dnutiu/ansible-playbooks
dnutiu/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update peertube playbook: add firewall instructions

Browse source
This commit is contained in:
Denis-Cosmin Nutiu 2025-02-05 20:27:48 +02:00
parent 429bbc528f
commit b11989497b
2 changed files with 70 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

115
peertube-server/playbook.yaml
View file

@ -7,60 +7,79 @@
tasks:
# Create necessary directories.
- name: Create PeerTube data directory
ansible.builtin.file:
path: "/{{ peertube.data_directory }}"
state: directory
mode: '0755'
ignore_errors: true
- name: Create PeerTube config directory
ansible.builtin.file:
path: "/{{ peertube.config_directory }}"
state: directory
mode: '0754'
ignore_errors: true
- name: Create PostgresSQL directory
ansible.builtin.file:
path: "/{{ postgres.postgres_directory }}"
state: directory
mode: '0754'
ignore_errors: true
#
- name: "Create directories"
block:
- name: Create PeerTube data directory
ansible.builtin.file:
path: "/{{ peertube.data_directory }}"
state: directory
mode: "0755"
ignore_errors: true
- name: Create PeerTube config directory
ansible.builtin.file:
path: "/{{ peertube.config_directory }}"
state: directory
mode: "0754"
ignore_errors: true
- name: Create PostgresSQL directory
ansible.builtin.file:
path: "/{{ postgres.postgres_directory }}"
state: directory
mode: "0754"
ignore_errors: true
# Ensure dependencies are installed
- name: Ensure Podman is installed
ansible.builtin.package:
name: podman
state: present
- name: Ensure Udica is installed
ansible.builtin.package:
name: udica
state: present
- name: Ensure container-selinux is installed
ansible.builtin.package:
name: container-selinux
state: present
#
- name: "Install dependencies"
block:
- name: Ensure Podman is installed
ansible.builtin.package:
name: podman
state: present
- name: Ensure Udica is installed
ansible.builtin.package:
name: udica
state: present
- name: Ensure container-selinux is installed
ansible.builtin.package:
name: container-selinux
state: present
# Pull docker images
- name: Pull PeerTube image
containers.podman.podman_image:
name: "{{ peertube.image_name }}"
state: present
- name: Pull Postgres image
containers.podman.podman_image:
name: "{{ postgres.image_name }}"
state: present
- name: Pull Redis image
containers.podman.podman_image:
name: "{{ redis.image_name }}"
state: present
# Load SELinux policies
#
- name: "Pull container images"
block:
- name: Pull PeerTube image
containers.podman.podman_image:
name: "{{ peertube.image_name }}"
state: present
- name: Pull Postgres image
containers.podman.podman_image:
name: "{{ postgres.image_name }}"
state: present
- name: Pull Redis image
containers.podman.podman_image:
name: "{{ redis.image_name }}"
state: present
- name: Add firewall ports
block:
- name: Create a firewalld service file (if it doesn't exist)
ansible.posix.firewalld:
- name: Create firewalld service
ansible.builtin.copy:
src: ./templates/firewall/peertube.xml
dest: /etc/firewalld/services/peertube.xml
mode: "0644"
notify:
- reload firewalld
- name: Enable firewalld service
ansible.posix.firewalld:
service: peertube
state: enabled
notify: reload firewalld
permanent: true
immediate: true
offline: true
notify:
- reload firewalld
handlers:
- name: reload firewalld
ansible.posix.firewalld:
state: reloaded
ansible.builtin.service:
name: firewalld
state: reloaded

6
peertube-server/templates/firewall/peertube.xml
View file

@ -2,6 +2,6 @@
<service>
<short>PeerTube Service</short>
<description>PeerTube is a federated video sharing platform.</description>
<port protocol="tcp" port="{{ 1935 }}" />
<port protocol="tcp" port="{{ 9000 }}" />
</service>
<port protocol="tcp" port="1935" />
<port protocol="tcp" port="9000" />
</service>