-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Install buster #1
base: master
Are you sure you want to change the base?
Changes from 16 commits
1bb085f
cd3fe6a
183da1c
2a4ea25
9c356aa
3c26107
33b904b
074cc9a
ec2bbc5
7c314f3
2b4eef5
e91c60a
b392a65
b3ce8f5
fd11029
dcd9bde
fdb998f
ae164b9
30cc6d7
7243744
9186ac7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,126 @@ | ||
--- | ||
# defaults file for peertube | ||
peertube_tld: localhost | ||
peertube_tld: '{{ inventory_hostname }}' | ||
#peertube_alias: [] | ||
peertube_user: peertube | ||
peertube_group: peertube | ||
peertube_version: v1.0.0-beta.3 | ||
peertube_user_path: /var/www/peertube | ||
peertube_proxy_handle_https: no | ||
peertube_proxy_ips: [] | ||
|
||
peertube_trust_proxy: | ||
- loopback | ||
peertube_dbuser_password: "{{ lookup('password', 'credentials/peertube/db-' + inventory_hostname) }}" | ||
peertube_user_password_hashed: "{{ lookup('password', 'credentials/peertube/user-' + inventory_hostname) |password_hash('sha512') }}" | ||
peertube_web_admin_password: "{{ lookup('password', 'credentials/peertube/web-admin-' + inventory_hostname) }}" | ||
peertube_admin_email: '[email protected]' | ||
peertube_db: peertube | ||
peertube_dbuser: peertube | ||
peertube_theme: default | ||
#Version 9 from Stretch and 12 from Buster | ||
peertube_nodejs_version: 12 | ||
peertube_listen: | ||
hostname: localhost | ||
port: 9000 | ||
|
||
peertube_webserver: | ||
https: true | ||
hostname: '{{ peertube_tld }}' | ||
port: 443 | ||
|
||
peertube_database: | ||
hostname: 'localhost' | ||
port: 5432 | ||
ssl: false | ||
suffix: '_prod' | ||
username: '{{ peertube_dbuser }}' | ||
password: '{{ peertube_dbuser_password }}' | ||
pool: | ||
max: 5 | ||
|
||
peertube_storage: | ||
tmp: '/tmp/' | ||
avatars: '/avatars/' | ||
videos: '/videos/' | ||
streaming_playlists: '/streaming_playlists/' | ||
redundancy: '/redundancy/' | ||
logs: '/logs/' | ||
previews: '/previews/' | ||
thumbnails: '/thumbnails/' | ||
torrents: '/torrents/' | ||
captions: '/captions/' | ||
cache: '/cache/' | ||
plugins: '/plugin/' | ||
client_overrides: '/client_overrides/' | ||
|
||
peertube_smtp: | ||
transport: smtp | ||
sendmail: null | ||
hostname: correo.com | ||
port: 465 | ||
username: [email protected] | ||
password: | ||
tls: true | ||
disable_starttls: false | ||
ca_file: null | ||
from_address: | ||
|
||
peertube_ldap: | ||
# url: "ldaps://ldap.com.yy:636" | ||
# weight: "100" | ||
# bind_dn: "cn=admin,ou=group,dc=ldap,dc=com,dc=yy" | ||
# custom_ca: "" | ||
# search_base: "ou=group,dc=ldap,dc=com,dc=yy" | ||
# group_filter: !unsafe "(member={{dn}})" | ||
# insecure_tls: false | ||
# mail_property: "mail" | ||
# search_filter: !unsafe "(cn={{username}})" | ||
# bind_credentials: "xxxxx" | ||
# username_property: "cn" | ||
|
||
#If insecure_tls: true | ||
#peertube_ldap_url: ldap.com.yy | ||
#peertube_tls_cert_src: /home/cert/fullchain.pem | ||
#peertube_tls_cert_dest: /var/www/peertube/config/fullchain.pem | ||
|
||
peertube_instance: | ||
name: 'Peertube' | ||
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.' | ||
description: 'Welcome to this PeerTube instance!' | ||
terms: 'No terms for now.' | ||
code_of_conduct: | ||
creation_reason: '' | ||
administrator: '' | ||
maintenance_lifetime: '' | ||
moderation_information: '' | ||
business_model: '' | ||
hardware_information: '' | ||
|
||
peertube_live: | ||
enabled: true | ||
max_duration: -1 | ||
max_instance_lives: 20 | ||
max_user_lives: 3 | ||
allow_replay: true | ||
rtmp: | ||
port: 1935 | ||
transcoding: | ||
enabled: true | ||
threads: 2 | ||
resolutions: | ||
very_small: false #240p | ||
small: false #360p | ||
normal: false #480p | ||
standard: false #720p | ||
hd: false #1080p | ||
full_hd: false #2160p | ||
|
||
peertube_plugins: | ||
andrespias marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The default value should be
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added here |
||
# - peertube-plugin-auth-ldap | ||
# - peertube-plugin-bittube-logo-favicon | ||
# - peertube-theme-noussommes | ||
|
||
peertube_sql_extras: | ||
- sentences.sql | ||
|
||
peertube_video_quota: -1 | ||
peertube_video_quota_daily: -1 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{install_date: 'Mon May 3 18:36:23 2021', version: install_buster} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,5 +18,4 @@ galaxy_info: | |
- web | ||
- peertube | ||
|
||
dependencies: | ||
- kwoodson.yedit | ||
dependencies: [] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
|
||
- name: Install certbot | ||
apt: | ||
pkg: python-certbot-nginx | ||
state: latest | ||
register: certbot_installed | ||
when: peertube_proxy_handle_https != 'yes' | ||
|
||
- name: Install Letsencrypt certificate | ||
shell: | | ||
certbot certonly -n \ | ||
--authenticator standalone \ | ||
--installer nginx \ | ||
-d {{ peertube_tld }} \ | ||
{% for item in peertube_alias %} -d {{ item }}{% endfor %} \ | ||
-m {{ peertube_admin_email }} \ | ||
--agree-tos \ | ||
--pre-hook "systemctl stop nginx" \ | ||
--post-hook "systemctl start nginx" | ||
when: | ||
- certbot_installed is changed | ||
- peertube_proxy_handle_https != 'yes' | ||
|
||
- name: Insert Let's encrypt certificates in nginx | ||
blockinfile: | ||
dest: /etc/nginx/sites-available/peertube | ||
marker: " # {mark} let's encrypt configuration" | ||
block: |2- | ||
ssl_certificate /etc/letsencrypt/live/{{ peertube_tld }}/cert.pem; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We must to use |
||
ssl_certificate_key /etc/letsencrypt/live/{{ peertube_tld }}/privkey.pem; | ||
insertbefore: ".*# Security hardening.*" | ||
state: present | ||
when: peertube_proxy_handle_https != 'yes' | ||
notify: reload nginx |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
|
||
|
||
- name: USER | Create SSH key on ldap server | ||
user: | ||
name: root | ||
generate_ssh_key: yes | ||
ssh_key_bits: "{{ peertube_ssh_key_bits | default (omit) }}" | ||
ssh_key_comment: "root@{{ inventory_hostname }}" | ||
delegate_to: '{{ peertube_ldap_url }}' | ||
|
||
- name: COMMAND | Extract SSH ldap server pub key | ||
command: "cat /root/.ssh/id_rsa.pub" | ||
register: cat | ||
changed_when: false | ||
delegate_to: "{{ peertube_ldap_url }}" | ||
|
||
- name: Add SSH server pub key to peertube | ||
authorized_key: | ||
user: root | ||
state: present | ||
key: "{{ cat.stdout }}" | ||
|
||
- name: SHELL | ssh public key of peertube | ||
shell: "ssh-keyscan {{ inventory_hostname }}" | ||
register: ssh_known_host_results | ||
ignore_errors: yes | ||
delegate_to: "{{ peertube_ldap_url }}" | ||
become_user: root | ||
|
||
- name: KNOWN_HOSTS | add or update client key to known_hosts in server | ||
known_hosts: | ||
path: '/root/.ssh/known_hosts' | ||
name: "{{ inventory_hostname }}" | ||
key: "{{ ssh_known_host_results.stdout }}" | ||
state: present | ||
delegate_to: "{{ peertube_ldap_url }}" | ||
become_user: root | ||
|
||
- name: Copy the file certtificate | ||
become: True | ||
shell: "rsync -arvz {{ peertube_tls_cert_src }} root@{{ inventory_hostname }}:{{ peertube_tls_cert_dest }}" | ||
delegate_to: '{{ peertube_ldap_url }}' |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
|
||
- name: Add peertube user | ||
user: | ||
name: '{{ peertube_user }}' | ||
home: "{{ peertube_user_path }}" | ||
shell: /bin/bash | ||
password: "{{ peertube_user_password_hashed }}" | ||
|
||
- name: Create required directories | ||
file: | ||
path: "{{ peertube_user_path }}/{{ item }}" | ||
state: directory | ||
owner: '{{ peertube_user }}' | ||
group: '{{ peertube_group }}' | ||
mode: 0755 | ||
loop: | ||
- config | ||
- storage | ||
- versions | ||
|
||
- stat: path={{ peertube_user_path }}/versions/peertube-{{ peertube_version }} | ||
register: peertube_version_dir | ||
|
||
- name: Download and extract Peertube | ||
unarchive: | ||
src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.zip" | ||
dest: "{{ peertube_user_path }}/versions" | ||
remote_src: yes | ||
owner: '{{ peertube_user }}' | ||
group: '{{ peertube_group }}' | ||
when: peertube_version_dir.stat.exists == False | ||
register: fresh_install | ||
|
||
- stat: path={{ peertube_user_path }}/peertube-latest | ||
register: peertube_latest_dir | ||
|
||
- name: Create symlink peertube-latest | ||
file: | ||
src: "{{ peertube_user_path }}/versions/peertube-{{ peertube_version }}" | ||
dest: "{{ peertube_user_path }}/peertube-latest" | ||
state: link | ||
owner: '{{ peertube_user }}' | ||
group: '{{ peertube_group }}' | ||
when: peertube_latest_dir.stat.exists == False | ||
|
||
- name: Change owner of all peertube directories # seems setting owner on unarchive is not enough… | ||
file: | ||
path: "{{ peertube_user_path }}" | ||
owner: '{{ peertube_user }}' | ||
group: '{{ peertube_group }}' | ||
recurse: yes | ||
|
||
- name: Copy configuration peertube | ||
template: | ||
src: "production.yaml.j2" | ||
dest: '{{ peertube_user_path }}/config/production.yaml' | ||
owner: '{{ peertube_user }}' | ||
group: '{{ peertube_group }}' | ||
mode: 0644 | ||
notify: | ||
- restart peertube daemon | ||
|
||
- name: Install Stretch backports repo | ||
apt_repository: | ||
repo: deb http://ftp.debian.org/debian stretch-backports main | ||
state: present | ||
when: | ||
- (ansible_distribution_major_version == "9") | ||
register: backports_installed | ||
|
||
- name: Change apt_preference | ||
copy: | ||
content: 'APT::Default-Release "stable";' | ||
dest: /etc/apt/apt.conf.d/99apt_default | ||
mode: 644 | ||
when: backports_installed is changed | ||
|
||
- name: Install Peertube daemon | ||
template: | ||
src: peertube.service | ||
dest: /etc/systemd/system/ | ||
notify: | ||
- install peertube daemon | ||
|
||
- name: Enabled service Peertube | ||
service: | ||
name: peertube | ||
enabled: yes | ||
notify: install peertube daemon | ||
|
||
- name: Install plugins npm package | ||
shell: cd {{ peertube_user_path }}/peertube-latest && sudo -u peertube NODE_CONFIG_DIR={{ peertube_user_path }}/config NODE_ENV=production npm run plugin:install -- --npm-name {{ item }} | ||
loop: "{{ peertube_plugins }}" | ||
|
||
- name: Copy additional SQL queries | ||
template: | ||
src: sql/{{ item }} | ||
dest: /tmp/{{ item }} | ||
owner: '{{ peertube_user }}' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is |
||
group: '{{ peertube_group }}' | ||
mode: 0755 | ||
loop: "{{ peertube_sql_extras }}" | ||
|
||
- name: Run additional SQL queries | ||
become: yes | ||
become_user: '{{ postgres_user }}' | ||
command: psql -d peertube_prod -U postgres -f '/tmp/{{ item }}' | ||
loop: "{{ peertube_sql_extras }}" | ||
notify: restart peertube daemon | ||
|
||
- name: Update dependencies | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To keep the logic of the original role we can add a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added here |
||
become: true | ||
become_user: '{{ peertube_user }}' | ||
shell: '{{ item }}' | ||
loop: | ||
- cd "{{ peertube_user_path }}/peertube-latest" && npm install | ||
- cd "{{ peertube_user_path }}/peertube-latest/client" && npm install | ||
- cd "{{ peertube_user_path }}/peertube-latest" && yarn install --production --pure-lockfile | ||
- cd "{{ peertube_user_path }}/peertube-latest/client" && yarn install --pure-lockfile |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
--- | ||
|
||
# Configure nodejs | ||
- name: Install apt key | ||
apt_key: | ||
url: '{{ item }}' | ||
state: present | ||
loop: | ||
- https://deb.nodesource.com/gpgkey/nodesource.gpg.key | ||
- https://dl.yarnpkg.com/debian/pubkey.gpg | ||
|
||
- name: Add apt repository | ||
apt_repository: | ||
repo: '{{ item }}' | ||
state: present | ||
filename: nodeandyarnsource | ||
loop: | ||
- deb https://deb.nodesource.com/node_"{{ peertube_nodejs_version }}".x "{{ ansible_distribution_release }}" main | ||
- deb https://dl.yarnpkg.com/debian/ stable main | ||
|
||
- name: Install NodeJS | ||
apt: | ||
update_cache: yes | ||
pkg: nodejs | ||
state: present | ||
|
||
- name: Install dependencies | ||
apt: | ||
name: '{{ item }}' | ||
state: latest | ||
loop: | ||
- curl | ||
- sudo | ||
- unzip | ||
- vim | ||
- nginx | ||
- ffmpeg | ||
- postgresql | ||
- openssl | ||
- g++ | ||
- make | ||
- redis-server | ||
- git | ||
- python-psycopg2 | ||
- build-essential | ||
- apt-transport-https | ||
- python-ruamel.yaml | ||
- yarn |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Default value must be
["{{ inventory_hostname }}"]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By default aliases are not defined, if you have one we do it in the vars of the container.