Convert project to ansible

.env

@@ -1,19 +0,0 @@
-PEERTUBE_WEBSERVER_HOSTNAME=peertube.social
-PEERTUBE_WEBSERVER_PORT=443
-PEERTUBE_WEBSERVER_HTTPS=true
-PEERTUBE_TRUST_PROXY=["127.0.0.1"]
-# If you need more than one IP as trust_proxy
-# pass them as a comma separated array:
-#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
-#PEERTUBE_SMTP_USERNAME=
-#PEERTUBE_SMTP_PASSWORD=
-PEERTUBE_SMTP_HOSTNAME=postfix
-PEERTUBE_SMTP_PORT=25
-PEERTUBE_SMTP_FROM=info@peertube.social
-PEERTUBE_SMTP_TLS=false
-#PEERTUBE_SMTP_DISABLE_STARTTLS=false
-PEERTUBE_ADMIN_EMAIL=info@peertube.social
-
-# this will override the config value
-#PEERTUBE_DB_USERNAME=peertube
-#PEERTUBE_DB_PASSWORD=WBUe8qGIIQFUIkcg

.gitignore

@@ -1 +1,2 @@
-volumes/
+passwords/
+peertube.retry

README.md

@@ -0,0 +1,15 @@
+# Peertube setup with Ansible and Docker-Compose
+
+## Setup
+
+Configure your ssh connection in `inventory`.
+
+Install Ansible:
+
+    pip2 install ansible
+
+Run the playbook:
+
+    ansible-playbook --become -K peertube.yml
+
+It will prompt for root password to escalate privileges through `sudo`.

ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+inventory=inventory
+
+[ssh_connection]
+pipelining = True

inventory

@@ -0,0 +1,5 @@
+[peertube]
+root@testing.peertube.social domain=testing.peertube.social
+
+[all:vars]
+ansible_connection=ssh

peertube.yml

@@ -0,0 +1,63 @@
+---
+- hosts: all
+
+  # Install python if required
+  # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
+  gather_facts: False
+  pre_tasks:
+    - name: install python for Ansible
+      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools)
+      register: output
+      changed_when: output.stdout != ""
+    - setup: # gather facts
+
+  tasks:
+  - name: install dependencies
+    apt:
+      pkg: ['docker-compose', 'docker.io']
+
+  - name: create peertube folder
+    file: path=/peertube/volumes/traefik/ state=directory mode=0755
+
+  - name:  add all template files
+    template: src={{item.src}} dest={{item.dest}}
+    with_items:
+      - { src: 'templates/docker-compose.yml', dest: '/peertube/docker-compose.yml' }
+      - { src: 'templates/env', dest: '/peertube/.env' }
+      - { src: 'templates/nginx.conf', dest: '/peertube/nginx.conf' }
+      - { src: 'templates/traefik.toml', dest: '/peertube/traefik.toml' }
+    vars:
+      postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
+
+  - name: set traefik data file and env file permissions
+    file:
+      path: "{{ item.path }}"
+      state: touch
+      mode: 0600
+      access_time: preserve
+      modification_time: preserve
+    with_items:
+      - { path: '/peertube/volumes/traefik/acme.json' }
+      - { path: '/peertube/.env' }
+
+  - name: enable and start docker service
+    systemd:
+      name: docker
+      enabled: yes
+      state: started
+
+  - name: start docker-compose
+    docker_service:
+      project_src: /peertube/
+      state: present
+      pull: yes
+
+  - name: fetch root password
+    shell: "docker-compose -f /peertube/docker-compose.yml logs peertube | grep 'User password' | awk 'NF{ print $NF }'"
+    register: password
+    changed_when: False
+
+  - name: print root password
+    debug:
+      msg: "The admin login is user=root, password={{ password.stdout }}"
+    when: password.stdout != ""

templates/docker-compose.yml

@@ -42,6 +42,9 @@ services:
       - ./volumes/data:/data
       - /mnt/external:/data-external
       - ./volumes/config:/config
+    environment:
+      - PEERTUBE_DB_USERNAME=${POSTGRES_USER}
+      - PEERTUBE_DB_PASSWORD=${POSTGRES_PASSWORD}
     depends_on:
       - postgres
       - redis
@@ -54,6 +57,9 @@ services:
       - ./volumes/db:/var/lib/postgresql/data
     labels:
       traefik.enable: "false"
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
     restart: "always"
 
   redis:

templates/env

@@ -0,0 +1,12 @@
+PEERTUBE_WEBSERVER_HOSTNAME={{ domain }}
+PEERTUBE_WEBSERVER_PORT=443
+PEERTUBE_WEBSERVER_HTTPS=true
+PEERTUBE_TRUST_PROXY=["127.0.0.1"]
+PEERTUBE_SMTP_HOSTNAME=postfix
+PEERTUBE_SMTP_PORT=25
+PEERTUBE_SMTP_FROM=info@{{ domain }}
+PEERTUBE_SMTP_TLS=false
+PEERTUBE_ADMIN_EMAIL=info@{{ domain }}
+
+POSTGRES_USER=peertube
+POSTGRES_PASSWORD={{ postgres_password }}

templates/traefik.toml

@@ -60,7 +60,7 @@ entryPoint = "https"
 # Domains list.
 #
 [[acme.domains]]
-  main = "peertube.social"
+  main = "{{ domain }}"
 
 # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
 #