From 6026d7ec03a8438cc18fd55417f54b85ce2dbcb3 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Tue, 20 May 2025 17:40:24 +0200
Subject: [PATCH] Optimized peertube

---
 roles/docker-peertube/tasks/enable-oidc.yml   | 39 ++++++++++++-------
 .../templates/docker-compose.yml.j2           |  3 +-
 roles/docker-peertube/vars/configuration.yml  |  2 +-
 roles/docker-peertube/vars/oidc-settings.yml  | 12 ++++++
 roles/nginx-serve-files/tasks/main.yml        |  4 +-
 5 files changed, 41 insertions(+), 19 deletions(-)
 create mode 100644 roles/docker-peertube/vars/oidc-settings.yml

diff --git a/roles/docker-peertube/tasks/enable-oidc.yml b/roles/docker-peertube/tasks/enable-oidc.yml
index a09f0df5..1cbb53e7 100644
--- a/roles/docker-peertube/tasks/enable-oidc.yml
+++ b/roles/docker-peertube/tasks/enable-oidc.yml
@@ -1,8 +1,29 @@
+- name: "Load OIDC Settings vor Peertube"
+  include_vars: vars/oidc-settings.yml
+  changed_when: false
+
 - name: "Install auth-openid-connect plugin for Peertube"
   command: >
     docker exec {{ container_name }} \
     npm run plugin:install -- --npm-name {{oidc_plugin}}
 
+#- name: "Insert the settings column of the auth-openid-connect plugin"
+#  community.postgresql.postgresql_query:
+#    db: "{{ database_name }}"
+#    login_user: "{{ database_username }}"
+#    login_password: "{{ database_password }}"
+#    login_host: "127.0.0.1"
+#    login_port: "{{ database_port }}"
+#    query: |
+#      INSERT INTO public.plugin (name, settings, enabled)
+#      VALUES (
+#        'auth-openid-connect',
+#        '{{ oidc_settings | to_json }}',
+#        TRUE
+#      );
+#  register: result_insert
+#  ignore_errors: yes
+
 - name: "Update the settings column of the auth-openid-connect plugin"
   community.postgresql.postgresql_query:
     db: "{{ database_name }}"
@@ -11,20 +32,8 @@
     login_host: "127.0.0.1"
     login_port: "{{ database_port }}"
     query: |
-      UPDATE plugins
-      SET settings = '{
-        "scope": "openid email profile",
-        "client-id": "{{ oidc.client.id }}",
-        "discover-url": "{{ oidc.client.discovery_document }}",
-        "client-secret": "{{ oidc.client.secret }}",
-        "mail-property": "email",
-        "auth-display-name": "{{ oidc.button_text }}",
-        "username-property": "{{ oidc.attributes.username }}",
-        "signature-algorithm": "RS256",
-        "display-name-property": "{{ oidc.attributes.username }}"
-      }',
+      UPDATE public.plugin
+      SET settings = '{{ oidc_settings | to_json }}',
       enabled = TRUE
       WHERE name = 'auth-openid-connect';
-  when: applications | is_feature_enabled('oidc', application_id)
-  become: true
-  become_user: "{{ container_name }}"
\ No newline at end of file
+  #when: result_insert.rc != 0
diff --git a/roles/docker-peertube/templates/docker-compose.yml.j2 b/roles/docker-peertube/templates/docker-compose.yml.j2
index 79e946ea..849015db 100644
--- a/roles/docker-peertube/templates/docker-compose.yml.j2
+++ b/roles/docker-peertube/templates/docker-compose.yml.j2
@@ -5,7 +5,8 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
 
   application:
-    image: chocobozzz/peertube:production-{{applications.peertube.version}}
+    image: chocobozzz/peertube:production-{{ applications[application_id].version }}
+    container_name: {{ container_name }}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
      - "1935:1935"  # @todo Add to ports
diff --git a/roles/docker-peertube/vars/configuration.yml b/roles/docker-peertube/vars/configuration.yml
index 4553c84b..a6090fd0 100644
--- a/roles/docker-peertube/vars/configuration.yml
+++ b/roles/docker-peertube/vars/configuration.yml
@@ -4,7 +4,7 @@ features:
   css:                false
   portfolio_iframe:   false
   central_database:   true
-  oidc:               false
+  oidc:               true
 csp:
   flags:
     script-src:
diff --git a/roles/docker-peertube/vars/oidc-settings.yml b/roles/docker-peertube/vars/oidc-settings.yml
new file mode 100644
index 00000000..8457b034
--- /dev/null
+++ b/roles/docker-peertube/vars/oidc-settings.yml
@@ -0,0 +1,12 @@
+oidc_settings: |
+  {
+    "scope": "openid email profile",
+    "client-id": "{{ oidc.client.id }}",
+    "discover-url": "{{ oidc.client.discovery_document }}",
+    "client-secret": "{{ oidc.client.secret }}",
+    "mail-property": "email",
+    "auth-display-name": "{{ oidc.button_text }}",
+    "username-property": "{{ oidc.attributes.username }}",
+    "signature-algorithm": "RS256",
+    "display-name-property": "{{ oidc.attributes.username }}"
+  }
diff --git a/roles/nginx-serve-files/tasks/main.yml b/roles/nginx-serve-files/tasks/main.yml
index b7fec0cc..cf091adf 100644
--- a/roles/nginx-serve-files/tasks/main.yml
+++ b/roles/nginx-serve-files/tasks/main.yml
@@ -3,11 +3,11 @@
   include_role:
     name: nginx-https-get-cert-modify-all
   vars:
-    domain:     "{{domains | get_domain(application_id)}}"
+    domain:     "{{ domains | get_domain(application_id) }}"
     http_port:  "{{ ports.localhost.http[application_id] }}"
 
 - name: "generate {{domains | get_domain(application_id)}}.conf"
   template: 
     src:  "nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domains | get_domain(application_id)}}.conf"
+    dest: "{{ nginx.directories.http.servers }}{{ domains | get_domain(application_id) }}.conf"
   notify: restart nginx
\ No newline at end of file