Added peertube role
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Not finished, I got to webapps/peertube/tasks/postgres-user.yml before committing what I'd done.
This commit is contained in:
parent
83138f0a0b
commit
d35f2bcae7
10
webapps/peertube/README.md
Normal file
10
webapps/peertube/README.md
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# Peertube
|
||||||
|
|
||||||
|
This depends on the following roles
|
||||||
|
|
||||||
|
- certbot
|
||||||
|
- evolinux-base
|
||||||
|
- nginx
|
||||||
|
- nodejs
|
||||||
|
- postgresql
|
||||||
|
- redis
|
18
webapps/peertube/defaults/main.yml
Normal file
18
webapps/peertube/defaults/main.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
peertube_version: "latest-24"
|
||||||
|
peertube_archive_name: "{{ peertube_version }}.tar.bz2"
|
||||||
|
peertube_releases_baseurl: ""
|
||||||
|
|
||||||
|
peertube_instance_name: "peertube"
|
||||||
|
peertube_user: "{{ peertube_instance_name }}"
|
||||||
|
peertube_domains: []
|
||||||
|
|
||||||
|
peertube_home: "/home/{{ peertube_user }}"
|
||||||
|
peertube_webroot: "{{ peertube_home }}/peertube"
|
||||||
|
peertube_data: "{{ peertube_webroot }}/data"
|
||||||
|
|
||||||
|
peertube_db_user: "{{ peertube_user }}"
|
||||||
|
peertube_db_name: "{{ peertube_instance_name }}"
|
||||||
|
|
||||||
|
peertube_admin_login: "admin"
|
||||||
|
peertube_admin_password: ""
|
15
webapps/peertube/handlers/main.yml
Normal file
15
webapps/peertube/handlers/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: reload php-fpm
|
||||||
|
service:
|
||||||
|
name: php7.3-fpm
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload apache
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
1
webapps/peertube/meta/main.yml
Normal file
1
webapps/peertube/meta/main.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
---
|
33
webapps/peertube/tasks/apache-system.yml
Normal file
33
webapps/peertube/tasks/apache-system.yml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Get PHP Version"
|
||||||
|
shell: 'php -v | grep "PHP [0-9]." | sed -E "s/PHP ([0-9]\.[0-9]).*/\1/g;"'
|
||||||
|
register: shell_php
|
||||||
|
check_mode: no
|
||||||
|
|
||||||
|
- name: "Set variables"
|
||||||
|
set_fact:
|
||||||
|
php_version: "{{ shell_php.stdout }}"
|
||||||
|
|
||||||
|
- name: Apply specific PHP settings (apache)
|
||||||
|
ini_file:
|
||||||
|
path: "/etc/php/{{ php_version }}/apache2/conf.d/zzz-evolinux-custom.ini"
|
||||||
|
section: ''
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
notify: reload apache
|
||||||
|
with_items:
|
||||||
|
- {option: 'allow_url_fopen', value: 'On'}
|
||||||
|
- {option: 'disable_functions', value: ''}
|
||||||
|
- {option: 'max_execution_time', value: '300'}
|
||||||
|
- {option: 'memory_limit', value: '512M'}
|
||||||
|
|
||||||
|
- name: Apply specific PHP settings (cli)
|
||||||
|
ini_file:
|
||||||
|
path: "/etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini"
|
||||||
|
section: ''
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
with_items:
|
||||||
|
- {option: 'allow_url_fopen', value: 'On'}
|
||||||
|
- {option: 'apc.enable_cli', value: 'On'}
|
23
webapps/peertube/tasks/apache-vhost.yml
Normal file
23
webapps/peertube/tasks/apache-vhost.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
- name: Copy Apache vhost
|
||||||
|
template:
|
||||||
|
src: apache-vhost.conf.j2
|
||||||
|
dest: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
|
||||||
|
mode: "0640"
|
||||||
|
notify: reload apache
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Enable Apache vhost
|
||||||
|
file:
|
||||||
|
src: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
|
||||||
|
dest: "/etc/apache2/sites-enabled/{{ nextcloud_instance_name }}.conf"
|
||||||
|
state: link
|
||||||
|
notify: reload apache
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
# - name: Generate ssl config
|
||||||
|
# shell:
|
||||||
|
# cmd: "/usr/local/sbin/vhost-domains {{ nextcloud_instance_name }} | /usr/local/sbin/make-csr {{ nextcloud_instance_name }}"
|
||||||
|
# creates: "/etc/nginx/ssl/{{ nextcloud_instance_name }}.conf"
|
37
webapps/peertube/tasks/archive.yml
Normal file
37
webapps/peertube/tasks/archive.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Retrieve Nextcloud archive
|
||||||
|
get_url:
|
||||||
|
url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}"
|
||||||
|
dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
|
||||||
|
force: no
