diff --git a/.env b/.env deleted file mode 100644 index 093e56a..0000000 --- a/.env +++ /dev/null @@ -1,19 +0,0 @@ -PEERTUBE_WEBSERVER_HOSTNAME=peertube.social -PEERTUBE_WEBSERVER_PORT=443 -PEERTUBE_WEBSERVER_HTTPS=true -PEERTUBE_TRUST_PROXY=["127.0.0.1"] -# If you need more than one IP as trust_proxy -# pass them as a comma separated array: -#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"] -#PEERTUBE_SMTP_USERNAME= -#PEERTUBE_SMTP_PASSWORD= -PEERTUBE_SMTP_HOSTNAME=postfix -PEERTUBE_SMTP_PORT=25 -PEERTUBE_SMTP_FROM=info@peertube.social -PEERTUBE_SMTP_TLS=false -#PEERTUBE_SMTP_DISABLE_STARTTLS=false -PEERTUBE_ADMIN_EMAIL=info@peertube.social - -# this will override the config value -#PEERTUBE_DB_USERNAME=peertube -#PEERTUBE_DB_PASSWORD=WBUe8qGIIQFUIkcg diff --git a/.gitignore b/.gitignore index 57d9655..be96dfd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -volumes/ +passwords/ +peertube.retry diff --git a/README.md b/README.md new file mode 100644 index 0000000..0e4c7d2 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Peertube setup with Ansible and Docker-Compose + +## Setup + +Configure your ssh connection in `inventory`. + +Install Ansible: + + pip2 install ansible + +Run the playbook: + + ansible-playbook --become -K peertube.yml + +It will prompt for root password to escalate privileges through `sudo`. diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..960a7c4 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +inventory=inventory + +[ssh_connection] +pipelining = True diff --git a/inventory b/inventory new file mode 100644 index 0000000..7ff976d --- /dev/null +++ b/inventory @@ -0,0 +1,5 @@ +[peertube] +root@testing.peertube.social domain=testing.peertube.social + +[all:vars] +ansible_connection=ssh diff --git a/peertube.yml b/peertube.yml new file mode 100644 index 0000000..2a2055b --- /dev/null +++ b/peertube.yml @@ -0,0 +1,63 @@ +--- +- hosts: all + + # Install python if required + # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/ + gather_facts: False + pre_tasks: + - name: install python for Ansible + raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools) + register: output + changed_when: output.stdout != "" + - setup: # gather facts + + tasks: + - name: install dependencies + apt: + pkg: ['docker-compose', 'docker.io'] + + - name: create peertube folder + file: path=/peertube/volumes/traefik/ state=directory mode=0755 + + - name: add all template files + template: src={{item.src}} dest={{item.dest}} + with_items: + - { src: 'templates/docker-compose.yml', dest: '/peertube/docker-compose.yml' } + - { src: 'templates/env', dest: '/peertube/.env' } + - { src: 'templates/nginx.conf', dest: '/peertube/nginx.conf' } + - { src: 'templates/traefik.toml', dest: '/peertube/traefik.toml' } + vars: + postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" + + - name: set traefik data file and env file permissions + file: + path: "{{ item.path }}" + state: touch + mode: 0600 + access_time: preserve + modification_time: preserve + with_items: + - { path: '/peertube/volumes/traefik/acme.json' } + - { path: '/peertube/.env' } + + - name: enable and start docker service + systemd: + name: docker + enabled: yes + state: started + + - name: start docker-compose + docker_service: + project_src: /peertube/ + state: present + pull: yes + + - name: fetch root password + shell: "docker-compose -f /peertube/docker-compose.yml logs peertube | grep 'User password' | awk 'NF{ print $NF }'" + register: password + changed_when: False + + - name: print root password + debug: + msg: "The admin login is user=root, password={{ password.stdout }}" + when: password.stdout != "" diff --git a/docker-compose.yaml b/templates/docker-compose.yml similarity index 89% rename from docker-compose.yaml rename to templates/docker-compose.yml index 1af2deb..29879a2 100644 --- a/docker-compose.yaml +++ b/templates/docker-compose.yml @@ -42,6 +42,9 @@ services: - ./volumes/data:/data - /mnt/external:/data-external - ./volumes/config:/config + environment: + - PEERTUBE_DB_USERNAME=${POSTGRES_USER} + - PEERTUBE_DB_PASSWORD=${POSTGRES_PASSWORD} depends_on: - postgres - redis @@ -54,6 +57,9 @@ services: - ./volumes/db:/var/lib/postgresql/data labels: traefik.enable: "false" + environment: + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} restart: "always" redis: diff --git a/templates/env b/templates/env new file mode 100644 index 0000000..ff1469e --- /dev/null +++ b/templates/env @@ -0,0 +1,12 @@ +PEERTUBE_WEBSERVER_HOSTNAME={{ domain }} +PEERTUBE_WEBSERVER_PORT=443 +PEERTUBE_WEBSERVER_HTTPS=true +PEERTUBE_TRUST_PROXY=["127.0.0.1"] +PEERTUBE_SMTP_HOSTNAME=postfix +PEERTUBE_SMTP_PORT=25 +PEERTUBE_SMTP_FROM=info@{{ domain }} +PEERTUBE_SMTP_TLS=false +PEERTUBE_ADMIN_EMAIL=info@{{ domain }} + +POSTGRES_USER=peertube +POSTGRES_PASSWORD={{ postgres_password }} diff --git a/nginx.conf b/templates/nginx.conf similarity index 96% rename from nginx.conf rename to templates/nginx.conf index 41ec577..119d441 100644 --- a/nginx.conf +++ b/templates/nginx.conf @@ -25,7 +25,7 @@ http { add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; location / { - proxy_pass http://peertube:9000; + proxy_pass http://peertube:9000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/traefik.toml b/templates/traefik.toml similarity index 98% rename from traefik.toml rename to templates/traefik.toml index 458faea..50b8b3d 100644 --- a/traefik.toml +++ b/templates/traefik.toml @@ -60,7 +60,7 @@ entryPoint = "https" # Domains list. # [[acme.domains]] - main = "peertube.social" + main = "{{ domain }}" # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge #