Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install buster #1

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
121 changes: 118 additions & 3 deletions defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,126 @@
---
# defaults file for peertube
peertube_tld: localhost
peertube_tld: '{{ inventory_hostname }}'
#peertube_alias: []
Copy link
Member

@andrespias andrespias Jun 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default value must be ["{{ inventory_hostname }}"]

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default aliases are not defined, if you have one we do it in the vars of the container.

peertube_user: peertube
peertube_group: peertube
peertube_version: v1.0.0-beta.3
peertube_user_path: /var/www/peertube
peertube_proxy_handle_https: no
peertube_proxy_ips: []

peertube_trust_proxy:
- loopback
peertube_dbuser_password: "{{ lookup('password', 'credentials/peertube/db-' + inventory_hostname) }}"
peertube_user_password_hashed: "{{ lookup('password', 'credentials/peertube/user-' + inventory_hostname) |password_hash('sha512') }}"
peertube_web_admin_password: "{{ lookup('password', 'credentials/peertube/web-admin-' + inventory_hostname) }}"
peertube_admin_email: '[email protected]'
peertube_db: peertube
peertube_dbuser: peertube
peertube_theme: default
#Version 9 from Stretch and 12 from Buster
peertube_nodejs_version: 12
peertube_listen:
hostname: localhost
port: 9000

peertube_webserver:
https: true
hostname: '{{ peertube_tld }}'
port: 443

peertube_database:
hostname: 'localhost'
port: 5432
ssl: false
suffix: '_prod'
username: '{{ peertube_dbuser }}'
password: '{{ peertube_dbuser_password }}'
pool:
max: 5

peertube_storage:
tmp: '/tmp/'
avatars: '/avatars/'
videos: '/videos/'
streaming_playlists: '/streaming_playlists/'
redundancy: '/redundancy/'
logs: '/logs/'
previews: '/previews/'
thumbnails: '/thumbnails/'
torrents: '/torrents/'
captions: '/captions/'
cache: '/cache/'
plugins: '/plugin/'
client_overrides: '/client_overrides/'

peertube_smtp:
transport: smtp
sendmail: null
hostname: correo.com
port: 465
username: [email protected]
password:
tls: true
disable_starttls: false
ca_file: null
from_address:

peertube_ldap:
# url: "ldaps://ldap.com.yy:636"
# weight: "100"
# bind_dn: "cn=admin,ou=group,dc=ldap,dc=com,dc=yy"
# custom_ca: ""
# search_base: "ou=group,dc=ldap,dc=com,dc=yy"
# group_filter: !unsafe "(member={{dn}})"
# insecure_tls: false
# mail_property: "mail"
# search_filter: !unsafe "(cn={{username}})"
# bind_credentials: "xxxxx"
# username_property: "cn"

#If insecure_tls: true
#peertube_ldap_url: ldap.com.yy
#peertube_tls_cert_src: /home/cert/fullchain.pem
#peertube_tls_cert_dest: /var/www/peertube/config/fullchain.pem

peertube_instance:
name: 'Peertube'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: 'Welcome to this PeerTube instance!'
terms: 'No terms for now.'
code_of_conduct:
creation_reason: ''
administrator: ''
maintenance_lifetime: ''
moderation_information: ''
business_model: ''
hardware_information: ''

peertube_live:
enabled: true
max_duration: -1
max_instance_lives: 20
max_user_lives: 3
allow_replay: true
rtmp:
port: 1935
transcoding:
enabled: true
threads: 2
resolutions:
very_small: false #240p
small: false #360p
normal: false #480p
standard: false #720p
hd: false #1080p
full_hd: false #2160p

peertube_plugins:
andrespias marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default value should be [] otherwise the role fails with this:

TASK [udelarinterior.peertube : Install plugins npm package] ****************************************************************************************************
task path: /home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/install_configure_peertube.yml:91
fatal: [pericon.interior.edu.uy]: FAILED! => {"msg": "Invalid data passed to 'loop', it requires a list, got this instead: None. Hint: If you passed a list/dict of just one element, try adding wantlist=True to your lookup invocation or use q/query instead of lookup."}

Copy link
Member Author

@tricovictor tricovictor Jun 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added here

