Second attempt at adding PeerTube package #106492
Conversation
stevenroose
force-pushed
the
add-peertube
branch
from
9834dc7
to
2666c87
Compare
stevenroose
force-pushed
the
add-peertube
branch
2 times, most recently
from
68dec4a
to
1266ea8
Compare
|
Thank you for this effort, looking forward to it! |
|
@expipiplus1 I think I officially gave up. The yarn tooling here in Nix is really bad. (Well, I'm not saying yarn itself or any JS dev practices are good to start with.) PeerTube has (1) a "resolutions" section in their package.json using which they force some deps to use subdependencies not compliant with their semver version (aweful practice I didn't know existed..) and (2) has some special dependencies that need bindings or some external sources that the yarn2nix tooling also can't handle and (3) some yarn dependency URL is also not working with yarn2nix. (3) is easy to fix by manually patching the yarn.lock and yarn.nix; (1) I tried to fix by also manually patching the yarn.lock file but I that ultimately resulted in breakage because of wrong dep versions and (2) is something that @immae fixed in his version of this package, so it's doable but it's annoying. I think ultimately the problem is the yarn2nix tooling being really bad. (It has things like big JS scripts to do a simple sed and manual URL pattern matching and only supports very default yarn workflows. I spent a few evenings trying to see if I could get the yarn2nix tooling to work with the PeerTube setup, but I'm not a JS dev and I don't really understand the yarn workflows.) I might in the future take a second look but using a simple docker container to run the JS stuff. It's very sad, but it's probably better. I very welcome anyone with yarn knowledge or from the yarn2nix project (@moretea ?) to take a look or give it a shot. |
stevenroose
force-pushed
the
add-peertube
branch
from
c53d55a
to
cb58cc4
Compare
ofborg
bot
added
11.by: package-maintainer
10.rebuild-darwin: 0
10.rebuild-linux: 1-10
labels
I feel this :) |
stevenroose
force-pushed
the
add-peertube
branch
from
cb58cc4
to
2079cc7
Compare
stevenroose
changed the title
|
K, I have a working instance using this code. Many thanks to @immae to actually do most of the work. I think this is ready for review. Not sure how to flag that or so.. |
There was a problem hiding this comment.
I wrote some small patches, I'll submit them shortly to @stevenroose - all of them are debatable of course.
I approve, save the split of the maintainer adding into a seperate commit!
Awesome work! Thanks a lot!
Ninja edit: stevenroose#1 adds some style fixes.
|
I think I might have some more questions at first. Mostly this one: The peertube module forces the version of postgres to be 12. This means that if anothre module also enables postgres but without version and peertube gets disabled, the postgres version will change from 12 to the default and the data will be invalid. (I had this happen during testing because That doesn't seem to be ideal. Should I have a EDIT: I actually just realized the documentation doesn't mention any version. So I will just remove it and leave that to the user. I'll add a line of documentation as a suggestion somewhere. |
stevenroose
force-pushed
the
add-peertube
branch
from
2079cc7
to
26ff29e
Compare
|
I also applied Matthias' style suggestions and rebased. |
| @@ -649,6 +650,7 @@ in | |||
| #mailman = 316; # removed 2019-08-30 | |||
| zigbee2mqtt = 317; | |||
| shadow = 318; | |||
| peertube = 319; | |||
There was a problem hiding this comment.
Couldn't we used DynamicUser instead (combined with systemd's StateDirectory)?
There was a problem hiding this comment.
Hmm, I don't know what DynamicUser is in this case, how would that work? One thing that I know I have to do is use the tmpfiles.rules to set the datadirs of the project as being owned by the peertube user. (The actual datadir is only set in the config file, not using the module.) So I think it makes sense to have a username here that one could access using a variable in order to set certain permissions. (As long as we don't auto-generate the entire PeerTube config file from within the module. But it's really complete, I would not advise that.)
There was a problem hiding this comment.
DynamicUser can be used to dynamically allocate an ephemeral user/group when the service starts. That is usually possible if the users data does not need to be accessed by other users.
There was a problem hiding this comment.
I think in this case it would be hard, because the user needs to externally set the permission of some directories to be owned accessible by that user. I don't intend to do the full PeerTube configuration in the nixos module.
There was a problem hiding this comment.
That's why systemd provides
RuntimeDirectory=, StateDirectory=, CacheDirectory=, LogsDirectory= or ConfigurationDirectory=
There was a problem hiding this comment.
But those directories are only used in the PeerTube's internal config file, NixOS never knows about them at the module level.
|
@adisbladis I added a commit with some of your review addressed. I also added postfix. I tried this on my running staging instance. I can squash after review. After I get most review, I'm gonna try get my production deployment in place using this. |
stevenroose
force-pushed
the
add-peertube
branch
from
26ff29e
to
7e7f57c
Compare
|
Also, I don't understand why the grahamcofborg CI job is failing. The error is quite cryptic and doesn't mention a line number of any of the files changed in this PR... |
stevenroose
force-pushed
the
add-peertube
branch
from
7e7f57c
to
efd1f08
Compare
stevenroose
force-pushed
the
add-peertube
branch
from
efd1f08
to
eb94a32
Compare
|
Can someone point me to what is needed for this to be able to get merged. I don't understand the missing CI. Would it help if I split this up into two separate PRs: |
There was a problem hiding this comment.
Other than that well done! I used this in a testing environment and youtube-dl integration and even bidirectional federation with a mastodon instance worked out of the box!
Edit: I don't think splitting this up would help as it's quite hard to get anything new and big into NixOS right now (not enough reviews and mergers)
|
|
||
| environment.NODE_CONFIG_DIR = "${cfg.runtimeDir}/config"; | ||
| environment.NODE_ENV = "production"; | ||
| environment.HOME = cfg.package; |
There was a problem hiding this comment.
| environment.HOME = cfg.package; | |
| environment.HOME = cfg.package; | |
| environment.NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; |
There was a problem hiding this comment.
Just an proposal but this make it work for me out of the box with self-signed certificates added to my local trust store.
There was a problem hiding this comment.
Hmm, where does that magic string "/etc/ssl/certs/ca-certificates.crt" come from? Could we perhaps add this conditional on some nixos variable? Or is "/etc/ssl/certs/ca-certificates.crt" the standard location always for certs in NixOS?
There was a problem hiding this comment.
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/ca.nix#L85 it's called the canonical location for NixOS so should be fine.
There was a problem hiding this comment.
Also many other packages/modules reference it or the old /etc/ssl/certs/ca-bundle.crt one.
| home = cfg.runtimeDir; | ||
| useDefaultShell = true; | ||
| # todo: fix this. needed for postgres authentication | ||
| password = "peertube"; |
There was a problem hiding this comment.
This would need to be fixed I think. Does peertube not support unix socket authentication for postgresql as I think this is the approach other services take?
There was a problem hiding this comment.
True, it might do, but I didn't work that out yet. Yeah that's why I suggested maybe just getting the pkg in might be easier, since modules are always a bit more opinionated..
There was a problem hiding this comment.
I think I will look into this later.
There was a problem hiding this comment.
@stevenroose see stevenroose#2. Feel free to squash the commits after merging. You can keep me as co-author if you like.
