Prefix variables with peertube_
This commit is contained in:
Mathieu Gauthier-Pilote
parent
4e30f428c1
commit
b6a4b1a0d2
|
|
@ -31,7 +31,7 @@ Exemple de playbook
|
|||
- all
|
||||
vars:
|
||||
# Supplanter ici les variables du rôle
|
||||
domains: ['votre-vrai-domaine.org']
|
||||
peertube_domains: ['votre-vrai-domaine.org']
|
||||
service: 'mon-peertube'
|
||||
|
||||
roles:
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ Example Playbook
|
|||
- all
|
||||
vars:
|
||||
# Overwrite the role variables here
|
||||
domains: ['your-real-domain.org']
|
||||
peertube_domains: ['your-real-domain.org']
|
||||
service: 'my-peertube'
|
||||
|
||||
roles:
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
---
|
||||
# defaults file for vars
|
||||
system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']"
|
||||
version: 'v6.0.1'
|
||||
download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip"
|
||||
domains: ['example.domain.org']
|
||||
certbot_admin_email: 'security@evolix.fr'
|
||||
service_home: '/var/www/peertube'
|
||||
db_host: '127.0.0.1'
|
||||
db_port: '5432'
|
||||
db_name: "{{ service }}"
|
||||
db_user: "{{ service }}"
|
||||
db_password: 'UQ6_CHANGE_ME_Gzb'
|
||||
pt_secret: 'd98a73_CHANGE_ME_c00c7c'
|
||||
pt_host: '127.0.0.1:9000'
|
||||
peertube_system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']"
|
||||
peertube_version: 'v6.0.1'
|
||||
peertube_download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip"
|
||||
peertube_domains: ['example.domain.org']
|
||||
peertube_certbot_admin_email: 'security@evolix.fr'
|
||||
peertube_service_home: '/var/www/peertube'
|
||||
peertube_db_host: '127.0.0.1'
|
||||
peertube_db_port: '5432'
|
||||
peertube_db_name: "{{ service }}"
|
||||
peertube_db_user: "{{ service }}"
|
||||
peertube_db_password: 'UQ6_CHANGE_ME_Gzb'
|
||||
peertube_app_secret: 'd98a73_CHANGE_ME_c00c7c'
|
||||
peertube_app_host: '127.0.0.1:9000'
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
- name: Install main system dependencies
|
||||
apt:
|
||||
name: "{{ system_dep }}"
|
||||
name: "{{ peertube_system_dep }}"
|
||||
update_cache: yes
|
||||
|
||||
- name: Upgrade redis-server to the latest version from bullseye-backports
|
||||
|
|
@ -23,20 +23,20 @@
|
|||
- name: Add UNIX account
|
||||
user:
|
||||
name: "{{ service }}"
|
||||
home: "{{ service_home }}"
|
||||
home: "{{ peertube_service_home }}"
|
||||
shell: /bin/bash
|
||||
|
||||
- name: Add PostgreSQL user
|
||||
postgresql_user:
|
||||
name: "{{ db_user }}"
|
||||
password: "{{ db_password }}"
|
||||
name: "{{ peertube_db_user }}"
|
||||
password: "{{ peertube_db_password }}"
|
||||
no_password_changes: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Add PostgreSQL database
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
owner: "{{ db_user }}"
|
||||
name: "{{ peertube_db_name }}"
|
||||
owner: "{{ peertube_db_user }}"
|
||||
template: template0
|
||||
encoding: UTF-8
|
||||
become_user: postgres
|
||||
|
|
@ -53,14 +53,14 @@
|
|||
|
||||
- name: Unarchive peertube archive
|
||||
unarchive:
|
||||
src: "{{ download_url }}"
|
||||
src: "{{ peertube_download_url }}"
|
||||
dest: ~/versions
|
||||
remote_src: yes
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Symbolic link to unarchived version
|
||||
file:
|
||||
src: "~/versions/peertube-{{ version }}"
|
||||
src: "~/versions/peertube-{{ peertube_version }}"
|
||||
dest: "~/peertube-latest"
|
||||
state: link
|
||||
become_user: "{{ service }}"
|
||||
|
|
@ -97,7 +97,7 @@
|
|||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: Generate certificate only if required (first time)
|
||||
|
|
@ -121,12 +121,12 @@
|
|||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ peertube_certbot_admin_email }} -d {{ peertube_domains |first }}
|
||||
when: ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
|
|
|
|||
|
|
@ -8,24 +8,24 @@
|
|||
|
||||
- name: stat videos
|
||||
stat:
|
||||
path: "{{ service_home }}/storage/videos/"
|
||||
path: "{{ peertube_service_home }}/storage/videos/"
|
||||
register: videos
|
||||
|
||||
- name: Move videos to web-videos (needed when upgrading to version 6)
|
||||
command: "mv {{ service_home }}/storage/videos/{{ service_home }}/storage/web-videos/"
|
||||
command: "mv {{ peertube_service_home }}/storage/videos/{{ peertube_service_home }}/storage/web-videos/"
|
||||
when: videos.stat.exists
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Dump database to a file with compression
|
||||
postgresql_db:
|
||||
name: "{{ db_name }}"
|
||||
name: "{{ peertube_db_name }}"
|
||||
state: dump
|
||||
target: "~/{{ db_name }}.sql.gz"
|
||||
target: "~/{{ peertube_db_name }}.sql.gz"
|
||||
become_user: postgres
|
||||
|
||||
- name: Unarchive new peertube archive
|
||||
unarchive:
|
||||
src: "{{ download_url }}"
|
||||
src: "{{ peertube_download_url }}"
|
||||
dest: ~/versions
|
||||
remote_src: yes
|
||||
become_user: "{{ service }}"
|
||||
|
|
@ -35,13 +35,13 @@
|
|||
path: "{{ item }}"
|
||||
mode: o+rx
|
||||
loop:
|
||||
- "~/versions/peertube-{{ version }}"
|
||||
- "~/versions/peertube-{{ version }}/client"
|
||||
- "~/versions/peertube-{{ peertube_version }}"
|
||||
- "~/versions/peertube-{{ peertube_version }}/client"
|
||||
become_user: "{{ service }}"
|
||||
|
||||
- name: Symbolic link to new version
|
||||
file:
|
||||
src: "~/versions/peertube-{{ version }}"
|
||||
src: "~/versions/peertube-{{ peertube_version }}"
|
||||
dest: "~/peertube-latest"
|
||||
state: link
|
||||
become_user: "{{ service }}"
|
||||
|
|
@ -73,7 +73,7 @@
|
|||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: Retemplate conf file for nginx vhost
|
||||
|
|
@ -92,7 +92,7 @@
|
|||
|
||||
- name: Remove database dump
|
||||
file:
|
||||
path: "~/{{ db_name }}.sql.gz"
|
||||
path: "~/{{ peertube_db_name }}.sql.gz"
|
||||
state: absent
|
||||
become_user: postgres
|
||||
when: keep_db_dump is undefined
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@ After=network.target postgresql.service redis-server.service
|
|||
[Service]
|
||||
Type=simple
|
||||
Environment=NODE_ENV=production
|
||||
Environment=NODE_CONFIG_DIR={{ service_home }}/config
|
||||
Environment=NODE_CONFIG_DIR={{ peertube_service_home }}/config
|
||||
User={{ service }}
|
||||
Group={{ service }}
|
||||
ExecStart=/usr/bin/node dist/server
|
||||
WorkingDirectory={{ service_home }}/peertube-latest
|
||||
WorkingDirectory={{ peertube_service_home }}/peertube-latest
|
||||
SyslogIdentifier=peertube
|
||||
Restart=always
|
||||
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@ listen:
|
|||
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
|
||||
webserver:
|
||||
https: true
|
||||
hostname: '{{ domains| first }}'
|
||||
hostname: '{{ peertube_domains| first }}'
|
||||
port: 443
|
||||
|
||||
# Secrets you need to generate the first time you run PeerTube
|
||||
secrets:
|
||||
# Generate one using `openssl rand -hex 32`
|
||||
peertube: '{{ pt_secret }}'
|
||||
peertube: '{{ peertube_app_secret }}'
|
||||
|
||||
rates_limit:
|
||||
api:
|
||||
|
|
@ -48,13 +48,13 @@ trust_proxy:
|
|||
|
||||
# Your database name will be database.name OR 'peertube'+database.suffix
|
||||
database:
|
||||
hostname: '{{ db_host }}'
|
||||
port: {{ db_port }}
|
||||
hostname: '{{ peertube_db_host }}'
|
||||
port: {{ peertube_db_port }}
|
||||
ssl: false
|
||||
suffix: ''
|
||||
name: '{{ db_name }}'
|
||||
username: '{{ db_user }}'
|
||||
password: '{{ db_password }}'
|
||||
name: '{{ peertube_db_name }}'
|
||||
username: '{{ peertube_db_user }}'
|
||||
password: '{{ peertube_db_password }}'
|
||||
pool:
|
||||
max: 5
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ domains | first }};
|
||||
server_name {{ peertube_domains | first }};
|
||||
|
||||
# For certbot
|
||||
location ~ /.well-known/acme-challenge {
|
||||
|
|
@ -20,14 +20,14 @@ server {
|
|||
}
|
||||
|
||||
upstream backend {
|
||||
server {{ pt_host }};
|
||||
server {{ peertube_app_host }};
|
||||
}
|
||||
|
||||
{% if ssl.stat.exists %}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name {{ domains | first }};
|
||||
server_name {{ peertube_domains | first }};
|
||||
|
||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
error_log /var/log/nginx/{{ service }}.error.log;
|
||||
|
|
@ -43,8 +43,8 @@ server {
|
|||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ peertube_domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ peertube_domains | first }}/privkey.pem;
|
||||
|
||||
##
|
||||
# Security hardening (as of Nov 15, 2020)
|
||||
|
|
@ -156,7 +156,7 @@ server {
|
|||
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
||||
##
|
||||
|
||||
root {{ service_home }}/storage;
|
||||
root {{ peertube_service_home }}/storage;
|
||||
|
||||
# Enable compression for JS/CSS/HTML, for improved client load times.
|
||||
# It might be nice to compress JSON/XML as returned by the API, but
|
||||
|
|
@ -194,7 +194,7 @@ server {
|
|||
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
root {{ service_home }};
|
||||
root {{ peertube_service_home }};
|
||||
|
||||
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
||||
}
|
||||
|
|
@ -203,7 +203,7 @@ server {
|
|||
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
alias {{ service_home }}/peertube-latest/client/dist/$1;
|
||||
alias {{ peertube_service_home }}/peertube-latest/client/dist/$1;
|
||||
}
|
||||
|
||||
location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
|
||||
|
|
|
|||
Loading…
Reference in a new issue