Fediversity/services/fediversity/peertube.nix

120 lines
3.3 KiB
Nix
Raw Permalink Normal View History

2024-04-03 14:40:19 +02:00
let
snakeoil_key = {
id = "GK1f9feea9960f6f95ff404c9b";
secret = "7295c4201966a02c2c3d25b5cea4a5ff782966a2415e3a196f91924631191395";
};
in
{ config, lib, ... }:
lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
2024-11-11 17:25:42 +01:00
networking.firewall.allowedTCPPorts = [
80
443
2024-12-17 17:14:27 +01:00
## For Live streaming and Live streaming when RTMPS is enabled.
1935
1936
2024-11-11 17:25:42 +01:00
];
2024-03-20 00:43:20 +01:00
2024-04-03 14:40:19 +02:00
services.garage = {
ensureBuckets = {
peertube-videos = {
website = true;
2024-05-25 01:02:12 +02:00
# TODO: these are too broad, after getting everything works narrow it down to the domain we actually want
2024-04-03 14:40:19 +02:00
corsRules = {
enable = true;
allowedHeaders = [ "*" ];
allowedMethods = [ "GET" ];
allowedOrigins = [ "*" ];
};
};
2024-11-11 17:25:42 +01:00
# TODO: these are too broad, after getting everything works narrow it down to the domain we actually want
2024-04-03 14:40:19 +02:00
peertube-playlists = {
website = true;
corsRules = {
enable = true;
allowedHeaders = [ "*" ];
allowedMethods = [ "GET" ];
allowedOrigins = [ "*" ];
};
};
};
ensureKeys = {
peertube = {
inherit (snakeoil_key) id secret;
ensureAccess = {
peertube-videos = {
read = true;
write = true;
owner = true;
};
peertube-playlists = {
read = true;
write = true;
owner = true;
};
};
};
};
};
services.peertube = {
2024-09-17 17:58:09 +02:00
enable = true;
localDomain = config.fediversity.internal.peertube.domain;
2024-09-17 17:58:09 +02:00
# TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to.
redis.createLocally = true;
database.createLocally = true;
secrets.secretsFile = config.fediversity.temp.peertubeSecretsFile;
2024-04-03 14:40:19 +02:00
settings = {
object_storage = {
enabled = true;
endpoint = config.fediversity.internal.garage.api.url;
2024-04-03 14:40:19 +02:00
region = "garage";
2024-12-17 17:14:27 +01:00
upload_acl.public = null; # Garage does not support ACL
upload_acl.private = null; # Garage does not support ACL
2024-04-03 14:40:19 +02:00
# not supported by garage
2024-04-03 14:40:19 +02:00
# SEE: https://garagehq.deuxfleurs.fr/documentation/connect/apps/#peertube
proxy.proxyify_private_files = false;
2024-09-17 17:31:58 +02:00
web_videos = rec {
2024-04-03 14:40:19 +02:00
bucket_name = "peertube-videos";
prefix = "";
2024-09-24 14:17:56 +02:00
base_url = config.fediversity.internal.garage.web.urlForBucket bucket_name;
2024-04-03 14:40:19 +02:00
};
2024-09-17 17:31:58 +02:00
videos = rec {
2024-04-03 14:40:19 +02:00
bucket_name = "peertube-videos";
prefix = "";
2024-09-24 14:17:56 +02:00
base_url = config.fediversity.internal.garage.web.urlForBucket bucket_name;
2024-04-03 14:40:19 +02:00
};
2024-09-17 17:31:58 +02:00
streaming_playlists = rec {
2024-04-03 14:40:19 +02:00
bucket_name = "peertube-playlists";
prefix = "";
2024-09-24 14:17:56 +02:00
base_url = config.fediversity.internal.garage.web.urlForBucket bucket_name;
2024-04-03 14:40:19 +02:00
};
};
};
serviceEnvironmentFile = "/etc/peertube-env";
};
environment.etc.peertube-env.text = ''
AWS_ACCESS_KEY_ID=${snakeoil_key.id}
AWS_SECRET_ACCESS_KEY=${snakeoil_key.secret}
'';
2024-11-11 17:10:58 +01:00
## Proxying through Nginx
2024-12-17 17:14:27 +01:00
services.peertube = {
configureNginx = true;
listenWeb = 443;
enableWebHttps = true;
};
2024-11-11 17:10:58 +01:00
services.nginx.virtualHosts.${config.services.peertube.localDomain} = {
forceSSL = true;
enableACME = true;
};
2024-03-20 00:43:20 +01:00
}