nki/nix-home
1
0
Fork 0
Code Issues Pull requests 2 Packages Projects Releases Wiki Activity

Add peertube

Browse source
This commit is contained in:
Natsu Kagami 2024-03-19 22:11:06 +01:00
parent be5237eeeb
commit 9c376e38bc
Signed by: nki
GPG key ID: 55A032EB38B49ADB
6 changed files with 101 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
flake.lock
View file

@ -1022,6 +1022,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-peertube": {
"locked": {
"lastModified": 1708065087,
"narHash": "sha256-/Lc6TYtIJo/tCWLjErYqbMHNph3zp0ImkcHGES8aJV8=",
"owner": "Izorkin",
"repo": "nixpkgs",
"rev": "937220442c4c20a1b37add5387f20294b34e18f7",
"type": "github"
},
"original": {
"owner": "Izorkin",
"ref": "update-peertube",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1702780907, "lastModified": 1702780907,
@ -1307,6 +1323,7 @@
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixos-m1": "nixos-m1", "nixos-m1": "nixos-m1",
"nixpkgs": "nixpkgs_11", "nixpkgs": "nixpkgs_11",
"nixpkgs-peertube": "nixpkgs-peertube",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur", "nur": "nur",
"secrets": "secrets", "secrets": "secrets",
@ -1639,11 +1656,11 @@
"nixpkgs": "nixpkgs_12" "nixpkgs": "nixpkgs_12"
}, },
"locked": { "locked": {
"lastModified": 1710043304, "lastModified": 1710691902,
"narHash": "sha256-CrYHn6pIjvSUG2KPWXV7DWgZpmxV9ZdJv7UZuehVEvc=", "narHash": "sha256-Wx28gVRVPnES/JUT6m5V9TDeVkISIgYdghIy0noPOek=",
"owner": "natsukagami", "owner": "natsukagami",
"repo": "youmubot", "repo": "youmubot",
"rev": "13683aa2297e7c3fb495a24987a96bd4dda09bbe", "rev": "94dc225b86539a83be0c55c930cd6a4dab639f8d",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
flake.nix
View file

@ -53,6 +53,9 @@
nixos-m1.url = github:tpwrules/nixos-apple-silicon; nixos-m1.url = github:tpwrules/nixos-apple-silicon;
nixos-m1.inputs.nixpkgs.follows = "nixpkgs"; nixos-m1.inputs.nixpkgs.follows = "nixpkgs";
# Nixpkgs with new peertube, see #273769
nixpkgs-peertube.url = "github:Izorkin/nixpkgs/update-peertube";
# --- # ---
# DEPLOYMENT ONLY! secrets # DEPLOYMENT ONLY! secrets
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets"; secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";

19
modules/cloud/traefik/default.nix
View file

@ -20,6 +20,24 @@ let
in in
valueType; valueType;
# https://www.cloudflare.com/ips/
trustedIPs =
let
files = [
(pkgs.fetchurl {
url = "https://www.cloudflare.com/ips-v4";
hash = "sha256-8Cxtg7wBqwroV3Fg4DbXAMdFU1m84FTfiE5dfZ5Onns=";
})
(pkgs.fetchurl {
url = "https://www.cloudflare.com/ips-v6";
hash = "sha256-np054+g7rQDE3sr9U8Y/piAp89ldto3pN9K+KCNMoKk=";
})
];
readLines = path: lib.splitString "\n" (builtins.readFile path);
in
lib.concatMap readLines files;
cfg = config.cloud.traefik; cfg = config.cloud.traefik;
in in
{ {
@ -57,6 +75,7 @@ in
}; };
## HTTPS entrypoint: ok! ## HTTPS entrypoint: ok!
entrypoints.https.address = ":443"; entrypoints.https.address = ":443";
entrypoints.https.forwardedHeaders.trustedIPs = trustedIPs;
## IMAP and SMTP ## IMAP and SMTP
entrypoints.imap.address = ":993"; entrypoints.imap.address = ":993";
entrypoints.smtp-submission.address = ":587"; entrypoints.smtp-submission.address = ":587";

