- name: Install PeerTube hosts: local become: true become_method: sudo vars_files: - variables.yaml tasks: # Create necessary directories. - name: "Create directories" block: - name: Create PeerTube base directory ansible.builtin.file: path: "{{ base_directory }}" state: directory mode: "0755" ignore_errors: true - name: Create PeerTube data directory ansible.builtin.file: path: "{{ peertube.data_directory }}" state: directory mode: "0755" ignore_errors: true - name: Create PeerTube config directory ansible.builtin.file: path: "{{ peertube.config_directory }}" state: directory mode: "0754" ignore_errors: true - name: Create PeerTube backups directory ansible.builtin.file: path: "{{ peertube.backups_directory }}" state: directory mode: "0754" ignore_errors: true - name: Create PostgresSQL directory ansible.builtin.file: path: "{{ postgres.postgres_directory }}" state: directory mode: "0754" ignore_errors: true # Ensure dependencies are installed - name: "Install dependencies" block: - name: Ensure Podman is installed ansible.builtin.package: name: podman state: present - name: Ensure Udica is installed ansible.builtin.package: name: udica state: present - name: Ensure container-selinux is installed ansible.builtin.package: name: container-selinux state: present # Pull docker images - name: "Pull container images" block: - name: Pull PeerTube image containers.podman.podman_image: name: "{{ peertube.image_name }}" state: present - name: Pull Postgres image containers.podman.podman_image: name: "{{ postgres.image_name }}" state: present - name: Pull Redis image containers.podman.podman_image: name: "{{ redis.image_name }}" state: present - name: Add firewall ports block: - name: Create firewalld service ansible.builtin.copy: src: ./templates/firewall/peertube.xml dest: /etc/firewalld/services/peertube.xml mode: "0644" - name: Reload firewalld ansible.builtin.command: argv: - firewall-cmd - --reload - name: Enable firewalld service ansible.posix.firewalld: service: peertube state: enabled permanent: true immediate: true offline: true when: peertube.open_firewall_ports - name: "Load CIL policies" block: - name: Copy peertube cil ansible.builtin.copy: src: ./templates/cil/peertube.cil dest: /tmp/peertube.cil mode: "0644" - name: Copy postgres cil ansible.builtin.copy: src: ./templates/cil/postgres.cil dest: /tmp/postgres.cil mode: "0644" - name: Load PeertTube CIL policy ansible.builtin.command: argv: - semodule - -i - /tmp/peertube.cil - /usr/share/udica/templates/base_container.cil - /usr/share/udica/templates/net_container.cil - name: Load Postgres CIL policy ansible.builtin.command: argv: - semodule - -i - /tmp/postgres.cil - /usr/share/udica/templates/base_container.cil - /usr/share/udica/templates/net_container.cil - name: "Allow samba access from container" ansible.builtin.command: argv: - semanage - boolean - -m - virt_use_samba - --on when: selinux_virt_use_samba - name: "Setup Containers" block: - name: "Copy environment file" ansible.builtin.template: src: ./templates/services/environment_file dest: "{{ base_directory }}/{{ peertube.env_file }}" mode: "0644" - name: "Copy peertube.network" ansible.builtin.template: src: ./templates/services/peertube.network dest: /etc/containers/systemd/peertube.network mode: "0644" - name: "Copy redis container" ansible.builtin.template: src: ./templates/services/redis.container.j2 dest: /etc/containers/systemd/redis.container mode: "0644" - name: "Copy postgres container" ansible.builtin.template: src: ./templates/services/postgres.container.j2 dest: /etc/containers/systemd/postgres.container mode: "0644" - name: "Copy peertube container" ansible.builtin.template: src: ./templates/services/peertube.container.j2 dest: /etc/containers/systemd/peertube.container mode: "0644" - name: Reload systemd ansible.builtin.command: argv: - systemctl - daemon-reload - name: "Start redis.container" ansible.builtin.systemd_service: name: redis.service state: started - name: "Start postgres.container" ansible.builtin.systemd_service: name: postgres.service state: started - name: "Start peertube.container" ansible.builtin.systemd_service: name: peertube.service state: started - name: "Setup Backup" block: - name: "Copy backup script" ansible.builtin.template: src: ./templates/backup/backup.sh.j2 dest: "{{peertube.backups_directory}}/backup.sh" mode: "0644" - name: "Copy backup service" ansible.builtin.template: src: ./templates/backup/peertube-backup.service.j2 dest: /etc/systemd/system/peertube-backup.service mode: "0644" - name: "Copy backup timer" ansible.builtin.template: src: ./templates/backup/peertube-backup.timer dest: /etc/systemd/system/peertube-backup.timer mode: "0644" - name: Reload systemd ansible.builtin.command: argv: - systemctl - daemon-reload - name: Enable back-up service ansible.builtin.systemd_service: name: peertube-backup.service state: started enabled: true - name: Enable back-up service timer ansible.builtin.systemd_service: name: peertube-backup.timer state: started enabled: true