From b6a4b1a0d2df94338eeb9af485308a287aa2baac Mon Sep 17 00:00:00 2001 From: Mathieu Gauthier-Pilote Date: Thu, 9 May 2024 16:00:05 -0400 Subject: [PATCH] Prefix variables with peertube_ --- webapps/peertube/LISEZMOI.md | 2 +- webapps/peertube/README.md | 2 +- webapps/peertube/defaults/main.yml | 26 +++++++++---------- webapps/peertube/tasks/main.yml | 22 ++++++++-------- webapps/peertube/tasks/upgrade.yml | 20 +++++++------- .../peertube/templates/peertube.service.j2 | 4 +-- webapps/peertube/templates/production.yaml.j2 | 14 +++++----- webapps/peertube/templates/vhost.conf.j2 | 16 ++++++------ 8 files changed, 53 insertions(+), 53 deletions(-) diff --git a/webapps/peertube/LISEZMOI.md b/webapps/peertube/LISEZMOI.md index 28c3068f..9567730d 100644 --- a/webapps/peertube/LISEZMOI.md +++ b/webapps/peertube/LISEZMOI.md @@ -31,7 +31,7 @@ Exemple de playbook - all vars: # Supplanter ici les variables du rĂ´le - domains: ['votre-vrai-domaine.org'] + peertube_domains: ['votre-vrai-domaine.org'] service: 'mon-peertube' roles: diff --git a/webapps/peertube/README.md b/webapps/peertube/README.md index d022a374..4f00dd9d 100644 --- a/webapps/peertube/README.md +++ b/webapps/peertube/README.md @@ -31,7 +31,7 @@ Example Playbook - all vars: # Overwrite the role variables here - domains: ['your-real-domain.org'] + peertube_domains: ['your-real-domain.org'] service: 'my-peertube' roles: diff --git a/webapps/peertube/defaults/main.yml b/webapps/peertube/defaults/main.yml index fc33feed..654b9bd1 100644 --- a/webapps/peertube/defaults/main.yml +++ b/webapps/peertube/defaults/main.yml @@ -1,15 +1,15 @@ --- # defaults file for vars -system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']" -version: 'v6.0.1' -download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip" -domains: ['example.domain.org'] -certbot_admin_email: 'security@evolix.fr' -service_home: '/var/www/peertube' -db_host: '127.0.0.1' -db_port: '5432' -db_name: "{{ service }}" -db_user: "{{ service }}" -db_password: 'UQ6_CHANGE_ME_Gzb' -pt_secret: 'd98a73_CHANGE_ME_c00c7c' -pt_host: '127.0.0.1:9000' +peertube_system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']" +peertube_version: 'v6.0.1' +peertube_download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip" +peertube_domains: ['example.domain.org'] +peertube_certbot_admin_email: 'security@evolix.fr' +peertube_service_home: '/var/www/peertube' +peertube_db_host: '127.0.0.1' +peertube_db_port: '5432' +peertube_db_name: "{{ service }}" +peertube_db_user: "{{ service }}" +peertube_db_password: 'UQ6_CHANGE_ME_Gzb' +peertube_app_secret: 'd98a73_CHANGE_ME_c00c7c' +peertube_app_host: '127.0.0.1:9000' diff --git a/webapps/peertube/tasks/main.yml b/webapps/peertube/tasks/main.yml index 8a24eebf..9e8ffa46 100644 --- a/webapps/peertube/tasks/main.yml +++ b/webapps/peertube/tasks/main.yml @@ -8,7 +8,7 @@ - name: Install main system dependencies apt: - name: "{{ system_dep }}" + name: "{{ peertube_system_dep }}" update_cache: yes - name: Upgrade redis-server to the latest version from bullseye-backports @@ -23,20 +23,20 @@ - name: Add UNIX account user: name: "{{ service }}" - home: "{{ service_home }}" + home: "{{ peertube_service_home }}" shell: /bin/bash - name: Add PostgreSQL user postgresql_user: - name: "{{ db_user }}" - password: "{{ db_password }}" + name: "{{ peertube_db_user }}" + password: "{{ peertube_db_password }}" no_password_changes: true become_user: postgres - name: Add PostgreSQL database postgresql_db: - name: "{{ db_name }}" - owner: "{{ db_user }}" + name: "{{ peertube_db_name }}" + owner: "{{ peertube_db_user }}" template: template0 encoding: UTF-8 become_user: postgres @@ -53,14 +53,14 @@ - name: Unarchive peertube archive unarchive: - src: "{{ download_url }}" + src: "{{ peertube_download_url }}" dest: ~/versions remote_src: yes become_user: "{{ service }}" - name: Symbolic link to unarchived version file: - src: "~/versions/peertube-{{ version }}" + src: "~/versions/peertube-{{ peertube_version }}" dest: "~/peertube-latest" state: link become_user: "{{ service }}" @@ -97,7 +97,7 @@ - name: Check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem" register: ssl - name: Generate certificate only if required (first time) @@ -121,12 +121,12 @@ state: directory mode: '0755' - name: Generate certificate with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }} + shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ peertube_certbot_admin_email }} -d {{ peertube_domains |first }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem" register: ssl - name: (Re)template conf file for nginx vhost with SSL diff --git a/webapps/peertube/tasks/upgrade.yml b/webapps/peertube/tasks/upgrade.yml index ec7f7098..1da15bc3 100644 --- a/webapps/peertube/tasks/upgrade.yml +++ b/webapps/peertube/tasks/upgrade.yml @@ -8,24 +8,24 @@ - name: stat videos stat: - path: "{{ service_home }}/storage/videos/" + path: "{{ peertube_service_home }}/storage/videos/" register: videos - name: Move videos to web-videos (needed when upgrading to version 6) - command: "mv {{ service_home }}/storage/videos/{{ service_home }}/storage/web-videos/" + command: "mv {{ peertube_service_home }}/storage/videos/{{ peertube_service_home }}/storage/web-videos/" when: videos.stat.exists become_user: "{{ service }}" - name: Dump database to a file with compression postgresql_db: - name: "{{ db_name }}" + name: "{{ peertube_db_name }}" state: dump - target: "~/{{ db_name }}.sql.gz" + target: "~/{{ peertube_db_name }}.sql.gz" become_user: postgres - name: Unarchive new peertube archive unarchive: - src: "{{ download_url }}" + src: "{{ peertube_download_url }}" dest: ~/versions remote_src: yes become_user: "{{ service }}" @@ -35,13 +35,13 @@ path: "{{ item }}" mode: o+rx loop: - - "~/versions/peertube-{{ version }}" - - "~/versions/peertube-{{ version }}/client" + - "~/versions/peertube-{{ peertube_version }}" + - "~/versions/peertube-{{ peertube_version }}/client" become_user: "{{ service }}" - name: Symbolic link to new version file: - src: "~/versions/peertube-{{ version }}" + src: "~/versions/peertube-{{ peertube_version }}" dest: "~/peertube-latest" state: link become_user: "{{ service }}" @@ -73,7 +73,7 @@ - name: Check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem" register: ssl - name: Retemplate conf file for nginx vhost @@ -92,7 +92,7 @@ - name: Remove database dump file: - path: "~/{{ db_name }}.sql.gz" + path: "~/{{ peertube_db_name }}.sql.gz" state: absent become_user: postgres when: keep_db_dump is undefined diff --git a/webapps/peertube/templates/peertube.service.j2 b/webapps/peertube/templates/peertube.service.j2 index 339b9657..900219e1 100644 --- a/webapps/peertube/templates/peertube.service.j2 +++ b/webapps/peertube/templates/peertube.service.j2 @@ -5,11 +5,11 @@ After=network.target postgresql.service redis-server.service [Service] Type=simple Environment=NODE_ENV=production -Environment=NODE_CONFIG_DIR={{ service_home }}/config +Environment=NODE_CONFIG_DIR={{ peertube_service_home }}/config User={{ service }} Group={{ service }} ExecStart=/usr/bin/node dist/server -WorkingDirectory={{ service_home }}/peertube-latest +WorkingDirectory={{ peertube_service_home }}/peertube-latest SyslogIdentifier=peertube Restart=always diff --git a/webapps/peertube/templates/production.yaml.j2 b/webapps/peertube/templates/production.yaml.j2 index ffbd133f..68deb65a 100644 --- a/webapps/peertube/templates/production.yaml.j2 +++ b/webapps/peertube/templates/production.yaml.j2 @@ -5,13 +5,13 @@ listen: # Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL) webserver: https: true - hostname: '{{ domains| first }}' + hostname: '{{ peertube_domains| first }}' port: 443 # Secrets you need to generate the first time you run PeerTube secrets: # Generate one using `openssl rand -hex 32` - peertube: '{{ pt_secret }}' + peertube: '{{ peertube_app_secret }}' rates_limit: api: @@ -48,13 +48,13 @@ trust_proxy: # Your database name will be database.name OR 'peertube'+database.suffix database: - hostname: '{{ db_host }}' - port: {{ db_port }} + hostname: '{{ peertube_db_host }}' + port: {{ peertube_db_port }} ssl: false suffix: '' - name: '{{ db_name }}' - username: '{{ db_user }}' - password: '{{ db_password }}' + name: '{{ peertube_db_name }}' + username: '{{ peertube_db_user }}' + password: '{{ peertube_db_password }}' pool: max: 5 diff --git a/webapps/peertube/templates/vhost.conf.j2 b/webapps/peertube/templates/vhost.conf.j2 index cbcce978..4b5c99af 100644 --- a/webapps/peertube/templates/vhost.conf.j2 +++ b/webapps/peertube/templates/vhost.conf.j2 @@ -6,7 +6,7 @@ server { listen 80; listen [::]:80; - server_name {{ domains | first }}; + server_name {{ peertube_domains | first }}; # For certbot location ~ /.well-known/acme-challenge { @@ -20,14 +20,14 @@ server { } upstream backend { - server {{ pt_host }}; + server {{ peertube_app_host }}; } {% if ssl.stat.exists %} server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ domains | first }}; + server_name {{ peertube_domains | first }}; access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m error_log /var/log/nginx/{{ service }}.error.log; @@ -43,8 +43,8 @@ server { # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## - ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ peertube_domains | first }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ peertube_domains | first }}/privkey.pem; ## # Security hardening (as of Nov 15, 2020) @@ -156,7 +156,7 @@ server { # For extra performance please refer to https://github.com/denji/nginx-tuning ## - root {{ service_home }}/storage; + root {{ peertube_service_home }}/storage; # Enable compression for JS/CSS/HTML, for improved client load times. # It might be nice to compress JSON/XML as returned by the API, but @@ -194,7 +194,7 @@ server { location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ { add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year - root {{ service_home }}; + root {{ peertube_service_home }}; try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api; } @@ -203,7 +203,7 @@ server { location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ { add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year - alias {{ service_home }}/peertube-latest/client/dist/$1; + alias {{ peertube_service_home }}/peertube-latest/client/dist/$1; } location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {