Loading nixos/modules/services/web-apps/peertube.nix +61 −70 Original line number Diff line number Diff line Loading @@ -352,6 +352,7 @@ in { }; storage = { tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/"; tmp_persistent = lib.mkDefault "/var/lib/peertube/storage/tmp_persistent/"; bin = lib.mkDefault "/var/lib/peertube/storage/bin/"; avatars = lib.mkDefault "/var/lib/peertube/storage/avatars/"; videos = lib.mkDefault "/var/lib/peertube/storage/videos/"; Loading Loading @@ -521,6 +522,21 @@ in { ''; }; locations."~ ^/api/v1/runners/jobs/[^/]+/(update|success)$" = { tryFiles = "/dev/null @api"; root = cfg.settings.storage.tmp; priority = 1135; extraConfig = '' client_max_body_size 12G; add_header X-File-Maximum-Size 8G always; '' + lib.optionalString cfg.enableWebHttps '' add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; locations."~ ^/api/v1/(videos|video-playlists|video-channels|users/me)" = { tryFiles = "/dev/null @api"; priority = 1140; Loading Loading @@ -607,72 +623,33 @@ in { ''; }; locations."^~ /lazy-static/avatars/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1330; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/lazy-static/avatars/(.*)$ /$1 break; ''; }; locations."^~ /lazy-static/banners/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1340; locations."^~ /download/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/banners/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /lazy-static/previews/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.previews; priority = 1350; locations."^~ /static/streaming-playlists/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/previews/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /static/streaming-playlists/private/" = { locations."^~ /static/web-videos/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; priority = 1430; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -684,7 +661,7 @@ in { locations."^~ /static/webseed/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; priority = 1440; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -694,31 +671,45 @@ in { ''; }; locations."^~ /static/thumbnails/" = { locations."^~ /static/redundancy/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.thumbnails; priority = 1430; root = cfg.settings.storage.redundancy; priority = 1450; extraConfig = '' set $peertube_limit_rate 800k; if ($request_uri ~ -fragmented.mp4$) { set $peertube_limit_rate 5M; } if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } if ($request_method = 'GET') { ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/static/thumbnails/(.*)$ /$1 break; access_log off; } aio threads; sendfile on; sendfile_max_chunk 1M; limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; ''; }; locations."^~ /static/redundancy/" = { locations."^~ /static/streaming-playlists/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.redundancy; priority = 1440; root = cfg.settings.storage.streaming_playlists; priority = 1460; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -746,14 +737,14 @@ in { limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; rewrite ^/static/streaming-playlists/(.*)$ /$1 break; ''; }; locations."^~ /static/streaming-playlists/" = { locations."^~ /static/web-videos/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.streaming_playlists; priority = 1450; priority = 1470; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -788,7 +779,7 @@ in { locations."^~ /static/webseed/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.videos; priority = 1460; priority = 1480; extraConfig = '' set $peertube_limit_rate 800k; Loading pkgs/servers/peertube/default.nix +4 −4 Original line number Diff line number Diff line Loading @@ -45,18 +45,18 @@ let in stdenv.mkDerivation rec { pname = "peertube"; version = "5.1.0"; version = "5.2.1"; src = fetchFromGitHub { owner = "Chocobozzz"; repo = "PeerTube"; rev = "v${version}"; hash = "sha256-C9mBF+QymGXyBB3IFX6MNgsZpHk739qv1/DLuvzrTaU="; hash = "sha256-8JzU0JVb+JQCNiro8hPHBwkofNTUy90YkSCzTOoB+/A="; }; yarnOfflineCacheServer = fetchYarnDeps { yarnLock = "${src}/yarn.lock"; hash = "sha256-W+pX2XO27j6qAVxvo+Xf1h7g3V0LUMtwNf+meZmkgwE="; hash = "sha256-pzXH6hdDf8O6Kr12Xw0jRcnPRD2TrDGdiEfxVr3KmwY="; }; yarnOfflineCacheTools = fetchYarnDeps { Loading @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { yarnOfflineCacheClient = fetchYarnDeps { yarnLock = "${src}/client/yarn.lock"; hash = "sha256-TAv8QAAfT3q28jUo26h0uCGsoqBzAn8lybIaqNAApU8="; hash = "sha256-Ejzk/VEx7YtJpsrkHcXAZnJ+yRx1VhBJGpqquHYULNU="; }; nativeBuildInputs = [ brotli fixup_yarn_lock jq nodejs which yarn ]; Loading Loading