|
@stevenroose small update to service configuration: From 6c64e41ccf3856dd4639711c0f7c0c9ae9746572 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 5 Apr 2021 15:03:48 +0300
Subject: [PATCH] nixos/peertube: update service configuration
---
nixos/modules/misc/ids.nix | 2 -
nixos/modules/services/web-apps/peertube.nix | 128 ++++++++-----------
2 files changed, 56 insertions(+), 74 deletions(-)
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 443f2e1e168..1fd56adfe10 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -347,7 +347,6 @@ in
#mailman = 316; # removed 2019-08-30
zigbee2mqtt = 317;
# shadow = 318; # unused
- peertube = 319;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@@ -650,7 +649,6 @@ in
#mailman = 316; # removed 2019-08-30
zigbee2mqtt = 317;
shadow = 318;
- peertube = 319;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix
index 38c3f21a549..9db927687cc 100644
--- a/nixos/modules/services/web-apps/peertube.nix
+++ b/nixos/modules/services/web-apps/peertube.nix
@@ -1,25 +1,21 @@
{ lib, pkgs, config, ... }:
let
- name = "peertube";
cfg = config.services.peertube;
- uid = config.ids.uids.peertube;
- gid = config.ids.gids.peertube;
-in
-{
+in {
options.services.peertube = {
enable = lib.mkEnableOption "Enable Peertube’s service";
user = lib.mkOption {
type = lib.types.str;
- default = name;
+ default = "peertube";
description = "User account under which Peertube runs";
};
group = lib.mkOption {
type = lib.types.str;
- default = name;
+ default = "peertube";
description = "Group under which Peertube runs";
};
@@ -68,7 +64,7 @@ in
runtimeDir = lib.mkOption {
type = lib.types.path;
- default = "/var/lib/${name}";
+ default = "/var/lib/peertube";
description = "The directory where Peertube stores its runtime data.";
};
@@ -82,44 +78,10 @@ in
};
config = lib.mkIf cfg.enable {
- users.users = lib.optionalAttrs (cfg.user == name) {
- "${name}" = {
- inherit uid;
- group = cfg.group;
- description = "Peertube user";
- home = cfg.runtimeDir;
- useDefaultShell = true;
- # todo: fix this. needed for postgres authentication
- password = "peertube";
- };
- };
- users.groups = lib.optionalAttrs (cfg.group == name) {
- "${name}" = {
- inherit gid;
- };
- };
-
- services.postgresql = lib.mkIf cfg.database.createLocally {
- enable = true;
- ensureUsers = [ { name = cfg.database.user; }];
- # The database is created as a startup script of the peertube service.
- authentication = ''
- host ${cfg.database.name} ${cfg.database.user} 127.0.0.1/32 trust
- host ${cfg.database.name} ${cfg.database.user} 127.0.0.1/32 md5
- '';
- };
-
- services.postfix = lib.mkIf cfg.smtp.createLocally {
- enable = true;
- };
-
- services.redis = lib.mkIf cfg.redis.createLocally {
- enable = true;
- };
-
# Make sure the runtimeDir exists with the desired permissions.
systemd.tmpfiles.rules = [
- "d \"${cfg.runtimeDir}\" - ${cfg.user} ${cfg.group} - -"
+ "d '${cfg.runtimeDir}' 0750 ${cfg.user} ${cfg.group} - -"
+ "d '/var/www/peertube' 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.services.peertube = {
@@ -141,46 +103,68 @@ in
'';
serviceConfig = {
+ Type = "simple";
+ ExecStartPre = let script = pkgs.writeScript "peertube-pre-start.sh" ''
+ #!/bin/sh
+ sudo -u postgres "${config.services.postgresql.package}/bin/psql" -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" ${cfg.database.name}
+ sudo -u postgres "${config.services.postgresql.package}/bin/psql" -c "CREATE EXTENSION IF NOT EXISTS unaccent;" ${cfg.database.name}
+ '';
+ in "+${script}";
+ Restart = "always";
+ RestartSec = 20;
+ TimeoutSec = 60;
+ WorkingDirectory = cfg.package;
+ # User and group
User = cfg.user;
Group = cfg.group;
- WorkingDirectory = cfg.package;
+ # State directory and mode
StateDirectory = "peertube";
StateDirectoryMode = "0750";
- PrivateTmp = true;
+ # Capabilities
+ CapabilityBoundingSet = "~CAP_SYS_ADMIN";
+ # Sandboxing
ProtectHome = true;
- ProtectControlGroups = true;
ProtectSystem = "full";
- Restart = "always";
- Type = "simple";
- TimeoutSec = 60;
- CapabilityBoundingSet = "~CAP_SYS_ADMIN";
- ExecStartPre = let script = pkgs.writeScript "peertube-pre-start.sh" ''
- #!/bin/sh
- set -e
+ PrivateTmp = true;
+ ProtectControlGroups = true;
+ };
- if ! [ -e "${cfg.runtimeDir}/.first_run" ]; then
- set -v
- if [ -e "${cfg.runtimeDir}/.first_run_partial" ]; then
- echo "Warn: first run was interrupted"
- fi
- touch "${cfg.runtimeDir}/.first_run_partial"
+ unitConfig.RequiresMountsFor = cfg.runtimeDir;
+ };
- echo "Running PeerTube's PostgreSQL initialization..."
- echo "PeerTube is known to work with PostgreSQL v12, if any error occurs, please check your version."
