dnutiu/ansible-playbooks
dnutiu/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

work on peertube ansible playbook

Browse source
This commit is contained in:
Denis-Cosmin Nutiu 2025-02-05 19:39:03 +02:00
parent 8dc2bc4040
commit 429bbc528f
12 changed files with 166 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
peertube-server/.idea/.gitignore generated vendored Normal file
View file

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

6
peertube-server/.idea/inspectionProfiles/profiles_settings.xml generated Normal file
View file

@ -0,0 +1,6 @@
<component name="InspectionProjectProfileManager">
<settings>
<option name="USE_PROJECT_PROFILE" value="false" />
<version value="1.0" />
</settings>
</component>

8
peertube-server/.idea/modules.xml generated Normal file
View file

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/peertube-server.iml" filepath="$PROJECT_DIR$/.idea/peertube-server.iml" />
</modules>
</component>
</project>

8
peertube-server/.idea/peertube-server.iml generated Normal file
View file

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="PYTHON_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

6
peertube-server/.idea/vcs.xml generated Normal file
View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
</component>
</project>

9
peertube-server/Makefile Normal file
View file

@ -0,0 +1,9 @@
install:
sudo dnf install ansible
ansible-galaxy collection install community.general
ansible-galaxy collection install containers.podman
ansible-galaxy collection install ansible.posix
list-hosts:
ansible-inventory -i inventory.ini --list
run:
ansible-playbook -i inventory.ini playbook.yaml --ask-become-pass

5
peertube-server/inventory.ini Normal file
View file

@ -0,0 +1,5 @@
[nuculabs]
legion.nuculabs.com ansible_user=dnutiu
[local]
localhost ansible_connection=local

66
peertube-server/playbook.yaml Normal file
View file

@ -0,0 +1,66 @@
- name: Create directory and templated file
hosts: nuculabs
become: yes
become_method: sudo
vars_files:
- variables.yaml
tasks:
# Create necessary directories.
- name: Create PeerTube data directory
ansible.builtin.file:
path: "/{{ peertube.data_directory }}"
state: directory
mode: '0755'
ignore_errors: true
- name: Create PeerTube config directory
ansible.builtin.file:
path: "/{{ peertube.config_directory }}"
state: directory
mode: '0754'
ignore_errors: true
- name: Create PostgresSQL directory
ansible.builtin.file:
path: "/{{ postgres.postgres_directory }}"
state: directory
mode: '0754'
ignore_errors: true
# Ensure dependencies are installed
- name: Ensure Podman is installed
ansible.builtin.package:
name: podman
state: present
- name: Ensure Udica is installed
ansible.builtin.package:
name: udica
state: present
- name: Ensure container-selinux is installed
ansible.builtin.package:
name: container-selinux
state: present
# Pull docker images
- name: Pull PeerTube image
containers.podman.podman_image:
name: "{{ peertube.image_name }}"
state: present
- name: Pull Postgres image
containers.podman.podman_image:
name: "{{ postgres.image_name }}"
state: present
- name: Pull Redis image
containers.podman.podman_image:
name: "{{ redis.image_name }}"
state: present
# Load SELinux policies
- name: Add firewall ports
block:
- name: Create a firewalld service file (if it doesn't exist)
ansible.posix.firewalld:
src: ./templates/firewall/peertube.xml
dest: /etc/firewalld/services/peertube.xml
state: enabled
notify: reload firewalld
handlers:
- name: reload firewalld
ansible.posix.firewalld:
state: reloaded

23
peertube-server/templates/cil/peertube.cil Normal file
View file

@ -0,0 +1,23 @@
(block peertube
(blockinherit container)
(blockinherit restricted_net_container)
(allow process process ( capability ( chown dac_override fowner fsetid kill net_bind_service setfcap setgid setpcap setuid sys_chroot )))
(allow process flash_port_t ( tcp_socket ( name_bind )))
(allow process http_port_t ( tcp_socket ( name_bind )))
(allow process unreserved_port_t (tcp_socket (name_connect) ) )
(allow process cifs_t (dir (setattr)))
(allow process redis_port_t (tcp_socket (name_connect)))
(allow process smtp_port_t (tcp_socket (name_connect)))
(allow process postgresql_port_t (tcp_socket (name_connect)))
(allow process container_file_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process container_file_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process container_file_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process container_file_t ( sock_file ( append getattr open read write )))
(allow process user_home_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_home_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_home_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_home_t ( sock_file ( append getattr open read write )))
)

11
peertube-server/templates/cil/postgres.cil Normal file
View file

@ -0,0 +1,11 @@
(block postgres
(blockinherit container)
(blockinherit restricted_net_container)
(allow process process ( capability ( chown dac_override fowner fsetid kill net_bind_service setfcap setgid setpcap setuid sys_chroot )))
(allow process postgresql_port_t ( tcp_socket ( name_bind )))
(allow process user_home_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_home_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_home_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_home_t ( sock_file ( append getattr open read write )))
)

7
peertube-server/templates/firewall/peertube.xml Normal file
View file

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>PeerTube Service</short>
<description>PeerTube is a federated video sharing platform.</description>
<port protocol="tcp" port="{{ 1935 }}" />
<port protocol="tcp" port="{{ 9000 }}" />
</service>

9
peertube-server/variables.yaml Normal file
View file

@ -0,0 +1,9 @@
peertube:
data_directory: "/peertube/data"
config_directory: "/peertube/config"
image_name: "docker.io/chocobozzz/peertube:v7.0.1-bookworm"
postgres:
postgres_directory: "/peertube/postgres"
image_name: "docker.io/postgres:13-alpine"
redis:
image_name: "docker.io/redis:6-alpine"