54
nki-personal-do/peertube.nix
View file

@ -1,30 +1,80 @@
{ cfg, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
secrets = config.sops.secrets; secrets = config.sops.secrets;
cfg = config.services.peertube;
host = "peertube.dtth.ch"; host = "peertube.dtth.ch";
port = 19878; port = 19878;
in in
{ {
sops.secrets."peertube" = { owner = cfg.user; };
sops.secrets."peertube-env" = { owner = cfg.user; };
# database # database
cloud.postgresql.databases = [ "peertube" ]; cloud.postgresql.databases = [ "peertube" ];
# traefik # traefik
cloud.traefik.hosts.peertube = { cloud.traefik.hosts.peertube = {
inherit port host; inherit port host;
noCloudflare = true;
}; };
services.peertube = { services.peertube = {
enable = true; enable = true;
enableWebHttps = true; enableWebHttps = true;
listenWeb = "443"; listenWeb = 443;
listenHttp = port; listenHttp = port;
localDomain = host; localDomain = host;
secrets.secretsFile = secrets."peertube".path;
serviceEnvironmentFile = secrets."peertube-env".path;
# Databases # Databases
redis.createLocally = true; redis.createLocally = true;
database = { database = {
host = "/run/postgresql"; host = "/run/postgresql";
}; };
# S3
settings.object_storage = {
enabled = true;
region = "auto";
proxy.proxify_private_files = false;
web_videos = {
bucket_name = "dtthtube";
prefix = "web-videos/";
base_url = "https://content.peertube.dtth.ch";
};
streaming_playlists = {
bucket_name = "dtthtube";
prefix = "hls-playlists/";
base_url = "https://content.peertube.dtth.ch";
};
};
# Storage
settings.client.videos = {
resumable_upload.max_chunk_size = "90MB";
};
settings.storage = {
storyboards = "/var/lib/peertube/storage/storyboards/";
tmp = "/mnt/data/peertube/tmp/";
tmp_persistent = "/mnt/data/peertube/tmp_persistent/";
web_videos = "/mnt/data/peertube/web-videos/";
};
# Trust proxy
settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;
# Federation
settings.federation = {
sign_federated_fetches = true;
videos.federate_unlisted = true;
videos.cleanup_remote_interactions = true;
};
dataDirs = [ "/var/lib/peertube" "/mnt/data/peertube" ];
}; };
} }

