Add Funkwhale with S3 storage
parent
ade433081b
commit
fa6f3ba4b1
4
all.yml
4
all.yml
|
@ -25,4 +25,6 @@
|
|||
- role: "gitea"
|
||||
tags: ["docker", "gitea"]
|
||||
- role: "nextcloud"
|
||||
tags: ["nextcloud", "gitea"]
|
||||
tags: ["nextcloud", "docker"]
|
||||
- role: "funkwhale"
|
||||
tags: ["funkwhale", "docker"]
|
||||
|
|
|
@ -1,30 +1,34 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
32623335343331343131646165313031333361363864396334303961373133633337376638326363
|
||||
3135306436633631386361623766626239663839343831340a346566633339666133353765313838
|
||||
65643931626663643233306330336133373335326536376664323263336336396633316431393963
|
||||
3263306663383437320a643062616435326531663161393938313639383364386331383134376234
|
||||
66343365663032666434653861346265376131313864363665386633306263663937386331663633
|
||||
34613566646133316631323961363631643666643163356361393933353661643934626266353633
|
||||
35656430323363633961323230373230663664376339373965353761623163383934356532356633
|
||||
65633765613436353766386666363139353838663963643764623232363432636363373765376363
|
||||
35313930626366613661663263356232303933616131313666326339616633383165656136653434
|
||||
61616564643638366534326238333134623234333562636161343730396531663131636166303663
|
||||
36323333383531393435666431386431353638346437633130363730656433663031346362653339
|
||||
66623066383234623364653861633231316137353636623761346132373937653638376139643132
|
||||
66656263383131333233373631666462663266343462336634643532633638306462323166303161
|
||||
33643962363939313131666133393637636161393436336436613162376332386636653361393638
|
||||
65313932363433616564646138393465316137663937613037656663376330373136323032643032
|
||||
62626534376633393034613839336632666164363864366332366439313664343630336339633464
|
||||
35333232353061366463616232353430356131656633353866643062653531306162653463393039
|
||||
66663435343333383834306234316634656166333432306238306162613836303365643338633635
|
||||
34323235316231356230336466303032623235303930653439323236363533376437613363636163
|
||||
38666163383062303034653662343530333737316263666163656437343439663962353134313530
|
||||
38333034316432383330643966353030623637326334663330333530633534643662663835346465
|
||||
36663131363136396230653963393037313032333863353866663864643065383765306664333564
|
||||
38303861383636636434303038633835643934373439313438653761323165366430633165396537
|
||||
37633638393730653865313238393239393739366237353633366164393235393435313361343834
|
||||
34633233353037393138353664376330643965303666313138346333343935323531346631316563
|
||||
37306535643031623837396233366665306665626532356532386561356534653738333439646165
|
||||
65663131643162643061313266326638616531643063303361666464616166303263353561356462
|
||||
61343338343137323463353539643136313334646364313437663764653037633937373838613634
|
||||
3135
|
||||
34363462333030653462383364323934653331333861333732303365626439666666393232376139
|
||||
6161356563623135646365323133326333383734383136340a643335623334363066353930303638
|
||||
38653862376330353361613661383330343338633963333538623934396537356137643833663262
|
||||
3431653035643063330a383634633966643133386236303064663666303935333636386532363363
|
||||
33646631343761363133646635663836313832616264313134616635373230393935396330373936
|
||||
36656666623631636230356665366532613230396565336136316530633432326665366135376238
|
||||
34633666623063383632663333366137666265363663323264643631323463633865336635636435
|
||||
35616631623532303536613064353135353034333739656432393835303839333165633135663934
|
||||
31663233656137653230343036666336386361393937383636336536396539303131393133653234
|
||||
30343030373863636232643635656664643561383264643465363163656131323731326361623639
|
||||
31663362363337306238616564336330303462346537393336363266323031653166323366333466
|
||||
36376433373663666535623864303533353837663064623432306363356638363634323831663437
|
||||
31663462323666633835663831653439306438376662343762663136613532366136636661383166
|
||||
33303563613436323334366532316336346635356433663766363831646336336665653365616663
|
||||
32303165313935326462393833363563313235386637353761306262353733316265383133303037
|
||||
35373338653931383463323533646262653066323164313939336336376262353066363339653938
|
||||
62383035653333663663336364646634336563366131653665373033333365386562333966353063
|
||||
36383964633561326262616439383739343736343362363264393137366662306630656364333532
|
||||
63346331636266626637666264343263303534313038386263666634353330643938393236336361
|
||||
34356661343334316162313030636533643064383531653836356366623432383066333033663536
|
||||
32656639323030653635636265343731336531646539356261383139663261386439376237396536
|
||||
62666130353038386635333265376630376165376433336436636331316531663935663339356436
|
||||
35303765303031323564333232363335643235376366613931653035313035663737353937393737
|
||||
66353663643735623762303234663762356136326133656338656664313637346136376266383636
|
||||
36386637326430626264666362643639636533373530366337373561643335363236646237636338
|
||||
62393531643663646433303233366233366536373865613331383539616238303135383665343930
|
||||
33303930633533333637343634393038356235646533613766623436306666306166383632303233
|
||||
38343063636236663432333336393838373637633737363865373261343965623736326433313937
|
||||
34323037326362323032356232373065666639616362393536653663316439376662636431626238
|
||||
32353838666535633831353538306634636562343633656663343131386462656536633663333235
|
||||
38386435313336613962313665616132323431356333353861386663313562373837663966623532
|
||||
65363438643666326163393761626231386331343435636562336363643733353439326230326637
|
||||
61633531316335396662663539366264633034373333336638323734336364323038
|
||||
|
|
|
@ -14,6 +14,6 @@ compose_version: "3.7"
|
|||
|
||||
traefik_network: proxy
|
||||
|
||||
domain_name: new.chosto.me
|
||||
domain_name: chosto.me
|
||||
|
||||
letsencrypt_email: quentinduchemin@tuta.io
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
# use this one if you put the nginx container behind another proxy
|
||||
# you will have to set some headers on this proxy as well to ensure
|
||||
# everything works correctly, you can use the ones from the funkwhale_proxy.conf file
|
||||
# at https://dev.funkwhale.audio/funkwhale/funkwhale/blob/develop/deploy/funkwhale_proxy.conf
|
||||
# your proxy will also need to support websockets
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
|
||||
proxy_redirect off;
|
||||
|
||||
# websocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
- name: Create Funkwhale directory
|
||||
file:
|
||||
path: "{{ funkwhale_folder_name }}"
|
||||
state: directory
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Copy Traefik templates (nginx conf and Compose)
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
# Remove .j2 extension
|
||||
dest: "{{ funkwhale_folder_name }}/{{ (item | splitext)[0] }}"
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- docker-compose.yml.j2
|
||||
- conf.env.j2
|
||||
- nginx.conf.j2
|
||||
|
||||
- name: Copy nginx proxy file
|
||||
copy:
|
||||
src: funkwhale_proxy.conf
|
||||
dest: "{{ funkwhale_folder_name }}/funkwhale_proxy.conf"
|
||||
owner: "{{ base_user_name }}"
|
||||
group: "{{ base_user_name }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Start Funkwhale database
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ funkwhale_folder_name }}"
|
||||
services:
|
||||
- db
|
||||
pull: yes
|
||||
state: present
|
||||
|
||||
- name: Run migrations
|
||||
shell:
|
||||
cmd: docker-compose run --rm api python manage.py migrate
|
||||
chdir: "{{ funkwhale_folder_name }}"
|
||||
|
||||
- name: Run all funkwhale containers
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ funkwhale_folder_name }}"
|
||||
remove_orphans: yes
|
||||
pull: yes
|
||||
recreate: smart
|
||||
state: present
|
|
@ -0,0 +1,29 @@
|
|||
FUNKWHALE_API_IP=127.0.0.1
|
||||
