Commit ab65f01d authored by popi's avatar popi

adding minimum config eventually

parent 49c5be93
......@@ -8,19 +8,26 @@ If you do not kwow what is peertube, see https://purr.rigelk.eu/lang/en/docs/get
Playbook
--------
The `peertube` role installs all required packages and further downloads and install Peertube on a Debian server (>= Stretch).
This is just an automation of the official documentation to install Peertube on Debian. https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md (up to [here](https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md#peertube-configuration) )
This is just an automation of the official documentation to install Peertube on Debian that you can found at: https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md
The playbook will set up a minimal configuration for Peertube and Nginx in the scenario of being behind a reverse proxy (=> **no HTTPS** is done on the host).
Whenever needed, passwords are generated dynamically and stored in ~/%s.credentials.txt so that Ansible reuse them on next run (idempotent).
Requirements
------------
OS: Debian Stretch (tested successfully in LXC container)
Read **carefully** the output of the play as well as the official documentation to finish configuring your instance once Peertube is installed.
Read **carefully** the output of the play as well as the official documentation. Review the resulting configuration files in `/var/www/peertube/config/production.yaml`.
PeerTube **does not support webserver host change**. Keep in mind your domain name is definitive after your first PeerTube start.
Role Variables
--------------
- **app_user**: user for running the peertube instance. Set to `peertube` as per documentation.
- **app_domain**: the FQDN for your resulting Peertube instance.
Dependencies
------------
......
[peertube]
your-server
anthurium
---
## playbook to install peertube latest beta on Debian
## playbook to install and configure peertube latest beta on Debian
## passwords for app_user and postgresql are generated dynamically and
## written in ~/<username>.credentials.txt
- hosts: peertube
become: yes
tags: peertube
vars_prompt:
name: app_domain
prompt: Full qualified domain name for you Peertube instance? (cannot be changed once Peertube is started, so choose carefully).
private: no
vars:
app_user: peertube
vars_prompt:
name: peertube_password
prompt: "Enter the password you wish to set for peertube PostGreSQL user"
private: yes
roles:
- peertube
......
---
# handlers file for peertube
\ No newline at end of file
# handlers file for peertube
- name: reload systemd
become: yes
systemd: daemon_reload=yes
changed_when: True
- name: reload nginx
become: yes
service: name=nginx state=reloaded
changed_when: True
...
---
- name: set up main config file
tags: config
template:
src: production.yaml.tpl
dest: /var/www/peertube/config/production.yaml
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: 0600
- name: set up nginx config file (behind reverse proxy)
tags: config
template:
src: nginx-behind-reverse.conf
dest: /etc/nginx/sites-available/peertube
owner: root
group: root
mode: 0644
- name: create symbolic link to sites-enable for nginx config file
tags: config
file:
state: link
src: /etc/nginx/sites-available/peertube
path: /etc/nginx/sites-enabled/peertube
notify: reload nginx
- name: set up systemd service unit for peertube
tags: config
copy:
remote_src: yes
src: /var/www/peertube/peertube-latest/support/systemd/peertube.service
dest: /etc/systemd/system/
owner: root
group: root
mode: 0644
notify: reload systemd
- name: set up service unit peertube on startup
tags: config
systemd:
enabled: yes
name: peertube
- debug:
tags: config
msg: "Peertube is almost ready to run!\nPlease REVIEW the main config file and complete it accordingly.\n\nWhen ready, use the following command to start it and control journalctl output:\n$ sudo systemctl start peertube\n$ sudo journalctl -feu peertube\n\nOnce the testing period is over and all is well, consider lowering log level to warning."
...
......@@ -86,7 +86,7 @@
become_user: postgres
postgresql_user:
name: peertube
password: "{{ peertube_password }}"
password: "{{ lookup('password', '~/%s.credentials.txt chars=ascii_letters,digits' % 'pgsql_user' )}}"
db: peertube_prod
login_user: postgres
......@@ -159,7 +159,7 @@
shell: cd /var/www/peertube/peertube-latest && yarn install --production --pure-lockfile
- name: Installation is finished, configuration is left to the user
tags: config
tags: install
debug:
msg: "Installation complete!\n\nPlease not that 'certbot' was NOT installed (not required if you are using a reverse proxy for your web apps).\n\nFollow the end of the install documenation to configure and start your peertube instance:\nhttps://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md#peertube-configuration"
msg: "Installation complete!\n\nPlease not that 'certbot' was NOT installed (not required if you are using a reverse proxy for your web apps).\n\nNext is to set up a minimum working configuration..."
