Added peertube role

Not finished, I got to webapps/peertube/tasks/postgres-user.yml
before committing what I'd done.

webapps/peertube/README.md

@@ -0,0 +1,10 @@
+# Peertube
+
+This depends on the following roles
+
+ - certbot
+ - evolinux-base
+ - nginx
+ - nodejs
+ - postgresql
+ - redis

webapps/peertube/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+peertube_version: "latest-24"
+peertube_archive_name: "{{ peertube_version }}.tar.bz2"
+peertube_releases_baseurl: ""
+
+peertube_instance_name: "peertube"
+peertube_user: "{{ peertube_instance_name }}"
+peertube_domains: []
+
+peertube_home: "/home/{{ peertube_user }}"
+peertube_webroot: "{{ peertube_home }}/peertube"
+peertube_data: "{{ peertube_webroot }}/data"
+
+peertube_db_user: "{{ peertube_user }}"
+peertube_db_name: "{{ peertube_instance_name }}"
+
+peertube_admin_login: "admin"
+peertube_admin_password: ""

webapps/peertube/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+- name: reload php-fpm
+  service:
+    name: php7.3-fpm
+    state: reloaded
+
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
+
+- name: reload apache
+  service:
+    name: apache2
+    state: reloaded

webapps/peertube/meta/main.yml

@@ -0,0 +1 @@
+---

webapps/peertube/tasks/apache-system.yml

@@ -0,0 +1,33 @@
+---
+
+- name: "Get PHP Version"
+  shell: 'php -v | grep "PHP [0-9]." | sed -E "s/PHP ([0-9]\.[0-9]).*/\1/g;"'
+  register: shell_php
+  check_mode: no
+
+- name: "Set variables"
+  set_fact:
+    php_version: "{{ shell_php.stdout }}"
+
+- name: Apply specific PHP settings (apache)
+  ini_file:
+    path: "/etc/php/{{ php_version }}/apache2/conf.d/zzz-evolinux-custom.ini"
+    section: ''
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  notify: reload apache
+  with_items:
+  - {option: 'allow_url_fopen',   value: 'On'}
+  - {option: 'disable_functions', value: ''}
+  - {option: 'max_execution_time', value: '300'}
+  - {option: 'memory_limit', value: '512M'}
+
+- name: Apply specific PHP settings (cli)
+  ini_file:
+    path: "/etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini"
+    section: ''
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  with_items:
+  - {option: 'allow_url_fopen',   value: 'On'}
+  - {option: 'apc.enable_cli', value: 'On'}

webapps/peertube/tasks/apache-vhost.yml

@@ -0,0 +1,23 @@
+---
+- name: Copy Apache vhost
+  template:
+    src: apache-vhost.conf.j2
+    dest: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
+    mode: "0640"
+  notify: reload apache
+  tags:
+    - nextcloud
+
+- name: Enable Apache vhost
+  file:
+    src: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
+    dest: "/etc/apache2/sites-enabled/{{ nextcloud_instance_name }}.conf"
+    state: link
+  notify: reload apache
+  tags:
+    - nextcloud
+
+# - name: Generate ssl config
+#   shell:
+#     cmd: "/usr/local/sbin/vhost-domains {{ nextcloud_instance_name }} | /usr/local/sbin/make-csr {{ nextcloud_instance_name }}"
+#     creates: "/etc/nginx/ssl/{{ nextcloud_instance_name }}.conf"

webapps/peertube/tasks/archive.yml

@@ -0,0 +1,37 @@
+---
+
+- name: Retrieve Nextcloud archive
+  get_url:
+    url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}"
+    dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
+    force: no
+  tags:
+    - nextcloud
+
+- name: Retrieve Nextcloud sha256 checksum
+  get_url:
+    url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}.sha256"
+    dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}.sha256"
+    force: no
+  tags:
+    - nextcloud
+
+- name: Verify Nextcloud sha256 checksum
+  command: "sha256sum -c {{ nextcloud_archive_name }}.sha256"
+  changed_when: "False"
+  args:
+    chdir: "{{ nextcloud_home }}"
+  tags:
+    - nextcloud
+
+- name: Extract Nextcloud archive
+  unarchive:
+    src: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
+    dest: "{{ nextcloud_home }}"
+    creates: "{{ nextcloud_home }}/nextcloud"
+    remote_src: True
+    mode: "0750"
+    owner: "{{ nextcloud_user }}"
+    group: "{{ nextcloud_user }}"
+  tags:
+    - nextcloud

