Add owncast

This commit is contained in:
Julian-Samuel Gebühr 2023-03-29 13:13:17 +02:00
parent 5e7ab98e02
commit 0c79235deb
5 changed files with 133 additions and 1 deletions

80
docs/services/owncast.md Normal file
View file

@ -0,0 +1,80 @@
# Owncast
[Owncast](https://owncast.online/) is a free and open source live video and web chat server for use with existing popular broadcasting software.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# owncast #
# #
########################################################################
owncast_enabled: true
owncast_hostname: live.example.com
owncast_path_prefix: /owncast
########################################################################
# #
# /owncast #
# #
########################################################################
```
### URL
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/owncast`.
You can remove the `owncast_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
### Authentication
You can log in with **any** of the Basic Auth credentials defined in `owncast_basicauth_credentials`. owncast is **not a multi-user system**, so whichever user you authenticate with, you'd ultimately end up looking at the same shared system.
Authentication is **done at the reverse-proxy level** (Traefik), so upon logging in, owncast will show you scary warnings about **no GUI password being set**. You should ignore these warnings.
You can hide the warning permanently by going to **Actions** -> **Advanced** -> **GUI** section -> checking the **Insecure Admin Access** checkbox.
### Networking
By default, the following ports will be exposed by the container on **all network interfaces**:
- `22000` over **TCP**, controlled by `owncast_container_sync_tcp_bind_port` - used for TCP based sync protocol traffic
- `22000` over **UDP**, controlled by `owncast_container_sync_udp_bind_port` - used for QUIC based sync protocol traffic
- `21027` over **UDP**, controlled by `owncast_container_local_discovery_udp_bind_port` - used for discovery broadcasts on IPv4 and multicasts on IPv6
Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it.
To learn more, see the upstream [Firewall documentation](https://docs.owncast.net/users/firewall.html).
### Configuration & Data
The owncast configuration (stored in `owncast_config_path` on the host) is mounted to the `/var/owncast` directory in the container.
By default, owncast will create a default `Sync` directory underneath. We advise that you **don't use this** `Sync` directory and use the data directory (discussed below).
As mentioned above, the **data directory** (stored in `owncast_data_path` on the host) is mounted to the `/data` directory in the container. We advise that you put data files underneath `/data` when you start using owncast.
If you'd like to **mount additional directories** into the container, look into the `owncast_container_additional_volumes` variable part of the [`ansible-role-owncast` role](https://github.com/mother-of-all-self-hosting/ansible-role-owncast)'s [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-owncast/blob/main/defaults/main.yml).
## Usage
After installation, you can go to the owncast URL, as defined in `owncast_hostname` and `owncast_path_prefix`.
As mentioned in [Configuration & Data](#configuration--data) above, you should:
- get rid of the `Default Folder` directory that was automatically created in `/var/owncast/Sync`
- change the default data directory, by going to **Actions** -> **Settings** -> **General** tab -> **Edit Folder Defaults** and changing **Folder Path** to `/data`
As mentioned in [Authentication](#authentication) above, you'd probably wish to permanently disable the "no GUI password set" security warnings as described there.

View file

@ -19,6 +19,7 @@
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
| [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) |
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |
| [Owncast](https://owncast.online/) | Owncast is a free and open source live video and web chat server for use with existing popular broadcasting software. | [Link](services/owncast.md) |
| [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) |
| [Postgres](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) |
| [Postgres Backup](https://github.com/prodrigestivill/docker-postgres-backup-local) | A solution for backing up PostgresSQL to local filesystem with periodic backups. | [Link](services/postgres-backup.md) |

View file

@ -111,6 +111,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else [])
+
([{'name': (owncast_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'owncast']}] if owncast_enabled else [])
+
([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else [])
+
([{'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']}] if prometheus_enabled else [])
@ -1467,6 +1469,14 @@ hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png"
hubsite_service_nextcloud_description: "Sync your files & much more"
hubsite_service_nextcloud_priority: 1000
# Owncast
hubsite_service_owncast_enabled: "{{ owncast_enabled }}"
hubsite_service_owncast_name: owncast
hubsite_service_owncast_url: "https://{{ owncast_hostname }}{{ owncast_path_prefix }}"
hubsite_service_owncast_logo_location: "{{ role_path }}/assets/owncast.png"
hubsite_service_owncast_description: "Livestream & Chat"
hubsite_service_owncast_priority: 1000
# Peertube
hubsite_service_peertube_enabled: "{{ peertube_enabled }}"
hubsite_service_peertube_name: Peertube
@ -1532,6 +1542,8 @@ hubsite_service_list_auto: |
+
([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else [])
+
([{'name': hubsite_service_owncast_name, 'url': hubsite_service_owncast_url, 'logo_location': hubsite_service_owncast_logo_location, 'description': hubsite_service_owncast_description, 'priority': hubsite_service_owncast_priority}] if hubsite_service_owncast_enabled else [])
+
([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else [])
+
([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else [])
@ -1644,3 +1656,37 @@ gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certRe
# /gotosocial #
# #
########################################################################
########################################################################
# #
# owncast #
# #
########################################################################
owncast_enabled: false
owncast_identifier: "{{ mash_playbook_service_identifier_prefix }}owncast"
owncast_uid: "{{ mash_playbook_uid }}"
owncast_gid: "{{ mash_playbook_gid }}"
owncast_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}owncast"
owncast_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
owncast_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
owncast_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
owncast_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
owncast_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /owncast #
# #
########################################################################

View file

@ -97,7 +97,7 @@
version: v1.28.0-0
name: vaultwarden
- src: git+https://github.com/moan0s/hubsite.git
version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe
version: c5df0485b558c89a6f15966bcdf3f129fd83cfa3
name: hubsite
- src: git+https://github.com/moan0s/role-firezone.git
version: ac8564d5e11a75107ba93aec6427b83be824c30a
@ -105,3 +105,6 @@
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git
name: gotosocial
version: 148933d390a2a789ee4595a593d825e64d5e6f46
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git
name: owncast
version: ff233df159fbda65b2bb637adbfaf34383ec4229

View file

@ -82,6 +82,8 @@
- role: galaxy/nextcloud
- role: galaxy/owncast
- role: galaxy/peertube
- role: galaxy/prometheus