Add NetBox service and redo Redis integration for PeerTube
This commit is contained in:
parent
651c2705e9
commit
330baf8993
9 changed files with 653 additions and 9 deletions
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -1,3 +1,14 @@
|
||||||
|
# 2023-03-26
|
||||||
|
|
||||||
|
## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically
|
||||||
|
|
||||||
|
As described in our [Redis](docs/services/redis.md) services docs, running a single instance of Redis to be used by multiple services is not a good practice.
|
||||||
|
|
||||||
|
For this reason, we're no longer auto-wiring PeerTube to Redis. If you're running other services (which may require Redis in the future) on the same host, it's recommended that you follow the [Creating a Redis instance dedicated to PeerTube](docs/services/peertube.md#creating-a-redis-instance-dedicated-to-peertube) documentation.
|
||||||
|
|
||||||
|
If you're only running PeerTube on a dedicated server (no other services that may need Redis) or you'd like to stick to what you've used until now (a single shared Redis instance), follow the [Using the shared Redis instance for PeerTube](docs/services/peertube.md#using-the-shared-redis-instance-for-peertube) documentation.
|
||||||
|
|
||||||
|
|
||||||
# 2023-03-25
|
# 2023-03-25
|
||||||
|
|
||||||
## (Backward Compatibility Break) Docker no longer installed by default
|
## (Backward Compatibility Break) Docker no longer installed by default
|
||||||
|
|
210
docs/running-multiple-instances.md
Normal file
210
docs/running-multiple-instances.md
Normal file
|
@ -0,0 +1,210 @@
|
||||||
|
## Running multiple instances of the same service on the same host
|
||||||
|
|
||||||
|
The way this playbook is structured, each Ansible role can only be invoked once and made to install one instance of the service it's responsible for.
|
||||||
|
|
||||||
|
If you need multiple instances (of whichever service), you'll need some workarounds as described below.
|
||||||
|
|
||||||
|
The example below focuses on hosting multiple [Redis](services/redis.md) instances, but you can apply it to hosting multiple instances or whole stacks of any kind.
|
||||||
|
|
||||||
|
Let's say you're managing a host called `mash.example.com` which installs both [PeerTube](services/peertube.md) and [NetBox](services/netbox.md). Both of these services require a [Redis](services/redis.md) instance. If you simply add `redis_enabled: true` to your `mash.example.com` host's `vars.yml` file, you'd get a Redis instance (`mash-redis`), but it's just one instance. As described in our [Redis](services/redis.md) documentation, this is a security problem and potentially fragile as both services may try to read/write the same data and get in conflict with one another.
|
||||||
|
|
||||||
|
We propose that you **don't** add `redis_enabled: true` to your main `mash.example.com` file, but do the following:
|
||||||
|
|
||||||
|
## Re-do your inventory to add supplementary hosts
|
||||||
|
|
||||||
|
Create multiple hosts in your inventory (`inventory/hosts`) which target the same server, like this:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[mash_servers]
|
||||||
|
[mash_servers:children]
|
||||||
|
mash_example_com
|
||||||
|
|
||||||
|
[mash_example_com]
|
||||||
|
mash.example.com-netbox-deps ansible_host=1.2.3.4
|
||||||
|
mash.example.com-peertube-deps ansible_host=1.2.3.4
|
||||||
|
mash.example.com ansible_host=1.2.3.4
|
||||||
|
```
|
||||||
|
|
||||||
|
This creates a new group (called `mash_example_com`) which groups all 3 hosts:
|
||||||
|
|
||||||
|
- (**new**) `mash.example.com-netbox-deps` - a new host, for your [NetBox](services/netbox.md) dependencies
|
||||||
|
- (**new**) `mash.example.com-peertube-deps` - a new host, for your [PeerTube](services/peertube.md) dependencies
|
||||||
|
- (old) `mash.example.com` - your regular inventory host
|
||||||
|
|
||||||
|
When running Ansible commands later on, you can use the `-l` flag to limit which host to run them against. Here are a few examples:
|
||||||
|
|
||||||
|
- `just install-all` - runs the [installation](installing.md) process on all hosts (3 hosts in this case)
|
||||||
|
- `just install-all -l mash_example_com` - runs the installation process on all hosts in the `mash_example_com` group (same 3 hosts as `just install-all` in this case)
|
||||||
|
- `just install-all -l mash.example.com-netbox-deps` - runs the installation process on the `mash.example.com-netbox-deps` host
|
||||||
|
|
||||||
|
|
||||||
|
## Adjust the configuration of the supplementary hosts to use a new "namespace"
|
||||||
|
|
||||||
|
Multiple hosts targetting the same server as described above still causes conflicts, because services will use the same paths (e.g. `/mash/redis`) and service/container names (`mash-redis`) everywhere.
|
||||||
|
|
||||||
|
To avoid conflicts, adjust the `vars.yml` file for the new hosts (`mash.example.com-netbox-deps` and `mash.example.com-peertube-deps`)
|
||||||
|
and set non-default and unique values in the `mash_playbook_service_identifier_prefix` and `mash_playbook_service_base_directory_name_prefix` variables. Examples below:
|
||||||
|
|
||||||
|
`inventory/host_vars/mash.example.com-netbox-deps/vars.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||||
|
# Various other secrets will be derived from this secret automatically.
|
||||||
|
mash_playbook_generic_secret_key: ''
|
||||||
|
|
||||||
|
# Override service names and directory path prefixes
|
||||||
|
mash_playbook_service_identifier_prefix: 'mash-netbox-'
|
||||||
|
mash_playbook_service_base_directory_name_prefix: 'netbox-'
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
redis_enabled: true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
`inventory/host_vars/mash.example.com-peertube-deps/vars.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||||
|
# Various other secrets will be derived from this secret automatically.
|
||||||
|
mash_playbook_generic_secret_key: ''
|
||||||
|
|
||||||
|
# Override service names and directory path prefixes
|
||||||
|
mash_playbook_service_identifier_prefix: 'mash-peertube-'
|
||||||
|
mash_playbook_service_base_directory_name_prefix: 'peertube-'
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
redis_enabled: true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
The above configuration will create **2** Redis instances:
|
||||||
|
|
||||||
|
- `mash-netbox-redis` with its base data path in `/mash/netbox-redis`
|
||||||
|
- `mash-peertube-redis` with its base data path in `/mash/peertube-redis`
|
||||||
|
|
||||||
|
These instances reuse the `mash` user and group and the `/mash` data path, but are not in conflict with each other.
|
||||||
|
|
||||||
|
|
||||||
|
## Adjust the configuration of the base host
|
||||||
|
|
||||||
|
Now that we've created separate Redis instances for both PeerTube and NetBox, we need to put them to use by editing the `vars.yml` file of the main host (the one that installs PeerTbue and NetBox) to wire them to their Redis instances.
|
||||||
|
|
||||||
|
You'll need configuration (`inventory/host_vars/mash.example.com/vars.yml`) like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
netbox_enabled: true
|
||||||
|
|
||||||
|
# Other NetBox configuration here
|
||||||
|
|
||||||
|
# Point NetBox to its dedicated Redis instance
|
||||||
|
netbox_environment_variable_redis_host: mash-netbox-redis
|
||||||
|
netbox_environment_variable_redis_cache_host: mash-netbox-redis
|
||||||
|
|
||||||
|
# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service)
|
||||||
|
netbox_systemd_required_services_list_custom:
|
||||||
|
- mash-netbox-redis.service
|
||||||
|
|
||||||
|
# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis)
|
||||||
|
netbox_container_additional_networks_custom:
|
||||||
|
- mash-netbox-redis
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# peertube #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Other PeerTube configuration here
|
||||||
|
|
||||||
|
# Point PeerTube to its dedicated Redis instance
|
||||||
|
peertube_config_redis_hostname: mash-peertube-redis
|
||||||
|
|
||||||
|
# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service)
|
||||||
|
peertube_systemd_required_services_list_custom:
|
||||||
|
- "mash-peertube-redis.service"
|
||||||
|
|
||||||
|
# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis)
|
||||||
|
peertube_container_additional_networks_custom:
|
||||||
|
- "mash-peertube-redis"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /peertube #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Questions & Answers
|
||||||
|
|
||||||
|
**Can't I just use the same Redis instance for multiple services?**
|
||||||
|
|
||||||
|
> You may or you may not. See the [Redis](services/redis.md) documentation for why you shouldn't do this.
|
||||||
|
|
||||||
|
**Can't I just create one host and a separate stack for each service** (e.g. Nextcloud + all dependencies on one inventory host; PeerTube + all dependencies on another inventory host; with both inventory hosts targetting the same server)?
|
||||||
|
|
||||||
|
> That's a possibility which is somewhat clean. The downside is that each "full stack" comes with its own Postgres database which needs to be maintained and upgraded separately.
|
211
docs/services/netbox.md
Normal file
211
docs/services/netbox.md
Normal file
|
@ -0,0 +1,211 @@
|
||||||
|
# NetBox
|
||||||
|
|
||||||
|
[NetBox](https://docs.netbox.dev/en/stable/) is an open-source web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality.
|
||||||
|
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
This service requires the following other services:
|
||||||
|
|
||||||
|
- a [Postgres](postgres.md) database
|
||||||
|
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||||
|
- a [Traefik](traefik.md) reverse-proxy server
|
||||||
|
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
netbox_enabled: true
|
||||||
|
|
||||||
|
netbox_hostname: mash.example.com
|
||||||
|
netbox_path_prefix: /netbox
|
||||||
|
|
||||||
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||||
|
netbox_environment_variable_secret_key: ''
|
||||||
|
|
||||||
|
# The following superuser will be created upon launch.
|
||||||
|
netbox_environment_variable_superuser_name: your_username_here
|
||||||
|
netbox_environment_variable_superuser_email: your.email@example.com
|
||||||
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way.
|
||||||
|
# Changing the password subsequently will not affect the user's password.
|
||||||
|
netbox_environment_variable_superuser_password: ''
|
||||||
|
|
||||||
|
# Redis configuration, as described below
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
### URL
|
||||||
|
|
||||||
|
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/netbox`.
|
||||||
|
|
||||||
|
You can remove the `netbox_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
|
||||||
|
|
||||||
|
|
||||||
|
### Authentication
|
||||||
|
|
||||||
|
If `netbox_environment_variable_superuser_*` variables are specified, NetBox will try to create the user (if missing).
|
||||||
|
|
||||||
|
|
||||||
|
### Redis
|
||||||
|
|
||||||
|
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox).
|
||||||
|
|
||||||
|
If you're only running NetBox on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-netbox).
|
||||||
|
|
||||||
|
#### Using the shared Redis instance for NetBox
|
||||||
|
|
||||||
|
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook NetBox to it, add the following **additional** configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
redis_enabled: true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Base configuration as shown above
|
||||||
|
|
||||||
|
# Point NetBox to the shared Redis instance
|
||||||
|
netbox_config_redis_hostname: "{{ redis_identifier }}"
|
||||||
|
|
||||||
|
# Make sure the NetBox service (mash-netbox.service) starts after the shared Redis service (mash-redis.service)
|
||||||
|
netbox_systemd_required_services_list_custom:
|
||||||
|
- "{{ redis_identifier }}.service"
|
||||||
|
|
||||||
|
# Make sure the NetBox container is connected to the container network of the shared Redis service (mash-redis)
|
||||||
|
netbox_container_additional_networks_custom:
|
||||||
|
- "{{ redis_identifier }}"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
This will create a `mash-redis` Redis instance on this host.
|
||||||
|
|
||||||
|
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox).
