Commit 35b3b3e5 authored by popi's avatar popi

adding more flexibility on passwords and cleaning up tags and become

parent bf2b93b3
......@@ -2,7 +2,6 @@
# tasks file for nodejs_debian
- name: download nodeJS 8
become: true
become_user: "{{ app_user }}"
shell: curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
changed_when: False
......
---
# defaults file for peertube
## SMTP optional variables
## SMTP optional variables. If unset, PeerTube will not be able to send
## email notifications.
#smtp:
# smtp_hostname: null
# smtp_port: 465
......@@ -10,3 +11,13 @@
# smtp_tls: true
# smtp_ca_file: null
# smtp_email_admin: admin@example.com
## For serious handling of passwords, you should use ansible-vault
## If not defined, a random password will be generated and set up in
# ./pgsql.credentials
#postgresql_password: "super-secret"
## PeerTube OS user password
## If not defined, a random password will be generated and set up in
# ./peertube.credentials
#peertube_password: "top-secret"
---
#- name: set up main config file
# tags: config
# blockinfile:
# marker: '# ANSIBLE {mark} FQDN'
# block: |
- name: set up main config file
tags: config
template:
src: production.j2
dest: /var/www/peertube/config/production.yaml
......@@ -16,7 +9,6 @@
mode: 0600
- name: set up nginx config file (behind reverse proxy)
tags: config
template:
src: nginx-behind-reverse.j2
dest: /etc/nginx/sites-available/peertube
......@@ -25,7 +17,6 @@
mode: 0644
- name: create symbolic link to sites-enable for nginx config file
tags: config
file:
state: link
src: /etc/nginx/sites-available/peertube
......@@ -33,7 +24,6 @@
notify: reload nginx
- name: set up systemd service unit for peertube
tags: config
copy:
remote_src: yes
src: /var/www/peertube/peertube-latest/support/systemd/peertube.service
......@@ -44,7 +34,6 @@
notify: reload systemd
- name: set up service unit peertube on startup
tags: config
systemd:
enabled: yes
name: peertube
......@@ -59,6 +48,6 @@
$ sudo journalctl -feu peertube
Once the testing period is over and all is well, consider lowering log level to warning.
tags: config, info
tags: info
...
......@@ -2,7 +2,6 @@
# tasks file for peertube
- name: install packages
tags: install
apt:
name: "{{ item }}"
state: present
......@@ -13,32 +12,28 @@
- vim
- name: create app user {{ app_user }}
tags: install
user:
name: "{{ app_user }}"
comment: "For app {{ app_user }}"
groups: sudo
password: "{{lookup('password', '~/%s.credentials.txt chars=ascii_letters,digits' % '{{ app_user }}' )}}"
password: "{{ peertube_password | default(lookup('password', './%s.credentials.txt chars=ascii_letters,digits' % '{{ app_user }}' ))}}"
update_password: on_create
home: /var/www/peertube
createhome: yes
shell: /bin/bash
- name: install nodeJS for Debian
tags: install
import_role:
name: nodejs
vars:
nodejs_user: "{{ app_user }}"
- name: install yarn gpg key for repository
tags: install
apt_key:
url: "https://dl.yarnpkg.com/debian/pubkey.gpg"
state: present
- name: set up yarn repository
tags: install
lineinfile:
line: "deb https://dl.yarnpkg.com/debian/ stable main"
regexp: '^deb https://dl.yarnpkg.com'
......@@ -49,14 +44,12 @@
create: yes
- name: install yarn package
tags: install
apt:
update_cache: yes
name: yarn
state: present
- name: install remaining packages
tags: install
apt:
name: "{{ item }}"
state: present
......@@ -73,7 +66,6 @@
- python-psycopg2
- name: request ffmpeg and g++ versions
tags: install
shell: "ffmpeg -version && g++ -v 2>&1"
register: pkg_version
changed_when: False
......@@ -81,33 +73,28 @@
- name: check (DO CHECK) versions installed are recent enough
debug:
msg: "ffmpeg should be >= 3.x \n g++ should be >- 5.x"
tags: install
- name: display ffmpeg and g++ versions
debug: var=pkg_version.stdout_lines
tags: install
- name: set up postgres DB
tags: install, pg
become: true
tags: pg
become_user: postgres
postgresql_db:
name: peertube_prod
login_user: postgres
- name: set up postgres User
tags: install, pg
become: true
tags: pg
become_user: postgres
postgresql_user:
name: peertube
password: "{{ lookup('password', '~/%s.credentials.txt chars=ascii_letters,digits' % 'pgsql_user' )}}"
password: "{{ postgresql_password | default(lookup('password', './%s.credentials.txt chars=ascii_letters,digits' % 'pgsql')) }}"
db: peertube_prod
login_user: postgres
- name: set up pgsql extensions
tags: install, pg
become: true
tags: pg
become_user: postgres
postgresql_ext:
db: peertube_prod
......@@ -118,7 +105,6 @@
- unaccent
- name: create required directories
tags: install
file:
state: directory
path: /var/www/peertube/{{ item }}
......@@ -130,19 +116,19 @@
- versions
- name: determine latest version
tags: install, unzip
tags: unzip
shell: curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4
register: last_version
changed_when: False
- name: set version variable
tags: install, unzip
tags: unzip
set_fact:
peer_version: "{{ custom_version | default(last_version.stdout) }}"
## As per install doc, we have to use some gymnastic with zip file
- name: download and extract archive
tags: install, unzip
tags: unzip
unarchive:
creates: /var/www/peertube/versions/peertube-{{ peer_version }}
dest: /var/www/peertube/versions/
......@@ -153,8 +139,6 @@
## Not working, as the zip file adds some required 'dist' folders that are missing in tag
#- name: git clone latest version of peertube
# tags: install#
# become: true
# become_user: "{{ app_user }}"
# git:
# clone: yes
......@@ -163,14 +147,12 @@
# version: "{{ peer_version }}"
- name: create link to latest
tags: install
file:
state: link
src: /var/www/peertube/versions/peertube-{{ peer_version }}
dest: /var/www/peertube/peertube-latest
- name: ensure all belongs to {{ app_user }}
tags: install
file:
state: directory
recurse: yes
......@@ -180,10 +162,7 @@
path: /var/www/peertube/peertube-latest
- name: install peertube
tags: install
become: true
become_user: "{{ app_user }}"
shell: cd /var/www/peertube/peertube-latest && yarn install --production --pure-lockfile
shell: cd /var/www/peertube/peertube-latest && sudo -u {{ app_user }} yarn install --production --pure-lockfile
changed_when: False
- name: Installation is finished, configuration is left to the user
......@@ -194,5 +173,5 @@
Please not that 'certbot' was NOT installed (not required if you are using a reverse proxy for your web apps).
Next is to set up a minimum working configuration..."
tags: install, info
tags: info
...
---
- import_tasks: install.yml
tags: install
- import_tasks: config.yml
tags: config
...
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment