kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-06-25 03:38:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized peertube

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-05-20 17:40:24 +02:00
parent 97b9e19c5b
commit 6026d7ec03
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
5 changed files with 41 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
roles/docker-peertube/tasks/enable-oidc.yml
View File

@ -1,8 +1,29 @@
- name: "Load OIDC Settings vor Peertube"
include_vars: vars/oidc-settings.yml
changed_when: false
- name: "Install auth-openid-connect plugin for Peertube"
command: >
docker exec {{ container_name }} \
npm run plugin:install -- --npm-name {{oidc_plugin}}
#- name: "Insert the settings column of the auth-openid-connect plugin"
# community.postgresql.postgresql_query:
# db: "{{ database_name }}"
# login_user: "{{ database_username }}"
# login_password: "{{ database_password }}"
# login_host: "127.0.0.1"
# login_port: "{{ database_port }}"
# query: |
# INSERT INTO public.plugin (name, settings, enabled)
# VALUES (
# 'auth-openid-connect',
# '{{ oidc_settings | to_json }}',
# TRUE
# );
# register: result_insert
# ignore_errors: yes
- name: "Update the settings column of the auth-openid-connect plugin"
community.postgresql.postgresql_query:
db: "{{ database_name }}"
@ -11,20 +32,8 @@
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: |
UPDATE plugins
SET settings = '{
"scope": "openid email profile",
"client-id": "{{ oidc.client.id }}",
"discover-url": "{{ oidc.client.discovery_document }}",
"client-secret": "{{ oidc.client.secret }}",
"mail-property": "email",
"auth-display-name": "{{ oidc.button_text }}",
"username-property": "{{ oidc.attributes.username }}",
"signature-algorithm": "RS256",
"display-name-property": "{{ oidc.attributes.username }}"
}',
UPDATE public.plugin
SET settings = '{{ oidc_settings | to_json }}',
enabled = TRUE
WHERE name = 'auth-openid-connect';
when: applications | is_feature_enabled('oidc', application_id)
become: true
become_user: "{{ container_name }}"
#when: result_insert.rc != 0

3
roles/docker-peertube/templates/docker-compose.yml.j2
View File

@ -5,7 +5,8 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
image: chocobozzz/peertube:production-{{applications.peertube.version}}
image: chocobozzz/peertube:production-{{ applications[application_id].version }}
container_name: {{ container_name }}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "1935:1935" # @todo Add to ports

2
roles/docker-peertube/vars/configuration.yml
View File

@ -4,7 +4,7 @@ features:
css: false
portfolio_iframe: false
central_database: true
oidc: false
oidc: true
csp:
flags:
script-src:

12
roles/docker-peertube/vars/oidc-settings.yml Normal file
View File

@ -0,0 +1,12 @@
oidc_settings: |
{
"scope": "openid email profile",
"client-id": "{{ oidc.client.id }}",
"discover-url": "{{ oidc.client.discovery_document }}",
"client-secret": "{{ oidc.client.secret }}",
"mail-property": "email",
"auth-display-name": "{{ oidc.button_text }}",
"username-property": "{{ oidc.attributes.username }}",
"signature-algorithm": "RS256",
"display-name-property": "{{ oidc.attributes.username }}"
}

4
roles/nginx-serve-files/tasks/main.yml
View File

@ -3,11 +3,11 @@
include_role:
name: nginx-https-get-cert-modify-all
vars:
domain: "{{domains | get_domain(application_id)}}"
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "generate {{domains | get_domain(application_id)}}.conf"
template:
src: "nginx.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains | get_domain(application_id)}}.conf"
dest: "{{ nginx.directories.http.servers }}{{ domains | get_domain(application_id) }}.conf"
notify: restart nginx