Merge pull request 'Add clean task + change from zip to tar + remove nginx_default_vhost_ssl var + use node playbook' (#6) from staging into main

Reviewed-on: #6
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
This commit is contained in:
meaz 2024-09-01 14:54:16 +02:00
commit 5a40007062
9 changed files with 201 additions and 56 deletions

View file

@ -4,6 +4,7 @@
roles:
- nginx
- postgresql
- node
- peertube
vars_files:

View file

@ -13,16 +13,18 @@ Then you can then access Peertube from your computer on `http://192.168.33.15` (
## Playbook
The playbook includes postgresql and nginx roles and deploys entire stack needed to run lemmy. Additional roles are also available in the Ansible roles repos in git.
The playbook includes postgresql, nginx and node roles and deploys entire stack needed to run lemmy. Additional roles are also available in the Ansible roles repos in git.
## Tags
You can use tags when you deploy:
- `config`: to deploy just config
- `password`: to change root user password
- `clean,never`: to clean the cache
## CHANGELOG
- **24.07.2024** - Add clean task + change from dwonloading .zip to .tar.xz
- **20.12.2023** - Role creation

View file

@ -1,9 +1,11 @@
---
# Nodejs
nodejs_version: '18'
peertube_user: 'peertube'
peertube_group: 'peertube'
peertube_app_dir: '/var/www/peertube'
peertube_nodejs_version: '18'
peertube_apt_list:
- curl
- sudo
@ -12,8 +14,8 @@ peertube_apt_list:
- redis-server
- ffmpeg
#- yarn # installed with npm
- nodejs
- python3-dev
- python3-pip
- python-is-python3
## following needed?
- openssl
@ -23,7 +25,7 @@ peertube_apt_list:
- cron
- wget
peertube_version: 'v6.0.2'
peertube_version: 'v6.2.0'
peertube_root_password: 'changeme'
@ -112,7 +114,6 @@ postgresql_user_privileges:
#NGINX SETUP
nginx_default_vhost_ssl: 'peertube.example.com'
nginx_default_vhost: 'peertube.example.com'
nginx_HSTS_policy: 'true'
@ -130,7 +131,8 @@ nginx_vhosts:
use_error_log: 'true'
nginx_error_log_level: 'warn'
redirect_https: 'true'
http2: 'true'
letsencrypt: 'false'
secure_site: 'false'
state: 'enable'
selfsigned: 'false'
selfsigned: 'false'

11
tasks/clean.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: '[CLEAN] - Cache clean'
shell: yarn cache clean
args:
chdir: "{{ peertube_app_dir }}"
become: true
become_user: "{{ peertube_user }}"
tags:
- clean
- never

View file

@ -32,25 +32,25 @@
tags:
- config
- name: '[CONFIGURE] - Set sysctl rules'
sysctl:
name: "net.ipv6.conf.all.disable_ipv6"
value: 'fq_codel'
sysctl_file: '/etc/sysctl.d/30-peertube-tcp.conf'
sysctl_set: 'yes'
state: 'present'
reload: 'yes'
tags:
- config
#- name: '[CONFIGURE] - Set sysctl rules'
# sysctl:
# name: "net.ipv6.conf.all.disable_ipv6"
# value: 'fq_codel'
# sysctl_file: '/etc/sysctl.d/30-peertube-tcp.conf'
# sysctl_set: 'yes'
# state: 'present'
# reload: 'yes'
# tags:
# - config
- name: '[CONFIGURE] - Set sysctl rules'
sysctl:
name: "net.ipv4.tcp_congestion_control"
value: 'bbr'
sysctl_file: '/etc/sysctl.d/30-peertube-tcp.conf'
sysctl_set: 'yes'
state: 'present'
reload: 'yes'
tags:
- config
#- name: '[CONFIGURE] - Set sysctl rules'
# sysctl:
# name: "net.ipv4.tcp_congestion_control"
# value: 'bbr'
# sysctl_file: '/etc/sysctl.d/30-peertube-tcp.conf'
# sysctl_set: 'yes'
# state: 'present'
# reload: 'yes'
# tags:
# - config

View file

@ -38,7 +38,7 @@
- name: "[INSTALL] - Download peertube release"
unarchive:
src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.zip"
src: "https://github.com/Chocobozzz/PeerTube/releases/download/{{ peertube_version }}/peertube-{{ peertube_version }}.tar.xz"
dest: "{{ peertube_app_dir }}/versions"
owner: '{{ peertube_user }}'
group: '{{ peertube_group }}'

View file

@ -1,17 +1,5 @@
---
- name: '[INSTALLDEPS] - Add Nodesource apt key'
apt_key:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id: "68576280"
state: present
- name: '[INSTALLDEPS] - Add repository for nodejs'
apt_repository:
repo: deb https://deb.nodesource.com/node_{{ peertube_nodejs_version }}.x {{ ansible_distribution_release }} main
state: present
filename: 'nodesource'
- name: '[INSTALLDEPS] - Install dependencies'
apt:
name: '{{ peertube_apt_list }}'

View file

@ -20,4 +20,10 @@
- name: Set password for root
include_tasks: password.yml
tags:
- password
- password
- name: Clean
include_tasks: clean.yml
tags:
- clean
- never

View file

@ -31,9 +31,9 @@ rates_limit:
window: 5 minutes
max: 3
receive_client_log:
# 10 attempts in 10 min
window: 10 minutes
max: 10
# 1 attempt every 2 seconds
window: 1 minute
max: 30
plugins:
# 500 attempts in 10 seconds (we also serve plugin static files)
window: 10 seconds
@ -121,7 +121,8 @@ defaults:
publish:
download_enabled: true
comments_enabled: true
# enabled = 1, disabled = 2, requires_approval = 3
comments_policy: 1
# public = 1, unlisted = 2, private = 3, internal = 4
privacy: 1
@ -150,6 +151,7 @@ storage:
avatars: '{{ peertube_app_dir }}/storage/avatars/'
web_videos: '{{ peertube_app_dir }}/storage/web-videos/'
streaming_playlists: '{{ peertube_app_dir }}/storage/streaming-playlists/'
original_video_files: '{{ peertube_app_dir }}/storage/original-video-files/'
redundancy: '{{ peertube_app_dir }}/storage/redundancy/'
logs: '{{ peertube_app_dir }}/storage/logs/'
previews: '{{ peertube_app_dir }}/storage/previews/'
@ -180,6 +182,7 @@ object_storage:
enabled: false
# Without protocol, will default to HTTPS
# Your S3 provider must support virtual hosting of buckets as PeerTube doesn't support path style requests
endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
region: 'us-east-1'
@ -209,6 +212,11 @@ object_storage:
# Maximum amount to upload in one request to object storage
max_upload_part: 100MB
# Maximum number of attempts to make a request to object storage
# Some object storage providers (for instance Backblaze) expects the client to retry upload upon 5xx errors
# If you're using such a provider then you can increase this value
max_request_attempts: 3
streaming_playlists:
bucket_name: 'streaming-playlists'
@ -219,17 +227,33 @@ object_storage:
# Useful when you want to use a CDN/external proxy
base_url: '' # Example: 'https://mirror.example.com'
# Same settings but for web videos
# PeerTube makes many small requests to the object storage provider to upload/delete/update live chunks
# which can be a problem depending on your object storage provider
# You can also choose to disable this feature to reduce live streams latency
# Live stream replays are not affected by this setting, so they are uploaded in object storage as regular VOD videos
store_live_streams: true
web_videos:
bucket_name: 'web-videos'
prefix: ''
base_url: ''
user_exports:
bucket_name: 'user-exports'
prefix: ''
base_url: ''
# Same settings but for original video files
original_video_files:
bucket_name: 'original-video-files'
prefix: ''
base_url: ''
log:
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
rotation:
enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
enabled: true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
max_file_size: 12MB
max_files: 20
@ -252,9 +276,12 @@ open_telemetry:
metrics:
enabled: false
# How often viewers send playback stats to server
playback_stats_interval: '15 seconds'
http_request_duration:
# You can disable HTTP request duration metric that can have a high tag cardinality
enabled: true
enabled: false
# Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
prometheus_exporter:
@ -358,7 +385,27 @@ views:
# PeerTube buffers local video views before updating and federating the video
local_buffer_update_interval: '30 minutes'
ip_view_expiration: '1 hour'
# How long does it take to count again a view from the same user
view_expiration: '1 hour'
# Minimum amount of time the viewer has to watch the video before PeerTube adds a view
count_view_after: '10 seconds'
# Player can send a session id string to track the user
# Since this can be spoofed by users to create fake views, you have the option to disable this feature
# If disabled, PeerTube will use the IP address to track the same user (default behavior before PeerTube 6.1)
trust_viewer_session_id: true
# How often the web browser sends "is watching" information to the server
# Increase the value or set null to disable it if you plan to have many viewers
watching_interval:
# Non logged-in viewers
anonymous: '5 seconds'
# Logged-in users of your instance
# Unlike anonymous viewers, this endpoint is also used to store the "last watched video timecode" for your users
# Increasing this value reduces the accuracy of the video resume
users: '5 seconds'
# Used to get country location of views of local videos
geo_ip:
@ -367,12 +414,15 @@ geo_ip:
country:
database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb'
city:
database_url: 'https://dbip.mirror.framasoft.org/files/dbip-city-lite-latest.mmdb'
plugins:
# The website PeerTube will ask for available PeerTube plugins and themes
# This is an unmoderated plugin index, so only install plugins/themes you trust
index:
