ansible-playbooks/peertube-server/playbook.yaml

- name: Install PeerTube
  hosts: local
  become: true
  become_method: sudo
  vars_files:
    - variables.yaml

  tasks:
    # Create necessary directories.
    - name: "Create directories"
      block:
        - name: Create PeerTube base directory
          ansible.builtin.file:
            path: "{{ base_directory }}"
            state: directory
            mode: "0755"
          ignore_errors: true
        - name: Create PeerTube data directory
          ansible.builtin.file:
            path: "{{ peertube.data_directory }}"
            state: directory
            mode: "0755"
          ignore_errors: true
        - name: Create PeerTube config directory
          ansible.builtin.file:
            path: "{{ peertube.config_directory }}"
            state: directory
            mode: "0754"
          ignore_errors: true
        - name: Create PeerTube backups directory
          ansible.builtin.file:
            path: "{{ peertube.backups_directory }}"
            state: directory
            mode: "0754"
          ignore_errors: true
        - name: Create PostgresSQL directory
          ansible.builtin.file:
            path: "{{ postgres.postgres_directory }}"
            state: directory
            mode: "0754"
          ignore_errors: true
    # Ensure dependencies are installed
    - name: "Install dependencies"
      block:
        - name: Ensure Podman is installed
          ansible.builtin.package:
            name: podman
            state: present
        - name: Ensure Udica is installed
          ansible.builtin.package:
            name: udica
            state: present
        - name: Ensure container-selinux is installed
          ansible.builtin.package:
            name: container-selinux
            state: present
    # Pull docker images
    - name: "Pull container images"
      block:
        - name: Pull PeerTube image
          containers.podman.podman_image:
            name: "{{ peertube.image_name }}"
            state: present
        - name: Pull Postgres image
          containers.podman.podman_image:
            name: "{{ postgres.image_name }}"
            state: present
        - name: Pull Redis image
          containers.podman.podman_image:
            name: "{{ redis.image_name }}"
            state: present
    - name: Add firewall ports
      block:
        - name: Create firewalld service
          ansible.builtin.copy:
            src: ./templates/firewall/peertube.xml
            dest: /etc/firewalld/services/peertube.xml
            mode: "0644"
        - name: Reload firewalld
          ansible.builtin.command:
            argv:
              - firewall-cmd
              - --reload
        - name: Enable firewalld service
          ansible.posix.firewalld:
            service: peertube
            state: enabled
            permanent: true
            immediate: true
            offline: true
    - name: "Load CIL policies"
      block:
        - name: Copy peertube cil
          ansible.builtin.copy:
            src: ./templates/cil/peertube.cil
            dest: /tmp/peertube.cil
            mode: "0644"
        - name: Copy postgres cil
          ansible.builtin.copy:
            src: ./templates/cil/postgres.cil
            dest: /tmp/postgres.cil
            mode: "0644"
        - name: Load PeertTube CIL policy
          ansible.builtin.command:
            argv:
              - semodule
              - -i
              - /tmp/peertube.cil
              - /usr/share/udica/templates/base_container.cil
              - /usr/share/udica/templates/net_container.cil
        - name: Load Postgres CIL policy
          ansible.builtin.command:
            argv:
              - semodule
              - -i
              - /tmp/postgres.cil
              - /usr/share/udica/templates/base_container.cil
              - /usr/share/udica/templates/net_container.cil
        - name: "Allow samba access from container"
          ansible.builtin.command:
            argv:
              - semanage
              - boolean
              - -m
              - virt_use_samba
              - --on
          when: selinux_virt_use_samba
    - name: "Setup Containers"
      block:
        - name: "Copy environment file"
          ansible.builtin.template:
            src: ./templates/services/environment_file
            dest: "{{ base_directory }}/{{ peertube.env_file }}"
            mode: "0644"
        - name: "Copy peertube.network"
          ansible.builtin.template:
            src: ./templates/services/peertube.network
            dest: /etc/containers/systemd/peertube.network
            mode: "0644"
        - name: "Copy redis container"
          ansible.builtin.template:
            src: ./templates/services/redis.container.j2
            dest: /etc/containers/systemd/redis.container
            mode: "0644"
        - name: "Copy postgres container"
          ansible.builtin.template:
            src: ./templates/services/postgres.container.j2
            dest: /etc/containers/systemd/postgres.container
            mode: "0644"
        - name: "Copy peertube container"
          ansible.builtin.template:
            src: ./templates/services/peertube.container.j2
            dest: /etc/containers/systemd/peertube.container
            mode: "0644"
        - name: Reload systemd
          ansible.builtin.command:
            argv:
              - systemctl
              - daemon-reload
        - name: "Start redis.container"
          ansible.builtin.systemd_service:
            name: redis.service
            state: started
        - name: "Start postgres.container"
          ansible.builtin.systemd_service:
            name: postgres.service
            state: started
        - name: "Start peertube.container"
          ansible.builtin.systemd_service:
            name: peertube.service
            state: started
    - name: "Setup Backup"
      block:
        - name: "Copy backup script"
          ansible.builtin.template:
            src: ./templates/backup/backup.sh.j2
            dest: "{{peertube.backups_directory}}/backup.sh"
            mode: "0644"
        - name: "Copy backup service"
          ansible.builtin.template:
            src: ./templates/backup/peertube-backup.service.j2
            dest: /etc/systemd/system/peertube-backup.service
            mode: "0644"
        - name: "Copy backup timer"
          ansible.builtin.template:
            src: ./templates/backup/peertube-backup.timer
            dest: /etc/systemd/system/peertube-backup.timer
            mode: "0644"
        - name: Reload systemd
          ansible.builtin.command:
            argv:
              - systemctl
              - daemon-reload
        - name: Enable back-up service
          ansible.builtin.systemd_service:
            name: peertube-backup.service
            state: started
            enabled: true
        - name: Enable back-up service timer
          ansible.builtin.systemd_service:
            name: peertube-backup.timer
            state: started
            enabled: true
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`- name: Install PeerTube`
			`hosts: local`
update playbook: load cil policies 2025-02-05 20:44:32 +02:00			`become: true`
work on peertube ansible playbook 2025-02-05 19:39:03 +02:00			`become_method: sudo`
			`vars_files:`
			`- variables.yaml`

			`tasks:`
			`# Create necessary directories.`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`- name: "Create directories"`
			`block:`
change directory structure 2025-02-05 21:37:28 +02:00			`- name: Create PeerTube base directory`
			`ansible.builtin.file:`
			`path: "{{ base_directory }}"`
			`state: directory`
			`mode: "0755"`
			`ignore_errors: true`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`- name: Create PeerTube data directory`
			`ansible.builtin.file:`
change directory structure 2025-02-05 21:37:28 +02:00			`path: "{{ peertube.data_directory }}"`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`state: directory`
			`mode: "0755"`
			`ignore_errors: true`
			`- name: Create PeerTube config directory`
			`ansible.builtin.file:`
change directory structure 2025-02-05 21:37:28 +02:00			`path: "{{ peertube.config_directory }}"`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`state: directory`
			`mode: "0754"`
			`ignore_errors: true`
change directory structure 2025-02-05 21:37:28 +02:00			`- name: Create PeerTube backups directory`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`ansible.builtin.file:`
change directory structure 2025-02-05 21:37:28 +02:00			`path: "{{ peertube.backups_directory }}"`
add preliminary files for peertube 2025-02-05 21:18:32 +02:00			`state: directory`
			`mode: "0754"`
			`ignore_errors: true`
change directory structure 2025-02-05 21:37:28 +02:00			`- name: Create PostgresSQL directory`
add preliminary files for peertube 2025-02-05 21:18:32 +02:00			`ansible.builtin.file:`
change directory structure 2025-02-05 21:37:28 +02:00			`path: "{{ postgres.postgres_directory }}"`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`state: directory`
			`mode: "0754"`
			`ignore_errors: true`
work on peertube ansible playbook 2025-02-05 19:39:03 +02:00			`# Ensure dependencies are installed`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`- name: "Install dependencies"`
			`block:`
			`- name: Ensure Podman is installed`
			`ansible.builtin.package:`
			`name: podman`
			`state: present`
			`- name: Ensure Udica is installed`
			`ansible.builtin.package:`
			`name: udica`
			`state: present`
			`- name: Ensure container-selinux is installed`
			`ansible.builtin.package:`
			`name: container-selinux`
			`state: present`
work on peertube ansible playbook 2025-02-05 19:39:03 +02:00			`# Pull docker images`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`- name: "Pull container images"`
			`block:`
			`- name: Pull PeerTube image`
			`containers.podman.podman_image:`
			`name: "{{ peertube.image_name }}"`
			`state: present`
			`- name: Pull Postgres image`
			`containers.podman.podman_image:`
			`name: "{{ postgres.image_name }}"`
			`state: present`
			`- name: Pull Redis image`
			`containers.podman.podman_image:`
			`name: "{{ redis.image_name }}"`
			`state: present`
work on peertube ansible playbook 2025-02-05 19:39:03 +02:00			`- name: Add firewall ports`
			`block:`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`- name: Create firewalld service`
			`ansible.builtin.copy:`
work on peertube ansible playbook 2025-02-05 19:39:03 +02:00			`src: ./templates/firewall/peertube.xml`
			`dest: /etc/firewalld/services/peertube.xml`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`mode: "0644"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`- name: Reload firewalld`
			`ansible.builtin.command:`
			`argv:`
			`- firewall-cmd`
			`- --reload`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`- name: Enable firewalld service`
			`ansible.posix.firewalld:`
			`service: peertube`
work on peertube ansible playbook 2025-02-05 19:39:03 +02:00			`state: enabled`
update peertube playbook: add firewall instructions 2025-02-05 20:27:48 +02:00			`permanent: true`
			`immediate: true`
			`offline: true`
update playbook: load cil policies 2025-02-05 20:44:32 +02:00			`- name: "Load CIL policies"`
			`block:`
			`- name: Copy peertube cil`
			`ansible.builtin.copy:`
			`src: ./templates/cil/peertube.cil`
			`dest: /tmp/peertube.cil`
			`mode: "0644"`
			`- name: Copy postgres cil`
			`ansible.builtin.copy:`
			`src: ./templates/cil/postgres.cil`
			`dest: /tmp/postgres.cil`
			`mode: "0644"`
			`- name: Load PeertTube CIL policy`
			`ansible.builtin.command:`
			`argv:`
			`- semodule`
			`- -i`
			`- /tmp/peertube.cil`
			`- /usr/share/udica/templates/base_container.cil`
			`- /usr/share/udica/templates/net_container.cil`
			`- name: Load Postgres CIL policy`
			`ansible.builtin.command:`
			`argv:`
			`- semodule`
			`- -i`
			`- /tmp/postgres.cil`
			`- /usr/share/udica/templates/base_container.cil`
			`- /usr/share/udica/templates/net_container.cil`
			`- name: "Allow samba access from container"`
			`ansible.builtin.command:`
			`argv:`
			`- semanage`
			`- boolean`
			`- -m`
			`- virt_use_samba`
			`- --on`
condition virt_use_samba bool with a flag 2025-02-09 12:00:01 +02:00			`when: selinux_virt_use_samba`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`- name: "Setup Containers"`
			`block:`
			`- name: "Copy environment file"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`src: ./templates/services/environment_file`
			`dest: "{{ base_directory }}/{{ peertube.env_file }}"`
			`mode: "0644"`
			`- name: "Copy peertube.network"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`src: ./templates/services/peertube.network`
			`dest: /etc/containers/systemd/peertube.network`
			`mode: "0644"`
			`- name: "Copy redis container"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`src: ./templates/services/redis.container.j2`
			`dest: /etc/containers/systemd/redis.container`
			`mode: "0644"`
			`- name: "Copy postgres container"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`src: ./templates/services/postgres.container.j2`
			`dest: /etc/containers/systemd/postgres.container`
			`mode: "0644"`
			`- name: "Copy peertube container"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`src: ./templates/services/peertube.container.j2`
			`dest: /etc/containers/systemd/peertube.container`
			`mode: "0644"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`- name: Reload systemd`
			`ansible.builtin.command:`
			`argv:`
			`- systemctl`
			`- daemon-reload`
update peertube: add setup for containers 2025-02-05 22:30:35 +02:00			`- name: "Start redis.container"`
			`ansible.builtin.systemd_service:`
			`name: redis.service`
			`state: started`
			`- name: "Start postgres.container"`
			`ansible.builtin.systemd_service:`
			`name: postgres.service`
			`state: started`
			`- name: "Start peertube.container"`
			`ansible.builtin.systemd_service:`
			`name: peertube.service`
			`state: started`
update peertube: add back-up services 2025-02-05 22:18:54 +02:00			`- name: "Setup Backup"`
			`block:`
			`- name: "Copy backup script"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add back-up services 2025-02-05 22:18:54 +02:00			`src: ./templates/backup/backup.sh.j2`
			`dest: "{{peertube.backups_directory}}/backup.sh"`
			`mode: "0644"`
			`- name: "Copy backup service"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add back-up services 2025-02-05 22:18:54 +02:00			`src: ./templates/backup/peertube-backup.service.j2`
			`dest: /etc/systemd/system/peertube-backup.service`
			`mode: "0644"`
			`- name: "Copy backup timer"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`ansible.builtin.template:`
update peertube: add back-up services 2025-02-05 22:18:54 +02:00			`src: ./templates/backup/peertube-backup.timer`
			`dest: /etc/systemd/system/peertube-backup.timer`
			`mode: "0644"`
fix playbook.yaml & test on fedora 41 2025-02-06 23:10:41 +02:00			`- name: Reload systemd`
			`ansible.builtin.command:`
			`argv:`
			`- systemctl`
			`- daemon-reload`
update peertube: add back-up services 2025-02-05 22:18:54 +02:00			`- name: Enable back-up service`
			`ansible.builtin.systemd_service:`
			`name: peertube-backup.service`
			`state: started`
			`enabled: true`
			`- name: Enable back-up service timer`
			`ansible.builtin.systemd_service:`
			`name: peertube-backup.timer`
			`state: started`
			`enabled: true`