From 9e234e7b2d6f91d7aa65b9cb4a7c978d2c09404e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Mon, 11 Nov 2024 17:10:58 +0100 Subject: [PATCH] Proxy Peertube behind Nginx --- services/fediversity/peertube.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/services/fediversity/peertube.nix b/services/fediversity/peertube.nix index 7b121ed..fe26232 100644 --- a/services/fediversity/peertube.nix +++ b/services/fediversity/peertube.nix @@ -8,7 +8,7 @@ in { config, lib, pkgs, ... }: lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { - networking.firewall.allowedTCPPorts = [ 80 9000 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.garage = { ensureBuckets = { @@ -59,7 +59,6 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { # TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to. redis.createLocally = true; database.createLocally = true; - configureNginx = true; secrets.secretsFile = config.fediversity.temp.peertubeSecretsFile; @@ -96,4 +95,12 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { AWS_ACCESS_KEY_ID=${snakeoil_key.id} AWS_SECRET_ACCESS_KEY=${snakeoil_key.secret} ''; + + ## Proxying through Nginx + + services.peertube.configureNginx = true; + services.nginx.virtualHosts.${config.services.peertube.localDomain} = { + forceSSL = true; + enableACME = true; + }; }