Prefix variables with peertube_
This commit is contained in:
parent
4e30f428c1
commit
b6a4b1a0d2
|
@ -31,7 +31,7 @@ Exemple de playbook
|
||||||
- all
|
- all
|
||||||
vars:
|
vars:
|
||||||
# Supplanter ici les variables du rôle
|
# Supplanter ici les variables du rôle
|
||||||
domains: ['votre-vrai-domaine.org']
|
peertube_domains: ['votre-vrai-domaine.org']
|
||||||
service: 'mon-peertube'
|
service: 'mon-peertube'
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -31,7 +31,7 @@ Example Playbook
|
||||||
- all
|
- all
|
||||||
vars:
|
vars:
|
||||||
# Overwrite the role variables here
|
# Overwrite the role variables here
|
||||||
domains: ['your-real-domain.org']
|
peertube_domains: ['your-real-domain.org']
|
||||||
service: 'my-peertube'
|
service: 'my-peertube'
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
---
|
---
|
||||||
# defaults file for vars
|
# defaults file for vars
|
||||||
system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']"
|
peertube_system_dep: "['curl', 'python3-dev', 'python-is-python3', 'python3-psycopg2','certbot', 'nginx', 'ffmpeg', 'postgresql', 'postgresql-contrib', 'openssl', 'g++', 'make', 'redis-server', 'git', 'unzip', 'acl']"
|
||||||
version: 'v6.0.1'
|
peertube_version: 'v6.0.1'
|
||||||
download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip"
|
peertube_download_url: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ version }}/peertube-{{ version }}.zip"
|
||||||
domains: ['example.domain.org']
|
peertube_domains: ['example.domain.org']
|
||||||
certbot_admin_email: 'security@evolix.fr'
|
peertube_certbot_admin_email: 'security@evolix.fr'
|
||||||
service_home: '/var/www/peertube'
|
peertube_service_home: '/var/www/peertube'
|
||||||
db_host: '127.0.0.1'
|
peertube_db_host: '127.0.0.1'
|
||||||
db_port: '5432'
|
peertube_db_port: '5432'
|
||||||
db_name: "{{ service }}"
|
peertube_db_name: "{{ service }}"
|
||||||
db_user: "{{ service }}"
|
peertube_db_user: "{{ service }}"
|
||||||
db_password: 'UQ6_CHANGE_ME_Gzb'
|
peertube_db_password: 'UQ6_CHANGE_ME_Gzb'
|
||||||
pt_secret: 'd98a73_CHANGE_ME_c00c7c'
|
peertube_app_secret: 'd98a73_CHANGE_ME_c00c7c'
|
||||||
pt_host: '127.0.0.1:9000'
|
peertube_app_host: '127.0.0.1:9000'
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
- name: Install main system dependencies
|
- name: Install main system dependencies
|
||||||
apt:
|
apt:
|
||||||
name: "{{ system_dep }}"
|
name: "{{ peertube_system_dep }}"
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: Upgrade redis-server to the latest version from bullseye-backports
|
- name: Upgrade redis-server to the latest version from bullseye-backports
|
||||||
|
@ -23,20 +23,20 @@
|
||||||
- name: Add UNIX account
|
- name: Add UNIX account
|
||||||
user:
|
user:
|
||||||
name: "{{ service }}"
|
name: "{{ service }}"
|
||||||
home: "{{ service_home }}"
|
home: "{{ peertube_service_home }}"
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
|
|
||||||
- name: Add PostgreSQL user
|
- name: Add PostgreSQL user
|
||||||
postgresql_user:
|
postgresql_user:
|
||||||
name: "{{ db_user }}"
|
name: "{{ peertube_db_user }}"
|
||||||
password: "{{ db_password }}"
|
password: "{{ peertube_db_password }}"
|
||||||
no_password_changes: true
|
no_password_changes: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
- name: Add PostgreSQL database
|
- name: Add PostgreSQL database
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: "{{ db_name }}"
|
name: "{{ peertube_db_name }}"
|
||||||
owner: "{{ db_user }}"
|
owner: "{{ peertube_db_user }}"
|
||||||
template: template0
|
template: template0
|
||||||
encoding: UTF-8
|
encoding: UTF-8
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
@ -53,14 +53,14 @@
|
||||||
|
|
||||||
- name: Unarchive peertube archive
|
- name: Unarchive peertube archive
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "{{ download_url }}"
|
src: "{{ peertube_download_url }}"
|
||||||
dest: ~/versions
|
dest: ~/versions
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
|
||||||
- name: Symbolic link to unarchived version
|
- name: Symbolic link to unarchived version
|
||||||
file:
|
file:
|
||||||
src: "~/versions/peertube-{{ version }}"
|
src: "~/versions/peertube-{{ peertube_version }}"
|
||||||
dest: "~/peertube-latest"
|
dest: "~/peertube-latest"
|
||||||
state: link
|
state: link
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
@ -97,7 +97,7 @@
|
||||||
|
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
stat:
|
stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: Generate certificate only if required (first time)
|
- name: Generate certificate only if required (first time)
|
||||||
|
@ -121,12 +121,12 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ peertube_certbot_admin_email }} -d {{ peertube_domains |first }}
|
||||||
when: ssl.stat.exists != true
|
when: ssl.stat.exists != true
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
stat:
|
stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: (Re)template conf file for nginx vhost with SSL
|
- name: (Re)template conf file for nginx vhost with SSL
|
||||||
|
|
|
@ -8,24 +8,24 @@
|
||||||
|
|
||||||
- name: stat videos
|
- name: stat videos
|
||||||
stat:
|
stat:
|
||||||
path: "{{ service_home }}/storage/videos/"
|
path: "{{ peertube_service_home }}/storage/videos/"
|
||||||
register: videos
|
register: videos
|
||||||
|
|
||||||
- name: Move videos to web-videos (needed when upgrading to version 6)
|
- name: Move videos to web-videos (needed when upgrading to version 6)
|
||||||
command: "mv {{ service_home }}/storage/videos/{{ service_home }}/storage/web-videos/"
|
command: "mv {{ peertube_service_home }}/storage/videos/{{ peertube_service_home }}/storage/web-videos/"
|
||||||
when: videos.stat.exists
|
when: videos.stat.exists
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
|
||||||
- name: Dump database to a file with compression
|
- name: Dump database to a file with compression
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: "{{ db_name }}"
|
name: "{{ peertube_db_name }}"
|
||||||
state: dump
|
state: dump
|
||||||
target: "~/{{ db_name }}.sql.gz"
|
target: "~/{{ peertube_db_name }}.sql.gz"
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
- name: Unarchive new peertube archive
|
- name: Unarchive new peertube archive
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "{{ download_url }}"
|
src: "{{ peertube_download_url }}"
|
||||||
dest: ~/versions
|
dest: ~/versions
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
@ -35,13 +35,13 @@
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
mode: o+rx
|
mode: o+rx
|
||||||
loop:
|
loop:
|
||||||
- "~/versions/peertube-{{ version }}"
|
- "~/versions/peertube-{{ peertube_version }}"
|
||||||
- "~/versions/peertube-{{ version }}/client"
|
- "~/versions/peertube-{{ peertube_version }}/client"
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
|
||||||
- name: Symbolic link to new version
|
- name: Symbolic link to new version
|
||||||
file:
|
file:
|
||||||
src: "~/versions/peertube-{{ version }}"
|
src: "~/versions/peertube-{{ peertube_version }}"
|
||||||
dest: "~/peertube-latest"
|
dest: "~/peertube-latest"
|
||||||
state: link
|
state: link
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
@ -73,7 +73,7 @@
|
||||||
|
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
stat:
|
stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ peertube_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: Retemplate conf file for nginx vhost
|
- name: Retemplate conf file for nginx vhost
|
||||||
|
@ -92,7 +92,7 @@
|
||||||
|
|
||||||
- name: Remove database dump
|
- name: Remove database dump
|
||||||
file:
|
file:
|
||||||
path: "~/{{ db_name }}.sql.gz"
|
path: "~/{{ peertube_db_name }}.sql.gz"
|
||||||
state: absent
|
state: absent
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
when: keep_db_dump is undefined
|
when: keep_db_dump is undefined
|
||||||
|
|
|
@ -5,11 +5,11 @@ After=network.target postgresql.service redis-server.service
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
Environment=NODE_ENV=production
|
Environment=NODE_ENV=production
|
||||||
Environment=NODE_CONFIG_DIR={{ service_home }}/config
|
Environment=NODE_CONFIG_DIR={{ peertube_service_home }}/config
|
||||||
User={{ service }}
|
User={{ service }}
|
||||||
Group={{ service }}
|
Group={{ service }}
|
||||||
ExecStart=/usr/bin/node dist/server
|
ExecStart=/usr/bin/node dist/server
|
||||||
WorkingDirectory={{ service_home }}/peertube-latest
|
WorkingDirectory={{ peertube_service_home }}/peertube-latest
|
||||||
SyslogIdentifier=peertube
|
SyslogIdentifier=peertube
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
|
|
|
@ -5,13 +5,13 @@ listen:
|
||||||
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
|
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
|
||||||
webserver:
|
webserver:
|
||||||
https: true
|
https: true
|
||||||
hostname: '{{ domains| first }}'
|
hostname: '{{ peertube_domains| first }}'
|
||||||
port: 443
|
port: 443
|
||||||
|
|
||||||
# Secrets you need to generate the first time you run PeerTube
|
# Secrets you need to generate the first time you run PeerTube
|
||||||
secrets:
|
secrets:
|
||||||
# Generate one using `openssl rand -hex 32`
|
# Generate one using `openssl rand -hex 32`
|
||||||
peertube: '{{ pt_secret }}'
|
peertube: '{{ peertube_app_secret }}'
|
||||||
|
|
||||||
rates_limit:
|
rates_limit:
|
||||||
api:
|
api:
|
||||||
|
@ -48,13 +48,13 @@ trust_proxy:
|
||||||
|
|
||||||
# Your database name will be database.name OR 'peertube'+database.suffix
|
# Your database name will be database.name OR 'peertube'+database.suffix
|
||||||
database:
|
database:
|
||||||
hostname: '{{ db_host }}'
|
hostname: '{{ peertube_db_host }}'
|
||||||
port: {{ db_port }}
|
port: {{ peertube_db_port }}
|
||||||
ssl: false
|
ssl: false
|
||||||
suffix: ''
|
suffix: ''
|
||||||
name: '{{ db_name }}'
|
name: '{{ peertube_db_name }}'
|
||||||
username: '{{ db_user }}'
|
username: '{{ peertube_db_user }}'
|
||||||
password: '{{ db_password }}'
|
password: '{{ peertube_db_password }}'
|
||||||
pool:
|
pool:
|
||||||
max: 5
|
max: 5
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name {{ domains | first }};
|
server_name {{ peertube_domains | first }};
|
||||||
|
|
||||||
# For certbot
|
# For certbot
|
||||||
location ~ /.well-known/acme-challenge {
|
location ~ /.well-known/acme-challenge {
|
||||||
|
@ -20,14 +20,14 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
upstream backend {
|
upstream backend {
|
||||||
server {{ pt_host }};
|
server {{ peertube_app_host }};
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if ssl.stat.exists %}
|
{% if ssl.stat.exists %}
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
server_name {{ domains | first }};
|
server_name {{ peertube_domains | first }};
|
||||||
|
|
||||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||||
error_log /var/log/nginx/{{ service }}.error.log;
|
error_log /var/log/nginx/{{ service }}.error.log;
|
||||||
|
@ -43,8 +43,8 @@ server {
|
||||||
# Certificates
|
# Certificates
|
||||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||||
##
|
##
|
||||||
ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ peertube_domains | first }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ peertube_domains | first }}/privkey.pem;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Security hardening (as of Nov 15, 2020)
|
# Security hardening (as of Nov 15, 2020)
|
||||||
|
@ -156,7 +156,7 @@ server {
|
||||||
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
||||||
##
|
##
|
||||||
|
|
||||||
root {{ service_home }}/storage;
|
root {{ peertube_service_home }}/storage;
|
||||||
|
|
||||||
# Enable compression for JS/CSS/HTML, for improved client load times.
|
# Enable compression for JS/CSS/HTML, for improved client load times.
|
||||||
# It might be nice to compress JSON/XML as returned by the API, but
|
# It might be nice to compress JSON/XML as returned by the API, but
|
||||||
|
@ -194,7 +194,7 @@ server {
|
||||||
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
|
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
|
||||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||||
|
|
||||||
root {{ service_home }};
|
root {{ peertube_service_home }};
|
||||||
|
|
||||||
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
||||||
}
|
}
|
||||||
|
@ -203,7 +203,7 @@ server {
|
||||||
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
||||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||||
|
|
||||||
alias {{ service_home }}/peertube-latest/client/dist/$1;
|
alias {{ peertube_service_home }}/peertube-latest/client/dist/$1;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
|
location ~ ^(/static/(webseed|web-videos|streaming-playlists/hls)/private/)|^/download {
|
||||||
|
|
Loading…
Reference in a new issue