From 1bb085fbcbd74334f8b299fcdf2c2463e9ac612e Mon Sep 17 00:00:00 2001 From: vtorterola Date: Mon, 26 Apr 2021 12:49:30 -0300 Subject: [PATCH 01/21] Refurbished for buster --- defaults/main.yml | 63 ++++- meta/.galaxy_install_info | 2 + tasks/certbot.yml | 33 +++ tasks/configuration.yml | 123 ++++++++++ tasks/install.yml | 59 +++++ tasks/main.yml | 280 +-------------------- tasks/nginx.yml | 23 ++ tasks/postgres.yml | 24 ++ templates/enabledLDAP.sql | 110 +++++++++ templates/production.yaml.j2 | 463 +++++++++++++++++++++++++++++++++++ 10 files changed, 904 insertions(+), 276 deletions(-) create mode 100644 meta/.galaxy_install_info create mode 100644 tasks/certbot.yml create mode 100644 tasks/configuration.yml create mode 100644 tasks/install.yml create mode 100644 tasks/nginx.yml create mode 100644 tasks/postgres.yml create mode 100644 templates/enabledLDAP.sql create mode 100644 templates/production.yaml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 59fb729..09d0380 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,7 +5,68 @@ peertube_version: v1.0.0-beta.3 peertube_user_path: /var/www/peertube peertube_proxy_handle_https: no peertube_proxy_ips: [] - peertube_dbuser_password: "{{ lookup('password', 'credentials/peertube/db-' + inventory_hostname) }}" peertube_user_password_hashed: "{{ lookup('password', 'credentials/peertube/user-' + inventory_hostname) |password_hash('sha512') }}" peertube_web_admin_password: "{{ lookup('password', 'credentials/peertube/web-admin-' + inventory_hostname) }}" +peertube_admin_email: 'admin@example.com' +peertube_dbuser: peertube + +peertube_listen: + hostname: localhost + port: 9000 + +peertube_webserver: + https: true + hostname: '{{ inventory_hostname }}' + port: 443 + +peertube_database: + hostname: 'localhost' + port: 5432 + ssl: false + suffix: '_prod' + username: '{{ peertube_dbuser }}' + password: '{{ peertube_dbuser_password }}' + pool: + max: 5 + +peertube_storage: + tmp: '/tmp/' + avatars: '/avatars/' + videos: '/videos/' + streaming_playlists: '/streaming_playlists/' + redundancy: '/redundancy/' + logs: '/logs/' + previews: '/previews/' + thumbnails: '/thumbnails/' + torrents: '/torrents/' + captions: '/captions/' + cache: '/cache/' + plugins: '/plugin/' + client_overrides: '/client_overrides/' + +peertube_settings_ldap: +# url: "ldaps://ldap.com.yy:636" +# weight: "100" +# bind-dn: "cn=admin,ou=group,dc=ldap,dc=com,dc=yy" +# custom-ca: "" +# search-base: "ou=group,dc=ldap,dc=com,dc=yy" +# group-filter: !unsafe "(member={{dn}})" +# insecure-tls: false +# mail-property: "mail" +# search-filter: !unsafe "(cn={{username}})" +# bind-credentials: "xxxxx" +# username-property: "cn" + +peertube_instance: + name: 'Peertube' + short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' + description: 'Welcome to this PeerTube instance!' + terms: 'No terms for now.' + code_of_conduct: + creation_reason: '' + administrator: '' + maintenance_lifetime: '' + moderation_information: '' + business_model: '' + hardware_information: '' diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info new file mode 100644 index 0000000..8b34a18 --- /dev/null +++ b/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Mon Mar 8 17:27:23 2021 +version: master diff --git a/tasks/certbot.yml b/tasks/certbot.yml new file mode 100644 index 0000000..17225b1 --- /dev/null +++ b/tasks/certbot.yml @@ -0,0 +1,33 @@ + +- name: Install certbot + apt: + pkg: python-certbot-nginx + state: latest + register: certbot_installed + when: peertube_proxy_handle_https != 'yes' + +- name: Install Letsencrypt certificate + shell: | + certbot certonly -n \ + --authenticator standalone \ + --installer nginx \ + -d {{ peertube_tld }} \ + -m {{ peertube_admin_email }} \ + --agree-tos \ + --pre-hook "systemctl stop nginx" \ + --post-hook "systemctl start nginx" + when: + - certbot_installed is changed + - peertube_proxy_handle_https != 'yes' + +- name: Insert Let's encrypt certificates in nginx + blockinfile: + dest: /etc/nginx/sites-available/peertube + marker: " # {mark} let's encrypt configuration" + block: |2- + ssl_certificate /etc/letsencrypt/live/{{ peertube_tld }}/cert.