{ config, lib, pkgs, ... }: let cfg = config.vhack.peertube; in { options.vhack.peertube = { enable = lib.mkEnableOption '' the peertube video platform. ''; }; config = lib.mkIf cfg.enable { services.peertube = { enable = true; configureNginx = true; localDomain = "peertube.vhack.eu"; smtp = { createLocally = true; passwordFile = "${config.age.secrets.peertubeSmtp.path}"; }; database = { createLocally = true; }; redis = { enableUnixSocket = true; createLocally = true; }; secrets.secretsFile = "${config.age.secrets.peertubeGeneral.path}"; settings = { smtp = let emailAddress = "peertube@vhack.eu"; in { sendmail = "${pkgs.postfix}/bin/sendmail"; transport = "sendmail"; hostname = "server1.vhack.eu"; port = 587; username = emailAddress; tls = true; disable_starttls = true; from_address = emailAddress; }; }; }; # The `configureNginx` option does not do this for some reason # TODO(@bpeetz): Find out why <2024-06-27> services.nginx.virtualHosts."${config.services.peertube.localDomain}" = { enableACME = true; forceSSL = true; }; age.secrets = { peertubeGeneral = { file = ./secrets/general.age; mode = "700"; owner = "peertube"; group = "peertube"; }; peertubeSmtp = { file = ./secrets/smtp.age; mode = "700"; owner = "peertube"; group = "peertube"; }; }; environment.persistence."/srv".directories = [ { directory = "/var/lib/peertube"; user = "peertube"; group = "peertube"; mode = "0700"; } ]; }; }