204 lines
6.9 KiB
YAML
204 lines
6.9 KiB
YAML
- name: Install PeerTube
|
|
hosts: local
|
|
become: true
|
|
become_method: sudo
|
|
vars_files:
|
|
- variables.yaml
|
|
|
|
tasks:
|
|
# Create necessary directories.
|
|
- name: "Create directories"
|
|
block:
|
|
- name: Create PeerTube base directory
|
|
ansible.builtin.file:
|
|
path: "{{ base_directory }}"
|
|
state: directory
|
|
mode: "0755"
|
|
ignore_errors: true
|
|
- name: Create PeerTube data directory
|
|
ansible.builtin.file:
|
|
path: "{{ peertube.data_directory }}"
|
|
state: directory
|
|
mode: "0755"
|
|
ignore_errors: true
|
|
- name: Create PeerTube config directory
|
|
ansible.builtin.file:
|
|
path: "{{ peertube.config_directory }}"
|
|
state: directory
|
|
mode: "0754"
|
|
ignore_errors: true
|
|
- name: Create PeerTube backups directory
|
|
ansible.builtin.file:
|
|
path: "{{ peertube.backups_directory }}"
|
|
state: directory
|
|
mode: "0754"
|
|
ignore_errors: true
|
|
- name: Create PostgresSQL directory
|
|
ansible.builtin.file:
|
|
path: "{{ postgres.postgres_directory }}"
|
|
state: directory
|
|
mode: "0754"
|
|
ignore_errors: true
|
|
# Ensure dependencies are installed
|
|
- name: "Install dependencies"
|
|
block:
|
|
- name: Ensure Podman is installed
|
|
ansible.builtin.package:
|
|
name: podman
|
|
state: present
|
|
- name: Ensure Udica is installed
|
|
ansible.builtin.package:
|
|
name: udica
|
|
state: present
|
|
- name: Ensure container-selinux is installed
|
|
ansible.builtin.package:
|
|
name: container-selinux
|
|
state: present
|
|
# Pull docker images
|
|
- name: "Pull container images"
|
|
block:
|
|
- name: Pull PeerTube image
|
|
containers.podman.podman_image:
|
|
name: "{{ peertube.image_name }}"
|
|
state: present
|
|
- name: Pull Postgres image
|
|
containers.podman.podman_image:
|
|
name: "{{ postgres.image_name }}"
|
|
state: present
|
|
- name: Pull Redis image
|
|
containers.podman.podman_image:
|
|
name: "{{ redis.image_name }}"
|
|
state: present
|
|
- name: Add firewall ports
|
|
block:
|
|
- name: Create firewalld service
|
|
ansible.builtin.copy:
|
|
src: ./templates/firewall/peertube.xml
|
|
dest: /etc/firewalld/services/peertube.xml
|
|
mode: "0644"
|
|
- name: Reload firewalld
|
|
ansible.builtin.command:
|
|
argv:
|
|
- firewall-cmd
|
|
- --reload
|
|
- name: Enable firewalld service
|
|
ansible.posix.firewalld:
|
|
service: peertube
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
offline: true
|
|
when: peertube.open_firewall_ports
|
|
- name: "Load CIL policies"
|
|
block:
|
|
- name: Copy peertube cil
|
|
ansible.builtin.copy:
|
|
src: ./templates/cil/peertube.cil
|
|
dest: /tmp/peertube.cil
|
|
mode: "0644"
|
|
- name: Copy postgres cil
|
|
ansible.builtin.copy:
|
|
src: ./templates/cil/postgres.cil
|
|
dest: /tmp/postgres.cil
|
|
mode: "0644"
|
|
- name: Load PeertTube CIL policy
|
|
ansible.builtin.command:
|
|
argv:
|
|
- semodule
|
|
- -i
|
|
- /tmp/peertube.cil
|
|
- /usr/share/udica/templates/base_container.cil
|
|
- /usr/share/udica/templates/net_container.cil
|
|
- name: Load Postgres CIL policy
|
|
ansible.builtin.command:
|
|
argv:
|
|
- semodule
|
|
- -i
|
|
- /tmp/postgres.cil
|
|
- /usr/share/udica/templates/base_container.cil
|
|
- /usr/share/udica/templates/net_container.cil
|
|
- name: "Allow samba access from container"
|
|
ansible.builtin.command:
|
|
argv:
|
|
- semanage
|
|
- boolean
|
|
- -m
|
|
- virt_use_samba
|
|
- --on
|
|
when: selinux_virt_use_samba
|
|
- name: "Setup Containers"
|
|
block:
|
|
- name: "Copy environment file"
|
|
ansible.builtin.template:
|
|
src: ./templates/services/environment_file
|
|
dest: "{{ base_directory }}/{{ peertube.env_file }}"
|
|
mode: "0644"
|
|
- name: "Copy peertube.network"
|
|
ansible.builtin.template:
|
|
src: ./templates/services/peertube.network
|
|
dest: /etc/containers/systemd/peertube.network
|
|
mode: "0644"
|
|
- name: "Copy redis container"
|
|
ansible.builtin.template:
|
|
src: ./templates/services/redis.container.j2
|
|
dest: /etc/containers/systemd/redis.container
|
|
mode: "0644"
|
|
- name: "Copy postgres container"
|
|
ansible.builtin.template:
|
|
src: ./templates/services/postgres.container.j2
|
|
dest: /etc/containers/systemd/postgres.container
|
|
mode: "0644"
|
|
- name: "Copy peertube container"
|
|
ansible.builtin.template:
|
|
src: ./templates/services/peertube.container.j2
|
|
dest: /etc/containers/systemd/peertube.container
|
|
mode: "0644"
|
|
- name: Reload systemd
|
|
ansible.builtin.command:
|
|
argv:
|
|
- systemctl
|
|
- daemon-reload
|
|
- name: "Start redis.container"
|
|
ansible.builtin.systemd_service:
|
|
name: redis.service
|
|
state: started
|
|
- name: "Start postgres.container"
|
|
ansible.builtin.systemd_service:
|
|
name: postgres.service
|
|
state: started
|
|
- name: "Start peertube.container"
|
|
ansible.builtin.systemd_service:
|
|
name: peertube.service
|
|
state: started
|
|
- name: "Setup Backup"
|
|
block:
|
|
- name: "Copy backup script"
|
|
ansible.builtin.template:
|
|
src: ./templates/backup/backup.sh.j2
|
|
dest: "{{peertube.backups_directory}}/backup.sh"
|
|
mode: "0644"
|
|
- name: "Copy backup service"
|
|
ansible.builtin.template:
|
|
src: ./templates/backup/peertube-backup.service.j2
|
|
dest: /etc/systemd/system/peertube-backup.service
|
|
mode: "0644"
|
|
- name: "Copy backup timer"
|
|
ansible.builtin.template:
|
|
src: ./templates/backup/peertube-backup.timer
|
|
dest: /etc/systemd/system/peertube-backup.timer
|
|
mode: "0644"
|
|
- name: Reload systemd
|
|
ansible.builtin.command:
|
|
argv:
|
|
- systemctl
|
|
- daemon-reload
|
|
- name: Enable back-up service
|
|
ansible.builtin.systemd_service:
|
|
name: peertube-backup.service
|
|
state: started
|
|
enabled: true
|
|
- name: Enable back-up service timer
|
|
ansible.builtin.systemd_service:
|
|
name: peertube-backup.timer
|
|
state: started
|
|
enabled: true
|