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ peertube_tld }}/privkey.pem; + insertbefore: ".*# Security hardening.*" + state: present + when: peertube_proxy_handle_https != 'yes' + notify: reload nginx diff --git a/tasks/configuration.yml b/tasks/configuration.yml new file mode 100644 index 0000000..2be20c1 --- /dev/null +++ b/tasks/configuration.yml @@ -0,0 +1,123 @@ + +- name: Add peertube user + user: + name: peertube + home: "{{ peertube_user_path }}" + shell: /bin/bash + password: "{{ peertube_user_password_hashed }}" + +- name: Create required directories + file: + path: "{{ peertube_user_path }}/{{ item }}" + state: directory + owner: peertube + group: peertube + mode: 0755 + with_items: + - config + - storage + - versions + +- stat: path={{ peertube_user_path }}/versions/peertube-{{ peertube_version }} + register: peertube_version_dir + +- name: Download and extract Peertube + unarchive: + src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.zip" + dest: "{{ peertube_user_path }}/versions" + remote_src: yes + owner: peertube + group: peertube + when: peertube_version_dir.stat.exists == False + register: fresh_install + +- stat: path={{ peertube_user_path }}/peertube-latest + register: peertube_latest_dir + +- name: Create symlink peertube-latest + file: + src: "{{ peertube_user_path }}/versions/peertube-{{ peertube_version }}" + dest: "{{ peertube_user_path }}/peertube-latest" + state: link + owner: peertube + group: peertube + when: peertube_latest_dir.stat.exists == False + +- name: Change owner of all peertube directories # seems setting owner on unarchive is not enough… + file: + path: "{{ peertube_user_path }}" + owner: peertube + group: peertube + recurse: yes + +- name: Copy configuration peertube + template: + src: "production.yaml.j2" + dest: '{{ peertube_user_path }}/config/production.yaml' + owner: peertube + group: peertube + mode: 0644 + notify: + - restart peertube daemon + +- name: Install "auth-ldap" npm package + become: true + become_user: peertube + shell: '{{ item }}' + with_items: + - cd "{{ peertube_user_path }}/peertube-latest" && npm i peertube-plugin-auth-ldap + - cd "{{ peertube_user_path }}/peertube-latest" && npm i peertube-plugin-bittube-logo-favicon + +- name: Yarn install + become: true + become_user: peertube + shell: cd "{{ peertube_user_path }}/peertube-latest" && yarn install --production --pure-lockfile + when: fresh_install is changed + +- name: Install Stretch backports repo + apt_repository: + repo: deb http://ftp.debian.org/debian stretch-backports main + state: present + when: + - (ansible_distribution_major_version == "9") + register: backports_installed + +- name: Change apt_preference + copy: + content: 'APT::Default-Release "stable";' + dest: /etc/apt/apt.conf.d/99apt_default + mode: 644 + when: backports_installed is changed + +- name: Install Peertube daemon + template: + src: peertube.service + dest: /etc/systemd/system/ + notify: + - install peertube daemon + +- name: Add tools in $PATH + become: true + become_user: peertube + lineinfile: + path: "{{ peertube_user_path }}/.bashrc" + state: present + line: 'export PATH="$PATH:{{ peertube_user_path }}/peertube-latest/dist/server/tools/"' + +- pause: + minutes: 5 + +- name: Copy script + template: + src: "enabledLDAP.sql" + dest: /tmp/enabledLDAP.sql + owner: postgres + mode: 0755 + +- name: Add user and Enabled LDAP + become: yes + become_user: postgres + command: psql -d peertube_prod -U postgres -f '/tmp/enabledLDAP.sql' + when: + - fresh_install is changed + - peertube_ldap is defined diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..70aa20e --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,59 @@ +--- + +# - use include_tasks to group them +- name: Install dependencies + apt: + name: '{{ item }}' + state: latest + with_items: + - curl + - sudo + - unzip + - vim + - nginx + - ffmpeg + - postgresql + - openssl + - g++ + - make + - redis-server + - git + - python-psycopg2 + - build-essential + - apt-transport-https + - python-ruamel.yaml + +# Configure nodejs +- name: Install NodeJS apt key + apt_key: + url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + state: present + +- name: Add NodeJS apt repository + apt_repository: + repo: deb https://deb.nodesource.com/node_12.x "{{ ansible_distribution_release }}" main + state: present + filename: nodesource + +- name: Install NodeJS + apt: + update_cache: yes + pkg: nodejs + state: present + +- name: Install Yarn apt key + apt_key: + url: https://dl.yarnpkg.com/debian/pubkey.gpg + state: present + +- name: Add Yarn apt repo + apt_repository: + repo: deb https://dl.yarnpkg.com/debian/ stable main + state: present + filename: yarn + +- name: Install Yarn + apt: + update_cache: yes + pkg: yarn + state: latest diff --git a/tasks/main.yml b/tasks/main.yml index 7079cf0..43d6f27 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,280 +1,10 @@ ---- -# TODO: -# - use include_tasks to group them -- name: Install dependencies - apt: pkg={{item}} state=latest - with_items: - - curl - - sudo - - unzip - - vim - - nginx - - ffmpeg - - postgresql - - openssl - - g++ - - make - - redis-server - - git - - python-psycopg2 - - build-essential # for bcrypt? - - apt-transport-https # for node apt repository - - python-ruamel.yaml -# Configure nodejs -- name: Install NodeJS apt key - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - state: present +- include_tasks: install.yml -- name: Add NodeJS apt repository - apt_repository: - repo: deb https://deb.nodesource.com/node_9.x "{{ ansible_distribution_release }}" main - state: present - filename: nodesource +- include_tasks: postgres.yml -- name: Install NodeJS - apt: - update_cache: yes - pkg: nodejs - state: latest +- include_tasks: nginx.yml -- name: Install Yarn apt key - apt_key: - url: https://dl.yarnpkg.com/debian/pubkey.gpg - state: present +- include_tasks: certbot.yml -- name: Add Yarn apt repo - apt_repository: - repo: deb https://dl.yarnpkg.com/debian/ stable main - state: present - filename: yarn - -- name: Install Yarn - apt: - update_cache: yes - pkg: yarn - state: latest - -- name: Add peertube user - user: - name: peertube - home: "{{ peertube_user_path }}" - shell: /bin/bash - password: "{{ peertube_user_password_hashed }}" - -- name: Add peertube user in Postgres - become: yes - become_user: postgres - postgresql_user: - name: peertube - password: "{{ peertube_dbuser_password }}" - -- name: Add Postgres database - become: yes - become_user: postgres - postgresql_db: - name: peertube_prod - owner: peertube - -- name: Create required directories - file: - path: "{{ peertube_user_path }}/{{ item }}" - state: directory - owner: peertube - group: peertube - mode: 0755 - with_items: - - config - - storage - - versions - -- stat: path={{ peertube_user_path }}/versions/peertube-{{ peertube_version }} - register: peertube_version_dir - -- name: Download and extract Peertube - unarchive: - src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.zip" - dest: "{{ peertube_user_path }}/versions" - remote_src: yes - owner: peertube - group: peertube - when: peertube_version_dir.stat.exists == False - register: fresh_install - -- stat: path={{ peertube_user_path }}/peertube-latest - register: peertube_latest_dir - -- name: Create symlink peertube-latest - file: - src: "{{ peertube_user_path }}/versions/peertube-{{ peertube_version }}" - dest: "{{ peertube_user_path }}/peertube-latest" - state: link - owner: peertube - group: peertube - when: peertube_latest_dir.stat.exists == False - -- name: Change owner of all peertube directories # seems setting owner on unarchive is not enough… - file: - path: "{{ peertube_user_path }}" - owner: peertube - group: peertube - recurse: yes - -- name: Yarn install - become: true - become_user: peertube - shell: | - cd "{{ peertube_user_path }}/peertube-latest" - yarn install --production --pure-lockfile - when: fresh_install is changed - -- name: Copy production.yaml - copy: - src: "{{ peertube_user_path }}/peertube-latest/config/production.yaml.example" - dest: "{{ peertube_user_path }}/config/production.yaml" - remote_src: yes - force: no - owner: peertube - group: peertube - mode: 0644 - notify: - - restart peertube daemon - -- name: Edit production.yaml - yedit: - src: "{{ peertube_user_path }}/config/production.yaml" - edits: - - key: webserver.hostname - value: "{{ peertube_tld }}" - - key: database.password - value: "{{ peertube_dbuser_password }}" - - key: smtp.from_address - value: "admin@{{ peertube_tld }}" - - key: storage.avatars - value: "{{ peertube_user_path }}/storage/avatars/" - - key: storage.videos - value: "{{ peertube_user_path }}/storage/videos/" - - key: storage.logs - value: "{{ peertube_user_path }}/storage/logs/" - - key: storage.previews - value: "{{ peertube_user_path }}/storage/previews/" - - key: storage.thumbnails - value: "{{ peertube_user_path }}/storage/thumbnails/" - - key: storage.torrents - value: "{{ peertube_user_path }}/storage/torrents/" - - key: storage.cache - value: "{{ peertube_user_path }}/storage/cache/" - - key: admin.email - value: "admin@{{ peertube_tld }}" - - key: instance.name - value: "{{ peertube_tld }}" - notify: - - restart peertube daemon - -- name: Add proxy production.yaml - yedit: - src: "{{ peertube_user_path }}/config/production.yaml" - append: yes - key: trust_proxy - value: "{{ item }}" - loop: "{{ peertube_proxy_ips }}" - when: peertube_proxy_ips != [] - notify: - - restart peertube daemon - -- name: Copy nginx conf file - template: - src: "nginx-peertube" - dest: /etc/nginx/sites-available/peertube - mode: 0644 - notify: - - reload nginx - -- name: Enable nginx conf file - file: - src: /etc/nginx/sites-available/peertube - dest: /etc/nginx/sites-enabled/peertube - state: link - notify: - - reload nginx - -- name: Install Stretch backports repo - apt_repository: - repo: deb http://ftp.debian.org/debian stretch-backports main - state: present - when: - - (ansible_distribution_major_version == "9") - register: backports_installed - -- name: Change apt_preference - copy: - content: 'APT::Default-Release "stable";' - dest: /etc/apt/apt.conf.d/99apt_default - mode: 644 - when: backports_installed is changed - -- name: Install certbot - apt: - pkg: python-certbot-nginx - state: latest - default_release: stretch-backports - register: certbot_installed - when: peertube_proxy_handle_https != 'yes' - -- name: Install Letsencrypt certificate - shell: | - certbot certonly -n \ - --authenticator standalone \ - --installer nginx \ - -d {{ peertube_tld }} \ - -m {{ admin_email }} \ - --agree-tos \ - --pre-hook "systemctl stop nginx" \ - --post-hook "systemctl start nginx" - when: - - certbot_installed is changed - - peertube_proxy_handle_https != 'yes' - -- name: Insert Let's encrypt certificates in nginx - blockinfile: - dest: /etc/nginx/sites-available/peertube - marker: " # {mark} let's encrypt configuration" - block: |2- - ssl_certificate /etc/letsencrypt/live/{{ peertube_tld }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ peertube_tld }}/privkey.pem; - - insertbefore: ".*# Security hardening.*" - state: present - when: peertube_proxy_handle_https != 'yes' - -- name: Reload nginx - service: name=nginx state=reloaded - -- name: Install Peertube daemon - template: - src: peertube.service - dest: /etc/systemd/system/ - notify: - - install peertube daemon - -- name: Add tools in $PATH - become: true - become_user: peertube - lineinfile: - path: "{{ peertube_user_path }}/.bashrc" - state: present - line: 'export PATH="$PATH:{{ peertube_user_path }}/peertube-latest/dist/server/tools/"' - -- name: Change admin password - become: true - become_user: peertube - shell: |-1 - cd "{{ peertube_user_path }}/peertube-latest" - yarn add commander - # FIXME escape characters - echo "{{ peertube_web_admin_password }}" | NODE_CONFIG_DIR={{ peertube_user_path }}/config NODE_ENV=production npm run reset-password -- -u root - when: - - peertube_version_dir.stat.exists == False - - fresh_install # is changed - - peertube_web_admin_password is defined +- include_tasks: configuration.yml