diff options
Diffstat (limited to 'modules/by-name/pe/peertube/module.nix')
| -rw-r--r-- | modules/by-name/pe/peertube/module.nix | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/modules/by-name/pe/peertube/module.nix b/modules/by-name/pe/peertube/module.nix new file mode 100644 index 0000000..29d1d07 --- /dev/null +++ b/modules/by-name/pe/peertube/module.nix @@ -0,0 +1,113 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.peertube; +in { + options.vhack.peertube = { + enable = lib.mkEnableOption '' + the peertube video platform. + ''; + }; + + config = lib.mkIf cfg.enable { + services.peertube = { + enable = true; + + configureNginx = true; + localDomain = "peertube.vhack.eu"; + enableWebHttps = true; + listenWeb = 443; + + smtp = { + createLocally = true; + passwordFile = "${config.age.secrets.peertubeSmtp.path}"; + }; + database = { + createLocally = true; + }; + redis = { + enableUnixSocket = true; + createLocally = true; + }; + + secrets.secretsFile = "${config.age.secrets.peertubeGeneral.path}"; + + settings = { + signup = { + enabled = true; + + limit = 10; # When the limit is reached, registrations are disabled. -1 == unlimited + + minimum_age = 18; # Used to configure the signup form + + # Users fill a form to register so moderators can accept/reject the registration + requires_approval = true; + requires_email_verification = true; + }; + user = { + video_quota = "10GB"; + video_quota_daily = "2GB"; + }; + auto_blacklist = { + videos = { + of_users = { + enabled = true; + }; + }; + }; + listen.hostname = "127.0.0.1"; + instance.name = "PeerTube at Vhack.eu"; + + admin.email = "admin@vhack.eu"; + + smtp = let + emailAddress = "peertube@vhack.eu"; + in { + sendmail = "${pkgs.postfix}/bin/sendmail"; + + transport = "sendmail"; + hostname = "server1.vhack.eu"; + port = 587; + username = emailAddress; + tls = true; + disable_starttls = true; + from_address = emailAddress; + }; + }; + }; + + # The `configureNginx` option does not do this for some reason + # TODO(@bpeetz): Find out why <2024-06-27> + services.nginx.virtualHosts."${config.services.peertube.localDomain}" = { + enableACME = true; + forceSSL = true; + }; + + age.secrets = { + peertubeGeneral = { + file = ./secrets/general.age; + mode = "700"; + owner = "peertube"; + group = "peertube"; + }; + peertubeSmtp = { + file = ./secrets/smtp.age; + mode = "700"; + owner = "peertube"; + group = "peertube"; + }; + }; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/peertube"; + user = "peertube"; + group = "peertube"; + mode = "0700"; + } + ]; + }; +} |