webapps/peertube/tasks/config.yml

@@ -0,0 +1,81 @@
+---
+
+- block:
+  - name: Generate admin password
+    command: 'apg -n 1 -m 16 -M lcN'
+    register: nextcloud_admin_password_apg
+    check_mode: no
+    changed_when: False
+
+  - debug:
+      var: nextcloud_admin_password_apg
+
+  - set_fact:
+      nextcloud_admin_password: "{{ nextcloud_admin_password_apg.stdout }}"
+
+  tags:
+    - nextcloud
+  when: nextcloud_admin_password | length == 0
+
+- name: Get Nextcloud Status
+  shell: "php ./occ status --output json | grep -v 'Nextcloud is not installed'"
+  args:
+    chdir: "{{ nextcloud_webroot }}"
+  become_user: "{{ nextcloud_user }}"
+  register: nc_status
+  check_mode: no
+  tags:
+    - nextcloud
+
+- name: Install Nextcloud
+  command: "php ./occ maintenance:install --database mysql --database-name {{ nextcloud_db_name | mandatory }} --database-user {{ nextcloud_db_user | mandatory }} --database-pass {{ nextcloud_db_pass | mandatory }} --admin-user {{ nextcloud_admin_login | mandatory }} --admin-pass {{ nextcloud_admin_password | mandatory }} --data-dir {{ nextcloud_data | mandatory }}"
+  args:
+    chdir: "{{ nextcloud_webroot }}"
+    creates: "{{ nextcloud_home }}/config/config.php"
+  become_user: "{{ nextcloud_user }}"
+  when: (nc_status.stdout | from_json).installed == false
+  tags:
+    - nextcloud
+
+- name: Configure Nextcloud Mysql password
+  replace:
+    dest: "{{ nextcloud_home }}/nextcloud/config/config.php"
+    regexp:  "'dbpassword' => '([^']*)',"
+    replace: "'dbpassword' => '{{ nextcloud_db_pass }}',"
+  tags:
+    - nextcloud
+
+- name: Configure Nextcloud cron
+  cron:
+    name: 'Nextcloud'
+    minute: "*/5"
+    job: "php -f {{ nextcloud_webroot }}/cron.php"
+    user: "{{ nextcloud_user }}"
+  tags:
+    - nextcloud
+
+- name: Erase previously trusted domains config
+  command: "php ./occ config:system:set trusted_domains"
+  args:
+    chdir: "{{ nextcloud_webroot }}"
+  become_user: "{{ nextcloud_user }}"
+  tags:
+    - nextcloud
+
+- name: Configure trusted domains
+  command: "php ./occ config:system:set trusted_domains {{ item.0 }} --value {{ item.1 }}"
+  args:
+    chdir: "{{ nextcloud_webroot }}"
+  with_indexed_items:
+    - "{{ nextcloud_domains }}"
+  become_user: "{{ nextcloud_user }}"
+  tags:
+    - nextcloud
+
+#- name: Configure memcache local to APCu
+#  command: "php ./occ config:system:set memcache.local --value '\\OC\\Memcache\\APCu'"
+#  args:
+#    chdir: "{{ nextcloud_webroot }}"
+#  become_user: "{{ nextcloud_user }}"
+#  tags:
+#    - nextcloud

webapps/peertube/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Install dependencies
+  apt:
+    state: present
+    name:
+    - ffmpeg
+    - python3-dev
+    - python-is-python3
+    - g++
+    - make
+  tags:
+    - peertube
+
+- include: apache-system.yml
+
+- include: user.yml
+
+- include: archive.yml
+
+- include: apache-vhost.yml
+
+- include: mysql-user.yml
+
+- include: config.yml

webapps/peertube/tasks/postgres-user.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Create a new database
+  community.postgresql.postgresql_db:
+    name: "{{ peertube_db_name }}"
+  tags:
+    - peertube
+
+- name: Generate Postgres password
+  command: 'apg -n 1 -m 16 -M lcN'
+  register: peertube_db_pass_apg
+  check_mode: no
+  changed_when: False
+  tags:
+    - peertube
+
+- name: Connect to peertube database, create peertube user, and grant access to database
+  community.postgresql.postgresql_user:
+    db: "{{ peertube_db_name }}"
+    name: "{{ peertube_db_user }}"
+    password: "{{ peertube_db_pass_apg.stdout }}"
+    priv: "ALL"
+  tags:
+    - peertube
+
+- name: Store credentials in my.cnf
+  ini_file:
+    dest: "{{ nextcloud_home }}/.my.cnf"
+    owner: "{{ nextcloud_user }}"
+    group: "{{ nextcloud_user }}"
+    mode: "0600"
+    section: client
+    option: "{{ item.option }}"
+    value:  "{{ item.value }}"
+  loop:
+    - { option: "user",     value: "{{ nextcloud_db_user }}" }
+    - { option: "database", value: "{{ nextcloud_db_name }}" }
+    - { option: "password", value: "{{ nextcloud_db_pass }}" }
+  tags:
+    - nextcloud

webapps/peertube/tasks/user.yml

@@ -0,0 +1,33 @@
+---
+- name: Create {{ peertube_user }} unix group
+  group:
+    name: "{{ peertube_user | mandatory }}"
+    state: present
+  tags:
+    - peertube
+
+- name: Create {{ peertube_user | mandatory }} unix user
+  user:
+    name: "{{ peertube_user | mandatory }}"
+    group: "{{ peertube_user | mandatory }}"
+    home: "{{ peertube_home | mandatory }}"
+    shell: '/bin/bash'
+    create_home: True
+    state: present
+    mode: "0755"
+  tags:
+  - peertube
+
+- name: Create top-level directories
+  file:
+    dest: "{{ item }}"
+    state: directory
+    mode: "0700"
+    owner: "{{ peertube_user }}"
+    group: "{{ peertube_user }}"
+  loop:
+    - "{{ peertube_home }}/log"
+    - "{{ peertube_home }}/tmp"
+    - "{{ peertube_home }}/data"
+  tags:
+    - peertube

webapps/peertube/templates/apache-vhost.conf.j2

@@ -0,0 +1,41 @@
+<VirtualHost *:80 *:443>
+  ServerName {{ nextcloud_domains[0] }}
+  
+  {% for domain_alias in nextcloud_domains[1:] %}
+  ServerAlias {{  domain_alias }}
+  {% endfor %}
+
+  # SSLEngine on
+  # SSLCertificateFile    /etc/letsencrypt/live/{{ nextcloud_instance_name }}/fullchain.pem
+  # SSLCertificateKeyFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/privkey.pem
+
+  DocumentRoot {{ nextcloud_webroot }}/
+
+  <Directory {{ nextcloud_webroot }}/>
+    Require all granted
+    AllowOverride All
+    Options FollowSymLinks MultiViews
+
+    <IfModule mod_dav.c>
+      Dav off
+    </IfModule>
+  </Directory>
+
+  # SSL Redirect
+  # RewriteEngine On
+  # RewriteCond %{HTTPS} !=on
+  # RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+  # RewriteRule ^ https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
+
+  # ITK
+  AssignUserID {{ nextcloud_user }} {{ nextcloud_user }}
+
+  # LOG
+  CustomLog /var/log/apache2/access.log vhost_combined
+  ErrorLog  /var/log/apache2/error.log
+
+  # PHP
+  php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f {{ nextcloud_user }}"
+  php_admin_value open_basedir "/usr/share/php:{{ nextcloud_home }}:/tmp"
+
+</VirtualHost>