Convert project to ansible
This commit is contained in:
parent
cd5b794fe1
commit
408d1cf7f4
10 changed files with 110 additions and 22 deletions
19
.env
19
.env
|
@ -1,19 +0,0 @@
|
||||||
PEERTUBE_WEBSERVER_HOSTNAME=peertube.social
|
|
||||||
PEERTUBE_WEBSERVER_PORT=443
|
|
||||||
PEERTUBE_WEBSERVER_HTTPS=true
|
|
||||||
PEERTUBE_TRUST_PROXY=["127.0.0.1"]
|
|
||||||
# If you need more than one IP as trust_proxy
|
|
||||||
# pass them as a comma separated array:
|
|
||||||
#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"]
|
|
||||||
#PEERTUBE_SMTP_USERNAME=
|
|
||||||
#PEERTUBE_SMTP_PASSWORD=
|
|
||||||
PEERTUBE_SMTP_HOSTNAME=postfix
|
|
||||||
PEERTUBE_SMTP_PORT=25
|
|
||||||
PEERTUBE_SMTP_FROM=info@peertube.social
|
|
||||||
PEERTUBE_SMTP_TLS=false
|
|
||||||
#PEERTUBE_SMTP_DISABLE_STARTTLS=false
|
|
||||||
PEERTUBE_ADMIN_EMAIL=info@peertube.social
|
|
||||||
|
|
||||||
# this will override the config value
|
|
||||||
#PEERTUBE_DB_USERNAME=peertube
|
|
||||||
#PEERTUBE_DB_PASSWORD=WBUe8qGIIQFUIkcg
|
|
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1 +1,2 @@
|
||||||
volumes/
|
passwords/
|
||||||
|
peertube.retry
|
||||||
|
|
15
README.md
Normal file
15
README.md
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Peertube setup with Ansible and Docker-Compose
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
Configure your ssh connection in `inventory`.
|
||||||
|
|
||||||
|
Install Ansible:
|
||||||
|
|
||||||
|
pip2 install ansible
|
||||||
|
|
||||||
|
Run the playbook:
|
||||||
|
|
||||||
|
ansible-playbook --become -K peertube.yml
|
||||||
|
|
||||||
|
It will prompt for root password to escalate privileges through `sudo`.
|
5
ansible.cfg
Normal file
5
ansible.cfg
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
[defaults]
|
||||||
|
inventory=inventory
|
||||||
|
|
||||||
|
[ssh_connection]
|
||||||
|
pipelining = True
|
5
inventory
Normal file
5
inventory
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
[peertube]
|
||||||
|
root@testing.peertube.social domain=testing.peertube.social
|
||||||
|
|
||||||
|
[all:vars]
|
||||||
|
ansible_connection=ssh
|
63
peertube.yml
Normal file
63
peertube.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
|
||||||
|
# Install python if required
|
||||||
|
# https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
|
||||||
|
gather_facts: False
|
||||||
|
pre_tasks:
|
||||||
|
- name: install python for Ansible
|
||||||
|
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools)
|
||||||
|
register: output
|
||||||
|
changed_when: output.stdout != ""
|
||||||
|
- setup: # gather facts
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: install dependencies
|
||||||
|
apt:
|
||||||
|
pkg: ['docker-compose', 'docker.io']
|
||||||
|
|
||||||
|
- name: create peertube folder
|
||||||
|
file: path=/peertube/volumes/traefik/ state=directory mode=0755
|
||||||
|
|
||||||
|
- name: add all template files
|
||||||
|
template: src={{item.src}} dest={{item.dest}}
|
||||||
|
with_items:
|
||||||
|
- { src: 'templates/docker-compose.yml', dest: '/peertube/docker-compose.yml' }
|
||||||
|
- { src: 'templates/env', dest: '/peertube/.env' }
|
||||||
|
- { src: 'templates/nginx.conf', dest: '/peertube/nginx.conf' }
|
||||||
|
- { src: 'templates/traefik.toml', dest: '/peertube/traefik.toml' }
|
||||||
|
vars:
|
||||||
|
postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
|
||||||
|
|
||||||
|
- name: set traefik data file and env file permissions
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: touch
|
||||||
|
mode: 0600
|
||||||
|
access_time: preserve
|
||||||
|
modification_time: preserve
|
||||||
|
with_items:
|
||||||
|
- { path: '/peertube/volumes/traefik/acme.json' }
|
||||||
|
- { path: '/peertube/.env' }
|
||||||
|
|
||||||
|
- name: enable and start docker service
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: start docker-compose
|
||||||
|
docker_service:
|
||||||
|
project_src: /peertube/
|
||||||
|
state: present
|
||||||
|
pull: yes
|
||||||
|
|
||||||
|
- name: fetch root password
|
||||||
|
shell: "docker-compose -f /peertube/docker-compose.yml logs peertube | grep 'User password' | awk 'NF{ print $NF }'"
|
||||||
|
register: password
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- name: print root password
|
||||||
|
debug:
|
||||||
|
msg: "The admin login is user=root, password={{ password.stdout }}"
|
||||||
|
when: password.stdout != ""
|
|
@ -42,6 +42,9 @@ services:
|
||||||
- ./volumes/data:/data
|
- ./volumes/data:/data
|
||||||
- /mnt/external:/data-external
|
- /mnt/external:/data-external
|
||||||
- ./volumes/config:/config
|
- ./volumes/config:/config
|
||||||
|
environment:
|
||||||
|
- PEERTUBE_DB_USERNAME=${POSTGRES_USER}
|
||||||
|
- PEERTUBE_DB_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
- redis
|
- redis
|
||||||
|
@ -54,6 +57,9 @@ services:
|
||||||
- ./volumes/db:/var/lib/postgresql/data
|
- ./volumes/db:/var/lib/postgresql/data
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: "false"
|
traefik.enable: "false"
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=${POSTGRES_USER}
|
||||||
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||||
restart: "always"
|
restart: "always"
|
||||||
|
|
||||||
redis:
|
redis:
|
12
templates/env
Normal file
12
templates/env
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
PEERTUBE_WEBSERVER_HOSTNAME={{ domain }}
|
||||||
|
PEERTUBE_WEBSERVER_PORT=443
|
||||||
|
PEERTUBE_WEBSERVER_HTTPS=true
|
||||||
|
PEERTUBE_TRUST_PROXY=["127.0.0.1"]
|
||||||
|
PEERTUBE_SMTP_HOSTNAME=postfix
|
||||||
|
PEERTUBE_SMTP_PORT=25
|
||||||
|
PEERTUBE_SMTP_FROM=info@{{ domain }}
|
||||||
|
PEERTUBE_SMTP_TLS=false
|
||||||
|
PEERTUBE_ADMIN_EMAIL=info@{{ domain }}
|
||||||
|
|
||||||
|
POSTGRES_USER=peertube
|
||||||
|
POSTGRES_PASSWORD={{ postgres_password }}
|
|
@ -25,7 +25,7 @@ http {
|
||||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://peertube:9000;
|
proxy_pass http://peertube:9000;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
@ -60,7 +60,7 @@ entryPoint = "https"
|
||||||
# Domains list.
|
# Domains list.
|
||||||
#
|
#
|
||||||
[[acme.domains]]
|
[[acme.domains]]
|
||||||
main = "peertube.social"
|
main = "{{ domain }}"
|
||||||
|
|
||||||
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
|
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
|
||||||
#
|
#
|
Loading…
Reference in a new issue