From 95a39c77e34503dbffa02ef726f61f1dba5c92ff Mon Sep 17 00:00:00 2001
From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev>
Date: Mon, 2 Aug 2021 13:10:14 -0400
Subject: [PATCH] attempt at peertube

---
 flake.nix                       |  37 +++++++++++++++++---------------
 machines/liza/configuration.nix |  34 +++++++++++++++++++++++++++++
 secrets/peertube-db-pw.age      |  21 ++++++++++++++++++
 secrets/peertube-init.age       | Bin 0 -> 1195 bytes
 secrets/peertube-redis-pw.age   | Bin 0 -> 1085 bytes
 secrets/peertube-smtp.age       |  23 ++++++++++++++++++++
 secrets/secrets.nix             |   4 ++++
 7 files changed, 102 insertions(+), 17 deletions(-)
 create mode 100644 secrets/peertube-db-pw.age
 create mode 100644 secrets/peertube-init.age
 create mode 100644 secrets/peertube-redis-pw.age
 create mode 100644 secrets/peertube-smtp.age

diff --git a/flake.nix b/flake.nix
index fbeea63..9518118 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,7 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
+    nixpkgs-peertube.url = "github:Izorkin/nixpkgs/add-peertube-service";
     simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05";
     agenix.url = "github:ryantm/agenix";
   };
@@ -9,8 +10,10 @@
 
     nixosConfigurations =
     let
-      mkSystem = system: path:
-        inputs.nixpkgs.lib.nixosSystem {
+      nixpkgs = inputs.nixpkgs;
+      nixpkgs-peertube = inputs.nixpkgs-peertube;
+      mkSystem = system: nixpkgs: path:
+        nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
             path
@@ -25,21 +28,21 @@
         };
     in
     {
-      "reg" = mkSystem "x86_64-linux" ./machines/reg/configuration.nix;
-      "ray" = mkSystem "x86_64-linux" ./machines/ray/configuration.nix;
-      "mitty" = mkSystem "x86_64-linux" ./machines/mitty/configuration.nix;
-      "nanachi" = mkSystem "x86_64-linux" ./machines/nanachi/configuration.nix;
-      "riko" = mkSystem "x86_64-linux" ./machines/riko/configuration.nix;
-      "neetdev" = mkSystem "x86_64-linux" ./machines/neet.dev/configuration.nix;
-      "liza" = mkSystem "x86_64-linux" ./machines/liza/configuration.nix;
-      "s0" = mkSystem "aarch64-linux" ./machines/storage/s0/configuration.nix;
-      "n1" = mkSystem "aarch64-linux" ./machines/compute/n1/configuration.nix;
-      "n2" = mkSystem "aarch64-linux" ./machines/compute/n2/configuration.nix;
-      "n3" = mkSystem "aarch64-linux" ./machines/compute/n3/configuration.nix;
-      "n4" = mkSystem "aarch64-linux" ./machines/compute/n4/configuration.nix;
-      "n5" = mkSystem "aarch64-linux" ./machines/compute/n5/configuration.nix;
-      "n6" = mkSystem "aarch64-linux" ./machines/compute/n6/configuration.nix;
-      "n7" = mkSystem "aarch64-linux" ./machines/compute/n7/configuration.nix;
+      "reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
+      "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
+      "mitty" = mkSystem "x86_64-linux" nixpkgs ./machines/mitty/configuration.nix;
+      "nanachi" = mkSystem "x86_64-linux" nixpkgs ./machines/nanachi/configuration.nix;
+      "riko" = mkSystem "x86_64-linux" nixpkgs ./machines/riko/configuration.nix;
+      "neetdev" = mkSystem "x86_64-linux" nixpkgs ./machines/neet.dev/configuration.nix;
+      "liza" = mkSystem "x86_64-linux" nixpkgs-peertube ./machines/liza/configuration.nix;
+      "s0" = mkSystem "aarch64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
+      "n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix;
+      "n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix;
+      "n3" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n3/configuration.nix;
+      "n4" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n4/configuration.nix;
+      "n5" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n5/configuration.nix;
+      "n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix;
+      "n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix;
     };
   };
 }
diff --git a/machines/liza/configuration.nix b/machines/liza/configuration.nix
index f55f08b..cafa424 100644
--- a/machines/liza/configuration.nix
+++ b/machines/liza/configuration.nix
@@ -29,6 +29,40 @@
     disableRegistration = true;
   };
 
+  services.peertube = {
+    enable = true;
+    localDomain = "tube.neet.space";
+    listenHttp = 9000;
+    listenWeb = 9000;
+    enableWebHttps = false;
+    # dataDirs
+    serviceEnvironmentFile = "/run/secrets/peertube-init";
+    # settings
+    database = {
+      createLocally = true;
+      passwordFile = "/run/secrets/peertube-db-pw";
+    };
+    redis = {
+      createLocally = true;
+      passwordFile = "/run/secrets/peertube-redis-pw";
+    };
+    smtp = {
+      createLocally = true;
+      passwordFile = "/run/secrets/peertube-smtp";
+    };
+  };
+  services.nginx.virtualHosts."tube.neet.space" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.peertube.listenHttp}";
+    };
+  };
+  age.secrets.peertube-init.file = ../../secrets/peertube-init.age;
+  age.secrets.peertube-db-pw.file = ../../secrets/peertube-db-pw.age;
+  age.secrets.peertube-redis-pw.file = ../../secrets/peertube-redis-pw.age;
+  age.secrets.peertube-smtp.file = ../../secrets/peertube-smtp.age;
+
   services.searx = {
     enable = true;
     environmentFile = "/run/secrets/searx";
diff --git a/secrets/peertube-db-pw.age b/secrets/peertube-db-pw.age
new file mode 100644
index 0000000..c38b86e
--- /dev/null
+++ b/secrets/peertube-db-pw.age
@@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-ed25519 ebHUtA MdbXWrBOZgRkuzyPJYvgLio9CVIbE09MIfbp5UdCkiI
+mVx6QhyWHGQKUJ4aCs5Mde65nuqYjYzDsaJvN7Gpyb8
+-> ssh-ed25519 WVH30Q astoRjNBcdJiE7pJpX6ECjIUulylnrSEnPbcRv2ocSY
+a6v3yGtcqVPDYSWWXBnP+tGCx4HIrgEJ3V1Atp2AhJA
+-> ssh-ed25519 G2eSCQ rlNb5q7338/hqUC9LlSt+RcTe67X9ufsK4v2QGZAwy4
+2PUYij5W42mfgqv5qvtx3hqAseq0Qc2xqwfTkdc6+J8
+-> ssh-ed25519 Xqs6ZQ Xqf6sl5m3abf/mdLbG4ScpZeXcvMOFlxeBe06SykmGc
+fkbKVdtdg07qonkWDKKZXlWotSNHm27t+plBPSLicpY
+-> ssh-ed25519 2a2Yhw nv5rssB+VqT8KByTgoLf6uA87dOzxTnIKWEpY8dmQkI
+d5JXnDjXKf+DMG4tQvd6c4xEoMxHfqGnS0sGndvZvAg
+-> ssh-ed25519 N240Tg U+WsKtfdmBPfD18EH4Jsd0QRdp5Kjlnp6KmY6mIJkh4
+Eu1V/0kx7gVmJ2srhPvGePAo0Jq4ltz9Lvk9v47R0vw
+-> ssh-ed25519 mbw8xA Lpi4CslMaa6CCA+kKHN//OPLXUh8lQ+4rJwT1CQpS2U
+1JRhI1YC16r+cLua4qRLsDkmWR5UcuPq2+rkXosWIXA
+-> ssh-ed25519 xoAm7w 5IfOvIHWVxEzuGI+E+ftPOst3zwyOdEnXzIyEJnaylQ
+NGnngbBaLsRAA+2xBZWPOEsAohzaRFcvUcpitPrDUmQ
+-> 3,LuzD'-grease zz.&
+LFrNo1dUXU6JBoVkh0+R5NqJ2a4lyWpwLzXTUP46qGTz3NlJtMplqkpflsI
+--- VSrznMReh1Fnhea+tZeUvoTuFqVM3IXNsKtikxhqsts
+a�@5�[=�]���m�����X�F�V���I�/�l�a�>�s��O񘛇�
Y0��w����eD@���m��Ut0��
\ No newline at end of file
diff --git a/secrets/peertube-init.age b/secrets/peertube-init.age
new file mode 100644
index 0000000000000000000000000000000000000000..de3383e18d79aa072fb072042dd9ace1a664e5f1
GIT binary patch
literal 1195
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnP4WmWaa8cn^DuYT
z_VUR0&-SdSbStjPPmJ{QFmledaL&?CGWM);&+u|_cFXn(v*0R>OwG@Z^7St<O|>Y?
zNz5w_uL>^9GAk-E$VqYcbk;91%})upOiC*@GeEa3Jj}z`AW$J7$KA`>u`smCG{vOI
z!qU(;G|40?z1YaNJgv|$HM}If%EZkgF}T1qqns<lxisA+CC{^>IIX~_GC0s%-`AzQ
zFw7!SJHx`iFgM-UC@`ujJ3YzYCmr23ccau`=RgIwa5Eo^DEE+5FJG7Ra*t%Q0!NR4
z#NvzqBe!7vqC^AV^h}S)K<8l798WGcizFX?H|@Zz+?*`;O0RHl^Abl7_rj`D|CGEm
zS2O3Va*rT`vLHW$<YaW)A_|Mmq5>5RO#^evG7VFTeXG(ct5O0SLkmJHd@YkbgZ*<W
z1G5}Ws)93<QnCv@!#%nD4V+RvE!+Y;vx|eu141%N^c|B@Qu51PJrgq{a`c1J%1w$A
zGb_D4{4s1ZN;HbhC|A&SHStMt)6dhd%F(t+GcWWr^vbL(PWOo@O7r!LG;m6(@G3Ho
z3O0=j_vF$yGp%qkOR6#qPAbk1DK!lUDNHX9(6%Vd^-7C!am`LO)DDdb&hgaGjzssH
zpOJ|{NV<Y)No7fRfJd5hvUzc^Yp$tNR9<dCzLQyDXoPQ=du~}|RAEGVR&k=Iqc2y6
zMTmb!eu=h6kdJqGT19Y~i&Kzkfm20hT9ui;uV<2JNU38)T1t6DQ8Bu0xk=>~6^;rn
zc_z7emWD-v+F{0t8J-?KftKZgrk47_E+!?$QN@9-Zbre0$u6$Jp%z?87H&qx`2}Gn
z#m2>6MrkEMu5S577KKF?mX2jn0cK@|8O6Ruu4Yv}PJ!sQRpdM7nwKlMM^%|SmHN1a
zmgV|qml!$vgoSEn1y!18oA@NVWQUi#>Khq^C+4_hr{{A8XBDKHmH8G|xtmm#>N}PB
z<%X2xCR(Hv1%{Wpx_Kv+MY$E|hoqGRCV@jTF<dvjC^fM-RiV()zuL0goGUaS(!w$&
zr%>C~#~>)p$RH>=J={FczskrY%rZN@G&0gVT;Dg-qRKrfv)sous4~mQDXGdVGutPy
z(l0gNF@r0&%-h>DIMp*F#8lhe)3Mw?&?}%c(WK1G!qYjmC@M17y~@<wB_O~oB{d|%
zGAJ)UkV{urSHa99H`&0{Jh9BXGR-uxB+t~iAiTh|G}9-{E6_77xVX3~Fx5EUtst$!
zm#cU8j-XZBW|q!cvS+{Tl<Y2Ph1XWUSEdPtdj7RqrMh+Pl)&5eQ*wP17kvGBW8dff
zO6IFS{A54%LWV<b*52k>#}7=5nZmHI`NR#I`gvbk_eL-uJ$8S;RH9bIl_k!hcjtOB
R2CSdV<$gROtN&7bH~`X?l^6g3

literal 0
HcmV?d00001

diff --git a/secrets/peertube-redis-pw.age b/secrets/peertube-redis-pw.age
new file mode 100644
index 0000000000000000000000000000000000000000..22470f7fbe08fb8554ed829e87cd0b4ab482758c
GIT binary patch
literal 1085
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnP4WmWaa8bk4vlaM
zG|wq7_sL85&Cd05PI5LgHVZH;*0(V8H?%Z2FEWoTw9HEkapX$&b51X?2y$@>ayIa`
z$PRWaO?3_kOEoL1$|;G;aQ7>X(61^taLP?`N=LUXJj}z`AW$JSJTT42*e}dA&@sHs
zFtsSjuPPwRygWO{J1w|4Kgc7(#kI&HEF;;{IGHObGt1K?!#pyqLf<L1(lpaM)HSr!
zpu{{fKRl|~*v&0GEvGm#(A*`>-vHe<ccau`=Rk#sN~7#x!_q{<sMM1Dsx%Lu41IU=
z@T>r{q$Ibz@~R}$+)8slU#|csCj%}seRne#Pd~$eG;Qac(mZdY2+N8f&qTMh;9~u9
zzqGQbvhr-d$fzQ(G!t~&A_|Mmq5>8Cb6ra;a}0|N!b6?>LxYSBef%uLd{X?J{G&?!
zk}BODi=7ReN}UURbBei=^V}=*J+%uxqs)wgGlGjv3d-EQ1DqX09kVOUJj#qC-3)Uw
zqfEV$Q!#8aN;HbhC|58^N{=ivOmj{vHPN>;(=QLsH#aWTHgQb#&nQpM&oxNQF^}>H
z%Puvk2<7rjHg}E)^D8LQPtEdl%5?S5$ng&=F*XV{3Mff2Dva=mD9g*sC`vK+bwu}@
zpOJ|{NV<Z7iA%a~Xt{Y{U}>aVa%EOPc3D+%T4uRHw!49;Ur|L-Zjx7lQD{JrVKJAh
zSBh^)aCT&Qk(XhZg`;+5WQo6PVP>|wM}Ad!u%~fxWo1QCNoskbcR9Lkxk=>~6^;r4
ziOFGwc@ZK0P9ZME28qrE!G)RW{st!cna-X$Mg{?yd0s|&C0?G+VUAqRg@$fsd0_!Y
zrA6lYKE}C@jvgVNmIjVFUP11;#+9L&juDO~`cY}FiJs`TRpdM7nwKm1l^dC6<)>w6
z7gVGdcsU37`==UJ6uJiIR2YUtMHxjHCwhC8MY%iXmRoQoMi%H-x;SSSnx=aDX(#)e
z6(*LYXZvSYxH=Z6g=ZOsyOdZa8o7lAq-29^GuBNnN=+<IRnSZbHq47G&Ql0W4-Rt8
zs#H+-<uY>h@-fT`^Q?+;_bALTF3j~#=hD^HRj7&#3djh^_X*8UbPuVj%nu4L4fIdS
z^z*Rraq%rE^^P#GFi9=U^7ach;bPG(yyUj=_Emp<o=v;Ayq?XVx4>)3BTa7!?q^n9
z#jj^quC<t?zgX$b(JY1wyTXpB&nrBA!$MnWJCps&q~;XI_q+mA*q0at%2}=ptJ|K~
J#KF0j3jk!1V8Z|a

