From 580b011a7f69daf155354e9a99ecba20f9bb68f4 Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Thu, 27 Jun 2024 09:37:29 +0200 Subject: feat(peertube): Init --- hosts/server1/configuration.nix | 1 + modules/nixos/vhack/default.nix | 1 + modules/nixos/vhack/peertube/default.nix | 61 ++++++++++++++++++++++++ modules/nixos/vhack/peertube/secrets/general.age | 15 ++++++ modules/nixos/vhack/peertube/secrets/smtp.age | 16 +++++++ secrets.nix | 2 + 6 files changed, 96 insertions(+) create mode 100644 modules/nixos/vhack/peertube/default.nix create mode 100644 modules/nixos/vhack/peertube/secrets/general.age create mode 100644 modules/nixos/vhack/peertube/secrets/smtp.age diff --git a/hosts/server1/configuration.nix b/hosts/server1/configuration.nix index 78a9c4b..02b917b 100644 --- a/hosts/server1/configuration.nix +++ b/hosts/server1/configuration.nix @@ -9,6 +9,7 @@ vhack = { git-server.enable = true; etesync.enable = true; + peertube.enable = true; }; boot.tmp.cleanOnBoot = true; diff --git a/modules/nixos/vhack/default.nix b/modules/nixos/vhack/default.nix index 06a4e69..1c98f58 100644 --- a/modules/nixos/vhack/default.nix +++ b/modules/nixos/vhack/default.nix @@ -2,5 +2,6 @@ imports = [ ./etesync ./git-server + ./peertube ]; } diff --git a/modules/nixos/vhack/peertube/default.nix b/modules/nixos/vhack/peertube/default.nix new file mode 100644 index 0000000..193b628 --- /dev/null +++ b/modules/nixos/vhack/peertube/default.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.peertube; +in { + options.vhack.peertube = { + enable = lib.mkEnableOption '' + the peertube video platform. + ''; + }; + + config = lib.mkIf cfg.enable { + services.peertube = { + enable = true; + + localDomain = "peertube.vhack.eu"; + configureNginx = true; + + smtp = { + createLocally = true; + passwordFile = "${config.age.secrets.peertubeSmtp.path}"; + }; + database = { + createLocally = true; + }; + redis = { + enableUnixSocket = true; + createLocally = true; + }; + + secrets.secretsFile = "${config.age.secrets.peertubeGeneral.path}"; + }; + + age.secrets = { + peertubeGeneral = { + file = ./secrets/general.age; + mode = "700"; + owner = "peertube"; + group = "peertube"; + }; + peertubeSmtp = { + file = ./secrets/smtp.age; + mode = "700"; + owner = "peertube"; + group = "peertube"; + }; + }; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/peertube"; + user = "peertube"; + group = "peertube"; + mode = "0700"; + } + ]; + }; +} diff --git a/modules/nixos/vhack/peertube/secrets/general.age b/modules/nixos/vhack/peertube/secrets/general.age new file mode 100644 index 0000000..854ab1a --- /dev/null +++ b/modules/nixos/vhack/peertube/secrets/general.