implemented peertube

playbook.yml

@@ -128,6 +128,14 @@
       vars:
         domain: pixelfed.{{top_domain}}
         http_port: 8010
+- name: setup peertube hosts
+  hosts: peertube_hosts
+  become: true
+  roles:
+   -  role: docker-peertube
+      vars:
+        domain: peertube.{{top_domain}}
+        http_port: 8011
 - name: setup akaunting hosts
   hosts: akaunting_hosts
   become: true

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -45,7 +45,7 @@ services:
       - "127.0.0.1:{{ http_port }}:80"
       - "{{ ip4_address }}:25:25"
       - "{{ ip4_address }}:465:465"
-      - "{{ ip4_address }}:587:587"
+      - "{{ ip4_address }}:{{system_email_port}}:{{system_email_port}}"
       - "{{ ip4_address }}:110:110"
       - "{{ ip4_address }}:995:995"
       - "{{ ip4_address }}:143:143"

roles/docker-mastodon/templates/.env.production.j2

@@ -13,7 +13,7 @@ REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=
 SMTP_SERVER={{system_email_host}}
-SMTP_PORT=587
+SMTP_PORT={{system_email_port}}
 SMTP_LOGIN={{system_email_username}}
 SMTP_PASSWORD={{system_email_password}}
 SMTP_AUTH_METHOD=plain

roles/docker-peertube/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: recreate peertube
+  command:
+    cmd: docker-compose -p peertube up -d --force-recreate
+    chdir: "{{docker_compose_peertube_path}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600

roles/docker-peertube/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- native-docker-reverse-proxy

roles/docker-peertube/readme.md

@@ -0,0 +1,4 @@
+# docker peertube
+
+## further information
+- https://docs.joinpeertube.org/install-docker

roles/docker-peertube/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: recieve {{domain}} certificate
+  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+
+- name: configure {{domain}}.conf
+  template: src=templates/peertube.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
+  notify: restart nginx
+
+- name: "create {{docker_compose_peertube_path}}"
+  file:
+    path: "{{docker_compose_peertube_path}}"
+    state: directory
+    mode: 0755
+
+- name: copy docker-compose.yml
+  template: src=docker-compose.yml.j2 dest={{docker_compose_peertube_path}}docker-compose.yml
+  notify: recreate peertube
+
+- name: copy configuration
+  template: 
+    src: env.j2 
+    dest: "{{docker_compose_peertube_path}}.env"
+  notify: recreate peertube

roles/docker-peertube/templates/docker-compose.yml.j2

@@ -0,0 +1,36 @@
+version: "3.3"
+
+services:
+  application:
+    image: chocobozzz/peertube:production-bullseye
+    env_file:
+      - .env
+    ports:
+     - "1935:1935"
+     - "{{http_port}}:9000" 
+    volumes:
+      - assets:/app/client/dist
+      - data:/data
+      - config:/config
+    depends_on:
+      - database
+      - redis
+    restart: "always"
+  database:
+    image: postgres:13-alpine
+    env_file:
+      - .env
+    volumes:
+      - database:/var/lib/postgresql/data
+    restart: "always"
+  redis:
+    image: redis:6-alpine
+    volumes:
+      - redis:/data
+    restart: "always"
+volumes:
+  assets:
+  database:
+  data:
+  redis:
+  config:

roles/docker-peertube/templates/env.j2

@@ -0,0 +1,26 @@
+# Database / Postgres service configuration
+POSTGRES_USER=peertube
+POSTGRES_PASSWORD={{peertube_database_password}}
+POSTGRES_DB=peertube
+PEERTUBE_DB_USERNAME=peertube
+PEERTUBE_DB_PASSWORD={{peertube_database_password}}
+PEERTUBE_DB_SSL=false
+PEERTUBE_DB_HOSTNAME=database
+
+# PeerTube server configuration
+PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
+PEERTUBE_WEBSERVER_PORT=9000
+PEERTUBE_WEBSERVER_HTTPS=false
+# If you need more than one IP as trust_proxy
+# pass them as a comma separated array:
+PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
+
+# E-mail configuration
+PEERTUBE_SMTP_USERNAME={{system_email_username}}
+PEERTUBE_SMTP_PASSWORD={{system_email_password}}
+PEERTUBE_SMTP_HOSTNAME={{system_email_host}}
+PEERTUBE_SMTP_PORT={{system_email_port}}
+PEERTUBE_SMTP_FROM={{system_email}}
+PEERTUBE_SMTP_TLS=false
+PEERTUBE_SMTP_DISABLE_STARTTLS=false
+PEERTUBE_ADMIN_EMAIL={{system_email}}

roles/docker-peertube/templates/peertube.conf.j2

@@ -0,0 +1,84 @@
+
+upstream backend {
+  #todo check
+  server {{domain}};
+}
+
+server {
+  server_name {{domain}};
+
+  {% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
+
+  ##
+  # Application
+  ##
+
+  location @api {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host            $host;
+    proxy_set_header X-Real-IP       $remote_addr;
+
+    client_max_body_size  100k; # default is 1M
+
+    proxy_connect_timeout 10m;
+    proxy_send_timeout    10m;
+    proxy_read_timeout    10m;
+    send_timeout          10m;
+
+    #adapt
+    proxy_pass http://127.0.0.1:{{http_port}};
+  }
+
+  location / {
+    try_files /dev/null @api;
+  }
+
+  location = /api/v1/videos/upload-resumable {
+    client_max_body_size    0;
+    proxy_request_buffering off;
+
+    try_files /dev/null @api;
+  }
+
+  location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
+    limit_except POST HEAD { deny all; }
+    client_max_body_size  12G; # default is 1M
+    add_header            X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
+
+    try_files /dev/null @api;
+  }
+
+  location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
+    client_max_body_size                      6M; # default is 1M
+    add_header            X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
+
+    try_files /dev/null @api;
+  }
+
+  ##
+  # Websocket
+  ##
+
+  location @api_websocket {
+    proxy_http_version 1.1;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   Host            $host;
+    proxy_set_header   X-Real-IP       $remote_addr;
+    proxy_set_header   Upgrade         $http_upgrade;
+    proxy_set_header   Connection      "upgrade";
+
+    #proxy_pass http://backend;
+  }
+
+  location /socket.io {
+    try_files /dev/null @api_websocket;
+  }
+
+  location /tracker/socket {
+    # Peers send a message to the tracker every 15 minutes
+    # Don't close the websocket before then
+    proxy_read_timeout 15m; # default is 60s
+
+    try_files /dev/null @api_websocket;
+  }
+}

roles/docker-peertube/vars/main.yml

@@ -0,0 +1 @@
+docker_compose_peertube_path: "/home/administrator/docker-compose/peertube/"

roles/docker-pixelfed/templates/env.j2

@@ -47,7 +47,7 @@ RESTRICTED_INSTANCE=false
 ## Mail
 MAIL_DRIVER=log
 MAIL_HOST={{system_email_host}}
-MAIL_PORT=587
+MAIL_PORT={{system_email_port}}
 MAIL_FROM_ADDRESS="{{system_email_username}}"
 MAIL_FROM_NAME="Pixelfed"
 MAIL_USERNAME={{system_email_username}}

roles/native-systemd-email/templates/msmtprc.conf.j2

@@ -7,7 +7,7 @@ logfile        ~/.msmtp.log
 
 account        system_email
 host           {{system_email_host}}
-port           587
+port           {{system_email_port}}
 from           {{system_email}}
 user           {{system_email_username}}
 password       {{system_email_password}}