# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, ... }:

let
  host = "videos.dgnum.eu";
in
{
  dgn-web.internalPorts.peertube = config.services.peertube.listenHttp;

  services.peertube = {
    enable = true;

    settings = {
      object_storage = {
        enabled = true;

        endpoint = "https://s3.dgnum.eu";
        region = "garage";

        max_upload_part = "150MB";

        videos = {
          bucket_name = "peertube-videos-dgnum";
          prefix = "web-videos/";
          base_url = "https://peertube-videos-dgnum.cdn.dgnum.eu";
        };

        streaming_playlists = {
          bucket_name = "peertube-videos-dgnum";
          prefix = "streaming-playlists/";
          base_url = "https://peertube-videos-dgnum.cdn.dgnum.eu";
        };
      };

      smtp = {
        transport = "smtp";
        hostname = "kurisu.lahfa.xyz";
        port = 465;
        username = "web-services@infra.dgnum.eu";
        tls = true;
        disable_starttls = true;
        from_address = "videos@infra.dgnum.eu";
      };

      email.subject.prefix = "[videos.dgnum]";

      webadmin.configuration.edition.allowed = true;

      user.video_quota = "10GB";
    };

    localDomain = host;
    configureNginx = true;
    listenWeb = 443;
    enableWebHttps = true;

    redis.createLocally = true;
    database.createLocally = true;

    smtp.passwordFile = config.age.secrets."peertube-smtp_password_file".path;
    serviceEnvironmentFile = config.age.secrets."peertube-service_environment_file".path;
    secrets.secretsFile = config.age.secrets."peertube-secrets_file".path;
  };

  services.nginx.virtualHosts.${host} = {
    enableACME = true;
    forceSSL = true;
  };

  age-secrets.autoMatch = [ "peertube" ];
}