From 8c40168532d664325d752818832bd42a2870f525 Mon Sep 17 00:00:00 2001
From: Taeer Bar-Yam <taeer.bar-yam@moduscreate.com>
Date: Tue, 19 Mar 2024 19:43:20 -0400
Subject: [PATCH] minimal peertube VM

---
 README.md                         | 27 +++++++++++++++++++++
 common.nix                        | 37 +++++++++++++++++++++++++++++
 flake.nix                         |  7 +++++-
 configuration.nix => mastodon.nix | 22 -----------------
 peertube.nix                      | 39 +++++++++++++++++++++++++++++++
 5 files changed, 109 insertions(+), 23 deletions(-)
 create mode 100644 common.nix
 rename configuration.nix => mastodon.nix (89%)
 create mode 100644 peertube.nix

diff --git a/README.md b/README.md
index 4b35f76..9a33301 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,31 @@ Remember that if you want to clear the state from one launch to the next, you sh
 
 - email, when it works, will be accessible at <https://mastodon.localhost:55001/letter_opener>
 
+## peertube
+
+```bash
+nixos-rebuild build-vm --flake .#peertube 
+./result/bin/run-nixos-vm
+```
+
+Now you can access peertube at <https://peertube.localhost:9000>
+
+The root account can be logged in with username "root". The password can be obtained with the command 
+```bash
+journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
+```
+
+or just
+
+```bash
+journalctl -u peertube | grep password
+```
+
+and look at the end of the line.
+
+Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
+
+
 # TODOs
 
 - [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
@@ -37,3 +62,5 @@ Remember that if you want to clear the state from one launch to the next, you sh
 
 - Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/
 - Setting up development environment: https://docs.joinmastodon.org/dev/setup/
+
+- Tutorial for PeerTube that doesn't use `createLocally`: https://nixos.wiki/wiki/PeerTube
diff --git a/common.nix b/common.nix
new file mode 100644
index 0000000..1ec8c20
--- /dev/null
+++ b/common.nix
@@ -0,0 +1,37 @@
+{ pkgs, ... }: {
+  virtualisation.vmVariant = {
+    # let us log in
+    users.mutableUsers = false;
+    users.users.root.hashedPassword = "";
+    services.openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "yes";
+        PermitEmptyPasswords = "yes";
+        UsePAM = "no";
+      };
+    };
+
+    # automatically log in
+    services.getty.autologinUser = "root";
+
+    # access to convenient things
+    environment.systemPackages = with pkgs; [ w3m python3 ];
+    nix.extraOptions = ''
+      extra-experimental-features = nix-command flakes
+    '';
+
+    # no graphics. see nixos-shell
+    virtualisation = {
+      graphics = false;
+      qemu.consoles = [ "tty0" "hvc0" ];
+      qemu.options = [
+        "-serial null"
+        "-device virtio-serial"
+        "-chardev stdio,mux=on,id=char0,signal=off"
+        "-mon chardev=char0,mode=readline"
+        "-device virtconsole,chardev=char0,nr=0"
+      ];
+    };
+  };
+}
diff --git a/flake.nix b/flake.nix
index 71b9ce3..a002450 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,12 @@
     nixosConfigurations = {
       mastodon = nixpkgs.lib.nixosSystem {
         inherit system;
-        modules = [ ./configuration.nix ];
+        modules = [ ./common.nix ./mastodon.nix ];
+      };
+
+      peertube = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [ ./common.nix ./peertube.nix ];
       };
     };
 
diff --git a/configuration.nix b/mastodon.nix
similarity index 89%
rename from configuration.nix
rename to mastodon.nix
index b38c355..6a80420 100644
--- a/configuration.nix
+++ b/mastodon.nix
@@ -1,25 +1,4 @@
 { config, lib, pkgs, ... }: lib.mkMerge [
-  # not mastodon related
-  {
-    # let us log in
-    users.mutableUsers = false;
-    users.users.root.hashedPassword = "";
-    services.openssh = {
-      enable = true;
-      settings = {
-        PermitRootLogin = "yes";
-        PermitEmptyPasswords = "yes";
-        UsePAM = "no";
-      };
-    };
-
-    # access to convenient things
-    environment.systemPackages = with pkgs; [ w3m python3 ];
-    nix.extraOptions = ''
-      extra-experimental-features = nix-command flakes
-    '';
-  }
-
   # mastodon setup
   {
     # open up access to the mastodon web interface
@@ -46,7 +25,6 @@
       # defaults.email = "test@example.com";
     };
   }
-
   # VM setup
   {
     # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm)
diff --git a/peertube.nix b/peertube.nix
new file mode 100644
index 0000000..195832c
--- /dev/null
+++ b/peertube.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }: {
+  networking.firewall.allowedTCPPorts = [ 80 9000 ];
+
+  # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm)
+  virtualisation.vmVariant = { config, ... }: {
+    services.peertube = {
+      enable = true;
+      # redirects to localhost, but allows it to have a proper domain name
+      localDomain = "peertube.localhost";
+      enableWebHttps = false;
+      settings = {
+        listen.hostname = "0.0.0.0";
+        instance.name = "PeerTube Test VM";
+      };
+      # TODO: use agenix
+      secrets.secretsFile = pkgs.runCommand "secret-gen" {
+        nativeBuildInputs = [ pkgs.openssl ];
+      } ''
+        openssl rand -hex 32 > $out
+      '';
+      redis.createLocally = true;
+      database.createLocally = true;
+      configureNginx = true;
+    };
+
+    virtualisation.forwardPorts = [
+      {
+        from = "host";
+        host.port = 9000;
+        guest.port = 9000;
+      }
+      {
+        from = "host";
+        host.port = 2222;
+        guest.port = 22;
+      }
+    ];
+  };
+}