{ config, lib, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 80 9000 ]; # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm) virtualisation.vmVariant = { config, ... }: { services.peertube = { enable = true; # redirects to localhost, but allows it to have a proper domain name localDomain = "peertube.localhost"; enableWebHttps = false; settings = { listen.hostname = "0.0.0.0"; instance.name = "PeerTube Test VM"; }; # TODO: use agenix secrets.secretsFile = pkgs.writeText "secret" '' 574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24 ''; # TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to. redis.createLocally = true; database.createLocally = true; configureNginx = true; }; virtualisation.forwardPorts = [ { from = "host"; host.port = 9000; guest.port = 9000; } ]; }; }