Pre-fix for Peertube and updates for FW

2024-05-03 19:44:47 +02:00 · 2024-05-03 19:44:47 +02:00 · da0b30f001
parent 502a07e1e8
commit da0b30f001
7 changed files with 384 additions and 10 deletions
--- a/inv/host_vars/chosto.me/secrets.yml
+++ b/inv/host_vars/chosto.me/secrets.yml
@ -1,4 +1,5 @@
 $ANSIBLE_VAULT;1.1;AES256
+<<<<<<< Updated upstream
 64373531383562663963643737313335393464393535333362323735623338396232316461396136
 3035333862343337613735356463326661393835303465320a633639393738643439363835336530
 66303561643136393864643735353962336333393537353266396466663464653961613964353761
@ -65,3 +66,142 @@ $ANSIBLE_VAULT;1.1;AES256
 64323931643538343562633231363566616439393139333864666566366438353230306234666633
 39303333623938663366653564666533633965306133373039643861613361333761653161613131
 6539316537393233633535383631366335336261666131626431
+||||||| Stash base
+34636235646537383438363639393764653530326431636161366433326332316235356130393861
+3435643431356665373737383365636362313162633837370a643063633639643538373733653835
+66643634653266306562633330356437303539666365386165666331343233656135333765636239
+6538336333333163370a313938353063346463363631346237313139333061303430313262306231
+30303262366239306561623736363233363335363935363363373630376434353833643833323036
+37326233626463386538363163333166383032396634633839306661373763653234316433373235
+62653336343462336335666364313661616665346332616165313966376532323164333537323836
+39626161326432323263313564363838643565316435306363333562336364313438643037333730
+31353762383236323134633962633037376439366533616338613864623131666536626135363737
+36633866343631303565353839366531353035386636303061653634666634323230346534396531
+36326336653064306162313831613134336637396461393937626430653833623139636334666236
+34393939623361656164396337646236333434346139303132336534393964626232626433653630
+30613436376261656362343766623166633566663932306131626465643561396561373461373931
+33643863613366636430316637343064623035393737636534626464373265323235303738393937
+61653963666239643933623830656537626161663061353234656263333636666261646133383966
+64323431666136323438336632643362373636613739383736316538656534303432386235376461
+39363265346232626335393339623030613164336563303566373061303661363331643262313831
+62663734363934343635376661623737376530316663646532626661336636383537663364383539
+31653436353965333632373631656261373965386439333235353336346461623833393234613234
+32383662343866326634653466623138643538326633323532623537303061353435376136343465
+65336435323766613931343339303336663061353262306431623865363730343336623966306236
+66633466643838356466616136346538666133626162643366353433353563383830656634613433
+63313266646461323161316234343431393365633537616434363866313832633834613363333435
+32383335333036386662623936626536383864623965373531663261373862386136336662353938
+38373337643062303165613235383137633238326363363534363032323163643634396661323962
+35383666353133383166303730393263386436303935306264343665386562643965623039626264
+61623063646638336366616433653031653638336334356266313236653432303530643436363261
+34663331376635646361393333653639656261393835633330396236373335613563656435663365
+65636366373135333631666139383762393964663062636563383862633137666438633366303062
+63616637633032666138363936646535363462393964646134306161336236613831393333326337
+63643233383163373864363635333339636666303638323434373538396632613861346231636662
+63613537616534636138316430336236613738353237613336366639633232653966383532323133
+31396463306339356430643838326638616139366661666433383566346233623236626434343732
+36383365303037653464613961643438663561326463316561386364383561363761373633643535
+61356135633038613465323262386537336338386666333532313266326136373731303666323331
+61316663613762323730313831646664653761656133653238653139626333316463303061623037
+30396630393734353735653265333362326530663333343632643230326433336131356630383338
+31343330616137373534376539633661323464623537336637643830303664353839313935663131
+37643632316165386264666539316539646663613132626165623735663539393439353061353432
+35643136643166396333366538663533316531663338316631613163363065313866346237366430
+30376563666230356161633966326239656334653330303661353931323033366639336663646432
+64343563306166636634656639343764626235623533393164653830386634613232366665613532
+33333531353331323037613736393564326135363635653736333966376138303932363839363966
+30633338346131336364376131323437363235663233313261633562373737633635336531633032
+34363337336531646635653436393937356532306463383762626339633761386433313665656430
+61613734656238643235633632633666356132643465613661396562346165663066616439313366
