ibuxxi
/
peertube.social
forked from nutomic/peertube.social
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Convert project to ansible

This commit is contained in:
Felix Ableitner 2019-04-10 21:43:16 +02:00
parent cd5b794fe1
commit 408d1cf7f4
10 changed files with 110 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.env
View File

@ -1,19 +0,0 @@
PEERTUBE_WEBSERVER_HOSTNAME=peertube.social
PEERTUBE_WEBSERVER_PORT=443
PEERTUBE_WEBSERVER_HTTPS=true
PEERTUBE_TRUST_PROXY=["127.0.0.1"]
# If you need more than one IP as trust_proxy
# pass them as a comma separated array:
#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
#PEERTUBE_SMTP_USERNAME=
#PEERTUBE_SMTP_PASSWORD=
PEERTUBE_SMTP_HOSTNAME=postfix
PEERTUBE_SMTP_PORT=25
PEERTUBE_SMTP_FROM=info@peertube.social
PEERTUBE_SMTP_TLS=false
#PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=info@peertube.social
# this will override the config value
#PEERTUBE_DB_USERNAME=peertube
#PEERTUBE_DB_PASSWORD=WBUe8qGIIQFUIkcg

3
.gitignore vendored
View File

@ -1 +1,2 @@
volumes/ passwords/
peertube.retry

15
README.md Normal file
View File

@ -0,0 +1,15 @@
# Peertube setup with Ansible and Docker-Compose
## Setup
Configure your ssh connection in `inventory`.
Install Ansible:
pip2 install ansible
Run the playbook:
ansible-playbook --become -K peertube.yml
It will prompt for root password to escalate privileges through `sudo`.

5
ansible.cfg Normal file
View File

@ -0,0 +1,5 @@
[defaults]
inventory=inventory
[ssh_connection]
pipelining = True

5
inventory Normal file
View File

@ -0,0 +1,5 @@
[peertube]
root@testing.peertube.social domain=testing.peertube.social
[all:vars]
ansible_connection=ssh

63
peertube.yml Normal file
View File

@ -0,0 +1,63 @@
---
- hosts: all
# Install python if required
# https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
gather_facts: False
pre_tasks:
- name: install python for Ansible
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools)
register: output
changed_when: output.stdout != ""
- setup: # gather facts
tasks:
- name: install dependencies
apt:
pkg: ['docker-compose', 'docker.io']
- name: create peertube folder
file: path=/peertube/volumes/traefik/ state=directory mode=0755
- name: add all template files
template: src={{item.src}} dest={{item.dest}}
with_items:
- { src: 'templates/docker-compose.yml', dest: '/peertube/docker-compose.yml' }
- { src: 'templates/env', dest: '/peertube/.env' }
- { src: 'templates/nginx.conf', dest: '/peertube/nginx.conf' }
- { src: 'templates/traefik.toml', dest: '/peertube/traefik.toml' }
vars:
postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
- name: set traefik data file and env file permissions
file:
path: "{{ item.path }}"
state: touch
mode: 0600
access_time: preserve
modification_time: preserve
with_items:
- { path: '/peertube/volumes/traefik/acme.json' }
- { path: '/peertube/.env' }
- name: enable and start docker service
systemd:
name: docker
enabled: yes
state: started
- name: start docker-compose
docker_service:
project_src: /peertube/
state: present
pull: yes
- name: fetch root password
shell: "docker-compose -f /peertube/docker-compose.yml logs peertube | grep 'User password' | awk 'NF{ print $NF }'"
register: password
changed_when: False
- name: print root password
debug:
msg: "The admin login is user=root, password={{ password.stdout }}"
when: password.stdout != ""

6
docker-compose.yaml → templates/docker-compose.yml
View File

@ -42,6 +42,9 @@ services:
- ./volumes/data:/data - ./volumes/data:/data
- /mnt/external:/data-external - /mnt/external:/data-external
- ./volumes/config:/config - ./volumes/config:/config
environment:
- PEERTUBE_DB_USERNAME=${POSTGRES_USER}
- PEERTUBE_DB_PASSWORD=${POSTGRES_PASSWORD}
depends_on: depends_on:
- postgres - postgres
- redis - redis
@ -54,6 +57,9 @@ services:
- ./volumes/db:/var/lib/postgresql/data - ./volumes/db:/var/lib/postgresql/data
labels: labels:
traefik.enable: "false" traefik.enable: "false"
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
restart: "always" restart: "always"
redis: redis:

12
templates/env Normal file
View File

@ -0,0 +1,12 @@
PEERTUBE_WEBSERVER_HOSTNAME={{ domain }}
PEERTUBE_WEBSERVER_PORT=443
PEERTUBE_WEBSERVER_HTTPS=true
PEERTUBE_TRUST_PROXY=["127.0.0.1"]
PEERTUBE_SMTP_HOSTNAME=postfix
PEERTUBE_SMTP_PORT=25
PEERTUBE_SMTP_FROM=info@{{ domain }}
PEERTUBE_SMTP_TLS=false
PEERTUBE_ADMIN_EMAIL=info@{{ domain }}
POSTGRES_USER=peertube
POSTGRES_PASSWORD={{ postgres_password }}

2
nginx.conf → templates/nginx.conf
View File

@ -25,7 +25,7 @@ http {
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
location / { location / {
proxy_pass http://peertube:9000; proxy_pass http://peertube:9000;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

2
traefik.toml → templates/traefik.toml
View File

@ -60,7 +60,7 @@ entryPoint = "https"
# Domains list. # Domains list.
# #
[[acme.domains]] [[acme.domains]]
main = "peertube.social" main = "{{ domain }}"
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
# #