simple-nixos-fediverse/peertube.nix

{ config, lib, pkgs, ... }: {
  networking.firewall.allowedTCPPorts = [ 80 9000 ];

  # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm)
  virtualisation.vmVariant = { config, ... }: {
    services.peertube = {
      enable = true;
      # redirects to localhost, but allows it to have a proper domain name
      localDomain = "peertube.localhost";
      enableWebHttps = false;
      settings = {
        listen.hostname = "0.0.0.0";
        instance.name = "PeerTube Test VM";
      };
      # TODO: use agenix
      secrets.secretsFile = pkgs.writeText "secret" ''
        574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
      '';

      # TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to.
      redis.createLocally = true;
      database.createLocally = true;
      configureNginx = true;
    };

    virtualisation.forwardPorts = [
      {
        from = "host";
        host.port = 9000;
        guest.port = 9000;
      }
    ];
  };
}