diff --git a/flake.nix b/flake.nix index fbeea63..9518118 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,7 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05"; + nixpkgs-peertube.url = "github:Izorkin/nixpkgs/add-peertube-service"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; agenix.url = "github:ryantm/agenix"; }; @@ -9,8 +10,10 @@ nixosConfigurations = let - mkSystem = system: path: - inputs.nixpkgs.lib.nixosSystem { + nixpkgs = inputs.nixpkgs; + nixpkgs-peertube = inputs.nixpkgs-peertube; + mkSystem = system: nixpkgs: path: + nixpkgs.lib.nixosSystem { inherit system; modules = [ path @@ -25,21 +28,21 @@ }; in { - "reg" = mkSystem "x86_64-linux" ./machines/reg/configuration.nix; - "ray" = mkSystem "x86_64-linux" ./machines/ray/configuration.nix; - "mitty" = mkSystem "x86_64-linux" ./machines/mitty/configuration.nix; - "nanachi" = mkSystem "x86_64-linux" ./machines/nanachi/configuration.nix; - "riko" = mkSystem "x86_64-linux" ./machines/riko/configuration.nix; - "neetdev" = mkSystem "x86_64-linux" ./machines/neet.dev/configuration.nix; - "liza" = mkSystem "x86_64-linux" ./machines/liza/configuration.nix; - "s0" = mkSystem "aarch64-linux" ./machines/storage/s0/configuration.nix; - "n1" = mkSystem "aarch64-linux" ./machines/compute/n1/configuration.nix; - "n2" = mkSystem "aarch64-linux" ./machines/compute/n2/configuration.nix; - "n3" = mkSystem "aarch64-linux" ./machines/compute/n3/configuration.nix; - "n4" = mkSystem "aarch64-linux" ./machines/compute/n4/configuration.nix; - "n5" = mkSystem "aarch64-linux" ./machines/compute/n5/configuration.nix; - "n6" = mkSystem "aarch64-linux" ./machines/compute/n6/configuration.nix; - "n7" = mkSystem "aarch64-linux" ./machines/compute/n7/configuration.nix; + "reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix; + "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix; + "mitty" = mkSystem "x86_64-linux" nixpkgs ./machines/mitty/configuration.nix; + "nanachi" = mkSystem "x86_64-linux" nixpkgs ./machines/nanachi/configuration.nix; + "riko" = mkSystem "x86_64-linux" nixpkgs ./machines/riko/configuration.nix; + "neetdev" = mkSystem "x86_64-linux" nixpkgs ./machines/neet.dev/configuration.nix; + "liza" = mkSystem "x86_64-linux" nixpkgs-peertube ./machines/liza/configuration.nix; + "s0" = mkSystem "aarch64-linux" nixpkgs ./machines/storage/s0/configuration.nix; + "n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix; + "n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix; + "n3" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n3/configuration.nix; + "n4" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n4/configuration.nix; + "n5" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n5/configuration.nix; + "n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix; + "n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix; }; }; } diff --git a/machines/liza/configuration.nix b/machines/liza/configuration.nix index f55f08b..cafa424 100644 --- a/machines/liza/configuration.nix +++ b/machines/liza/configuration.nix @@ -29,6 +29,40 @@ disableRegistration = true; }; + services.peertube = { + enable = true; + localDomain = "tube.neet.space"; + listenHttp = 9000; + listenWeb = 9000; + enableWebHttps = false; + # dataDirs + serviceEnvironmentFile = "/run/secrets/peertube-init"; + # settings + database = { + createLocally = true; + passwordFile = "/run/secrets/peertube-db-pw"; + }; + redis = { + createLocally = true; + passwordFile = "/run/secrets/peertube-redis-pw"; + }; + smtp = { + createLocally = true; + passwordFile = "/run/secrets/peertube-smtp"; + }; + }; + services.nginx.virtualHosts."tube.neet.space" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.peertube.listenHttp}"; + }; + }; + age.secrets.peertube-init.file = ../../secrets/peertube-init.age; + age.secrets.peertube-db-pw.file = ../../secrets/peertube-db-pw.age; + age.secrets.peertube-redis-pw.file = ../../secrets/peertube-redis-pw.age; + age.secrets.peertube-smtp.file = ../../secrets/peertube-smtp.age; + services.searx = { enable = true; environmentFile = "/run/secrets/searx"; diff --git a/secrets/peertube-db-pw.age b/secrets/peertube-db-pw.age new file mode 100644 index 0000000..c38b86e --- /dev/null +++ b/secrets/peertube-db-pw.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 ebHUtA MdbXWrBOZgRkuzyPJYvgLio9CVIbE09MIfbp5UdCkiI +mVx6QhyWHGQKUJ4aCs5Mde65nuqYjYzDsaJvN7Gpyb8 +-> ssh-ed25519 WVH30Q astoRjNBcdJiE7pJpX6ECjIUulylnrSEnPbcRv2ocSY +a6v3yGtcqVPDYSWWXBnP+tGCx4HIrgEJ3V1Atp2AhJA +-> ssh-ed25519 G2eSCQ rlNb5q7338/hqUC9LlSt+RcTe67X9ufsK4v2QGZAwy4 +2PUYij5W42mfgqv5qvtx3hqAseq0Qc2xqwfTkdc6+J8 +-> ssh-ed25519 Xqs6ZQ Xqf6sl5m3abf/mdLbG4ScpZeXcvMOFlxeBe06SykmGc +fkbKVdtdg07qonkWDKKZXlWotSNHm27t+plBPSLicpY +-> ssh-ed25519 2a2Yhw nv5rssB+VqT8KByTgoLf6uA87dOzxTnIKWEpY8dmQkI +d5JXnDjXKf+DMG4tQvd6c4xEoMxHfqGnS0sGndvZvAg +-> ssh-ed25519 N240Tg U+WsKtfdmBPfD18EH4Jsd0QRdp5Kjlnp6KmY6mIJkh4 +Eu1V/0kx7gVmJ2srhPvGePAo0Jq4ltz9Lvk9v47R0vw +-> ssh-ed25519 mbw8xA Lpi4CslMaa6CCA+kKHN//OPLXUh8lQ+4rJwT1CQpS2U +1JRhI1YC16r+cLua4qRLsDkmWR5UcuPq2+rkXosWIXA +-> ssh-ed25519 xoAm7w 5IfOvIHWVxEzuGI+E+ftPOst3zwyOdEnXzIyEJnaylQ +NGnngbBaLsRAA+2xBZWPOEsAohzaRFcvUcpitPrDUmQ +-> 3,LuzD'-grease zz.& +LFrNo1dUXU6JBoVkh0+R5NqJ2a4lyWpwLzXTUP46qGTz3NlJtMplqkpflsI +--- VSrznMReh1Fnhea+tZeUvoTuFqVM3IXNsKtikxhqsts + a@5[=]mXFVI/la>sO 񘛇 Y0weD@mUt0 \ No newline at end of file diff --git a/secrets/peertube-init.age b/secrets/peertube-init.age new file mode 100644 index 0000000..de3383e Binary files /dev/null and b/secrets/peertube-init.age differ diff --git a/secrets/peertube-redis-pw.age b/secrets/peertube-redis-pw.age new file mode 100644 index 0000000..22470f7 Binary files /dev/null and b/secrets/peertube-redis-pw.age differ diff --git a/secrets/peertube-smtp.age b/secrets/peertube-smtp.age new file mode 100644 index 0000000..7d32b12 --- /dev/null +++ b/secrets/peertube-smtp.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 ebHUtA fYicgxmFo7Qp1lekNns7HPTN65wiGu8UwfdLBk2E4mU +3eEtdth3czNSHJVdT+ccQtLXS/vMzh0CipiGCQmMA9w +-> ssh-ed25519 WVH30Q fWbRdH24IpukRQQxV02s23MkeOsnlObePG+AHCCkzAA +YqdtYbP4lued8V62QWUksSGd7of3eTh1BH6Zt6FEw2A +-> ssh-ed25519 G2eSCQ Du62+/27HVwZPQgOy7S3Bciov7O/N9PNlFQmnaiK0lk +Tli1XwEurWZapVqdGIaN534gfDRXOFmRbml+tGHQlfg +-> ssh-ed25519 Xqs6ZQ ah7/wjx+Xj4B5oNQqcZQP4Sz+kVvIbLUjp8bAoDB4SA +wdNQXKU09KIv3pAzqyEJwbkqc6r5mngVtqosDd23+XQ +-> ssh-ed25519 2a2Yhw 3DoK66S8Unum5RCop8Ktr/mmlyZegPKGA+haknQyhWY +685xq3S8Sh8RAVpaiog8DrM98fEwo9veQLhrDm4twpo +-> ssh-ed25519 N240Tg H3gptakJ0wVMRSV/oV/3ekc1K9mJWjfAc7BGe+e19l4 +f+zZibzUMLhz31ZLok+OK43dLsVUHOKGfm5m+MPdgqA +-> ssh-ed25519 mbw8xA 9P2ZL3vSx5d7iKahLuUZBzWZvZn4NA5CkYB8Hidr0yI +/g7HG0G8WpjlDeHH5QDkCwNZtxyO7QAgMRwhoA+4mao +-> ssh-ed25519 xoAm7w a1oSyqLCddxQwytQ7BGEsTUy//d/I2eGvW3SKQoxtys +LiBRTXubOG3h4zeINa1IgZyq7Q7h5WQmmS8Kkt7OoXc +-> :4JC`NcH-grease +8GHBG04S2dGc+j99nGgkfd+wenbTV1xEXIOGwpB2Nd+nzY4pydJ6w2lvhX/DXDk0 +EIwaFw +--- 89LUIINoAmzt61rEdFKF2iwkj8o+LveMJBysTF7mQGg +Mّbz6s!9Nǩ^]t`& +/)ufV{ #lfRp=Khc-R-uQ~^z0 4L \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 8d3f9a6..de2ab78 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,4 +7,8 @@ in { "searx.age".publicKeys = all; "pia-login.conf".publicKeys = all; + "peertube-init.age".publicKeys = all; + "peertube-db-pw.age".publicKeys = all; + "peertube-redis-pw.age".publicKeys = all; + "peertube-smtp.age".publicKeys = all; } \ No newline at end of file