enabled: true
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
check_latest_versions_interval: '4 hours' # How often you want to check new plugins/themes versions
url: 'https://packages.joinpeertube.org'
federation:
@ -423,6 +473,33 @@ thumbnails:
# Minimum value is 2
frames_to_analyze: 50
# Only two sizes are currently supported for now (not less, not more)
# 1 size for the thumbnail (displayed in video miniatures)
# 1 size for the preview (displayed in the video player)
sizes:
-
width: 280
height: 157
-
width: 850
height: 480
stats:
# Display registration requests stats (average response time, total requests...)
registration_requests:
enabled: true
# Display abuses stats (average response time, total abuses...)
abuses:
enabled: true
total_moderators:
enabled: true
total_admins:
enabled: true
###############################################################################
#
# From this point, almost all following keys can be overridden by the web interface
@ -474,11 +551,14 @@ user:
videos:
# Enable or disable video history by default for new users.
enabled: true
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
# Default value of maximum video bytes the user can upload
# Does not take into account transcoded files or account export archives (that can include user uploaded files)
# Byte format is supported ("1GB" etc)
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
default_channel_name: 'Main $1 channel' # The placeholder $1 is used to represent the user's username
video_channels:
@ -490,6 +570,11 @@ video_channels:
transcoding:
enabled: true
original_file:
# If false the uploaded file is deleted after transcoding
# If yes it is not deleted but moved in a dedicated folder or object storage
keep: false
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
allow_additional_extensions: true
@ -641,6 +726,34 @@ video_studio:
remote_runners:
enabled: false
video_transcription:
# Enable automatic transcription of videos
enabled: false
# Choose engine for local transcription
# Supported: 'openai-whisper' or 'whisper-ctranslate2'
engine: 'whisper-ctranslate2'
# You can set a custom engine path for local transcription
# If not provided, PeerTube will try to automatically install it in the PeerTube bin directory
engine_path: null
# Choose engine model for local transcription
# Available for 'openai-whisper' and 'whisper-ctranslate2': 'tiny', 'base', 'small', 'medium', 'large-v2' or 'large-v3'
model: 'small'
# Or specify the model path:
# * PyTorch model file path for 'openai-whisper'
# * CTranslate2 Whisper model directory path for 'whisper-ctranslate2'
# If not provided, PeerTube will automatically download the model
model_path: null
# Enable remote runners to transcribe videos
# If enabled, your instance won't transcribe the videos itself
# At least 1 remote runner must be configured to transcribe your videos
remote_runners:
enabled: false
video_file:
update:
# Add ability for users to replace the video file of an existing video
@ -699,6 +812,24 @@ import:
# Max number of videos to import when the user asks for full sync
full_sync_videos_limit: 1000
users:
# Video quota is checked on import so the user doesn't upload a too big archive file
# Video quota (daily quota is not taken into account) is also checked for each video when PeerTube is processing the import
enabled: true
export:
users:
# Allow users to export their PeerTube data in a .zip for backup or re-import
# Only one export at a time is allowed per user
enabled: true
# Max size of the current user quota to accept or not the export
# Goal of this setting is to not store too big archive file on your server disk
max_user_video_quota: 10GB
# How long PeerTube should keep the user export
export_expiration: '2 days'
auto_blacklist:
# New videos automatically blacklisted so moderators can review before publishing
videos:
@ -787,13 +918,12 @@ instance:
Expires: 2025-12-31T11:00:00.000Z'
services:
# Cards configuration to format video in Twitter
# Cards configuration to format video in Twitter/X
# All other social media (Facebook, Mastodon, etc.) are supported out of the box
twitter:
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
# If false, we use an image link card that will redirect on your PeerTube instance
# Change it to `true`, and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
whitelisted: false
# Indicates the Twitter/X account for the website or platform where the content was published
# This is just an information injected in HTML that is required by Twitter/X
username: '@Chocobozzz'
followers:
instance:
@ -859,6 +989,7 @@ client:
# By default PeerTube client displays author username
prefer_author_display_name: false
display_author_avatar: false
resumable_upload:
# Max size of upload chunks, e.g. '90MB'
# If null, it will be calculated based on network speed
@ -869,3 +1000,7 @@ client:
# If you enable only one external auth plugin
# You can automatically redirect your users on this external platform when they click on the login button
redirect_on_single_external_auth: false
storyboards:
# Generate storyboards of local videos using ffmpeg so users can see the video preview in the player while scrubbing the video
enabled: true