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Retrieve Nextcloud sha256 checksum
|
||||||
|
get_url:
|
||||||
|
url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}.sha256"
|
||||||
|
dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}.sha256"
|
||||||
|
force: no
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Verify Nextcloud sha256 checksum
|
||||||
|
command: "sha256sum -c {{ nextcloud_archive_name }}.sha256"
|
||||||
|
changed_when: "False"
|
||||||
|
args:
|
||||||
|
chdir: "{{ nextcloud_home }}"
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Extract Nextcloud archive
|
||||||
|
unarchive:
|
||||||
|
src: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
|
||||||
|
dest: "{{ nextcloud_home }}"
|
||||||
|
creates: "{{ nextcloud_home }}/nextcloud"
|
||||||
|
remote_src: True
|
||||||
|
mode: "0750"
|
||||||
|
owner: "{{ nextcloud_user }}"
|
||||||
|
group: "{{ nextcloud_user }}"
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
81
webapps/peertube/tasks/config.yml
Normal file
81
webapps/peertube/tasks/config.yml
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Generate admin password
|
||||||
|
command: 'apg -n 1 -m 16 -M lcN'
|
||||||
|
register: nextcloud_admin_password_apg
|
||||||
|
check_mode: no
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: nextcloud_admin_password_apg
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
nextcloud_admin_password: "{{ nextcloud_admin_password_apg.stdout }}"
|
||||||
|
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
when: nextcloud_admin_password | length == 0
|
||||||
|
|
||||||
|
- name: Get Nextcloud Status
|
||||||
|
shell: "php ./occ status --output json | grep -v 'Nextcloud is not installed'"
|
||||||
|
args:
|
||||||
|
chdir: "{{ nextcloud_webroot }}"
|
||||||
|
become_user: "{{ nextcloud_user }}"
|
||||||
|
register: nc_status
|
||||||
|
check_mode: no
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Install Nextcloud
|
||||||
|
command: "php ./occ maintenance:install --database mysql --database-name {{ nextcloud_db_name | mandatory }} --database-user {{ nextcloud_db_user | mandatory }} --database-pass {{ nextcloud_db_pass | mandatory }} --admin-user {{ nextcloud_admin_login | mandatory }} --admin-pass {{ nextcloud_admin_password | mandatory }} --data-dir {{ nextcloud_data | mandatory }}"
|
||||||
|
args:
|
||||||
|
chdir: "{{ nextcloud_webroot }}"
|
||||||
|
creates: "{{ nextcloud_home }}/config/config.php"
|
||||||
|
become_user: "{{ nextcloud_user }}"
|
||||||
|
when: (nc_status.stdout | from_json).installed == false
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Configure Nextcloud Mysql password
|
||||||
|
replace:
|
||||||
|
dest: "{{ nextcloud_home }}/nextcloud/config/config.php"
|
||||||
|
regexp: "'dbpassword' => '([^']*)',"
|
||||||
|
replace: "'dbpassword' => '{{ nextcloud_db_pass }}',"
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Configure Nextcloud cron
|
||||||
|
cron:
|
||||||
|
name: 'Nextcloud'
|
||||||
|
minute: "*/5"
|
||||||
|
job: "php -f {{ nextcloud_webroot }}/cron.php"
|
||||||
|
user: "{{ nextcloud_user }}"
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Erase previously trusted domains config
|
||||||
|
command: "php ./occ config:system:set trusted_domains"
|
||||||
|
args:
|
||||||
|
chdir: "{{ nextcloud_webroot }}"
|
||||||
|
become_user: "{{ nextcloud_user }}"
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
- name: Configure trusted domains
|
||||||
|
command: "php ./occ config:system:set trusted_domains {{ item.0 }} --value {{ item.1 }}"
|
||||||
|
args:
|
||||||
|
chdir: "{{ nextcloud_webroot }}"
|
||||||
|
with_indexed_items:
|
||||||
|
- "{{ nextcloud_domains }}"
|
||||||
|
become_user: "{{ nextcloud_user }}"
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
#- name: Configure memcache local to APCu
|
||||||
|
# command: "php ./occ config:system:set memcache.local --value '\\OC\\Memcache\\APCu'"
|
||||||
|
# args:
|
||||||
|
# chdir: "{{ nextcloud_webroot }}"
|
||||||
|
# become_user: "{{ nextcloud_user }}"
|
||||||
|
# tags:
|
||||||
|
# - nextcloud
|
24
webapps/peertube/tasks/main.yml
Normal file
24
webapps/peertube/tasks/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: Install dependencies
|
||||||
|
apt:
|
||||||
|
state: present
|
||||||
|
name:
|
||||||
|
- ffmpeg
|
||||||
|
- python3-dev
|
||||||
|
- python-is-python3
|
||||||
|
- g++
|
||||||
|
- make
|
||||||
|
tags:
|
||||||
|
- peertube
|
||||||
|
|
||||||
|
- include: apache-system.yml
|
||||||
|
|
||||||
|
- include: user.yml
|
||||||
|
|
||||||
|
- include: archive.yml
|
||||||
|
|
||||||
|
- include: apache-vhost.yml
|
||||||
|
|
||||||
|
- include: mysql-user.yml
|
||||||
|
|
||||||
|
- include: config.yml
|
40
webapps/peertube/tasks/postgres-user.yml
Normal file
40
webapps/peertube/tasks/postgres-user.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Create a new database
|
||||||
|
community.postgresql.postgresql_db:
|
||||||
|
name: "{{ peertube_db_name }}"
|
||||||
|
tags:
|
||||||
|
- peertube
|
||||||
|
|
||||||
|
- name: Generate Postgres password
|
||||||
|
command: 'apg -n 1 -m 16 -M lcN'
|
||||||
|
register: peertube_db_pass_apg
|
||||||
|
check_mode: no
|
||||||
|
changed_when: False
|
||||||
|
tags:
|
||||||
|
- peertube
|
||||||
|
|
||||||
|
- name: Connect to peertube database, create peertube user, and grant access to database
|
||||||
|
community.postgresql.postgresql_user:
|
||||||
|
db: "{{ peertube_db_name }}"
|
||||||
|
name: "{{ peertube_db_user }}"
|
||||||
|
password: "{{ peertube_db_pass_apg.stdout }}"
|
||||||
|
priv: "ALL"
|
||||||
|
tags:
|
||||||
|
- peertube
|
||||||
|
|
||||||
|
- name: Store credentials in my.cnf
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ nextcloud_home }}/.my.cnf"
|
||||||
|
owner: "{{ nextcloud_user }}"
|
||||||
|
group: "{{ nextcloud_user }}"
|
||||||
|
mode: "0600"
|
||||||
|
section: client
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
loop:
|
||||||
|
- { option: "user", value: "{{ nextcloud_db_user }}" }
|
||||||
|
- { option: "database", value: "{{ nextcloud_db_name }}" }
|
||||||
|
- { option: "password", value: "{{ nextcloud_db_pass }}" }
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
33
webapps/peertube/tasks/user.yml
Normal file
33
webapps/peertube/tasks/user.yml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
- name: Create {{ peertube_user }} unix group
|
||||||
|
group:
|
||||||
|
name: "{{ peertube_user | mandatory }}"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- peertube
|
||||||
|
|
||||||
|
- name: Create {{ peertube_user | mandatory }} unix user
|
||||||
|
user:
|
||||||
|
name: "{{ peertube_user | mandatory }}"
|
||||||
|
group: "{{ peertube_user | mandatory }}"
|
||||||
|
home: "{{ peertube_home | mandatory }}"
|
||||||
|
shell: '/bin/bash'
|
||||||
|
create_home: True
|
||||||
|
state: present
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- peertube
|
||||||
|
|
||||||
|
- name: Create top-level directories
|
||||||
|
file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: "0700"
|
||||||
|
owner: "{{ peertube_user }}"
|
||||||
|
group: "{{ peertube_user }}"
|
||||||
|
loop:
|
||||||
|
- "{{ peertube_home }}/log"
|
||||||
|
- "{{ peertube_home }}/tmp"
|
||||||
|
- "{{ peertube_home }}/data"
|
||||||
|
tags:
|
||||||
|
- peertube
|
41
webapps/peertube/templates/apache-vhost.conf.j2
Normal file
41
webapps/peertube/templates/apache-vhost.conf.j2
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
<VirtualHost *:80 *:443>
|
||||||
|
ServerName {{ nextcloud_domains[0] }}
|
||||||
|
|
||||||
|
{% for domain_alias in nextcloud_domains[1:] %}
|
||||||
|
ServerAlias {{ domain_alias }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
# SSLEngine on
|
||||||
|
# SSLCertificateFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/fullchain.pem
|
||||||
|
# SSLCertificateKeyFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/privkey.pem
|
||||||
|
|
||||||
|
DocumentRoot {{ nextcloud_webroot }}/
|
||||||
|
|
||||||
|
<Directory {{ nextcloud_webroot }}/>
|
||||||
|
Require all granted
|
||||||
|
AllowOverride All
|
||||||
|
Options FollowSymLinks MultiViews
|
||||||
|
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# SSL Redirect
|
||||||
|
# RewriteEngine On
|
||||||
|
# RewriteCond %{HTTPS} !=on
|
||||||
|
# RewriteCond %{HTTP:X-Forwarded-Proto} !=https
|
||||||
|
# RewriteRule ^ https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
|
||||||
|
|
||||||
|
# ITK
|
||||||
|
AssignUserID {{ nextcloud_user }} {{ nextcloud_user }}
|
||||||
|
|
||||||
|
# LOG
|
||||||
|
CustomLog /var/log/apache2/access.log vhost_combined
|
||||||
|
ErrorLog /var/log/apache2/error.log
|
||||||
|
|
||||||
|
# PHP
|
||||||
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f {{ nextcloud_user }}"
|
||||||
|
php_admin_value open_basedir "/usr/share/php:{{ nextcloud_home }}:/tmp"
|
||||||
|
|
||||||
|
</VirtualHost>
|
Loading…
Reference in a new issue