diff --git a/tasks/nginx.yml b/tasks/nginx.yml new file mode 100644 index 0000000..1c891af --- /dev/null +++ b/tasks/nginx.yml @@ -0,0 +1,23 @@ + +- name: Copy nginx conf file + template: + src: "nginx-peertube" + dest: /etc/nginx/sites-available/peertube + mode: 0644 + notify: + - reload nginx + +- name: Enable nginx conf file + file: + src: /etc/nginx/sites-available/peertube + dest: /etc/nginx/sites-enabled/peertube + state: link + notify: + - reload nginx + +- name: Remove default nginx conf file + file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: + - reload nginx diff --git a/tasks/postgres.yml b/tasks/postgres.yml new file mode 100644 index 0000000..07888dd --- /dev/null +++ b/tasks/postgres.yml @@ -0,0 +1,24 @@ + +- name: Add peertube user in Postgres + become: yes + become_user: postgres + postgresql_user: + name: peertube + password: "{{ peertube_dbuser_password }}" + +- name: Add Postgres database + become: yes + become_user: postgres + postgresql_db: + name: peertube_prod + owner: peertube + +- name: Add pg_trgm and unaccent + become: yes + become_user: postgres + postgresql_ext: + name: '{{ item }}' + db: peertube_prod + with_items: + - pg_trgm + - unaccent diff --git a/templates/enabledLDAP.sql b/templates/enabledLDAP.sql new file mode 100644 index 0000000..323fea2 --- /dev/null +++ b/templates/enabledLDAP.sql @@ -0,0 +1,110 @@ +INSERT INTO "user" ( + password, + username, + email, + "nsfwPolicy", + "webTorrentEnabled", + "videosHistoryEnabled", + "autoPlayVideo", + "autoPlayNextVideo", + "autoPlayNextVideoPlaylist", + "adminFlags", + blocked, + role, + "videoQuota", + "videoQuotaDaily", + theme, + "noInstanceConfigWarningModal", + "noWelcomeModal", + "pluginAuth", + "feedToken", + "createdAt", + "updatedAt") +VALUES ( + 'noimporta', + '{{ peertube_ldap.user }}', + '{{ peertube_ldap.email }}', + 'do_not_list', + 't', + 't', + 't', + 'f', + 't', + 0, + 'f', + 2, + -1, + -1, + 'instance-default', + 't', + 'f', + 'peertube-plugin-auth-ldap', + 'e542cc15-eba7-47cb-a77b-55484aede8c4', + current_date, + current_date); + +INSERT INTO "plugin" ( + name, + type, + version, + "latestVersion", + enabled, + uninstalled, + "peertubeEngine", + description, + homepage, + settings, + "createdAt", + "updatedAt") +VALUES ( + 'auth-ldap', + 1, + '0.0.8', + '0.0.8', + 't', + 'f', + '>=2.2.0', + 'Add LDAP support to login form in PeerTube.', + 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-ldap', + '{"url": "{{ peertube_ldap.url }}", + "weight": "100", + "bind-dn": "{{ peertube_ldap.bind_dn }}", + "custom-ca": "", + "search-base": "{{ peertube_ldap.search_base }}", + "group-filter": "{{ peertube_ldap.group_filter }}", + "insecure-tls": "{{ peertube_ldap.insecure_tls }}", + "mail-property": "mail", + "search-filter": "(cn={% raw %}{{username}}{% endraw %})", + "bind-credentials": "{{ peertube_ldap.bind_credentials }}", + "username-property": "{{ peertube_ldap.username_property }}"}', + current_date, + current_date); + +INSERT INTO "plugin" ( + name, + type, + version, + "latestVersion", + enabled, + uninstalled, + "peertubeEngine", + description, + homepage, + settings, + "createdAt", + "updatedAt") +VALUES ( + 'bittube-logo-favicon', + 1, + '1.0.5', + '1.0.5', + 't', + 'f', + '>=1.4.0-rc1', + 'PeerTube logo && favicon plugin for BitTube.video ', + 'https://github.com/ipbc-dev/peertube-plugin-bittube-logo-favicon', + '{"icon_url": "{{ peertube_logo.icon_url }}", "icon_width": "{{ peertube_logo.icon_width }}"}', + current_date, + current_date); + +UPDATE "user" set "password" = '{{ peertube_dbuser_password |password_hash('sha512') }}' where "username" = 'root'; diff --git a/templates/production.yaml.j2 b/templates/production.yaml.j2 new file mode 100644 index 0000000..c1fa55a --- /dev/null +++ b/templates/production.yaml.j2 @@ -0,0 +1,463 @@ +listen: + hostname: '{{peertube_listen.hostname}}' + port: {{ peertube_listen.port }} + +# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL) +webserver: + https: {{ peertube_webserver.https }} + hostname: {{ peertube_webserver.hostname }} + port: {{ peertube_webserver.port }} + +rates_limit: + api: + # 50 attempts in 10 seconds + window: 10 seconds + max: 50 + login: + # 15 attempts in 5 min + window: 5 minutes + max: 15 + signup: + # 2 attempts in 5 min (only succeeded attempts are taken into account) + window: 5 minutes + max: 2 + ask_send_email: + # 3 attempts in 5 min + window: 5 minutes + max: 3 + +# Proxies to trust to get real client IP +# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' +# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) +trust_proxy: + - 'loopback' + +# Your database name will be database.name OR "peertube"+database.suffix +database: + hostname: '{{ peertube_database.hostname }}' + port: {{ peertube_database.port }} + ssl: {{ peertube_database.ssl }} + suffix: '{{ peertube_database.suffix }}' + username: '{{ peertube_database.username }}' + password: '{{ peertube_database.password }}' + pool: + max: {{ peertube_database.pool.max }} + +# Redis server for short time storage +# You can also specify a 'socket' path to a unix socket but first need to +# comment out hostname and port +redis: + hostname: 'localhost' + port: 6379 + auth: null + db: 0 + +# SMTP server to send emails +smtp: + # smtp or sendmail + transport: smtp + # Path to sendmail command. Required if you use sendmail transport + sendmail: null + hostname: null + port: 465 # If you use StartTLS: 587 + username: null + password: null + tls: true # If you use StartTLS: false + disable_starttls: false + ca_file: null # Used for self signed certificates + from_address: 'admin@example.com' + +email: + body: + signature: "PeerTube" + subject: + prefix: "[PeerTube]" + +# From the project root directory +storage: + tmp: '{{ peertube_user_path }}/storage{{ peertube_storage.tmp }}' + avatars: '{{ peertube_user_path }}/storage{{ peertube_storage.avatars }}' + videos: '{{ peertube_user_path }}/storage{{ peertube_storage.videos }}' + streaming_playlists: '{{ peertube_user_path }}/storage{{ peertube_storage.streaming_playlists }}' + redundancy: '{{ peertube_user_path }}/storage{{ peertube_storage.redundancy }}' + logs: '{{ peertube_user_path }}/storage{{ peertube_storage.logs }}' + previews: '{{ peertube_user_path }}/storage{{ peertube_storage.previews }}' + thumbnails: '{{ peertube_user_path }}/storage{{ peertube_storage.thumbnails }}' + torrents: '{{ peertube_user_path }}/storage{{ peertube_storage.torrents }}' + captions: '{{ peertube_user_path }}/storage{{ peertube_storage.captions }}' + cache: '{{ peertube_user_path }}/storage{{ peertube_storage.cache }}' + plugins: '{{ peertube_user_path }}/storage{{ peertube_storage.plugins }}' + # Overridable client files : logo.svg, favicon.png and icons/*.png (PWA) in client/dist/assets/images + # Could contain for example assets/images/favicon.png + # If the file exists, peertube will serve it + # If not, peertube will fallback to the default fil + client_overrides: '{{ peertube_user_path }}/storage{{ peertube_storage.client_overrides }}' + +log: + level: 'info' # debug/info/warning/error + rotation: + enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate + maxFileSize: 12MB + maxFiles: 20 + anonymizeIP: false + +trending: + videos: + interval_days: 7 # Compute trending videos for the last x days + +# Cache remote videos on your server, to help other instances to broadcast the video +# You can define multiple caches using different sizes/strategies +# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following +redundancy: + videos: + check_interval: '1 hour' # How often you want to check new videos to cache + strategies: # Just uncomment strategies you want +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'most-views' # Cache videos that have the most views +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'trending' # Cache trending videos +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'recently-added' # Cache recently added videos +# min_views: 10 # Having at least x views + +# Other instances that duplicate your content +remote_redundancy: + videos: + # 'nobody': Do not accept remote redundancies + # 'anybody': Accept remote redundancies from anybody + # 'followings': Accept redundancies from instance followings + accept_from: 'anybody' + +csp: + enabled: false + report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! + report_uri: + +tracker: + # If you disable the tracker, you disable the P2P aspect of PeerTube + enabled: true + # Only handle requests on your videos. + # If you set this to false it means you have a public tracker. + # Then, it is possible that clients overload your instance with external torrents + private: true + # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers) + reject_too_many_announces: false + +history: + videos: + # If you want to limit users videos history + # -1 means there is no limitations + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + max_age: -1 + +views: + videos: + # PeerTube creates a database entry every hour for each video to track views over a period of time + # This is used in particular by the Trending page + # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered) + # -1 means no cleanup + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + remote: + max_age: '30 days' + +plugins: + # The website PeerTube will ask for available PeerTube plugins and themes + # This is an unmoderated plugin index, so only install plugins/themes you trust + index: + enabled: true + check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions + url: 'https://packages.joinpeertube.org' + +federation: + videos: + federate_unlisted: false + + +############################################################################### +# +# From this point, all the following keys can be overridden by the web interface +# (local-production.json file). If you need to change some values, prefer to +# use the web interface because the configuration will be automatically +# reloaded without any need to restart PeerTube. +# +# /!\ If you already have a local-production.json file, the modification of the +# following keys will have no effect /!\. +# +############################################################################### + +cache: + previews: + size: 500 # Max number of previews you want to cache + captions: + size: 500 # Max number of video captions/subtitles you want to cache + +admin: + # Used to generate the root user at first startup + # And to receive emails from the contact form + email: '{{ peertube_admin_email }}' + +contact_form: + enabled: true + +signup: + enabled: false + limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited + requires_email_verification: false + filters: + cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist + whitelist: [] + blacklist: [] + +user: + # Default value of maximum video BYTES the user can upload (does not take into account transcoded files). + # -1 == unlimited + video_quota: -1 + video_quota_daily: -1 + +# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag +# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. +# Please, do not disable transcoding since many uploaded videos will not work +transcoding: + enabled: true + # Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos + allow_additional_extensions: true + # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file + allow_audio_files: true + threads: 1 + resolutions: # Only created if the original video has a higher resolution, uses more storage! + 0p: false # audio-only (creates mp4 without video stream, always created when enabled) + 240p: false + 360p: false + 480p: false + 720p: false + 1080p: false + 2160p: false + + # Generate videos in a WebTorrent format (what we do since the first PeerTube release) + # If you also enabled the hls format, it will multiply videos storage by 2 + # If disabled, breaks federation with PeerTube instances < 2.1 + webtorrent: + enabled: true + + # /!\ Requires ffmpeg >= 4.1 + # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent: + # * Resolution change is smoother + # * Faster playback in particular with long videos + # * More stable playback (less bugs/infinite loading) + # If you also enabled the webtorrent format, it will multiply videos storage by 2 + hls: + enabled: false + +live: + enabled: false + + # Limit lives duration + # Set null to disable duration limit + max_duration: -1 # For example: '5 hours' + + # Limit max number of live videos created on your instance + # -1 == unlimited + max_instance_lives: 20 + + # Limit max number of live videos created by a user on your instance + # -1 == unlimited + max_user_lives: 3 + + # Allow your users to save a replay of their live + # PeerTube will transcode segments in a video file + # If the user daily/total quota is reached, PeerTube will stop the live + # /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay + allow_replay: true + + # Your firewall should accept traffic from this port in TCP if you enable live + rtmp: + port: 1935 + + # Allow to transcode the live streaming in multiple live resolutions + transcoding: + enabled: true + threads: 2 + + resolutions: + 240p: false + 360p: false + 480p: false + 720p: false + 1080p: false + 2160p: false + +import: + # Add ability for your users to import remote videos (from YouTube, torrent...) + videos: + http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + enabled: false + + # IPv6 is very strongly rate-limited on most sites supported by youtube-dl + force_ipv4: false + + # You can use an HTTP/HTTPS/SOCKS proxy with youtube-dl + proxy: + enabled: false + url: "" + torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + enabled: false + +auto_blacklist: + # New videos automatically blacklisted so moderators can review before publishing + videos: + of_users: + enabled: false + +# Instance settings +instance: + name: '{{ peertube_instance.name }}' + short_description: '{{ peertube_instance.short_description }}' + description: '{{ peertube_instance.description }}' + terms: '{{ peertube_instance.terms }}' + code_of_conduct: '{{ peertube_instance.code_of_conduct }}' + + # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc + moderation_information: '{{ peertube_instance.moderation_information }}' + + # Why did you create this instance? + creation_reason: '{{ peertube_instance.creation_reason }}' + + # Who is behind the instance? A single person? A non profit? + administrator: '{{ peertube_instance.administrator }}' + + # How long do you plan to maintain this instance? + maintenance_lifetime: '{{ peertube_instance.maintenance_lifetime }}' + + # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising? + business_model: '{{ peertube_instance.business_model }}' + + # If you want to explain on what type of hardware your PeerTube instance runs + # Example: "2 vCore, 2GB RAM..." + hardware_information: '{{ peertube_instance.hardware_information }}' + + # What are the main languages of your instance? To interact with your users for example + # Uncomment or add the languages you want + # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages + languages: +# - en +# - es +# - fr + + # You can specify the main categories of your instance (dedicated to music, gaming or politics etc) + # Uncomment or add the category ids you want + # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories + categories: +# - 1 # Music +# - 2 # Films +# - 3 # Vehicles +# - 4 # Art +# - 5 # Sports +# - 6 # Travels +# - 7 # Gaming +# - 8 # People +# - 9 # Comedy +# - 10 # Entertainment +# - 11 # News & Politics +# - 12 # How To +# - 13 # Education +# - 14 # Activism +# - 15 # Science & Technology +# - 16 # Animals +# - 17 # Kids +# - 18 # Food + + default_client_route: '/videos/trending' + + # Whether or not the instance is dedicated to NSFW content + # Enabling it will allow other administrators to know that you are mainly federating sensitive content + # Moreover, the NSFW checkbox on video upload will be automatically checked by default + is_nsfw: false + # By default, "do_not_list" or "blur" or "display" NSFW videos + # Could be overridden per user with a setting + default_nsfw_policy: 'do_not_list' + + customizations: + javascript: '' # Directly your JavaScript code (without