FUNKWHALE_API_PORT={{ funkwhale_api_port }}
|
||||
FUNKWHALE_WEB_WORKERS=4
|
||||
FUNKWHALE_HOSTNAME={{ funkwhale_subdomain }}.{{ domain_name }}
|
||||
FUNKWHALE_PROTOCOL=https
|
||||
|
||||
EMAIL_CONFIG=smtp+tls://{{ funkwhale_subdomain }}@{{ domain_name }}:mD32H&Y2X$9XPFQtS!tq@mail.gandi.net:587
|
||||
DEFAULT_FROM_EMAIL={{ funkwhale_subdomain }}@{{ domain_name }}
|
||||
|
||||
DATABASE_URL=postgresql://funkwhale:{{ funkwhale_db_password }}@funkwhale_postgres:5432/funkwhale
|
||||
|
||||
REVERSE_PROXY_TYPE=nginx
|
||||
|
||||
CACHE_URL=redis://funkwhale_redis:6379/0
|
||||
|
||||
STATIC_ROOT={{ funkwhale_static_root }}
|
||||
MUSIC_DIRECTORY_PATH={{ funkwhale_import_music_directory }}
|
||||
FUNKWHALE_FRONTEND_PATH={{ funkwhale_frontend }}
|
||||
|
||||
DJANGO_SETTINGS_MODULE=config.settings.production
|
||||
DJANGO_SECRET_KEY={{ funkwhale_secret_key }}
|
||||
|
||||
NGINX_MAX_BODY_SIZE={{ nginx_max_body_size}}
|
||||
|
||||
AWS_ACCESS_KEY_ID={{ scaleway_s3_id }}
|
||||
AWS_SECRET_ACCESS_KEY={{ scaleway_s3_key }}
|
||||
AWS_STORAGE_BUCKET_NAME=celiglyphe
|
||||
AWS_S3_ENDPOINT_URL=https://s3.fr-par.scw.cloud
|
||||
PROXY_MEDIA=false
|
|
@ -0,0 +1,102 @@
|
|||
version: "{{ compose_version }}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: "{{ traefik_network }}"
|
||||
db:
|
||||
name: funkwhale_db
|
||||
|
||||
volumes:
|
||||
redis:
|
||||
name: funkwhale_redis
|
||||
db:
|
||||
name: funkwhale_db
|
||||
frontend:
|
||||
name: funkwhale_frontend
|
||||
static:
|
||||
name: funkwhale_static
|
||||
|
||||
services:
|
||||
celeryworker:
|
||||
image: "funkwhale/funkwhale:{{ funkwhale_version }}"
|
||||
container_name: funkwhale_celeryworker
|
||||
env_file:
|
||||
- ./conf.env
|
||||
environment:
|
||||
- C_FORCE_ROOT=true
|
||||
volumes:
|
||||
- "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro"
|
||||
command: celery -A funkwhale_api.taskapp worker -l INFO
|
||||
networks:
|
||||
- db
|
||||
restart: unless-stopped
|
||||
|
||||
celerybeat:
|
||||
image: "funkwhale/funkwhale:{{ funkwhale_version }}"
|
||||
container_name: funkwhale_celerybeat
|
||||
env_file: ./conf.env
|
||||
command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
|
||||
networks:
|
||||
- db
|
||||
restart: unless-stopped
|
||||
|
||||
api:
|
||||
image: "funkwhale/funkwhale:{{ funkwhale_version }}"
|
||||
container_name: funkwhale_api
|
||||
env_file:
|
||||
- ./conf.env
|
||||
volumes:
|
||||
- "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro"
|
||||
- "static:{{ funkwhale_static_root }}"
|
||||
- "frontend:{{ funkwhale_frontend }}"
|
||||
labels:
|
||||
traefik.http.routers.funkwhale_api.entrypoints: websecure
|
||||
traefik.http.routers.funkwhale_api.rule: "Host(`api.{{ funkwhale_subdomain }}.{{ domain_name }}`)"
|
||||
traefik.http.services.funkwhale_api.loadbalancer.server.port: "{{ funkwhale_api_port }}"
|
||||
traefik.enable: true
|
||||
networks:
|
||||
- proxy
|
||||
- db
|
||||
restart: unless-stopped
|
||||
|
||||
nginx:
|
||||
image: nginx
|
||||
container_name: funkwhale_nginx
|
||||
env_file: ./conf.env
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- ./funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro
|
||||
- "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro"
|
||||
- "static:{{ funkwhale_static_root }}"
|
||||
- "frontend:{{ funkwhale_frontend }}"
|
||||
labels:
|
||||
traefik.http.routers.funkwhale.entrypoints: websecure
|
||||
traefik.http.routers.funkwhale.rule: "Host(`{{ funkwhale_subdomain }}.{{ domain_name }}`)"
|
||||
traefik.http.services.funkwhale.loadbalancer.server.port: "{{ funkwhale_nginx_port }}"
|
||||
traefik.enable: true
|
||||
networks:
|
||||
- proxy
|
||||
restart: unless-stopped
|
||||
|
||||
redis:
|
||||
image: "redis:{{ redis_version }}"
|
||||
container_name: funkwhale_redis
|
||||
env_file: ./conf.env
|
||||
volumes:
|
||||
- redis:/data
|
||||
networks:
|
||||
- db
|
||||
restart: unless-stopped
|
||||
|
||||
db:
|
||||
image: "postgres:{{ postgres_version }}"
