diff --git a/webapps/peertube/README.md b/webapps/peertube/README.md new file mode 100644 index 00000000..4e4af14c --- /dev/null +++ b/webapps/peertube/README.md @@ -0,0 +1,10 @@ +# Peertube + +This depends on the following roles + + - certbot + - evolinux-base + - nginx + - nodejs + - postgresql + - redis \ No newline at end of file diff --git a/webapps/peertube/defaults/main.yml b/webapps/peertube/defaults/main.yml new file mode 100644 index 00000000..72acfe7a --- /dev/null +++ b/webapps/peertube/defaults/main.yml @@ -0,0 +1,18 @@ +--- +peertube_version: "latest-24" +peertube_archive_name: "{{ peertube_version }}.tar.bz2" +peertube_releases_baseurl: "" + +peertube_instance_name: "peertube" +peertube_user: "{{ peertube_instance_name }}" +peertube_domains: [] + +peertube_home: "/home/{{ peertube_user }}" +peertube_webroot: "{{ peertube_home }}/peertube" +peertube_data: "{{ peertube_webroot }}/data" + +peertube_db_user: "{{ peertube_user }}" +peertube_db_name: "{{ peertube_instance_name }}" + +peertube_admin_login: "admin" +peertube_admin_password: "" diff --git a/webapps/peertube/handlers/main.yml b/webapps/peertube/handlers/main.yml new file mode 100644 index 00000000..46b3b014 --- /dev/null +++ b/webapps/peertube/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: reload php-fpm + service: + name: php7.3-fpm + state: reloaded + +- name: reload nginx + service: + name: nginx + state: reloaded + +- name: reload apache + service: + name: apache2 + state: reloaded \ No newline at end of file diff --git a/webapps/peertube/meta/main.yml b/webapps/peertube/meta/main.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/webapps/peertube/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/webapps/peertube/tasks/apache-system.yml b/webapps/peertube/tasks/apache-system.yml new file mode 100644 index 00000000..490d2f8d --- /dev/null +++ b/webapps/peertube/tasks/apache-system.yml @@ -0,0 +1,33 @@ +--- + +- name: "Get PHP Version" + shell: 'php -v | grep "PHP [0-9]." | sed -E "s/PHP ([0-9]\.[0-9]).*/\1/g;"' + register: shell_php + check_mode: no + +- name: "Set variables" + set_fact: + php_version: "{{ shell_php.stdout }}" + +- name: Apply specific PHP settings (apache) + ini_file: + path: "/etc/php/{{ php_version }}/apache2/conf.d/zzz-evolinux-custom.ini" + section: '' + option: "{{ item.option }}" + value: "{{ item.value }}" + notify: reload apache + with_items: + - {option: 'allow_url_fopen', value: 'On'} + - {option: 'disable_functions', value: ''} + - {option: 'max_execution_time', value: '300'} + - {option: 'memory_limit', value: '512M'} + +- name: Apply specific PHP settings (cli) + ini_file: + path: "/etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini" + section: '' + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - {option: 'allow_url_fopen', value: 'On'} + - {option: 'apc.enable_cli', value: 'On'} diff --git a/webapps/peertube/tasks/apache-vhost.yml b/webapps/peertube/tasks/apache-vhost.yml new file mode 100644 index 00000000..e3f213ca --- /dev/null +++ b/webapps/peertube/tasks/apache-vhost.yml @@ -0,0 +1,23 @@ +--- +- name: Copy Apache vhost + template: + src: apache-vhost.conf.j2 + dest: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf" + mode: "0640" + notify: reload apache + tags: + - nextcloud + +- name: Enable Apache vhost + file: + src: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf" + dest: "/etc/apache2/sites-enabled/{{ nextcloud_instance_name }}.conf" + state: link + notify: reload apache + tags: + - nextcloud + +# - name: Generate ssl config +# shell: +# cmd: "/usr/local/sbin/vhost-domains {{ nextcloud_instance_name }} | /usr/local/sbin/make-csr {{ nextcloud_instance_name }}" +# creates: "/etc/nginx/ssl/{{ nextcloud_instance_name }}.conf" \ No newline at end of file diff --git a/webapps/peertube/tasks/archive.yml