nixos/modules/services/web-apps/peertube.nix +61 −70 Original line number Diff line number Diff line Loading @@ -352,6 +352,7 @@ in { }; storage = { tmp = lib.mkDefault "/var/lib/peertube/storage/tmp/"; tmp_persistent = lib.mkDefault "/var/lib/peertube/storage/tmp_persistent/"; bin = lib.mkDefault "/var/lib/peertube/storage/bin/"; avatars = lib.mkDefault "/var/lib/peertube/storage/avatars/"; videos = lib.mkDefault "/var/lib/peertube/storage/videos/"; Loading Loading @@ -521,6 +522,21 @@ in { ''; }; locations."~ ^/api/v1/runners/jobs/[^/]+/(update|success)$" = { tryFiles = "/dev/null @api"; root = cfg.settings.storage.tmp; priority = 1135; extraConfig = '' client_max_body_size 12G; add_header X-File-Maximum-Size 8G always; '' + lib.optionalString cfg.enableWebHttps '' add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; locations."~ ^/api/v1/(videos|video-playlists|video-channels|users/me)" = { tryFiles = "/dev/null @api"; priority = 1140; Loading Loading @@ -607,72 +623,33 @@ in { ''; }; locations."^~ /lazy-static/avatars/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1330; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/lazy-static/avatars/(.*)$ /$1 break; ''; }; locations."^~ /lazy-static/banners/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1340; locations."^~ /download/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/banners/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /lazy-static/previews/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.previews; priority = 1350; locations."^~ /static/streaming-playlists/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; rewrite ^/lazy-static/previews/(.*)$ /$1 break; proxy_limit_rate 5M; ''; }; locations."^~ /static/streaming-playlists/private/" = { locations."^~ /static/web-videos/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1410; priority = 1430; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -684,7 +661,7 @@ in { locations."^~ /static/webseed/private/" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; priority = 1420; priority = 1440; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; Loading @@ -694,31 +671,45 @@ in { ''; }; locations."^~ /static/thumbnails/" = { locations."^~ /static/redundancy/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.thumbnails; priority = 1430; root = cfg.settings.storage.redundancy; priority = 1450; extraConfig = '' set $peertube_limit_rate 800k; if ($request_uri ~ -fragmented.mp4$) { set $peertube_limit_rate 5M; } if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; add_header Cache-Control 'no-cache'; add_header Content-Type 'text/plain charset=UTF-8'; add_header Content-Length 0; return 204; } if ($request_method = 'GET') { ${nginxCommonHeaders} add_header Cache-Control 'public, max-age=7200'; rewrite ^/static/thumbnails/(.*)$ /$1 break; access_log off; } aio threads; sendfile on; sendfile_max_chunk 1M; limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; ''; }; locations."^~ /static/redundancy/" = { locations."^~ /static/streaming-playlists/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.redundancy; priority = 1440; root = cfg.settings.storage.streaming_playlists; priority = 1460; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -746,14 +737,14 @@ in { limit_rate $peertube_limit_rate; limit_rate_after 5M; rewrite ^/static/redundancy/(.*)$ /$1 break; rewrite ^/static/streaming-playlists/(.*)$ /$1 break; ''; }; locations."^~ /static/streaming-playlists/" = { locations."^~ /static/web-videos/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.streaming_playlists; priority = 1450; priority = 1470; extraConfig = '' set $peertube_limit_rate 800k; Loading Loading @@ -788,7 +779,7 @@ in { locations."^~ /static/webseed/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.videos; priority = 1460; priority = 1480; extraConfig = '' set $peertube_limit_rate 800k; Loading
pkgs/servers/peertube/default.nix +4 −4 Original line number Diff line number Diff line Loading @@ -45,18 +45,18 @@ let in stdenv.mkDerivation rec { pname = "peertube"; version = "5.1.0"; version = "5.2.1"; src = fetchFromGitHub { owner = "Chocobozzz"; repo = "PeerTube"; rev = "v${version}"; hash = "sha256-C9mBF+QymGXyBB3IFX6MNgsZpHk739qv1/DLuvzrTaU="; hash = "sha256-8JzU0JVb+JQCNiro8hPHBwkofNTUy90YkSCzTOoB+/A="; }; yarnOfflineCacheServer = fetchYarnDeps { yarnLock = "${src}/yarn.lock"; hash = "sha256-W+pX2XO27j6qAVxvo+Xf1h7g3V0LUMtwNf+meZmkgwE="; hash = "sha256-pzXH6hdDf8O6Kr12Xw0jRcnPRD2TrDGdiEfxVr3KmwY="; }; yarnOfflineCacheTools = fetchYarnDeps { Loading @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { yarnOfflineCacheClient = fetchYarnDeps { yarnLock = "${src}/client/yarn.lock"; hash = "sha256-TAv8QAAfT3q28jUo26h0uCGsoqBzAn8lybIaqNAApU8="; hash = "sha256-Ejzk/VEx7YtJpsrkHcXAZnJ+yRx1VhBJGpqquHYULNU="; }; nativeBuildInputs = [ brotli fixup_yarn_lock jq nodejs which yarn ]; Loading