# - peertube-plugin-auth-ldap
# - peertube-plugin-bittube-logo-favicon
# - peertube-theme-noussommes

peertube_sql_extras:
- sentences.sql

peertube_video_quota: -1
peertube_video_quota_daily: -1
1 change: 1 addition & 0 deletions meta/.galaxy_install_info
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{install_date: 'Mon May 3 18:36:23 2021', version: install_buster}
3 changes: 1 addition & 2 deletions meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,4 @@ galaxy_info:
- web
- peertube

dependencies:
- kwoodson.yedit
dependencies: []
34 changes: 34 additions & 0 deletions tasks/certbot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@

- name: Install certbot
apt:
pkg: python-certbot-nginx
state: latest
register: certbot_installed
when: peertube_proxy_handle_https != 'yes'

- name: Install Letsencrypt certificate
shell: |
certbot certonly -n \
--authenticator standalone \
--installer nginx \
-d {{ peertube_tld }} \
{% for item in peertube_alias %} -d {{ item }}{% endfor %} \
-m {{ peertube_admin_email }} \
--agree-tos \
--pre-hook "systemctl stop nginx" \
--post-hook "systemctl start nginx"
when:
- certbot_installed is changed
- peertube_proxy_handle_https != 'yes'

- name: Insert Let's encrypt certificates in nginx
blockinfile:
dest: /etc/nginx/sites-available/peertube
marker: " # {mark} let's encrypt configuration"
block: |2-
ssl_certificate /etc/letsencrypt/live/{{ peertube_tld }}/cert.pem;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must to use fullchain.pem por federeation instead of cert.pem

ssl_certificate_key /etc/letsencrypt/live/{{ peertube_tld }}/privkey.pem;
insertbefore: ".*# Security hardening.*"
state: present
when: peertube_proxy_handle_https != 'yes'
notify: reload nginx
42 changes: 42 additions & 0 deletions tasks/copy_ldap_key_tls.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@


- name: USER | Create SSH key on ldap server
user:
name: root
generate_ssh_key: yes
ssh_key_bits: "{{ peertube_ssh_key_bits | default (omit) }}"
ssh_key_comment: "root@{{ inventory_hostname }}"
delegate_to: '{{ peertube_ldap_url }}'

- name: COMMAND | Extract SSH ldap server pub key
command: "cat /root/.ssh/id_rsa.pub"
register: cat
changed_when: false
delegate_to: "{{ peertube_ldap_url }}"

- name: Add SSH server pub key to peertube
authorized_key:
user: root
state: present
key: "{{ cat.stdout }}"

- name: SHELL | ssh public key of peertube
shell: "ssh-keyscan {{ inventory_hostname }}"
register: ssh_known_host_results
ignore_errors: yes
delegate_to: "{{ peertube_ldap_url }}"
become_user: root

- name: KNOWN_HOSTS | add or update client key to known_hosts in server
known_hosts:
path: '/root/.ssh/known_hosts'
name: "{{ inventory_hostname }}"
key: "{{ ssh_known_host_results.stdout }}"
state: present
delegate_to: "{{ peertube_ldap_url }}"
become_user: root

- name: Copy the file certtificate
become: True
shell: "rsync -arvz {{ peertube_tls_cert_src }} root@{{ inventory_hostname }}:{{ peertube_tls_cert_dest }}"
delegate_to: '{{ peertube_ldap_url }}'
119 changes: 119 additions & 0 deletions tasks/install_configure_peertube.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@

- name: Add peertube user
user:
name: '{{ peertube_user }}'
home: "{{ peertube_user_path }}"
shell: /bin/bash
password: "{{ peertube_user_password_hashed }}"

- name: Create required directories
file:
path: "{{ peertube_user_path }}/{{ item }}"
state: directory
owner: '{{ peertube_user }}'
group: '{{ peertube_group }}'
mode: 0755
loop:
- config
- storage
- versions

- stat: path={{ peertube_user_path }}/versions/peertube-{{ peertube_version }}
register: peertube_version_dir