6
nki-personal-do/secrets/secrets.yaml
View file

@ -38,6 +38,8 @@ matrix-synapse-dtth:
vaultwarden-env: ENC[AES256_GCM,data:BhUj7o+CiBW/EWIpp2WWmjsGgaGGQdksK5otdRUNQyObGuk0OxZsfzx7B24fMqDN5aPac/q2uAedkLGMUSdtqW42NjUo6XCo+ADrB9BWYeVstwKeYT9WAA40NMAP3L0c4i26Ice1C0Bh7K8CZAvG0lyzGeMCmt8lMRabePngEhLetAfW5EEV69x6h1yvVUgtcIuA35AiBMu2kQQllTmAF4GryleOBzOFhP6CiDopwpk+7qYq30YzOMJJNdH5w+MU+VogmRnBs7Z537Uf2IbT/zJjW0jFvBGLe9jetq6KNTB/Cnz2Jm7+c8UB,iv:ItcMYZB+XoQQcST4/+QfaQl6DPW1/Neh691xTzdm31s=,tag:fzifm2gVvLR4bvK64VNi2A==,type:str] vaultwarden-env: ENC[AES256_GCM,data:BhUj7o+CiBW/EWIpp2WWmjsGgaGGQdksK5otdRUNQyObGuk0OxZsfzx7B24fMqDN5aPac/q2uAedkLGMUSdtqW42NjUo6XCo+ADrB9BWYeVstwKeYT9WAA40NMAP3L0c4i26Ice1C0Bh7K8CZAvG0lyzGeMCmt8lMRabePngEhLetAfW5EEV69x6h1yvVUgtcIuA35AiBMu2kQQllTmAF4GryleOBzOFhP6CiDopwpk+7qYq30YzOMJJNdH5w+MU+VogmRnBs7Z537Uf2IbT/zJjW0jFvBGLe9jetq6KNTB/Cnz2Jm7+c8UB,iv:ItcMYZB+XoQQcST4/+QfaQl6DPW1/Neh691xTzdm31s=,tag:fzifm2gVvLR4bvK64VNi2A==,type:str]
invidious: ENC[AES256_GCM,data:pCRlBaHRJyOHj2t04V6DkGVAPuAc8hz+Sn24nQ3IvcXNIdaYijpy,iv:ZPrP6guN7oyOfys7tmIAX1M86cpHUwp9wh3OSHdPSHM=,tag:oxo2TZk/UOB0xKlpapNCVg==,type:str] invidious: ENC[AES256_GCM,data:pCRlBaHRJyOHj2t04V6DkGVAPuAc8hz+Sn24nQ3IvcXNIdaYijpy,iv:ZPrP6guN7oyOfys7tmIAX1M86cpHUwp9wh3OSHdPSHM=,tag:oxo2TZk/UOB0xKlpapNCVg==,type:str]
invidious-rotator-env: ENC[AES256_GCM,data:Q5c/sga+Nn0C7bKkTphob3tWNvKE1Zz0CIbXIayc73cfEsUgOIZdrm8BlAW7,iv:f0ccZsjNJ9UQCcfN/lZQdtxSg9ADFuykb8qw07c1xFI=,tag:4mUzgOHOE16FPhSTlbx+Rw==,type:str] invidious-rotator-env: ENC[AES256_GCM,data:Q5c/sga+Nn0C7bKkTphob3tWNvKE1Zz0CIbXIayc73cfEsUgOIZdrm8BlAW7,iv:f0ccZsjNJ9UQCcfN/lZQdtxSg9ADFuykb8qw07c1xFI=,tag:4mUzgOHOE16FPhSTlbx+Rw==,type:str]
peertube: ENC[AES256_GCM,data:YWySVZVTC26qPMcgSV5v4Vp1u69jGt7VV2ElQBSxvG/R589PCJRDgBqjjLBLMrrnP/wo6o6xNoyLCSfzMQYoFnM=,iv:97gNEJ84u4Mt5GTlVV29MNHUHQRkaMK47ULNUx+HTUE=,tag:LGVWeaTaSQ3GgaIpav66EA==,type:str]
peertube-env: ENC[AES256_GCM,data:AOAaojV5b2VRvOXKVTkFvFcGpMP2U5oGONZIyrWd17xFdFNY9gIXUwvQsj+VbzAj6a0gzoUgnY15lS3iMmjk2ZvO11bz1fooPByqb5pVaBUTRTv7f0lJzI+EQ0SWmcwbpmPJUSaOCY+v+0gSh3dBBIoZD1em4RYRoX1m9092XqjXmhjYa+y/2mp8V8sbnHZnM9eLaNQDx3p8nJq/Qnw7kreUbKsMSq8TMhpEBK8Q1/h58kUarDYfoTsJWnaizgbF6vLuenU4GZsvwqIQYTddh/mhdJYr1uNr5LolozoqxYReh7G2jRFmFe2BNwhZ9NHdVLIPwDT6tcVi0go3WQt/KX1NXf6mzJzqog==,iv:UWPe0wUC1ZfFBVLnksycoy0/e31t/jJyE73Av+Y0UjY=,tag:7+vpJtvrSaZjX7wQa20fkw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -71,8 +73,8 @@ sops:
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA== hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-14T00:30:02Z" lastmodified: "2024-03-29T21:19:24Z"
mac: ENC[AES256_GCM,data:ObYeCKufpLE+atS3Iv8f6hkfq3AbwrYZcsgN/efk98F45tm9BFBbmzT4hWw1nHvA7Qw9fv+y/CjAZOb7/EIGaTdBtBP5pWMlZ8rTCpiY5UZr79p6O+/HNIZgmhd9iWH1k8Xarc118C0vfc7QgcJbTq0y+5DnaI/qdWBXn/RFOLg=,iv:SJBjGzwzMJBaUHyS9PQAxKJuuQp6Rkd6GtIqqwD1+C0=,tag:/dRybluTO+R43ZQhIX8Y5g==,type:str] mac: ENC[AES256_GCM,data:IxriC26V1jmtD8NSqSB0s7YfUgclBBAfnqnCQ7LdKNTBXzjcZPJyHzI76ZPKmRYtqlQEdnuHU+xX+CH+dBXsqNR2st8EKm8FSkrguNAKEpJeSWU97g3rlFTgKPMCeduxOp6lp25yHmYCOJ1k+1FKqYvEs3rbT8eEKJ+kGQA4S84=,iv:NXcZ29bL3/jSWmssS1066j7gzP4/hjyjy0i7AwrTB2M=,tag:rv4LdgDznx26SCsWUjaPgw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

3
overlay.nix
View file

@ -3,6 +3,7 @@ let
overlay-unstable = final: prev: { overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; }; unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; };
x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; }; x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; };
nixpkgs-peertube = import inputs.nixpkgs-peertube { system = prev.system; };
}; };
overlay-needs-unstable = final: prev: { overlay-needs-unstable = final: prev: {
# override some packages that needs unstable that cannot be changed in the setup. # override some packages that needs unstable that cannot be changed in the setup.
@ -11,6 +12,8 @@ let
# Typst updates really quickly. # Typst updates really quickly.
typst = final.unstable.typst; typst = final.unstable.typst;
typst-lsp = final.unstable.typst-lsp; typst-lsp = final.unstable.typst-lsp;
peertube = final.nixpkgs-peertube.peertube;
}; };
overlay-imported = final: prev: { overlay-imported = final: prev: {
sway = prev.sway.override { sway-unwrapped = final.swayfx-unwrapped; }; sway = prev.sway.override { sway-unwrapped = final.swayfx-unwrapped; };