literal 0
HcmV?d00001

diff --git a/secrets/peertube-smtp.age b/secrets/peertube-smtp.age
new file mode 100644
index 0000000..7d32b12
--- /dev/null
+++ b/secrets/peertube-smtp.age
@@ -0,0 +1,23 @@
+age-encryption.org/v1
+-> ssh-ed25519 ebHUtA fYicgxmFo7Qp1lekNns7HPTN65wiGu8UwfdLBk2E4mU
+3eEtdth3czNSHJVdT+ccQtLXS/vMzh0CipiGCQmMA9w
+-> ssh-ed25519 WVH30Q fWbRdH24IpukRQQxV02s23MkeOsnlObePG+AHCCkzAA
+YqdtYbP4lued8V62QWUksSGd7of3eTh1BH6Zt6FEw2A
+-> ssh-ed25519 G2eSCQ Du62+/27HVwZPQgOy7S3Bciov7O/N9PNlFQmnaiK0lk
+Tli1XwEurWZapVqdGIaN534gfDRXOFmRbml+tGHQlfg
+-> ssh-ed25519 Xqs6ZQ ah7/wjx+Xj4B5oNQqcZQP4Sz+kVvIbLUjp8bAoDB4SA
+wdNQXKU09KIv3pAzqyEJwbkqc6r5mngVtqosDd23+XQ
+-> ssh-ed25519 2a2Yhw 3DoK66S8Unum5RCop8Ktr/mmlyZegPKGA+haknQyhWY
+685xq3S8Sh8RAVpaiog8DrM98fEwo9veQLhrDm4twpo
+-> ssh-ed25519 N240Tg H3gptakJ0wVMRSV/oV/3ekc1K9mJWjfAc7BGe+e19l4
+f+zZibzUMLhz31ZLok+OK43dLsVUHOKGfm5m+MPdgqA
+-> ssh-ed25519 mbw8xA 9P2ZL3vSx5d7iKahLuUZBzWZvZn4NA5CkYB8Hidr0yI
+/g7HG0G8WpjlDeHH5QDkCwNZtxyO7QAgMRwhoA+4mao
+-> ssh-ed25519 xoAm7w a1oSyqLCddxQwytQ7BGEsTUy//d/I2eGvW3SKQoxtys
+LiBRTXubOG3h4zeINa1IgZyq7Q7h5WQmmS8Kkt7OoXc
+-> :4JC`NcH-grease
+8GHBG04S2dGc+j99nGgkfd+wenbTV1xEXIOGwpB2Nd+nzY4pydJ6w2lvhX/DXDk0
+EIwaFw
+--- 89LUIINoAmzt61rEdFKF2iwkj8o+LveMJBysTF7mQGg
+��M�ّ��b���z6s��!9N�ǩ^�]t�`&
+�/�)�����uf�V{�#lfR�p�=Khc��-R-�uQ~�^z04�L�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 8d3f9a6..de2ab78 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,4 +7,8 @@ in
 {
   "searx.age".publicKeys = all;
   "pia-login.conf".publicKeys = all;
+  "peertube-init.age".publicKeys = all;
+  "peertube-db-pw.age".publicKeys = all;
+  "peertube-redis-pw.age".publicKeys = all;
+  "peertube-smtp.age".publicKeys = all;
 }
\ No newline at end of file