Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install buster #1

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
95 changes: 93 additions & 2 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,99 @@ peertube_tld: localhost
peertube_version: v1.0.0-beta.3
peertube_user_path: /var/www/peertube
peertube_proxy_handle_https: no
peertube_proxy_ips: []

peertube_trust_proxy:
- loopback
peertube_dbuser_password: "{{ lookup('password', 'credentials/peertube/db-' + inventory_hostname) }}"
peertube_user_password_hashed: "{{ lookup('password', 'credentials/peertube/user-' + inventory_hostname) |password_hash('sha512') }}"
peertube_web_admin_password: "{{ lookup('password', 'credentials/peertube/web-admin-' + inventory_hostname) }}"
peertube_admin_email: '[email protected]'
peertube_dbuser: peertube
peertube_theme: default
#Version 9 from Stretch and 12 from Buster
peertube_nodejs_version: 12
peertube_listen:
hostname: localhost
port: 9000

peertube_webserver:
https: true
hostname: '{{ inventory_hostname }}'
port: 443

peertube_database:
hostname: 'localhost'
port: 5432
ssl: false
suffix: '_prod'
username: '{{ peertube_dbuser }}'
password: '{{ peertube_dbuser_password }}'
pool:
max: 5

peertube_storage:
tmp: '/tmp/'
avatars: '/avatars/'
videos: '/videos/'
streaming_playlists: '/streaming_playlists/'
redundancy: '/redundancy/'
logs: '/logs/'
previews: '/previews/'
thumbnails: '/thumbnails/'
torrents: '/torrents/'
captions: '/captions/'
cache: '/cache/'
plugins: '/plugin/'
client_overrides: '/client_overrides/'

peertube_ldap:
# url: "ldaps://ldap.com.yy:636"
# weight: "100"
# bind-dn: "cn=admin,ou=group,dc=ldap,dc=com,dc=yy"
# custom-ca: ""
# search-base: "ou=group,dc=ldap,dc=com,dc=yy"
# group-filter: !unsafe "(member={{dn}})"
# insecure-tls: false
# mail-property: "mail"
# search-filter: !unsafe "(cn={{username}})"
# bind-credentials: "xxxxx"
# username-property: "cn"

peertube_instance:
name: 'Peertube'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: 'Welcome to this PeerTube instance!'
terms: 'No terms for now.'
code_of_conduct:
creation_reason: ''
administrator: ''
maintenance_lifetime: ''
moderation_information: ''
business_model: ''
hardware_information: ''

peertube_live:
enabled: true
max_duration: -1
max_instance_lives: 20
max_user_lives: 3
allow_replay: true
rtmp:
port: 1935
transcoding:
enabled: true
threads: 2
resolutions:
very_small: false #240p
small: false #360p
normal: false #480p
standard: false #720p
hd: false #1080p
full_hd: false #2160p

peertube_plugins:
andrespias marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default value should be [] otherwise the role fails with this:

TASK [udelarinterior.peertube : Install plugins npm package] ****************************************************************************************************
task path: /home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/install_configure_peertube.yml:91
fatal: [pericon.interior.edu.uy]: FAILED! => {"msg": "Invalid data passed to 'loop', it requires a list, got this instead: None. Hint: If you passed a list/dict of just one element, try adding wantlist=True to your lookup invocation or use q/query instead of lookup."}

Copy link
Member Author

@tricovictor tricovictor Jun 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added here

# - peertube-plugin-auth-ldap
# - peertube-plugin-bittube-logo-favicon
# - peertube-theme-noussommes

peertube_sql_extras:
- sentences.sql
1 change: 1 addition & 0 deletions meta/.galaxy_install_info
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{install_date: 'Mon May 3 18:36:23 2021', version: install_buster}
33 changes: 33 additions & 0 deletions tasks/certbot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@

- name: Install certbot
apt:
pkg: python-certbot-nginx
state: latest
register: certbot_installed
when: peertube_proxy_handle_https != 'yes'

- name: Install Letsencrypt certificate
shell: |
certbot certonly -n \
--authenticator standalone \
--installer nginx \
-d {{ peertube_tld }} \
-m {{ peertube_admin_email }} \
--agree-tos \
--pre-hook "systemctl stop nginx" \
--post-hook "systemctl start nginx"
when:
- certbot_installed is changed
- peertube_proxy_handle_https != 'yes'

- name: Insert Let's encrypt certificates in nginx
blockinfile:
dest: /etc/nginx/sites-available/peertube
marker: " # {mark} let's encrypt configuration"
block: |2-
ssl_certificate /etc/letsencrypt/live/{{ peertube_tld }}/cert.pem;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must to use fullchain.pem por federeation instead of cert.pem

ssl_certificate_key /etc/letsencrypt/live/{{ peertube_tld }}/privkey.pem;
insertbefore: ".*# Security hardening.*"
state: present
when: peertube_proxy_handle_https != 'yes'
notify: reload nginx
118 changes: 118 additions & 0 deletions tasks/configuration.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@

- name: Add peertube user
user:
name: peertube
home: "{{ peertube_user_path }}"
shell: /bin/bash
password: "{{ peertube_user_password_hashed }}"

- name: Create required directories
file:
path: "{{ peertube_user_path }}/{{ item }}"
state: directory
owner: peertube
group: peertube
mode: 0755
loop:
- config
- storage
- versions

- stat: path={{ peertube_user_path }}/versions/peertube-{{ peertube_version }}
register: peertube_version_dir

- name: Download and extract Peertube
unarchive:
src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.zip"
dest: "{{ peertube_user_path }}/versions"
remote_src: yes
owner: peertube
group: peertube
when: peertube_version_dir.stat.exists == False
register: fresh_install

- stat: path={{ peertube_user_path }}/peertube-latest
register: peertube_latest_dir

- name: Create symlink peertube-latest
file:
src: "{{ peertube_user_path }}/versions/peertube-{{ peertube_version }}"
dest: "{{ peertube_user_path }}/peertube-latest"
state: link
owner: peertube
group: peertube
when: peertube_latest_dir.stat.exists == False

- name: Change owner of all peertube directories # seems setting owner on unarchive is not enough…
file:
path: "{{ peertube_user_path }}"
owner: peertube
group: peertube
recurse: yes

- name: Copy configuration peertube
template:
src: "production.yaml.j2"
dest: '{{ peertube_user_path }}/config/production.yaml'
owner: peertube
group: peertube
mode: 0644
notify:
- restart peertube daemon

- name: Install Stretch backports repo
apt_repository:
repo: deb http://ftp.debian.org/debian stretch-backports main
state: present
when:
- (ansible_distribution_major_version == "9")
register: backports_installed

- name: Change apt_preference
copy:
content: 'APT::Default-Release "stable";'
dest: /etc/apt/apt.conf.d/99apt_default
mode: 644
when: backports_installed is changed

- name: Install Peertube daemon
template:
src: peertube.service
dest: /etc/systemd/system/
notify:
- install peertube daemon

- name: Update dependencies
become: true
become_user: peertube
shell: '{{ item }}'
loop:
- cd "{{ peertube_user_path }}/peertube-latest" && npm install
- cd "{{ peertube_user_path }}/peertube-latest/client" && npm install
- cd "{{ peertube_user_path }}/peertube-latest" && yarn install --production --pure-lockfile
- cd "{{ peertube_user_path }}/peertube-latest/client" && yarn install --pure-lockfile

- name: Enabled service Peertube
service:
name: peertube
enabled: yes
notify: install peertube daemon

- name: Install plugins npm package
shell: cd {{ peertube_user_path }}/peertube-latest && sudo -u peertube NODE_CONFIG_DIR={{ peertube_user_path }}/config NODE_ENV=production npm run plugin:install -- --npm-name {{ item }}
loop: "{{ peertube_plugins }}"

- name: Copy script
andrespias marked this conversation as resolved.
Show resolved Hide resolved
template:
src: ../vars/{{ item }}
dest: /tmp/{{ item }}
owner: postgres
mode: 0755
loop: "{{ peertube_sql_extras }}"

- name: Add user and Enabled LDAP
andrespias marked this conversation as resolved.
Show resolved Hide resolved
become: yes
become_user: postgres
command: psql -d peertube_prod -U postgres -f '/tmp/{{ item }}'
loop: "{{ peertube_sql_extras }}"
notify: restart peertube daemon
48 changes: 48 additions & 0 deletions tasks/install.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---

# Configure nodejs
andrespias marked this conversation as resolved.
Show resolved Hide resolved
- name: Install apt key
apt_key:
url: '{{ item }}'
state: present
loop:
- https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- https://dl.yarnpkg.com/debian/pubkey.gpg

- name: Add apt repository
apt_repository:
repo: '{{ item }}'
state: present
filename: nodeandyarnsource
loop:
- deb https://deb.nodesource.com/node_"{{ peertube_nodejs_version }}".x "{{ ansible_distribution_release }}" main
- deb https://dl.yarnpkg.com/debian/ stable main

- name: Install NodeJS
apt:
update_cache: yes
pkg: nodejs
state: present

- name: Install dependencies
apt:
name: '{{ item }}'
state: latest
loop:
- curl
- sudo
- unzip
- vim
- nginx
- ffmpeg
- postgresql
- openssl
- g++
- make
- redis-server
- git
- python-psycopg2
- build-essential
- apt-transport-https
- python-ruamel.yaml
- yarn
Loading