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNjR4TDVUZmY2Y0hYT2hk +YmtPcFIxSXplNWF4M0V1Kzh2b2VoSTFCK0dzCmpwT2tDa3FpR082V2pyelBoS05o +RmlWRVdNdVhZbkRVUEVnaDlPdlN1bDAKLT4gWDI1NTE5IFlvaTFPc2JHcWczbEJy +eVZDS2NaUzBvbnpadk5ySVFxRTlNVXhrd2N0a3MKanJ0NEZWaTg3dE5Cbm9uNHNS +ZCs2dmU4RkFZOHNyNlJKa0cyd2VqSlFPQQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +NXhFSHdWUk1sbEUyb3FTdGpIaHlyTUJlMnlzNXBEY2lzTXpuM09WVDBrOApmM05W +d1VBSGlhMmlDYlhZS1hSdlJBUVkrVWs0bTJseS9BUmZGY1l5K0NBCi0+IEQkNi1l +LWdyZWFzZSAhIUlaOnNsZCAsUVRVKiBfRig2KGg+NSA6CmI0Q0N0cmlFbnNGSFZQ +WThEV0RHS0V2NTVaZnIyK2tUQXZTOHdsRkhyRlExdCtOeHRML2hFNDNxd08xQjlG +V3oKMThoQnF4Y3FDU3hMZjhwRUNvVWRRR3I4c1k5QnhJS1dRR2dod0EKLS0tIEZT +dHhnVXdHV3QzYThXWFJQL2szeTZ4SWM4czZYQWxJOFFIVjBZSnJ0K00KH8WdXv68 +rjAqo5RoWu91aVg5Bl2HKuiFbaGcnlkiMPZ9wGfpq4mpCc/yc4NTa6HhkaI5tA61 +PjKurnkiLXywcdyUTPuaykk+wANynLucbwfq/Mv3aLcG01soh+dFNKZV/g== +-----END AGE ENCRYPTED FILE----- diff --git a/modules/nixos/vhack/peertube/secrets/smtp.age b/modules/nixos/vhack/peertube/secrets/smtp.age new file mode 100644 index 0000000..81a373a --- /dev/null +++ b/modules/nixos/vhack/peertube/secrets/smtp.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqT0Z5NFdRU3RiNFp2RWwv +bURlMFAzTERvd2tScjNoZDNHZnVRakpSNzJrCjhrZjBGdktCaGJwWXkwRXBoTENM +WVhoNEtiSXFWZEcwVlF6VFZRODllM2sKLT4gWDI1NTE5IG1pTDFueDNYelRzTUgv +S0RCS3ArMXovemxWdWVWclRQMS8rMmJPdmtvMmMKcWVSWGhmaXZMQlkvSHZZL2t0 +WW9rcWZtUEZQeXd0MEpxMnVDVThvUFBjawotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +c1ZpeU1WaTlueUxldlZUYmVXZlpwaitvdEdpOW1INEwvTERheW14Mk0wMAo2OTlI +dlRRSDBPTERIb3JINWd6S1V5eDNuQXpaUVpRaDB5aWhUaFN2UW5VCi0+IF4uIy1n +cmVhc2UKdW04UFVvWWdKNndNWXcKLS0tIFIvYk5zUGt6L3ZzZTQ3aXNqYXdxOFNQ +OVNFS3FoYzJTa3ViaEdhVWlORDAKs95eahuCa5fPn0o6l+lNcXhOpf9GLlSBWNoB +VcbVKMVcT7OEh9yZUlwA2HOfm4Dq9xar2Bxochnyy8bxeVgMe2DKe9UDjr5jHd0x +MNH23OusL44lMTc5kp2Hzodhrs3ZaBGG3li9VZ802V7C+RZylcWPaUS8GxEIMn4W +BWcWvZo6IPeDicxUQ0Icr+t3RI8iDIHdsExp/pp+nxlcQ7BzXqlNTvZ/f2dnzFrg +C2LRWwWG+7W/1YoFj+4ExQRQx9pDuxcTD8np/j7S7Y/pAXIlTrRX7AhPi37YvUIc +NQjtQnQbeR4= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets.nix b/secrets.nix index 5348a03..3f22872 100644 --- a/secrets.nix +++ b/secrets.nix @@ -11,6 +11,8 @@ let ]; in { "./modules/nixos/vhack/etesync/secret_file.age".publicKeys = allSecrets; + "./modules/nixos/vhack/peertube/secrets/general.age".publicKeys = allSecrets; + "./modules/nixos/vhack/peertube/secrets/smtp.age".publicKeys = allSecrets; "./system/secrets/backup/backuppass.age".publicKeys = allSecrets; "./system/secrets/backup/backupssh.age".publicKeys = allSecrets; "./system/secrets/invidious/hmac.age".publicKeys = allSecrets; -- cgit 1.4.1