added ansible playbook

.gitignore

@@ -21,3 +21,5 @@ yarn-error.log*
 *.sw?
 
 src/locale/**/*~
+
+ansible/inventory

ansible/ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+inventory=inventory
+
+[ssh_connection]
+pipelining = True

ansible/ansible.yml

@@ -0,0 +1,87 @@
+---
+- hosts: all
+
+  # Install python if required
+  # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
+  gather_facts: False
+  pre_tasks:
+    - name: install python for Ansible
+      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools)
+      args:
+        executable: /bin/bash
+      register: output
+      changed_when: output.stdout != ""
+    - setup: # gather facts
+
+  tasks:
+  - name: install dependencies
+    apt:
+      pkg: ['nginx', 'docker-compose', 'docker.io', 'certbot', 'python-certbot-nginx']
+
+  - name: request initial letsencrypt certificate
+    command: certbot certonly --nginx --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
+    args:
+      creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem'
+
+  - name: create joinpeertube folder
+    file: path={{item.path}} state=directory
+    with_items:
+      - { path: '/joinpeertube/' }
+
+  - name:  add template files
+    template: src={{item.src}} dest={{item.dest}}
+    with_items:
+      - { src: 'templates/docker-compose.yml', dest: '/joinpeertube/docker-compose.yml' }
+      - { src: 'templates/nginx.conf', dest: '/etc/nginx/sites-enabled/joinpeertube.conf' }
+
+  - name: build the dev docker image
+    local_action: shell cd .. && sudo docker build . -f docker/Dockerfile -t joinpeertube:latest
+    register: image_build
+
+  - name: find hash of the new docker image
+    set_fact:
+    image_hash: "{{ image_build.stdout | regex_search('(?<=Successfully built )[0-9a-f]{12}') }}"
+
+  # this does not use become so that the output file is written as non-root user and is easy to delete later
+  - name: save dev docker image to file
+    local_action: shell sudo docker save joinpeertube:latest > joinpeertube-latest.tar
+
+  - name: copy dev docker image to server
+    copy: src=joinpeertube-latest.tar dest=/joinpeertube/joinpeertube-latest.tar
+
+  - name: import docker image
+    docker_image:
+      name: joinpeertube
+      tag: latest
+      load_path: /joinpeertube/joinpeertube-latest.tar
+      source: load
+      force_source: yes
+      register: image_import
+
+  - name: delete remote image file
+    file: path=/joinpeertube/joinpeertube-latest.tar state=absent
+
+  - name: delete local image file
+    local_action: file path=joinpeertube-latest.tar state=absent
+
+  - name: enable and start docker service
+    systemd:
+      name: docker
+      enabled: yes
+      state: started
+
+  - name: start docker-compose
+    docker_compose:
+      project_src: /joinpeertube/
+      state: present
+      pull: yes
+
+  - name: reload nginx with new config
+    shell: nginx -s reload
+
+  - name: certbot renewal cronjob
+    cron:
+      special_time=daily
+      name=certbot-renew-joinpeertube
+      user=root
+      job="certbot certonly --nginx -d '{{ domain }}' --deploy-hook 'docker-compose -f /joinpeertube/docker-compose.yml exec nginx nginx -s reload'"

ansible/inventory.example

@@ -0,0 +1,6 @@
+[joinpeertube]
+# define the username and hostname that you use for ssh connection, and specify the letsencrypt data
+myuser@example.com  domain=example.com  letsencrypt_contact_email=your@email.com
+
+[all:vars]
+ansible_connection=ssh

ansible/templates/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3.3'
+
+services:
+  joinpeertube:
+    image: joinpeertube:latest
+    ports:
+      - "127.0.0.1:8080:80"
+    restart: always

ansible/templates/nginx.conf

@@ -0,0 +1,58 @@
+server {
+    listen 80;
+    server_name {{ domain }};
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name {{ domain }};
+
+    ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
+
+    # Various TLS hardening settings
+    # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_session_timeout  10m;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # Hide nginx version
+    server_tokens off;
+
+    # Enable compression for JS/CSS/HTML bundle, for improved client load times.
+    # It might be nice to compress JSON, but leaving that out to protect against potential
+    # compression+encryption information leak attacks like BREACH.
+    gzip on;
+    gzip_types text/css application/javascript;
+    gzip_vary on;
+
+    # Only connect to this site via HTTPS
+    add_header Strict-Transport-Security "max-age=63072000";
+
+    # Various content security headers
+    add_header Referrer-Policy "same-origin";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-Frame-Options "DENY";
+    add_header X-XSS-Protection "1; mode=block";
+
+    # Upload limit for pictshare
+    client_max_body_size 50M;
+
+    location / {
+        proxy_pass http://0.0.0.0:8080;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }    
+}

src/components/InstancesList.vue

@@ -379,8 +379,7 @@
           method: 'GET'
         }
 
-        // TODO: need to figure out our own domain
+        axios('/instances.json', options)
-        axios('http://localhost:8080/instances.json', options)
           .then(response => {
             this.instances = this.shuffle(response.data.data)