blob: e65e0b53f9de21e4397a9d9a3fa92350bf508b6f (
plain) (
}: let
cfg = config.vhack.peertube;
in {
options.vhack.peertube = {
enable = lib.mkEnableOption ''
the peertube video platform.
peertubeGeneral = lib.mkOption {
type = lib.types.path;
description = "The age encrypted general secret file passed to agenix";
smtpPasswordFile = lib.mkOption {
type = lib.types.path;
description = "The age encrypted smtp password file passed to agenix";
config = lib.mkIf cfg.enable {
services.peertube = {
enable = true;
configureNginx = true;
localDomain = "";
enableWebHttps = true;
listenWeb = 443;
smtp = {
createLocally = false;
passwordFile = "${config.age.secrets.peertubeSmtp.path}";
database = {
createLocally = true;
redis = {
enableUnixSocket = true;
createLocally = true;
secrets.secretsFile = "${config.age.secrets.peertubeGeneral.path}";
settings = {
signup = {
enabled = true;
limit = 10; # When the limit is reached, registrations are disabled. -1 == unlimited
minimum_age = 18; # Used to configure the signup form
# Users fill a form to register so moderators can accept/reject the registration
requires_approval = true;
requires_email_verification = true;
user = {
video_quota = "10GB";
video_quota_daily = "2GB";
auto_blacklist = {
videos = {
of_users = {
enabled = true;
listen.hostname = ""; = "PeerTube at"; = "";
smtp = let
emailAddress = "";
in {
transport = "smtp";
hostname = "";
port = 587;
username = emailAddress;
tls = true;
disable_starttls = true;
from_address = emailAddress;
# The `configureNginx` option does not do this for some reason
# TODO(@bpeetz): Find out why <2024-06-27>
services.nginx.virtualHosts."${}" = {
enableACME = true;
forceSSL = true;
age.secrets = {
peertubeGeneral = {
file = cfg.peertubeGeneral;
mode = "700";
owner = "peertube";
group = "peertube";
peertubeSmtp = {
file = cfg.smtpPasswordFile;
mode = "700";
owner = "peertube";
group = "peertube";
vhack.persist.directories = [
directory = "/var/lib/peertube";
user = "peertube";
group = "peertube";
mode = "0700";
users = {
users.peertube.uid = config.vhack.constants.ids.uids.peertube;
groups.peertube.gid = config.vhack.constants.ids.gids.peertube;
users.redis-peertube.uid = config.vhack.constants.ids.uids.redis-peertube;
groups.redis-peertube.gid = config.vhack.constants.ids.gids.redis-peertube;