertube" = {`
			`# The service hard-codes a lot of paths here, so it's nicer if we just symlink`
			`"/var/lib/peertube"."L+" = {`
			`argument = dataFolder;`
			`};`
			`${dataFolder}."d" = {`
			`user = user;`
			`group = user;`
			`mode = "0700";`
			`};`
Update peertube requirements 2024-12-08 23:39:01 +00:00			`};`
Set up peertube 2024-03-16 14:35:12 +00:00			`}`