+64663233616438323137613331373035373037623765326438376566353330376465333262383230
+65386165633836333263363336633531356133303035643230386663306331373139366666366231
+30393936373737646564306566393734373931323432383365613462393163303331336664376330
+38663730613635316364656630326235386562626637623539306366383861623833326661383764
+38366636383832326539383763313663633136366464633863373534363733353863313435333031
+39343834646134643564636265373439663366643234333138326662373339343537643939663961
+66353662363466613064343031613239316163323339646337383663326130373835346230356639
+66366662333238303036343661666163376231653566643236643832343437643337376435613232
+63366232303131613138316261643065343838623734303865643539393431343839646163313434
+38666630366262393334303436343334353162333233313738386434373131656261663633613532
+38613537346539303933326634323631656239326630646464333363653130353365646430313235
+62393661366164623130376162343830386530393563333931306364333136616234373835363836
+66633761643061356165303334336364336134616131323861373862323535363264333032383466
+39336166353862326361356539316465363730643638613434353135646365353030653438393565
+33633764656430653730613536313430336231396561383936656433383831323531626639373334
+36643737626531356564636662316334353462353436346562623066333337393662333635643863
+61643536303932666630656262313065333139333665323935303236346237646133633636326632
+32303965613566333932666138353562643661383233656434656664643134616235366538346236
+37616536323236623333306136323163613262313231636133326265363863663739323631313937
+3764393233333732316461323333623263323733383963363936
+=======
+36306432623864376130373738393636633139653837663532666436323663396630623264306465
+3765386435346138613837326362383066663035333364310a636234323235366138653363373338
+35396438616430353835333435643534663839653737653735393362303638346330353330613833
+3737623363616330390a663961326463306136383536633934383535306631346235383963616162
+32363663656565383862623530363664376562353265616537366235353833316237633364333665
+32643935396563646562373830666664316635386263343538346535306332613630356237386438
+31373039623264363937643036396164663934313262373562346439656562383636373538643265
+32633233636135613731643363613432666230353138363438643733666633383830386532633566
+33623937336531646564323763323465326133363634313332643231333832303737646464346465
+61303163383665643866653939393164373864316231646565366163313165393932643038626566
+61666530366163663665363434343431366435303631323235643461623966326239353536313937
+30393934333033643335626439666663323730333966306435333335616439313463373438616164
+62643862376562623063663130646561633231336637303037383664303839333864653734363564
+39343566306665346138313765343338313531623337346534653733633333616334386161643038
+36313764386437383932356236333933643038373030326164383563626633346463393730303963
+64626461383865663234306462393163303338653461643439323030366666656466613432663837
+63383339343639313434396439313133353137356434623436343835303465346237636134616261
+64393732663965666134666366623834313132623764376638633662646265653064353332363931
+37643732383534393434363931653232306434623234613234393637656431336437326236366566
+30363037336331383732313965383936323230373530373836666334313362313937303961393130
+36323337373862333764366231343133343330323137313636613632383332306561316561663032
+61383535373933653961306462333730383063393731643236396137376534646235306464626538
+39313032333462313063303531626561336534343662646466633039363864353733626363623939
+35303061663138376264383635343637313832613336373961633862336164613764386130333261
+30323461616238356538393832386432633966616230303333343661633838326661363134343738
+38303263393837643464643565393934353466616336386330623036653130643433306632393834
+36646533326336363330626561623563373035353233393735383565633333616339616162633961
+64663232343133353037396164363161363862393466343765653234666633316663623134353331
+39323162343264656237366363376536353932656663356630326439306430396132313931343730
+61343964346364366364636631636563623735666666646463313836396633656437376638646433
+39353164623363313135346362613232323635393866396464326335353862366564373531383163
+37366462373236323530633761653331643062386664306239336337383565633432666631353431
+30663466323234663364316534383764643662383537303635326466613861313531623865353761
+32626330633261333039643534353933366362366335653565633761306137656164366431363130
+66633764623234366431393236333732653737306165396166343837633230623131616238356631
+63386566316564623736376463316533306461336536393239653235333835326138323538623235
+63313535396164393831353564396563313137633138353237353961303036656330636338643465
+32383364316339366166343635373134353863613366643338623034623938653166306630306530
+62656465356335313464353639613362393266666266656132306231343137626338333330376535
+63393863653265386561383361616564363739383937386161376563336334326536383733336438
+33626430613930656532653538323061373433636536613131376665383332623739366438373161
+36366134323439396436313034353439613937386136633334643230383839623337633030633934
+30346438666264373338613865376262646562383162323037383939393762656461616534316536
+35316662343935303035336238643632613133626364393465376662643838313464656138353035
+35346566656262396633376231333031653164613535356239656262643062313131303061336662
+31313865356663326635613564663236643365363832316236386166653934616665396638386264
+39326538373366363135373138666534306664623730323333343261353135353566613965386239
+39313865336435616632353836333139353830373161616331666334393336363965363161626561
+61646630616333643964616537653137356336313639376366613666383537653137323330333665
+38366131613361366139313930373463613536623833636333323834373062333739373865356363
+38333464373733363537653061656166633566393835336330316336616632386230646535366635
+61373432393465373935626634326431313264383934613563616130626434613239343730613964
+30366237316565333266653338613831626530666138383364663464333266336538643935363464
+33646638636434616364333536316433613830316538653434613935303165313566616365313562
+36396630666663393639313939626463653333656438346436343062623364663964616437353437
+34386135363531666130623035643963616432626335343139666539313061376636353666633137
+35363932326461643663623334336331386135346332366364356332316238653434376536613864
+33633034646264383839323236623263616132326134373263623137633331396237653639333463
+39616666623565636135663131646462366536393463623930316436666632373961663331306632
+61383234323364393133633366353366393332326533656436323739333932303066396232323632
+32663937626466303630343665343761393938656437356438386665653164333365623831316538
+30383461303763303130373830343535316161326262386638303939396562663133373261636131
+32366666373536333461663964613634356635313030666633656639643936373163346434623330
+39383638626333623938643935366638333937343233366330333333396163666561656236623233
+33663566333633303135353736363030366337363039356161626130333839353939303633323638
+38623164333265313138376561306234356238623463623831326131336333633263353538353231
+34636530353638643162623436376338313266323830393066626339626436616335396665616235
+64623130393232373039633032643237646434306561333161353739303030303864346333356631
+35656362363164303835346230396664366437623364366133386134383638346431633962336233
+6534323864316664623761393262623061623735623330353136
+>>>>>>> Stashed changes
--- a/roles/music/tasks/import_music.yml
+++ b/roles/music/tasks/import_music.yml
@ -25,7 +25,7 @@

 - name: Import music into Funkwhale
  shell:
-    cmd: "docker-compose run --rm api python manage.py import_files {{ funkwhale_import_library_id }} {{ funkwhale_import_music_directory }} --recursive --noinput --prune"
+    cmd: "docker-compose exec -T api funkwhale-manage import_files {{ funkwhale_import_library_id }} {{ funkwhale_import_music_directory }} --recursive --noinput --prune"
    chdir: "{{ funkwhale_folder_name }}"
    
 - name: Delete files once imported
--- a/roles/peertube/tasks/main.yml
+++ b/roles/peertube/tasks/main.yml
@ -18,6 +18,7 @@
  loop:
    - docker-compose.yml.j2
    - conf.env.j2
+    - peertube.conf.j2

 - name: Ensure container is up to date
  community.docker.docker_compose:
--- a/roles/peertube/templates/conf.env.j2
+++ b/roles/peertube/templates/conf.env.j2
@ -8,8 +8,11 @@ PEERTUBE_DB_PASSWORD={{ peertube_db_password }}
 PEERTUBE_DB_SSL=false
 PEERTUBE_DB_HOSTNAME={{ peertube_db_container_name }}

+PEERTUBE_SECRET={{ peertube_secret }}
 # Server configuration
 PEERTUBE_WEBSERVER_HOSTNAME={{ peertube_subdomain }}.{{ domain_name }}
+PEERTUBE_WEBSERVER_PORT=9000
+PEERTUBE_WEBSERVER_HTTPS=false
 # If you need more than one IP as trust_proxy
 # pass them as a comma separated array:
 PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]
--- a/roles/peertube/templates/docker-compose.yml.j2
+++ b/roles/peertube/templates/docker-compose.yml.j2
@ -15,10 +15,32 @@ volumes:
    name: peertube_assets
  redis:
    name: peertube_redis
+  data:
+    name: peertube_data
+  config:
+    name: peertube_config
+

 services:
+  # You can comment this webserver section if you want to use another webserver/proxy or test PeerTube in local
+  webserver:
+    image: chocobozzz/peertube-webserver:latest