|
||||
container_name: funkwhale_postgres
|
||||
environment:
|
||||
POSTGRES_USER: funkwhale
|
||||
POSTGRES_DB: funkwhale
|
||||
POSTGRES_PASSWORD: "{{ funkwhale_db_password }}"
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
networks:
|
||||
- db
|
||||
restart: unless-stopped
|
|
@ -0,0 +1,98 @@
|
|||
upstream funkwhale-api {
|
||||
# depending on your setup, you may want to update this
|
||||
server funkwhale_api:{{ funkwhale_api_port }};
|
||||
}
|
||||
|
||||
|
||||
# required for websocket support
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{ funkwhale_nginx_port }};
|
||||
server_name {{ funkwhale_subdomain }}.{{ domain_name }};
|
||||
|
||||
# TLS
|
||||
# Feel free to use your own configuration for SSL here or simply remove the
|
||||
# lines and move the configuration to the previous server block if you
|
||||
# don't want to run funkwhale behind https (this is not recommended)
|
||||
# have a look here for let's encrypt configuration:
|
||||
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
|
||||
|
||||
root {{ funkwhale_frontend }};
|
||||
|
||||
# If you are using S3 to host your files, remember to add your S3 URL to the
|
||||
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
|
||||
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://s3.fr-par.scw.cloud data:; font-src 'self' data:; object-src 'none'; media-src 'self' https://s3.fr-par.scw.cloud data:";
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
|
||||
|
||||
location / {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
# this is needed if you have file import via upload enabled
|
||||
client_max_body_size {{ nginx_max_body_size }};
|
||||
proxy_pass http://funkwhale-api/;
|
||||
}
|
||||
|
||||
location /front/ {
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
add_header Service-Worker-Allowed "/";
|
||||
add_header X-Frame-Options "ALLOW";
|
||||
alias /frontend/;
|
||||
expires 30d;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
|
||||
}
|
||||
|
||||
location /front/embed.html {
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
|
||||
add_header X-Frame-Options "ALLOW";
|
||||
alias /frontend/embed.html;
|
||||
expires 30d;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
|
||||
}
|
||||
|
||||
location /federation/ {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
proxy_pass http://funkwhale-api/federation/;
|
||||
}
|
||||
|
||||
# You can comment this if you do not plan to use the Subsonic API
|
||||
location /rest/ {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
proxy_pass http://funkwhale-api/api/subsonic/rest/;
|
||||
}
|
||||
|
||||
location /.well-known/ {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
proxy_pass http://funkwhale-api/.well-known/;
|
||||
}
|
||||
|
||||
location ~ /_protected/media/(.+) {
|
||||
internal;
|
||||
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
|
||||
proxy_set_header Authorization "";
|
||||
proxy_pass $1;
|
||||
}
|
||||
|
||||
location /_protected/music {
|
||||
# this is an internal location that is used to serve
|
||||
# audio files once correct permission / authentication
|
||||
# has been checked on API side
|
||||
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
|
||||
internal;
|
||||
alias {{ funkwhale_import_music_directory }};
|
||||
}
|
||||
|
||||
location /staticfiles/ {
|
||||
# django static files
|
||||
alias {{ funkwhale_static_root }}}/;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
funkwhale_version: 1.1.1
|
||||
funkwhale_api_port: 5000
|
||||
funkwhale_nginx_port: 80
|
||||
funkwhale_static_root: /static
|
||||
funkwhale_import_music_directory: /import
|
||||
funkwhale_import_music_directory_host: "{{ funkwhale_folder_name }}/import"
|
||||
funkwhale_folder_name: "{{ docker_files }}/funkwhale"
|
||||
funkwhale_frontend: /frontend
|
||||
funkwhale_subdomain: music
|
||||
nginx_max_body_size: 100M
|
||||
postgres_version: 13
|
||||
redis_version: 6
|
Loading…
Reference in New Issue