- name: Download and extract Peertube
unarchive:
src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.zip"
dest: "{{ peertube_user_path }}/versions"
remote_src: yes
owner: '{{ peertube_user }}'
group: '{{ peertube_group }}'
when: peertube_version_dir.stat.exists == False
register: fresh_install

- stat: path={{ peertube_user_path }}/peertube-latest
register: peertube_latest_dir

- name: Create symlink peertube-latest
file:
src: "{{ peertube_user_path }}/versions/peertube-{{ peertube_version }}"
dest: "{{ peertube_user_path }}/peertube-latest"
state: link
owner: '{{ peertube_user }}'
group: '{{ peertube_group }}'
when: peertube_latest_dir.stat.exists == False

- name: Change owner of all peertube directories # seems setting owner on unarchive is not enough…
file:
path: "{{ peertube_user_path }}"
owner: '{{ peertube_user }}'
group: '{{ peertube_group }}'
recurse: yes

- name: Copy configuration peertube
template:
src: "production.yaml.j2"
dest: '{{ peertube_user_path }}/config/production.yaml'
owner: '{{ peertube_user }}'
group: '{{ peertube_group }}'
mode: 0644
notify:
- restart peertube daemon

- name: Install Stretch backports repo
apt_repository:
repo: deb http://ftp.debian.org/debian stretch-backports main
state: present
when:
- (ansible_distribution_major_version == "9")
register: backports_installed

- name: Change apt_preference
copy:
content: 'APT::Default-Release "stable";'
dest: /etc/apt/apt.conf.d/99apt_default
mode: 644
when: backports_installed is changed

- name: Install Peertube daemon
template:
src: peertube.service
dest: /etc/systemd/system/
notify:
- install peertube daemon

- name: Enabled service Peertube
service:
name: peertube
enabled: yes
notify: install peertube daemon

- name: Install plugins npm package
shell: cd {{ peertube_user_path }}/peertube-latest && sudo -u peertube NODE_CONFIG_DIR={{ peertube_user_path }}/config NODE_ENV=production npm run plugin:install -- --npm-name {{ item }}
loop: "{{ peertube_plugins }}"

- name: Copy additional SQL queries
template:
src: sql/{{ item }}
dest: /tmp/{{ item }}
owner: '{{ peertube_user }}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is {{ peertube_postgres_user }}, does it ?? and wihout group..

group: '{{ peertube_group }}'
mode: 0755
loop: "{{ peertube_sql_extras }}"

- name: Run additional SQL queries
become: yes
become_user: '{{ postgres_user }}'
command: psql -d peertube_prod -U postgres -f '/tmp/{{ item }}'
loop: "{{ peertube_sql_extras }}"
notify: restart peertube daemon

- name: Update dependencies
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To keep the logic of the original role we can add a when: fresh_install is changed here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added here

become: true
become_user: '{{ peertube_user }}'
shell: '{{ item }}'
loop:
- cd "{{ peertube_user_path }}/peertube-latest" && npm install
- cd "{{ peertube_user_path }}/peertube-latest/client" && npm install
- cd "{{ peertube_user_path }}/peertube-latest" && yarn install --production --pure-lockfile
- cd "{{ peertube_user_path }}/peertube-latest/client" && yarn install --pure-lockfile
48 changes: 48 additions & 0 deletions tasks/install_dependencies.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---

# Configure nodejs
- name: Install apt key
apt_key:
url: '{{ item }}'
state: present
loop:
- https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- https://dl.yarnpkg.com/debian/pubkey.gpg

- name: Add apt repository
apt_repository:
repo: '{{ item }}'
state: present
filename: nodeandyarnsource
loop:
- deb https://deb.nodesource.com/node_"{{ peertube_nodejs_version }}".x "{{ ansible_distribution_release }}" main
- deb https://dl.yarnpkg.com/debian/ stable main

- name: Install NodeJS
apt:
update_cache: yes
pkg: nodejs
state: present

- name: Install dependencies
apt:
name: '{{ item }}'
state: latest
loop:
- curl
- sudo
- unzip
- vim
- nginx
- ffmpeg
- postgresql
- openssl
- g++
- make
- redis-server
- git
- python-psycopg2
- build-essential
- apt-transport-https
- python-ruamel.yaml
- yarn
Loading