+    volumes:
+      - ./peertube.conf:/etc/nginx/conf.d/peertube.template
+      - assets:/var/www/peertube/peertube-latest/client/dist:ro
+      - data:/var/www/peertube/storage
+    env_file: conf.env
+    labels:
+      traefik.http.routers.peertube.entrypoints: websecure
+      traefik.http.routers.peertube.rule: "Host(`{{ peertube_subdomain }}.{{ domain_name }}`)"
+      traefik.http.services.peertube.loadbalancer.server.port: 80
+      traefik.enable: true
+    networks:
+      - proxy
+    restart: unless-stopped
+
  app:
-    image: "chocobozzz/peertube:{{ peertube_version }}-buster"
+    image: "chocobozzz/peertube:{{ peertube_version }}-bookworm"
    container_name: peertube
    networks:
      - proxy
@ -26,16 +48,11 @@ services:
      - redis
    volumes:
      - assets:/app/client/dist
+      - data:/data
+      - config:/config
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    env_file: conf.env
-    labels:
-      traefik.http.routers.peertube.entrypoints: websecure
-      traefik.http.routers.peertube.rule: "Host(`{{ peertube_subdomain }}.{{ domain_name }}`)"
-      traefik.http.services.peertube.loadbalancer.server.port: 9000
-      # Note : for streaming I must add RMTP port (1935)
-      # idc for now
-      traefik.enable: true
    restart: unless-stopped

  db:
--- a/roles/peertube/templates/peertube.conf.j2
+++ b/roles/peertube/templates/peertube.conf.j2
@ -0,0 +1,213 @@
+# Minimum Nginx version required:  1.13.0 (released Apr 25, 2017)
+# Please check your Nginx installation features the following modules via 'nginx -V':
+# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
+# THIRD PARTY MODULES:   None.
+
+upstream backend {
+  server peertube:9000;
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name tube.chosto.me;
+
+  ##
+  # Application
+  ##
+
+  location @api {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host            $host;
+    proxy_set_header X-Real-IP       $remote_addr;
+
+    client_max_body_size  10G; # default is 1M
+
+    proxy_connect_timeout 10m;
+    proxy_send_timeout    10m;
+    proxy_read_timeout    10m;
+    send_timeout          10m;
+
+    proxy_pass http://backend;
+  }
+
+  location / {
+    try_files /dev/null @api;
+  }
+
+  location = /api/v1/videos/upload-resumable {
+    client_max_body_size    0;
+    proxy_request_buffering off;
+
+    try_files /dev/null @api;
+  }
+
+  location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
+    limit_except POST HEAD { deny all; }
+
+    # This is the maximum upload size, which roughly matches the maximum size of a video file.
+    # Note that temporary space is needed equal to the total size of all concurrent uploads.
+    # This data gets stored in /var/lib/nginx by default, so you may want to put this directory
+    # on a dedicated filesystem.
+    client_max_body_size                      12G; # default is 1M
+    add_header            X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
+
+    try_files /dev/null @api;
+  }
+
+  location ~ ^/api/v1/runners/jobs/[^/]+/(update|success)$ {
+    client_max_body_size                      12G; # default is 1M
+    add_header            X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
+
+    try_files /dev/null @api;
+  }
+
+  location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
+    client_max_body_size                      12G; # default is 1M
+    add_header            X-File-Maximum-Size 12G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
+
+    try_files /dev/null @api;
+  }
+
+  ##
+  # Websocket
+  ##
+
+  location @api_websocket {
+    proxy_http_version 1.1;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   Host            $host;
+    proxy_set_header   X-Real-IP       $remote_addr;
+    proxy_set_header   Upgrade         $http_upgrade;
+    proxy_set_header   Connection      "upgrade";
+
+    proxy_pass http://backend;
+  }
+
+  location /socket.io {
+    try_files /dev/null @api_websocket;
+  }
+
+  location /tracker/socket {
+    # Peers send a message to the tracker every 15 minutes
+    # Don't close the websocket before then
+    proxy_read_timeout 15m; # default is 60s
+
+    try_files /dev/null @api_websocket;
+  }
+
+  # Plugin websocket routes
+  location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
+    try_files /dev/null @api_websocket;
+  }
+
+  ##
+  # Performance optimizations
+  # For extra performance please refer to https://github.com/denji/nginx-tuning
+  ##
+
+  root /var/www/peertube/storage;
+
+  # Enable compression for JS/CSS/HTML, for improved client load times.
