diff --git a/docs/services/owncast.md b/docs/services/owncast.md new file mode 100644 index 0000000..73147c2 --- /dev/null +++ b/docs/services/owncast.md @@ -0,0 +1,80 @@ +# Owncast + +[Owncast](https://owncast.online/) is a free and open source live video and web chat server for use with existing popular broadcasting software. + + +## Dependencies + +This service requires the following other services: + +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# owncast # +# # +######################################################################## + +owncast_enabled: true + +owncast_hostname: live.example.com +owncast_path_prefix: /owncast +######################################################################## +# # +# /owncast # +# # +######################################################################## +``` + +### URL + +In the example configuration above, we configure the service to be hosted at `https://mash.example.com/owncast`. + +You can remove the `owncast_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. + +### Authentication + +You can log in with **any** of the Basic Auth credentials defined in `owncast_basicauth_credentials`. owncast is **not a multi-user system**, so whichever user you authenticate with, you'd ultimately end up looking at the same shared system. + +Authentication is **done at the reverse-proxy level** (Traefik), so upon logging in, owncast will show you scary warnings about **no GUI password being set**. You should ignore these warnings. + +You can hide the warning permanently by going to **Actions** -> **Advanced** -> **GUI** section -> checking the **Insecure Admin Access** checkbox. + +### Networking + +By default, the following ports will be exposed by the container on **all network interfaces**: + +- `22000` over **TCP**, controlled by `owncast_container_sync_tcp_bind_port` - used for TCP based sync protocol traffic +- `22000` over **UDP**, controlled by `owncast_container_sync_udp_bind_port` - used for QUIC based sync protocol traffic +- `21027` over **UDP**, controlled by `owncast_container_local_discovery_udp_bind_port` - used for discovery broadcasts on IPv4 and multicasts on IPv6 + +Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it. + +To learn more, see the upstream [Firewall documentation](https://docs.owncast.net/users/firewall.html). + +### Configuration & Data + +The owncast configuration (stored in `owncast_config_path` on the host) is mounted to the `/var/owncast` directory in the container. +By default, owncast will create a default `Sync` directory underneath. We advise that you **don't use this** `Sync` directory and use the data directory (discussed below). + +As mentioned above, the **data directory** (stored in `owncast_data_path` on the host) is mounted to the `/data` directory in the container. We advise that you put data files underneath `/data` when you start using owncast. + +If you'd like to **mount additional directories** into the container, look into the `owncast_container_additional_volumes` variable part of the [`ansible-role-owncast` role](https://github.com/mother-of-all-self-hosting/ansible-role-owncast)'s [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-owncast/blob/main/defaults/main.yml). + + +## Usage + +After installation, you can go to the owncast URL, as defined in `owncast_hostname` and `owncast_path_prefix`. + +As mentioned in [Configuration & Data](#configuration--data) above, you should: + +- get rid of the `Default Folder` directory that was automatically created in `/var/owncast/Sync` +- change the default data directory, by going to **Actions** -> **Settings** -> **General** tab -> **Edit Folder Defaults** and changing **Folder Path** to `/data` + +As mentioned in [Authentication](#authentication) above, you'd probably wish to permanently disable the "no GUI password set" security warnings as described there. diff --git a/docs/supported-services.md b/docs/supported-services.md index 7310df7..187901d 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -19,6 +19,7 @@ | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | +| [Owncast](https://owncast.online/) | Owncast is a free and open source live video and web chat server for use with existing popular broadcasting software. | [Link](services/owncast.md) | | [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) | | [Postgres](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) | | [Postgres Backup](https://github.com/prodrigestivill/docker-postgres-backup-local) | A solution for backing up PostgresSQL to local filesystem with periodic backups. | [Link](services/postgres-backup.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 89f008f..9749f08 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -111,6 +111,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else []) + + ([{'name': (owncast_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'owncast']}] if owncast_enabled else []) + + ([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else []) + ([{'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']}] if prometheus_enabled else []) @@ -1467,6 +1469,14 @@ hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png" hubsite_service_nextcloud_description: "Sync your files & much more" hubsite_service_nextcloud_priority: 1000 +# Owncast +hubsite_service_owncast_enabled: "{{ owncast_enabled }}" +hubsite_service_owncast_name: owncast +hubsite_service_owncast_url: "https://{{ owncast_hostname }}{{ owncast_path_prefix }}" +hubsite_service_owncast_logo_location: "{{ role_path }}/assets/owncast.png" +hubsite_service_owncast_description: "Livestream & Chat" +hubsite_service_owncast_priority: 1000 + # Peertube hubsite_service_peertube_enabled: "{{ peertube_enabled }}" hubsite_service_peertube_name: Peertube @@ -1532,6 +1542,8 @@ hubsite_service_list_auto: | + ([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else []) + + ([{'name': hubsite_service_owncast_name, 'url': hubsite_service_owncast_url, 'logo_location': hubsite_service_owncast_logo_location, 'description': hubsite_service_owncast_description, 'priority': hubsite_service_owncast_priority}] if hubsite_service_owncast_enabled else []) + + ([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else []) + ([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else []) @@ -1644,3 +1656,37 @@ gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certRe # /gotosocial # # # ######################################################################## + + + +######################################################################## +# # +# owncast # +# # +######################################################################## + +owncast_enabled: false + +owncast_identifier: "{{ mash_playbook_service_identifier_prefix }}owncast" + +owncast_uid: "{{ mash_playbook_uid }}" +owncast_gid: "{{ mash_playbook_gid }}" + +owncast_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}owncast" + +owncast_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + }} + +owncast_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +owncast_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +owncast_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +owncast_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /owncast # +# # +######################################################################## + diff --git a/requirements.yml b/requirements.yml index 03c9dc9..17c15e9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -97,7 +97,7 @@ version: v1.28.0-0 name: vaultwarden - src: git+https://github.com/moan0s/hubsite.git - version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe + version: c5df0485b558c89a6f15966bcdf3f129fd83cfa3 name: hubsite - src: git+https://github.com/moan0s/role-firezone.git version: ac8564d5e11a75107ba93aec6427b83be824c30a @@ -105,3 +105,6 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial version: 148933d390a2a789ee4595a593d825e64d5e6f46 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git + name: owncast + version: ff233df159fbda65b2bb637adbfaf34383ec4229 diff --git a/setup.yml b/setup.yml index 160fd89..4a59788 100644 --- a/setup.yml +++ b/setup.yml @@ -82,6 +82,8 @@ - role: galaxy/nextcloud + - role: galaxy/owncast + - role: galaxy/peertube - role: galaxy/prometheus