b/webapps/peertube/tasks/archive.yml new file mode 100644 index 00000000..d59bd582 --- /dev/null +++ b/webapps/peertube/tasks/archive.yml @@ -0,0 +1,37 @@ +--- + +- name: Retrieve Nextcloud archive + get_url: + url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}" + dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}" + force: no + tags: + - nextcloud + +- name: Retrieve Nextcloud sha256 checksum + get_url: + url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}.sha256" + dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}.sha256" + force: no + tags: + - nextcloud + +- name: Verify Nextcloud sha256 checksum + command: "sha256sum -c {{ nextcloud_archive_name }}.sha256" + changed_when: "False" + args: + chdir: "{{ nextcloud_home }}" + tags: + - nextcloud + +- name: Extract Nextcloud archive + unarchive: + src: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}" + dest: "{{ nextcloud_home }}" + creates: "{{ nextcloud_home }}/nextcloud" + remote_src: True + mode: "0750" + owner: "{{ nextcloud_user }}" + group: "{{ nextcloud_user }}" + tags: + - nextcloud diff --git a/webapps/peertube/tasks/config.yml b/webapps/peertube/tasks/config.yml new file mode 100644 index 00000000..85142726 --- /dev/null +++ b/webapps/peertube/tasks/config.yml @@ -0,0 +1,81 @@ +--- + +- block: + - name: Generate admin password + command: 'apg -n 1 -m 16 -M lcN' + register: nextcloud_admin_password_apg + check_mode: no + changed_when: False + + - debug: + var: nextcloud_admin_password_apg + + - set_fact: + nextcloud_admin_password: "{{ nextcloud_admin_password_apg.stdout }}" + + tags: + - nextcloud + when: nextcloud_admin_password | length == 0 + +- name: Get Nextcloud Status + shell: "php ./occ status --output json | grep -v 'Nextcloud is not installed'" + args: + chdir: "{{ nextcloud_webroot }}" + become_user: "{{ nextcloud_user }}" + register: nc_status + check_mode: no + tags: + - nextcloud + +- name: Install Nextcloud + command: "php ./occ maintenance:install --database mysql --database-name {{ nextcloud_db_name | mandatory }} --database-user {{ nextcloud_db_user | mandatory }} --database-pass {{ nextcloud_db_pass | mandatory }} --admin-user {{ nextcloud_admin_login | mandatory }} --admin-pass {{ nextcloud_admin_password | mandatory }} --data-dir {{ nextcloud_data | mandatory }}" + args: + chdir: "{{ nextcloud_webroot }}" + creates: "{{ nextcloud_home }}/config/config.php" + become_user: "{{ nextcloud_user }}" + when: (nc_status.stdout | from_json).installed == false + tags: + - nextcloud + +- name: Configure Nextcloud Mysql password + replace: + dest: "{{ nextcloud_home }}/nextcloud/config/config.php" + regexp: "'dbpassword' => '([^']*)'," + replace: "'dbpassword' => '{{ nextcloud_db_pass }}'," + tags: + - nextcloud + +- name: Configure Nextcloud cron + cron: + name: 'Nextcloud' + minute: "*/5" + job: "php -f {{ nextcloud_webroot }}/cron.php" + user: "{{ nextcloud_user }}" + tags: + - nextcloud + +- name: Erase previously trusted domains config + command: "php ./occ config:system:set trusted_domains" + args: + chdir: "{{ nextcloud_webroot }}" + become_user: "{{ nextcloud_user }}" + tags: + - nextcloud + +- name: Configure trusted domains + command: "php ./occ config:system:set trusted_domains {{ item.0 }} --value {{ item.1 }}" + args: + chdir: "{{ nextcloud_webroot }}" + with_indexed_items: + - "{{ nextcloud_domains }}" + become_user: "{{ nextcloud_user }}" + tags: + - nextcloud + +#- name: Configure memcache local to APCu +# command: "php ./occ config:system:set memcache.local --value '\\OC\\Memcache\\APCu'" +# args: +# chdir: "{{ nextcloud_webroot }}" +# become_user: "{{ nextcloud_user }}" +# tags: +# - nextcloud diff --git a/webapps/peertube/tasks/main.yml b/webapps/peertube/tasks/main.yml new file mode 100644 index 00000000..fbf7dbb5 --- /dev/null +++ b/webapps/peertube/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Install dependencies + apt: + state: present + name: + - ffmpeg + - python3-dev + - python-is-python3 + - g++ + - make + tags: + - peertube + +- include: apache-system.yml + +- include: user.yml + +- include: archive.yml + +- include: apache-vhost.yml + +- include: mysql-user.yml + +- include: config.yml diff --git a/webapps/peertube/tasks/postgres-user.yml b/webapps/peertube/tasks/postgres-user.yml new file mode 100644 index 00000000..896d6f67 --- /dev/null +++ b/webapps/peertube/tasks/postgres-user.yml @@ -0,0 +1,40 @@ +--- + +- name: Create a new database + community.postgresql.postgresql_db: + name: "{{ peertube_db_name }}" + tags: + - peertube + +- name: Generate Postgres password + command: 'apg -n 1 -m 16 -M lcN' + register: peertube_db_pass_apg + check_mode: no + changed_when: False + tags: + - peertube + +- name: Connect to peertube database, create peertube user, and grant access to database + community.postgresql.postgresql_user: + db: "{{ peertube_db_name }}" + name: "{{ peertube_db_user }}" + password: "{{ peertube_db_pass_apg.stdout }}" + priv: "ALL" + tags: + - peertube + +- name: Store credentials in my.cnf + ini_file: + dest: "{{ nextcloud_home }}/.my.cnf" + owner: "{{ nextcloud_user }}" + group: "{{ nextcloud_user }}" + mode: "0600" + section: client + option: "{{ item.option }}" + value: "{{ item.value }}" + loop: + - { option: "user", value: "{{ nextcloud_db_user }}" } + - { option: "database", value: "{{ nextcloud_db_name }}" } + - { option: "password", value: "{{ nextcloud_db_pass }}" } + tags: + - nextcloud diff --git a/webapps/peertube/tasks/user.yml b/webapps/peertube/tasks/user.yml new file mode 100644 index 00000000..f064a888 --- /dev/null +++ b/webapps/peertube/tasks/user.yml @@ -0,0 +1,33 @@ +--- +- name: Create {{ peertube_user }} unix group + group: + name: "{{ peertube_user | mandatory }}" + state: present + tags: + - peertube + +- name: Create {{ peertube_user | mandatory }} unix user + user: + name: "{{ peertube_user | mandatory }}" + group: "{{ peertube_user | mandatory }}" + home: "{{ peertube_home | mandatory }}" + shell: '/bin/bash' + create_home: True + state: present + mode: "0755" + tags: + - peertube + +- name: Create top-level directories + file: + dest: "{{ item }}" + state: directory + mode: "0700" + owner: "{{ peertube_user }}" + group: "{{ peertube_user }}" + loop: + - "{{ peertube_home }}/log" + - "{{ peertube_home }}/tmp" + - "{{ peertube_home }}/data" + tags: + - peertube diff --git a/webapps/peertube/templates/apache-vhost.conf.j2 b/webapps/peertube/templates/apache-vhost.conf.j2 new file mode 100644 index 00000000..ff9f621c --- /dev/null +++ b/webapps/peertube/templates/apache-vhost.conf.j2 @@ -0,0 +1,41 @@ + + ServerName {{ nextcloud_domains[0] }} + + {% for domain_alias in nextcloud_domains[1:] %} + ServerAlias {{ domain_alias }} + {% endfor %} + + # SSLEngine on + # SSLCertificateFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/fullchain.pem + # SSLCertificateKeyFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/privkey.pem + + DocumentRoot {{ nextcloud_webroot }}/ + + + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + Dav off + + + + # SSL Redirect + # RewriteEngine On + # RewriteCond %{HTTPS} !=on + # RewriteCond %{HTTP:X-Forwarded-Proto} !=https + # RewriteRule ^ https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent] + + # ITK + AssignUserID {{ nextcloud_user }} {{ nextcloud_user }} + + # LOG + CustomLog /var/log/apache2/access.log vhost_combined + ErrorLog /var/log/apache2/error.log + + # PHP + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f {{ nextcloud_user }}" + php_admin_value open_basedir "/usr/share/php:{{ nextcloud_home }}:/tmp" + + \ No newline at end of file