+  # It might be nice to compress JSON/XML as returned by the API, but
+  # leaving that out to protect against potential BREACH attack.
+  gzip              on;
+  gzip_vary         on;
+  gzip_types        # text/html is always compressed by HttpGzipModule
+                    text/css
+                    application/javascript
+                    font/truetype
+                    font/opentype
+                    application/vnd.ms-fontobject
+                    image/svg+xml;
+  gzip_min_length   1000; # default is 20 bytes
+  gzip_buffers      16 8k;
+  gzip_comp_level   2; # default is 1
+
+  client_body_timeout       30s; # default is 60
+  client_header_timeout     10s; # default is 60
+  send_timeout              10s; # default is 60
+  keepalive_timeout         10s; # default is 75
+  resolver_timeout          10s; # default is 30
+  reset_timedout_connection on;
+  proxy_ignore_client_abort on;
+
+  tcp_nopush                on; # send headers in one piece
+  tcp_nodelay               on; # don't buffer data sent, good for small data bursts in real time
+
+  # If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
+  # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
+  #client_body_temp_path /var/www/peertube/storage/nginx/;
+
+  # Bypass PeerTube for performance reasons. Optional.
+  # Should be consistent with client-overrides assets list in client.ts server controller
+  location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$ {
+    add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
+
+    root /var/www/peertube;
+
+    try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
+  }
+
+  # Bypass PeerTube for performance reasons. Optional.
+  location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
+    add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
+
+    alias /var/www/peertube/peertube-latest/client/dist/$1;
+  }
+
+  location ~ ^(/static/(webseed|web-videos|streaming-playlists)/private/)|^/download {
+    # We can't rate limit a try_files directive, so we need to duplicate @api
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host            $host;
+    proxy_set_header X-Real-IP       $remote_addr;
+
+    proxy_limit_rate 5M;
+
+    proxy_pass http://backend;
+  }
+
+  # Bypass PeerTube for performance reasons. Optional.
+  location ~ ^/static/(webseed|web-videos|redundancy|streaming-playlists)/ {
+    limit_rate_after            5M;
+
+    set $peertube_limit_rate  5M;
+
+    # Use this line with nginx >= 1.17.0
+    limit_rate $peertube_limit_rate;
+    # Or this line with nginx < 1.17.0
+    # set $limit_rate $peertube_limit_rate;
+
+    if ($request_method = 'OPTIONS') {
+      add_header Access-Control-Allow-Origin  '*';
+      add_header Access-Control-Allow-Methods 'GET, OPTIONS';
+      add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+      add_header Access-Control-Max-Age       1728000; # Preflight request can be cached 20 days
+      add_header Content-Type                 'text/plain charset=UTF-8';
+      add_header Content-Length               0;
+      return 204;
+    }
+
+    if ($request_method = 'GET') {
+      add_header Access-Control-Allow-Origin  '*';
+      add_header Access-Control-Allow-Methods 'GET, OPTIONS';
+      add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+
+      # Don't spam access log file with byte range requests
+      access_log off;
+    }
+
+    # Enabling the sendfile directive eliminates the step of copying the data into the buffer
+    # and enables direct copying data from one file descriptor to another.
+    sendfile on;
+    sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
+    aio threads;
+
+    # web-videos is the name of the directory mapped to the `storage.web_videos` key in your PeerTube configuration
+    rewrite ^/static/webseed/(.*)$ /web-videos/$1 break;
+    rewrite ^/static/(.*)$         /$1        break;
+
+    try_files $uri @api;
+ }
+}
--- a/roles/peertube/vars/main.yml
+++ b/roles/peertube/vars/main.yml
@ -1,4 +1,4 @@
-peertube_version: "v3.3.0"
+peertube_version: "v6.0.3"
 peertube_folder_name: "{{ docker_files }}/peertube"
 peertube_subdomain: tube
 peertube_db_container_name: "peertube_db"