dnutiu/ansible-playbooks
dnutiu/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update peertube playbook: add firewall instructions

Browse source
This commit is contained in:
Denis-Cosmin Nutiu 2025-02-05 20:27:48 +02:00
parent 429bbc528f
commit b11989497b
2 changed files with 70 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

113
peertube-server/playbook.yaml
View file

@ -7,60 +7,79 @@
tasks: tasks:
# Create necessary directories. # Create necessary directories.
- name: Create PeerTube data directory #
ansible.builtin.file: - name: "Create directories"
path: "/{{ peertube.data_directory }}" block:
state: directory - name: Create PeerTube data directory
mode: '0755' ansible.builtin.file:
ignore_errors: true path: "/{{ peertube.data_directory }}"
- name: Create PeerTube config directory state: directory
ansible.builtin.file: mode: "0755"
path: "/{{ peertube.config_directory }}" ignore_errors: true
state: directory - name: Create PeerTube config directory
mode: '0754' ansible.builtin.file:
ignore_errors: true path: "/{{ peertube.config_directory }}"
- name: Create PostgresSQL directory state: directory
ansible.builtin.file: mode: "0754"
path: "/{{ postgres.postgres_directory }}" ignore_errors: true
state: directory - name: Create PostgresSQL directory
mode: '0754' ansible.builtin.file:
ignore_errors: true path: "/{{ postgres.postgres_directory }}"
state: directory
mode: "0754"
ignore_errors: true
# Ensure dependencies are installed # Ensure dependencies are installed
- name: Ensure Podman is installed #
ansible.builtin.package: - name: "Install dependencies"
name: podman block:
state: present - name: Ensure Podman is installed
- name: Ensure Udica is installed ansible.builtin.package:
ansible.builtin.package: name: podman
name: udica state: present
state: present - name: Ensure Udica is installed
- name: Ensure container-selinux is installed ansible.builtin.package:
ansible.builtin.package: name: udica
name: container-selinux state: present
state: present - name: Ensure container-selinux is installed
ansible.builtin.package:
name: container-selinux
state: present
# Pull docker images # Pull docker images
- name: Pull PeerTube image #
containers.podman.podman_image: - name: "Pull container images"
name: "{{ peertube.image_name }}" block:
state: present - name: Pull PeerTube image
- name: Pull Postgres image containers.podman.podman_image:
containers.podman.podman_image: name: "{{ peertube.image_name }}"
name: "{{ postgres.image_name }}" state: present
state: present - name: Pull Postgres image
- name: Pull Redis image containers.podman.podman_image:
containers.podman.podman_image: name: "{{ postgres.image_name }}"
name: "{{ redis.image_name }}" state: present
state: present - name: Pull Redis image
# Load SELinux policies containers.podman.podman_image:
name: "{{ redis.image_name }}"
state: present
- name: Add firewall ports - name: Add firewall ports
block: block:
- name: Create a firewalld service file (if it doesn't exist) - name: Create firewalld service
ansible.posix.firewalld: ansible.builtin.copy:
src: ./templates/firewall/peertube.xml src: ./templates/firewall/peertube.xml
dest: /etc/firewalld/services/peertube.xml dest: /etc/firewalld/services/peertube.xml
mode: "0644"
notify:
- reload firewalld
- name: Enable firewalld service
ansible.posix.firewalld:
service: peertube
state: enabled state: enabled
notify: reload firewalld permanent: true
immediate: true
offline: true
notify:
- reload firewalld
handlers: handlers:
- name: reload firewalld - name: reload firewalld
ansible.posix.firewalld: ansible.builtin.service:
name: firewalld
state: reloaded state: reloaded

6
peertube-server/templates/firewall/peertube.xml
View file

@ -2,6 +2,6 @@
<service> <service>
<short>PeerTube Service</short> <short>PeerTube Service</short>
<description>PeerTube is a federated video sharing platform.</description> <description>PeerTube is a federated video sharing platform.</description>
<port protocol="tcp" port="{{ 1935 }}" /> <port protocol="tcp" port="1935" />
<port protocol="tcp" port="{{ 9000 }}" /> <port protocol="tcp" port="9000" />
</service> </service>