...
---
- import_tasks: install.yml
- import_tasks: config.yml
...
server {
listen 80;
listen [::]:80;
server_name {{ app_domain }};
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
access_log /var/log/nginx/{{ app_domain }}.access.log;
error_log /var/log/nginx/{{ app_domain }}.error.log;
#location ^~ '/.well-known/acme-challenge' {
# default_type "text/plain";
# root /var/www/certbot;
#}
location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
add_header Cache-Control "public, max-age=31536000, immutable";
alias /var/www/peertube/peertube-latest/client/dist/$1;
}
location ~ ^/static/(thumbnails|avatars)/(.*)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
alias /var/www/peertube/storage/$1/$2;
}
location / {
proxy_pass http://localhost:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Hard limit, PeerTube does not support videos > 4GB
client_max_body_size 4G;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
# Bypass PeerTube webseed route for better performances
location /static/webseed {
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
limit_rate 800k;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Don't spam access log file with byte range requests
access_log off;
}
alias /var/www/peertube/storage/videos;
}
# Websocket tracker
location /tracker/socket {
# Peers send a message to the tracker every 15 minutes
# Don't close the websocket before this time
proxy_read_timeout 1200s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:9000;
}
}
listen:
hostname: 'localhost'
port: 9000
# Correspond to your reverse proxy "listen" configuration
webserver:
https: true
hostname: '{{ app_domain }}'
port: 443
# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
- 'loopback'
# Your database name will be "peertube"+database.suffix
database:
hostname: 'localhost'
port: 5432
suffix: '_prod'
username: 'peertube'
password: "{{ lookup('password', '~/%s.credentials.txt chars=ascii_letters,digits' % 'pgsql_user' )}}"
# Redis server for short time storage
redis:
hostname: 'localhost'
port: 6379
auth: null
db: 0
# SMTP server to send emails
smtp:
hostname: null
port: 465 # If you use StartTLS: 587
username: null
password: null
tls: true # If you use StartTLS: false
disable_starttls: false
ca_file: null # Used for self signed certificates
from_address: 'admin@example.com'
# From the project root directory
storage:
avatars: '/var/www/peertube/storage/avatars/'
videos: '/var/www/peertube/storage/videos/'
logs: '/var/www/peertube/storage/logs/'
previews: '/var/www/peertube/storage/previews/'
thumbnails: '/var/www/peertube/storage/thumbnails/'
torrents: '/var/www/peertube/storage/torrents/'
cache: '/var/www/peertube/storage/cache/'
log:
level: 'info' # debug/info/warning/error
###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube.
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\.
#
###############################################################################
cache:
previews:
size: 100 # Max number of previews you want to cache
admin:
email: 'admin@example.com'
signup:
enabled: false
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
filters:
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
blacklist: []
user:
# Default value of maximum video BYTES the user can upload (does not take into account transcoded files).
# -1 == unlimited
video_quota: -1
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
# Please, do not disable transcoding since many uploaded videos will not work
transcoding:
enabled: true
threads: 1
resolutions: # Only created if the original video has a higher resolution, uses more storage!
240p: false
360p: false
480p: false
720p: false
1080p: false
# Instance settings
instance:
name: 'PeerTube'
short_description: 'PeerTube, a federated (ActivityPub) video streaming platform using P2P (BitTorrent) directly in the web browser with WebTorrent and Angular.'
description: '' # Support markdown
terms: '' # Support markdown
default_client_route: '/videos/trending'
# By default, "do_not_list" or "blur" or "display" NSFW videos
# Could be overridden per user with a setting
default_nsfw_policy: 'do_not_list'
customizations:
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:'
robots: |
User-agent: *
Disallow: ''
services:
# Cards configuration to format video in Twitter
twitter:
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
# If false, we use an image link card that will redirect on your PeerTube instance
# Test on https://cards-dev.twitter.com/validator to see if you are whitelisted
whitelisted: false
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment