From 95a39c77e34503dbffa02ef726f61f1dba5c92ff Mon Sep 17 00:00:00 2001
From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev>
Date: Mon, 2 Aug 2021 13:10:14 -0400
Subject: [PATCH] attempt at peertube

---
 flake.nix                       |  37 +++++++++++++++++---------------
 machines/liza/configuration.nix |  34 +++++++++++++++++++++++++++++
 secrets/peertube-db-pw.age      |  21 ++++++++++++++++++
 secrets/peertube-init.age       | Bin 0 -> 1195 bytes
 secrets/peertube-redis-pw.age   | Bin 0 -> 1085 bytes
 secrets/peertube-smtp.age       |  23 ++++++++++++++++++++
 secrets/secrets.nix             |   4 ++++
 7 files changed, 102 insertions(+), 17 deletions(-)
 create mode 100644 secrets/peertube-db-pw.age
 create mode 100644 secrets/peertube-init.age
 create mode 100644 secrets/peertube-redis-pw.age
 create mode 100644 secrets/peertube-smtp.age

diff --git a/flake.nix b/flake.nix
index fbeea63..9518118 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,7 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
+    nixpkgs-peertube.url = "github:Izorkin/nixpkgs/add-peertube-service";
     simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05";
     agenix.url = "github:ryantm/agenix";
   };
@@ -9,8 +10,10 @@
 
     nixosConfigurations =
     let
-      mkSystem = system: path:
-        inputs.nixpkgs.lib.nixosSystem {
+      nixpkgs = inputs.nixpkgs;
+      nixpkgs-peertube = inputs.nixpkgs-peertube;
+      mkSystem = system: nixpkgs: path:
+        nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
             path
@@ -25,21 +28,21 @@
         };
     in
     {
-      "reg" = mkSystem "x86_64-linux" ./machines/reg/configuration.nix;
-      "ray" = mkSystem "x86_64-linux" ./machines/ray/configuration.nix;
-      "mitty" = mkSystem "x86_64-linux" ./machines/mitty/configuration.nix;
-      "nanachi" = mkSystem "x86_64-linux" ./machines/nanachi/configuration.nix;
-      "riko" = mkSystem "x86_64-linux" ./machines/riko/configuration.nix;
-      "neetdev" = mkSystem "x86_64-linux" ./machines/neet.dev/configuration.nix;
-      "liza" = mkSystem "x86_64-linux" ./machines/liza/configuration.nix;
-      "s0" = mkSystem "aarch64-linux" ./machines/storage/s0/configuration.nix;
-      "n1" = mkSystem "aarch64-linux" ./machines/compute/n1/configuration.nix;
-      "n2" = mkSystem "aarch64-linux" ./machines/compute/n2/configuration.nix;
-      "n3" = mkSystem "aarch64-linux" ./machines/compute/n3/configuration.nix;
-      "n4" = mkSystem "aarch64-linux" ./machines/compute/n4/configuration.nix;
-      "n5" = mkSystem "aarch64-linux" ./machines/compute/n5/configuration.nix;
-      "n6" = mkSystem "aarch64-linux" ./machines/compute/n6/configuration.nix;
-      "n7" = mkSystem "aarch64-linux" ./machines/compute/n7/configuration.nix;
+      "reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
+      "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
+      "mitty" = mkSystem "x86_64-linux" nixpkgs ./machines/mitty/configuration.nix;
+      "nanachi" = mkSystem "x86_64-linux" nixpkgs ./machines/nanachi/configuration.nix;
+      "riko" = mkSystem "x86_64-linux" nixpkgs ./machines/riko/configuration.nix;
+      "neetdev" = mkSystem "x86_64-linux" nixpkgs ./machines/neet.dev/configuration.nix;
+      "liza" = mkSystem "x86_64-linux" nixpkgs-peertube ./machines/liza/configuration.nix;
+      "s0" = mkSystem "aarch64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
+      "n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix;
+      "n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix;
+      "n3" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n3/configuration.nix;
+      "n4" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n4/configuration.nix;
+      "n5" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n5/configuration.nix;
+      "n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix;
+      "n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix;
     };
   };
 }
diff --git a/machines/liza/configuration.nix b/machines/liza/configuration.nix
index f55f08b..cafa424 100644
--- a/machines/liza/configuration.nix
+++ b/machines/liza/configuration.nix
@@ -29,6 +29,40 @@
     disableRegistration = true;
   };
 
+  services.peertube = {
+    enable = true;
+    localDomain = "tube.neet.space";
+    listenHttp = 9000;
+    listenWeb = 9000;
+    enableWebHttps = false;
+    # dataDirs
+    serviceEnvironmentFile = "/run/secrets/peertube-init";
+    # settings
+    database = {
+      createLocally = true;
+      passwordFile = "/run/secrets/peertube-db-pw";
+    };
+    redis = {
+      createLocally = true;
+      passwordFile = "/run/secrets/peertube-redis-pw";
+    };
+    smtp = {
+      createLocally = true;
+      passwordFile = "/run/secrets/peertube-smtp";
+    };
+  };
+  services.nginx.virtualHosts."tube.neet.space" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.peertube.listenHttp}";
+    };
+  };
+  age.secrets.peertube-init.file = ../../secrets/peertube-init.age;
+  age.secrets.peertube-db-pw.file = ../../secrets/peertube-db-pw.age;
+  age.secrets.peertube-redis-pw.file = ../../secrets/peertube-redis-pw.age;
+  age.secrets.peertube-smtp.file = ../../secrets/peertube-smtp.age;
+
   services.searx = {
     enable = true;
     environmentFile = "/run/secrets/searx";
diff --git a/secrets/peertube-db-pw.age b/secrets/peertube-db-pw.age
new file mode 100644
index 0000000..c38b86e
--- /dev/null
+++ b/secrets/peertube-db-pw.age
@@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-ed25519 ebHUtA MdbXWrBOZgRkuzyPJYvgLio9CVIbE09MIfbp5UdCkiI
+mVx6QhyWHGQKUJ4aCs5Mde65nuqYjYzDsaJvN7Gpyb8
+-> ssh-ed25519 WVH30Q astoRjNBcdJiE7pJpX6ECjIUulylnrSEnPbcRv2ocSY
+a6v3yGtcqVPDYSWWXBnP+tGCx4HIrgEJ3V1Atp2AhJA
+-> ssh-ed25519 G2eSCQ rlNb5q7338/hqUC9LlSt+RcTe67X9ufsK4v2QGZAwy4
+2PUYij5W42mfgqv5qvtx3hqAseq0Qc2xqwfTkdc6+J8
+-> ssh-ed25519 Xqs6ZQ Xqf6sl5m3abf/mdLbG4ScpZeXcvMOFlxeBe06SykmGc
+fkbKVdtdg07qonkWDKKZXlWotSNHm27t+plBPSLicpY
+-> ssh-ed25519 2a2Yhw nv5rssB+VqT8KByTgoLf6uA87dOzxTnIKWEpY8dmQkI
+d5JXnDjXKf+DMG4tQvd6c4xEoMxHfqGnS0sGndvZvAg
+-> ssh-ed25519 N240Tg U+WsKtfdmBPfD18EH4Jsd0QRdp5Kjlnp6KmY6mIJkh4
+Eu1V/0kx7gVmJ2srhPvGePAo0Jq4ltz9Lvk9v47R0vw
+-> ssh-ed25519 mbw8xA Lpi4CslMaa6CCA+kKHN//OPLXUh8lQ+4rJwT1CQpS2U
+1JRhI1YC16r+cLua4qRLsDkmWR5UcuPq2+rkXosWIXA
+-> ssh-ed25519 xoAm7w 5IfOvIHWVxEzuGI+E+ftPOst3zwyOdEnXzIyEJnaylQ
+NGnngbBaLsRAA+2xBZWPOEsAohzaRFcvUcpitPrDUmQ
+-> 3,LuzD'-grease zz.&
+LFrNo1dUXU6JBoVkh0+R5NqJ2a4lyWpwLzXTUP46qGTz3NlJtMplqkpflsI
+--- VSrznMReh1Fnhea+tZeUvoTuFqVM3IXNsKtikxhqsts
+a�@5�[=�]���m�����X�F�V���I�/�l�a�>�s��O񘛇�
Y0��w����eD@���m��Ut0��
\ No newline at end of file
diff --git a/secrets/peertube-init.age b/secrets/peertube-init.age
new file mode 100644
index 0000000000000000000000000000000000000000..de3383e18d79aa072fb072042dd9ace1a664e5f1
GIT binary patch
literal 1195
zcmZY7zsuuv0LO8~LFwqIB0+F5)TC*WriVXB)BJ4G{A!vu2$D3v+B8X%Z<;i5a5!89
z5%F1kKykRm6LC@my?b2r#8Dg$L|g?IK^+bed~mFP!Hf5Yj~fO3AlsDfq1xuz^LZH|
z^`O^(2?8MQ2R=p+gE16%f>qIwnh7HYmV{hQ#8b<GE_c^+0b^2%*&*Ig?D$xkGF&1p
zsa~-T^2AZpiU_EB?`FX6%z8(b6}tC%kwGdV_wBJ40unvf?4>Y7bx7Ou5<?eONBDS2
zjR%V5;Z6iFr3s5cU{_IxbChcyh`8y+%rTn!nRo)>0c%ZthA7jfSW;^^rqm*hhM4Yj
zN#v<=bguDOU@|(y*`!Q4{34K)Y19ZC@<0ok3t|o9Or&&CCE5yWoiT~M*yAWqMmSjC
zrTZP<O7?72(E?v|N7c_lmSlE~V4$@zM>m^uZB+o$(V+pM@9XWr2TB*Vov+c>!8$49
zjcBTAtM6#MGq;|f6rwHmRCE%E6sL&^FdA(UR|xI-e%`R6yIt)OBW&=}-L^A9{hx-p
z*g9??n8jtELo%e>!&Epb<^yTlf=FJKp)y~i6aOTYBgZ71YYicZ(}eW8f$4#KaU`@w
z5j7f26{!?DQ#J_(u;rM05lPnPZF3Aq7ZF5MZDngh$ZSTyWK&||WT}=<$iiAFOFpgF
zPO*x1z!hnw7gGy0&MR0j<e43w%z8R8h{NQx4LcH1M2}b;=~d`As}h`Rsn<{^8k%N!
znvDmg4ljppEDEwdZggUdm{YtOIzVSR%yc(X*0iXeM{yX)4@(>jfrN#X!E$*?71!sY
zYeysNA_hvylAS!!&$Uxdr=teqoo+Na%A8fFYEogeytLq*(c&;JZ>EXeun30Q?tYp?
zdC%M(0<u;>$K%}*nbh-iQKc^Bm%4pqxtUix+yPmHmG1qwq-*!1GH^iv6}0-=xEb{<
zZB32+eF3vFYJ?bSY$AJ<sU3zd$4PWtuV*%*Y^jd-wvEgh?GBrG9l1?py`2X+9rx0D
zHWST2j28sVi*%#vl6G|QnxsS~D4li6cf@F_X`~-4R%0W}ue1Aoh!oNdN{rlk)`o;z
zWyJ7cABf{tUP`(cngDcqFwD6_cv5<AeffoP`}6mXm$$yUdhsH8^GWEp8-ITkK5mKs
z+_?ShXP;c?KfQdBD(;7WJ-C1OkE>@!AOHT~(eHnK>anLU@7%n+_w_rkTs(C5=6CmB
rc>RMv-?+1S<eP7Qxq8BVZuR3W#`^hv>0#~DcYFN3)$Z*dUbX)P(w3DN

literal 0
HcmV?d00001

diff --git a/secrets/peertube-redis-pw.age b/secrets/peertube-redis-pw.age
new file mode 100644
index 0000000000000000000000000000000000000000..22470f7fbe08fb8554ed829e87cd0b4ab482758c
GIT binary patch
literal 1085
zcmZY8IqT#E0LI}(1T`vHT1nVuS%%r1lgw<PB$-UEnH-bJS(#*VO|HqEOkttlK<pMo
za2pE+MOaYmw6YOF5bP{$R`4shwtqjt^LvZei^FAD2F-l!(yDw^H8C_G!17(NZIfkq
zMpr9j1BO0tbQGvChD~c^K92h`K4gW+_zZy&D$+u0LP0hp*^o}XDZLW~1Tqs}*T*e=
zWMFBX=~N#wsu>c^E$`fflY1MwjWAvKbbME{Odf+ZFtoI2kI5#hQPzNjjW6HS3pr-F
z6zOes<n1lntj#3YU;%JUF9M#BjyXYeIImL4V2vK`NT;&g7TfKtC~qB&+(rs~SL4u7
zXEe~B(M(5r4{^h;x<&jxfjH8-sD$tD%JJr}ikXxTqDs>+KtLR^6=Xz>7EIok5^8Uz
zqu}jcbU~vW4el^zvg0;lgx}Tdx+Po<R0_7+<VXWs2CW!J4B5*YbAOg;#qDK(=BSo|
z>7J<%c?$$3H&?=<7F+_=6TQW+11G5rWl-5f@B`-TkUVu)Vi5jMLp{_<MiBR7XFwt*
z>Tzg8K%-ufSiiujP)Ww1Dqt@sUEa)kd@=wbAQ{_~uMHGl1UhAvBv;H1Lk(2z&S-7(
z_E45db0!be-EA_8!>1U8@ojuCMpDyyXBW&DH5+bil#X!5!7I6$n!*>asG%N_7GTBm
z;iPBI*ocU^rWUi)DQul)9ADimUBKFTo|-NkJ!!nF75=!MC{XnRvo7tELZ7xR>@iop
zPGbeep_CDF6jswxM9WST7?T2+8rc!0siJ*DLVK*BDE=gDU@8}nT!GC-O4$?+xe@CL
zceSaa3UUPH5nWxXC|O*m_$o50qJ-#FvwA)uC)Y)7%#*~y<)~s@1D<n*<}H)et5A{`
zfkM>Y5NAp@u~Zvb7u4Ez8xP$X>N)#Q!<KOqdTj_kd|yXOr!7G<){pFE1|J*%loj{L
z#T0HX$JYr~7t)K@ESKQTIjV_T?TyOgPPe%_TD_+Dsm!nU+rzb&Y<P`_^+l3(9C&$I
z|GNA7kKYvNjc>mH_W6^0k3JKh{`pXP`}Myb1MTxC^Ox(7q0jIC{nO>%FW;FzKKQi$
o`S<nW{<D|f`@;X|O#SobTc5o06xQC^d}V&{%=_@w*M0#01!R$6!vFvP

literal 0
HcmV?d00001

diff --git a/secrets/peertube-smtp.age b/secrets/peertube-smtp.age
new file mode 100644
index 0000000..7d32b12
--- /dev/null
+++ b/secrets/peertube-smtp.age
@@ -0,0 +1,23 @@
+age-encryption.org/v1
+-> ssh-ed25519 ebHUtA fYicgxmFo7Qp1lekNns7HPTN65wiGu8UwfdLBk2E4mU
+3eEtdth3czNSHJVdT+ccQtLXS/vMzh0CipiGCQmMA9w
+-> ssh-ed25519 WVH30Q fWbRdH24IpukRQQxV02s23MkeOsnlObePG+AHCCkzAA
+YqdtYbP4lued8V62QWUksSGd7of3eTh1BH6Zt6FEw2A
+-> ssh-ed25519 G2eSCQ Du62+/27HVwZPQgOy7S3Bciov7O/N9PNlFQmnaiK0lk
+Tli1XwEurWZapVqdGIaN534gfDRXOFmRbml+tGHQlfg
+-> ssh-ed25519 Xqs6ZQ ah7/wjx+Xj4B5oNQqcZQP4Sz+kVvIbLUjp8bAoDB4SA
+wdNQXKU09KIv3pAzqyEJwbkqc6r5mngVtqosDd23+XQ
+-> ssh-ed25519 2a2Yhw 3DoK66S8Unum5RCop8Ktr/mmlyZegPKGA+haknQyhWY
+685xq3S8Sh8RAVpaiog8DrM98fEwo9veQLhrDm4twpo
+-> ssh-ed25519 N240Tg H3gptakJ0wVMRSV/oV/3ekc1K9mJWjfAc7BGe+e19l4
+f+zZibzUMLhz31ZLok+OK43dLsVUHOKGfm5m+MPdgqA
+-> ssh-ed25519 mbw8xA 9P2ZL3vSx5d7iKahLuUZBzWZvZn4NA5CkYB8Hidr0yI
+/g7HG0G8WpjlDeHH5QDkCwNZtxyO7QAgMRwhoA+4mao
+-> ssh-ed25519 xoAm7w a1oSyqLCddxQwytQ7BGEsTUy//d/I2eGvW3SKQoxtys
+LiBRTXubOG3h4zeINa1IgZyq7Q7h5WQmmS8Kkt7OoXc
+-> :4JC`NcH-grease
+8GHBG04S2dGc+j99nGgkfd+wenbTV1xEXIOGwpB2Nd+nzY4pydJ6w2lvhX/DXDk0
+EIwaFw
+--- 89LUIINoAmzt61rEdFKF2iwkj8o+LveMJBysTF7mQGg
+��M�ّ��b���z6s��!9N�ǩ^�]t�`&
+�/�)�����uf�V{�#lfR�p�=Khc��-R-�uQ~�^z04�L�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 8d3f9a6..de2ab78 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,4 +7,8 @@ in
 {
   "searx.age".publicKeys = all;
   "pia-login.conf".publicKeys = all;
+  "peertube-init.age".publicKeys = all;
+  "peertube-db-pw.age".publicKeys = all;
+  "peertube-redis-pw.age".publicKeys = all;
+  "peertube-smtp.age".publicKeys = all;
 }
\ No newline at end of file