kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-06-25 11:45:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized peertube

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-05-20 17:40:24 +02:00
parent 97b9e19c5b
commit 6026d7ec03
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
5 changed files with 41 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
roles/docker-peertube/tasks/enable-oidc.yml
View File

@ -1,8 +1,29 @@
- name: "Load OIDC Settings vor Peertube"
include_vars: vars/oidc-settings.yml
changed_when: false
- name: "Install auth-openid-connect plugin for Peertube" - name: "Install auth-openid-connect plugin for Peertube"
command: > command: >
docker exec {{ container_name }} \ docker exec {{ container_name }} \
npm run plugin:install -- --npm-name {{oidc_plugin}} npm run plugin:install -- --npm-name {{oidc_plugin}}
#- name: "Insert the settings column of the auth-openid-connect plugin"
# community.postgresql.postgresql_query:
# db: "{{ database_name }}"
# login_user: "{{ database_username }}"
# login_password: "{{ database_password }}"
# login_host: "127.0.0.1"
# login_port: "{{ database_port }}"
# query: |
# INSERT INTO public.plugin (name, settings, enabled)
# VALUES (
# 'auth-openid-connect',
# '{{ oidc_settings | to_json }}',
# TRUE
# );
# register: result_insert
# ignore_errors: yes
- name: "Update the settings column of the auth-openid-connect plugin" - name: "Update the settings column of the auth-openid-connect plugin"
community.postgresql.postgresql_query: community.postgresql.postgresql_query:
db: "{{ database_name }}" db: "{{ database_name }}"
@ -11,20 +32,8 @@
login_host: "127.0.0.1" login_host: "127.0.0.1"
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
query: | query: |
UPDATE plugins UPDATE public.plugin
SET settings = '{ SET settings = '{{ oidc_settings | to_json }}',
"scope": "openid email profile",
"client-id": "{{ oidc.client.id }}",
"discover-url": "{{ oidc.client.discovery_document }}",
"client-secret": "{{ oidc.client.secret }}",
"mail-property": "email",
"auth-display-name": "{{ oidc.button_text }}",
"username-property": "{{ oidc.attributes.username }}",
"signature-algorithm": "RS256",
"display-name-property": "{{ oidc.attributes.username }}"
}',
enabled = TRUE enabled = TRUE
WHERE name = 'auth-openid-connect'; WHERE name = 'auth-openid-connect';
when: applications | is_feature_enabled('oidc', application_id) #when: result_insert.rc != 0
become: true
become_user: "{{ container_name }}"

3
roles/docker-peertube/templates/docker-compose.yml.j2
View File

@ -5,7 +5,8 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application: application:
image: chocobozzz/peertube:production-{{applications.peertube.version}} image: chocobozzz/peertube:production-{{ applications[application_id].version }}
container_name: {{ container_name }}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports: ports:
- "1935:1935" # @todo Add to ports - "1935:1935" # @todo Add to ports

2
roles/docker-peertube/vars/configuration.yml
View File

@ -4,7 +4,7 @@ features:
css: false css: false
portfolio_iframe: false portfolio_iframe: false
central_database: true central_database: true
oidc: false oidc: true
csp: csp:
flags: flags:
script-src: script-src:

12
roles/docker-peertube/vars/oidc-settings.yml Normal file
View File

@ -0,0 +1,12 @@
oidc_settings: |
{
"scope": "openid email profile",
"client-id": "{{ oidc.client.id }}",
"discover-url": "{{ oidc.client.discovery_document }}",
"client-secret": "{{ oidc.client.secret }}",
"mail-property": "email",
"auth-display-name": "{{ oidc.button_text }}",
"username-property": "{{ oidc.attributes.username }}",
"signature-algorithm": "RS256",
"display-name-property": "{{ oidc.attributes.username }}"
}