+ services.postfix = lib.mkIf cfg.smtp.createLocally {
+ enable = true;
+ };
- sudo -u postgres "${config.services.postgresql.package}/bin/createdb" -O ${cfg.database.user} -E UTF8 -T template0 ${cfg.database.name}
- sudo -u postgres "${config.services.postgresql.package}/bin/psql" -c "CREATE EXTENSION pg_trgm;" ${cfg.database.name}
- sudo -u postgres "${config.services.postgresql.package}/bin/psql" -c "CREATE EXTENSION unaccent;" ${cfg.database.name}
+ services.redis = lib.mkIf cfg.redis.createLocally {
+ enable = true;
+ };
- touch "${cfg.runtimeDir}/.first_run"
- rm "${cfg.runtimeDir}/.first_run_partial"
- fi
- '';
- in "+${script}";
+ services.postgresql = lib.mkIf cfg.database.createLocally {
+ enable = true;
+ ensureUsers = [{
+ name = cfg.database.user;
+ ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
+ }];
+ ensureDatabases = [ cfg.database.name ];
+ authentication = ''
+ host ${cfg.database.name} ${cfg.database.user} 127.0.0.1/32 trust
+ host ${cfg.database.name} ${cfg.database.user} 127.0.0.1/32 md5
+ '';
+ };
+
+ users.users = lib.optionalAttrs (cfg.user == "peertube") {
+ peertube = {
+ isSystemUser = true;
+ home = cfg.runtimeDir;
+ group = cfg.group;
+ # todo: fix this. needed for postgres authentication
+ password = "peertube";
};
+ };
- unitConfig.RequiresMountsFor = cfg.runtimeDir;
+ users.groups = lib.optionalAttrs (cfg.group == "peertube") {
+ peertube = { };
};
};
}
-
--
2.31.1
|
|
Peertube connects via unix socket. diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix
index 9db927687cc..da7592b5c32 100644
--- a/nixos/modules/services/web-apps/peertube.nix
+++ b/nixos/modules/services/web-apps/peertube.nix
@@ -3,6 +3,51 @@
let
cfg = config.services.peertube;
+ settingsFormat = pkgs.formats.yaml {};
+ configFile = pkgs.writeText "production.yaml" ''
+ listen:
+ hostname: 'localhost'
+ port: 9000
+
+ webserver:
+ https: true
+ hostname: '${cfg.hostname}'
+ port: 443
+
+ database:
+ hostname: '/run/postgresql'
+ port: 5432
+ ssl: false
+ suffix: '_prod'
+ username: 'peertube'
+ password: 'peertube'
+ pool:
+ max: 5
+
+ redis:
+ hostname: 'localhost'
+ port: 6379
+ auth: null
+ db: 0
+
+ storage:
+ tmp: '${cfg.runtimeDir}/storage/tmp/'
+ avatars: '${cfg.runtimeDir}/storage/avatars/'
+ videos: '${cfg.runtimeDir}/storage/videos/'
+ streaming_playlists: '${cfg.runtimeDir}/storage/streaming-playlists/'
+ redundancy: '${cfg.runtimeDir}/storage/redundancy/'
+ logs: '${cfg.runtimeDir}/storage/logs/'
+ previews: '${cfg.runtimeDir}/storage/previews/'
+ thumbnails: '${cfg.runtimeDir}/storage/thumbnails/'
+ torrents: '${cfg.runtimeDir}/storage/torrents/'
+ captions: '${cfg.runtimeDir}/storage/captions/'
+ cache: '${cfg.runtimeDir}/storage/cache/'
+ plugins: '${cfg.runtimeDir}/storage/plugins/'
+ client_overrides: '${cfg.runtimeDir}/storage/client-overrides/'
+
+ ${cfg.extraConfig}
+ '';
+
in {
options.services.peertube = {
enable = lib.mkEnableOption "Enable Peertube’s service";
@@ -19,11 +64,14 @@ in {
description = "Group under which Peertube runs";
};
- configFile = lib.mkOption {
- type = lib.types.path;
- description = ''
- The configuration file path for Peertube.
- '';
+ hostname = lib.mkOption {
+ type = lib.types.str;
+ default = "example.com";
+ };
+
+ extraConfig = lib.mkOption {
+ type = lib.types.lines;
+ default = "";
};
database = {
@@ -81,7 +129,7 @@ in {
# Make sure the runtimeDir exists with the desired permissions.
systemd.tmpfiles.rules = [
"d '${cfg.runtimeDir}' 0750 ${cfg.user} ${cfg.group} - -"
- "d '/var/www/peertube' 0750 ${cfg.user} ${cfg.group} - -"
+ "d '${cfg.runtimeDir}/storage' 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.services.peertube = {
@@ -98,7 +146,8 @@ in {
script = ''
install -m 0750 -d ${cfg.runtimeDir}/config
- ln -sf ${cfg.configFile} ${cfg.runtimeDir}/config/production.yaml
+ ln -sf ${cfg.package}/config/default.yaml ${cfg.runtimeDir}/config/default.yaml
+ ln -sf ${configFile} ${cfg.runtimeDir}/config/production.yaml
exec npm start
'';
@@ -158,8 +207,6 @@ in {
isSystemUser = true;
home = cfg.runtimeDir;
group = cfg.group;
- # todo: fix this. needed for postgres authentication
- password = "peertube";
};
};
|
|
@Izorkin stevenroose#2 contains some of these changes. Also please use |
|
@mohe2015 Can you make my changes to your PR? |
|
Add variant to work with external PostgreSQL diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix
index da7592b5c32..00547758f3c 100644
--- a/nixos/modules/services/web-apps/peertube.nix
+++ b/nixos/modules/services/web-apps/peertube.nix
@@ -2,6 +2,8 @@
let
cfg = config.services.peertube;
+ # We only want to create a database if we're actually going to connect to it.
+ databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "/run/postgresql";
settingsFormat = pkgs.formats.yaml {};
configFile = pkgs.writeText "production.yaml" ''
@@ -15,14 +17,10 @@ let
port: 443
database:
- hostname: '/run/postgresql'
- port: 5432
- ssl: false
- suffix: '_prod'
- username: 'peertube'
- password: 'peertube'
- pool:
- max: 5
+ hostname: '${cfg.database.host}'
+ port: '${toString cfg.database.port}'
+ name: '${cfg.database.name}'
+ username: '${cfg.database.user}'
redis:
hostname: 'localhost'
@@ -81,9 +79,22 @@ in {
default = true;
};
+ host = lib.mkOption {
+ type = lib.types.str;
+ default = "/run/postgresql";
+ example = "192.168.15.47";
+ description = "Database host address or unix socket.";
+ };
+
+ port = lib.mkOption {
+ type = lib.types.int;
+ default = 5432;
+ description = "Database host port.";
+ };
+
name = lib.mkOption {
type = lib.types.str;
- default = "peertube_prod";
+ default = "peertube";
description = "Database name.";
};
@@ -92,6 +103,16 @@ in {
default = "peertube";
description = "Database user.";
};
+
+ passwordFile = lib.mkOption {
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ example = "/run/keys/peertube-db-password";
+ description = ''
+ A file containing the password corresponding to
+ <option>database.user</option>.
+ '';
+ };
};
smtp = {
@@ -129,14 +150,17 @@ in {
# Make sure the runtimeDir exists with the desired permissions.
systemd.tmpfiles.rules = [
"d '${cfg.runtimeDir}' 0750 ${cfg.user} ${cfg.group} - -"
+ "d '${cfg.runtimeDir}/config' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.runtimeDir}/storage' 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.services.peertube = {
description = "Peertube";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" "redis.service" ];
- wants = [ "postgresql.service" "redis.service" ];
+ after = [ "network.target" "redis.service" ]
+ ++ (if databaseActuallyCreateLocally then [ "postgresql.service" ] else []);
+ wants = [ "redis.service" ]
+ ++ (if databaseActuallyCreateLocally then [ "postgresql.service" ] else []);
environment.NODE_CONFIG_DIR = "${cfg.runtimeDir}/config";
environment.NODE_ENV = "production";
@@ -144,21 +168,16 @@ in {
path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl pkgs.sudo pkgs.youtube-dl ];
- script = ''
- install -m 0750 -d ${cfg.runtimeDir}/config
- ln -sf ${cfg.package}/config/default.yaml ${cfg.runtimeDir}/config/default.yaml
- ln -sf ${configFile} ${cfg.runtimeDir}/config/production.yaml
- exec npm start
- '';
-
serviceConfig = {
Type = "simple";
- ExecStartPre = let script = pkgs.writeScript "peertube-pre-start.sh" ''
+ ExecStart = let startScript = pkgs.writeScript "peertube-start.sh" ''
#!/bin/sh
- sudo -u postgres "${config.services.postgresql.package}/bin/psql" -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" ${cfg.database.name}
- sudo -u postgres "${config.services.postgresql.package}/bin/psql" -c "CREATE EXTENSION IF NOT EXISTS unaccent;" ${cfg.database.name}
+ install -m 0750 -d ${cfg.runtimeDir}/config
+ ln -sf ${cfg.package}/config/default.yaml ${cfg.runtimeDir}/config/default.yaml
+ ln -sf ${configFile} ${cfg.runtimeDir}/config/production.yaml
+ exec npm start
'';
- in "+${script}";
+ in "${startScript}";
Restart = "always";
RestartSec = 20;
TimeoutSec = 60;
@@ -176,7 +195,23 @@ in {
ProtectSystem = "full";
PrivateTmp = true;
ProtectControlGroups = true;
- };
+ } // (lib.optionalAttrs (!databaseActuallyCreateLocally) {
+ ExecStartPre = let preStartScript = pkgs.writeScript "peertube-pre-start.sh" ''
+ #!/bin/sh
+ cat > ${cfg.runtimeDir}/config/local-production.yaml <<EOF
+ database:
+ password: '$(cat ${cfg.database.passwordFile})'
+ EOF
+ '';
+ in "+${preStartScript}";
+ }) // (lib.optionalAttrs databaseActuallyCreateLocally {
+ ExecStartPre = let preStartScript = pkgs.writeScript "peertube-pre-start.sh" ''
+ #!/bin/sh
+ sudo -u postgres ${config.services.postgresql.package}/bin/psql -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" ${cfg.database.name}
+ sudo -u postgres ${config.services.postgresql.package}/bin/psql -c "CREATE EXTENSION IF NOT EXISTS unaccent;" ${cfg.database.name}
+ '';
+ in "+${preStartScript}";
+ });
unitConfig.RequiresMountsFor = cfg.runtimeDir;
};
@@ -189,17 +224,13 @@ in {
enable = true;
};
- services.postgresql = lib.mkIf cfg.database.createLocally {
+ services.postgresql = lib.mkIf databaseActuallyCreateLocally {
enable = true;
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}];
ensureDatabases = [ cfg.database.name ];
- authentication = ''
- host ${cfg.database.name} ${cfg.database.user} 127.0.0.1/32 trust
- host ${cfg.database.name} ${cfg.database.user} 127.0.0.1/32 md5
- '';
};
users.users = lib.optionalAttrs (cfg.user == "peertube") { |
|
@Izorkin I applied the parts where I agreed but I still need to do some testing. Take care with the "+" before the systemd startup commands as they give root privileges to the process. |
|
@mohe2015 i am updated service confugiration - https://github.com/Izorkin/nixpkgs/blob/59748c880e3cbbea87551ced3caf487cec5a190d/nixos/modules/services/web-apps/peertube.nix |
|
@stevenroose @mohe2015 small update - Izorkin@44434c4 |
fixed in Izorkin@44434c4 @stevenroose @mohe2015 can create separate PR? Here you just add a package, and for the service - create a new PR? |
|
I took the pkg part out here: #119319 (also bumped to v3.1.0) Now let me look at all the suggestions for the module. I'm not very familiar with best practices for modules etc, though. So I might end up accepting most changes.. |
If you want to continue this you should really look at #119110 and #119262. And note to @Izorkin and me: We should add @stevenroose as a co-author (author is not recommended AFAIK). so |
Closes #46987.
So there was an attempt at packaging PeerTube here: #84189. I squashed that attempt into a single commit, just in order to preserve its content.
I'm totally new to making Nix packages (been using NixOS as a user for a while), so I've been trying to learn things over the past weekend. It seems that #84189 is hand-rolling the building of PeerTube as a Yarn package instead of using the yarn tooling like
mkYarnPackage.However, it seems that the yarn tooling is unable to build the yarn package anyway.
I'm looking into what's causing this by making modifications to the yarn tooling.