diff options
| author | Silas Schöffel <sils@sils.li> | 2025-01-21 13:26:54 +0100 |
|---|---|---|
| committer | Silas Schöffel <sils@sils.li> | 2025-01-21 13:26:54 +0100 |
| commit | a2f352ac7571fd3c2fa51e4482ee9444aa999661 (patch) | |
| tree | 6ea4f6fae22729fc443e02700178b68bcd91a5a7 | |
| parent | fix(envrc): remove git fetch (diff) | |
| download | nixos-server-a2f352ac7571fd3c2fa51e4482ee9444aa999661.zip | |
fix(peertube): migrate to server3
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 2 | ||||
| -rw-r--r-- | modules/by-name/co/constants/module.nix | 4 | ||||
| -rw-r--r-- | modules/by-name/pe/peertube/module.nix | 10 | ||||
| -rw-r--r-- | modules/by-name/pe/peertube/secrets/general.age | 26 | ||||
| -rw-r--r-- | modules/by-name/pe/peertube/secrets/smtp.age | 27 | ||||
| -rw-r--r-- | secrets.nix | 4 |
6 files changed, 43 insertions, 30 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 2a340b2..41d69f8 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -23,12 +23,14 @@ }; nixconfig.enable = true; openssh.enable = true; + peertube.enable = true; persist = { enable = true; directories = [ "/var/log" ]; }; + postgresql.enable = true; rust-motd.enable = true; users.enable = true; }; diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix index a28ea0c..6974768 100644 --- a/modules/by-name/co/constants/module.nix +++ b/modules/by-name/co/constants/module.nix @@ -25,6 +25,8 @@ nscd = 330; sshd = 331; systemd-oom = 332; + redis-peertube = 990; + peertube = 992; # TODO Sort correctly # As per the NixOS file, the uids should not be greater or equal to 400; }; @@ -36,6 +38,8 @@ systemd-oom = 332; resolvconf = 333; # This group is not matched to an user? systemd-coredump = 151; # matches systemd-coredump user + redis-peertube = 990; + peertube = 992; # The gid should match the uid. Thus should not be >= 400; }; diff --git a/modules/by-name/pe/peertube/module.nix b/modules/by-name/pe/peertube/module.nix index 29d1d07..6cb4c2c 100644 --- a/modules/by-name/pe/peertube/module.nix +++ b/modules/by-name/pe/peertube/module.nix @@ -22,7 +22,7 @@ in { listenWeb = 443; smtp = { - createLocally = true; + createLocally = false; passwordFile = "${config.age.secrets.peertubeSmtp.path}"; }; database = { @@ -101,7 +101,7 @@ in { }; }; - environment.persistence."/srv".directories = [ + vhack.persist.directories = [ { directory = "/var/lib/peertube"; user = "peertube"; @@ -109,5 +109,11 @@ in { mode = "0700"; } ]; + users = { + users.peertube.uid = config.vhack.constants.ids.uids.peertube; + groups.peertube.gid = config.vhack.constants.ids.gids.peertube; + users.redis-peertube.uid = config.vhack.constants.ids.uids.redis-peertube; + groups.redis-peertube.gid = config.vhack.constants.ids.gids.redis-peertube; + }; }; } diff --git a/modules/by-name/pe/peertube/secrets/general.age b/modules/by-name/pe/peertube/secrets/general.age index 40e0a47..f3cba8b 100644 --- a/modules/by-name/pe/peertube/secrets/general.age +++ b/modules/by-name/pe/peertube/secrets/general.age @@ -1,14 +1,16 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbEFpWG42OXhrK3huRDln -SkZ1SHBDV0hUdERsT2I3OWlNUEVuY1NmZkdFCmNBWHR6Z3pnakd6dVdmMWRvS3Q2 -QWIzck12T3JrTVdnR0dqUVpDNGNPczgKLT4gWDI1NTE5IFJaYVRMT0lJaDJMQjBa -empxb2o2cnZqMEM1UFNpbXR1Y3NFSEpVYUk2U0kKRjJuckM5amxFYlVWOWplQnRx -d2ZLcXE5d01VK0JZak84TzFTM0FwcFpoOAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -ZWwrYnVzWEZuSUMvMG1tOWdGNmo5TElkbjJLMjh3a1FMenVJUjhjRi9WVQowN1M3 -NWVCNnpiK3MzUzExMDdpVjA3M1V3OE1USlNaUzVNTTk3em55TE5rCi0+IFpDdmJb -LWdyZWFzZSAyKwp6ZnZkQXJOUDJCNHhIdFBMYWc5bzZONXBXZDFoN1lNeEEyd2JH -S3BFLzhjCi0tLSBoV29ERlpQY0ZzaC9BWXgwYXNXeDJOUHNVd2sxNlpTK1FVMFZl -K2N0S3o0CrJUVvYZdePxOe6JutgjGY9m1uyYvWFMo2ST5O/Io8WEp1k0F+kTm/2T -aXuABX/UyzVc8gkyZ2RSOB6IYNn17PSg0fAoP7jrQWiyY2GGuBLZlTjD0NJWKV8A -Z/5XtxfGErI= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkJyN1JhNnZQRlNDK3hy +aHFwSnVBSWFLK0lhU0hUSE4wLysrcmxlTkhJClpHa2hzSTZobmh5eHNuR0FST2pv +eGJtVmZSSjBGTUVCZ05PdStZRGZjTU0KLT4gWDI1NTE5IGg3ZmZXMTdlTEFBVmt2 +OVExVld0Qkc2bFMyV1NZZTd4bUtkOWdNY0N1M1EKU1UxR2V1emtyeDdkQ0RwUGVv +cVJLcWllK2x4K3JNOExGSktIOW5SbldCbwotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +MGZMUHNCWUFESVVERzN3Q0krUGZ3Z1QwTUdUc0NCRkg4UFdKa2l1ZGJSRQo5YXlB +aENyTW1idUxvVW5vRHp3L2dPVUtZS0dRa0JpaWo5RjdTcEsrK2VRCi0+ICN2bC1n +cmVhc2UgPF0qV3N2IEZ0XTEnRSBxMDc7SWBCCnNJMGNWQkxZOFU0SzJSUUtoK3FI +Ulp0T3FGeDdOUVZVRXRXRWRzSEdkWmFGeEF3RStWU1RMS3BLTlpxU0N1UmkKV3lJ +a05yWm1GMC90VTFFcWpPTlliOUZoUGtMVlJsbTRSbGRyVi9kZDhxM0x4Qk82RUM4 +enZVT1RLNmd5SkEKLS0tIGRucFFNTFNSWnNtamlZTE9hM0k4QzRhZ21FZ2t5Ynpo +Rno5UjVzRUFhcmMKWa8uscZL8FWMZ5zPstM7LraYV4PyuVhOHq3f3BBRr5rkptmK +DHAye+FmVX7+Fqqk0ynyK92v2ti86i/iuWiNzImLWI6xkBruFEo3lpnnc8rAdslR +c+8e2ntLGIRHbTVMwg== -----END AGE ENCRYPTED FILE----- diff --git a/modules/by-name/pe/peertube/secrets/smtp.age b/modules/by-name/pe/peertube/secrets/smtp.age index 2eba7c8..e0af2d1 100644 --- a/modules/by-name/pe/peertube/secrets/smtp.age +++ b/modules/by-name/pe/peertube/secrets/smtp.age @@ -1,16 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dWlzSWpnZ1ZwWDZ0TkFM -NkdUVFZvZ0w2SWgvOWJBaGxiZkJ6RkFXb1VnCnBEMmwyNWtsZDhueE1BaGh0OWJr -UVFHVkFoSHBLSm43YjFaTFNmU1ZnMTAKLT4gWDI1NTE5IFljMEVac3Z5N3FzTnZR -YU5PTTdSTlV2Ri9Hb2c2OTBBNm1KdXdiQzBqaGsKTkdJMmk5VTNiSUhQUWh3ZjRK -eGlDWk9hVUJadnh1b2dqMUxXOTloekU5MAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -M0h6bjV2ZTJsMjdhM2RTbFd5ZXI2Y01yRGtwY0tnRVQvUmFYVzNSWFFrdwo3REty -K1pmd3B6a1gxNS9iSmxPT2VMdTVOTFNPRW9HU21NOXpMb1k1Q1ljCi0+IDFsLWdy -ZWFzZSBQdHd8CnFybkRGM2FUUG1jTzZhdTJ5RW05aVhVaHgrb2YwVGg4WjNhejRJ -bHVHKzNjMkZHMEdjZWZVNDJNbFJ2QTVJRzQKZlAzU2s1TVE5Q3YydEYxN0ZVUQot -LS0gWUF4eUFmL3VyWWVBK3NaSUduZmp2K3FvTVpma0xOdVRNc0ZMV3VIQW80NAoB -kMxpFN3+obnAFPL62oeLIrAWxPp4OEQYmltWDeMHNhorge0C8J4oN8q2H25FBdOb -+wXOaAhbzleMIVAFWnL8/n7rANQeNY/wq6gto06OFRscaAI2PbeeFIFOLUct0m1Z -x83L6FSsHgdqWbXGxeqtgVWJFRIBZOFQtcymNVmyTVl8KOc3TfNU9/oiAJKkPak+ -uW4PN45xtFrcfWJYPaLtmA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncFdORy9uSXJabkJFVVc5 +QXJnS3FZQzJmTXdsckNxNjU3SGRTUEdnZ3hRCm5DNDVJbEw5VVlTS2k2Y2p6aEhX +QzdKbXVTV3dzSHBYN0RkN1NnL0RTR0kKLT4gWDI1NTE5IEdudmllbmRud1ZVTzI3 +TWQ0cWhKSTkrbkJyelZUUThwNkdoVFhRZW12MFEKUXczc0w3ZjRUTE83UGY5d2gx +YmpHUlJacXAyY2hXSy9aWkxOZmJwaHRqOAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +Z3ZNSUY2NFA1L0lad3FJWDlvLzVJZDlrdS9Nc3RxZGZHWEk1SlBIeGhRMAo2WnVL +WXcxYWd1aGN0ZVAxb3ZEOXFKMTRFNjcwVFhmRVN0TXJrYXFsV0VzCi0+ID90SSE+ +LWdyZWFzZSA5XjlPCjlENzA2TmkreUZpYllXZ290RHMKLS0tIE0zMHAvWDVWYWdG +S1pGVFdMVWp1R0QzSzVpczhrSGJUNVdKTlpHT0JZRGcKlqZQsbkUV/cp+xQvzQKA +AtBpJl9Fho5Szb+GOL2xEKH6KV6LTI8xaOE2KWRyhNSwH682InD5ilCaCYbHz5aW +u7SfKWTBGj6gjwUlIJEvBzJWIXgXPcoMqgIZNe1HH52IQWJfZN5H01dHjic7mYrm +nW5S5EEczDR6nHTKf7dsZLmbTctb90lM80rlDS5Q16QrR4VPElTJGySu/hLtl1ep +r0w= -----END AGE ENCRYPTED FILE----- diff --git a/secrets.nix b/secrets.nix index 0339544..db54bc5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -25,8 +25,8 @@ let ]; in { "./modules/by-name/et/etesync/secret_file.age".publicKeys = server1; - "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server1; - "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server1; + "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server3; + "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server3; "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3; "./system/secrets/backup/backuppass.age".publicKeys = server1; |