|
||||||
|
|
||||||
|
|
||||||
|
#### Creating a Redis instance dedicated to NetBox
|
||||||
|
|
||||||
|
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||||
|
|
||||||
|
Adjust your `inventory/hosts` file as described in [Re-do your inventory to add supplementary hosts](../running-multiple-instances.md#re-do-your-inventory-to-add-supplementary-hosts), adding a new supplementary host (e.g. if `netbox.example.com` is your main one, create `netbox.example.com-deps`).
|
||||||
|
|
||||||
|
Then, create a new `vars.yml` file for the
|
||||||
|
|
||||||
|
`inventory/host_vars/netbox.example.com-deps/vars.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||||
|
# Various other secrets will be derived from this secret automatically.
|
||||||
|
mash_playbook_generic_secret_key: ''
|
||||||
|
|
||||||
|
# Override service names and directory path prefixes
|
||||||
|
mash_playbook_service_identifier_prefix: 'mash-netbox-'
|
||||||
|
mash_playbook_service_base_directory_name_prefix: 'netbox-'
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
redis_enabled: true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
This will create a `mash-netbox-redis` instance on this host with its data in `/mash/netbox-redis`.
|
||||||
|
|
||||||
|
Then, adjust your main inventory host's variables file (`inventory/host_vars/netbox.example.com/vars.yml`) like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Base configuration as shown above
|
||||||
|
|
||||||
|
|
||||||
|
# Point NetBox to its dedicated Redis instance
|
||||||
|
netbox_environment_variable_redis_host: mash-netbox-redis
|
||||||
|
netbox_environment_variable_redis_cache_host: mash-netbox-redis
|
||||||
|
|
||||||
|
# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service)
|
||||||
|
netbox_systemd_required_services_list_custom:
|
||||||
|
- "mash-netbox-redis.service"
|
||||||
|
|
||||||
|
# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis)
|
||||||
|
netbox_container_additional_networks_custom:
|
||||||
|
- "mash-netbox-redis"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
If you've decided to install a dedicated Redis instance for NetBox, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `netbox.example.com-deps`), before running installation for the main one (e.g. `netbox.example.com`).
|
||||||
|
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
After installation, you can go to the NetBox URL, as defined in `netbox_hostname` and `netbox_path_prefix`.
|
||||||
|
|
||||||
|
You can log in with the **username** (**not** email) and password specified in the `netbox_environment_variable_superuser*` variables.
|
|
@ -8,7 +8,7 @@
|
||||||
This service requires the following other services:
|
This service requires the following other services:
|
||||||
|
|
||||||
- a [Postgres](postgres.md) database
|
- a [Postgres](postgres.md) database
|
||||||
- a [Redis](redis.md) data-store
|
- a [Redis](redis.md) data-store, installation details [below](#redis)
|
||||||
- a [Traefik](traefik.md) reverse-proxy server
|
- a [Traefik](traefik.md) reverse-proxy server
|
||||||
|
|
||||||
|
|
||||||
|
@ -47,6 +47,8 @@ peertube_config_root_user_initial_password: ''
|
||||||
# Then, replace the example IP range below, and re-run the playbook.
|
# Then, replace the example IP range below, and re-run the playbook.
|
||||||
# peertube_trusted_proxies_values_custom: ["172.21.0.0/16"]
|
# peertube_trusted_proxies_values_custom: ["172.21.0.0/16"]
|
||||||
|
|
||||||
|
# Redis configuration, as described below
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# /peertube #
|
# /peertube #
|
||||||
|
@ -58,6 +60,148 @@ In the example configuration above, we configure the service to be hosted at `ht
|
||||||
|
|
||||||
Hosting PeerTube under a subpath (by configuring the `peertube_path_prefix` variable) does not seem to be possible right now, due to PeerTube limitations.
|
Hosting PeerTube under a subpath (by configuring the `peertube_path_prefix` variable) does not seem to be possible right now, due to PeerTube limitations.
|
||||||
|
|
||||||
|
### Redis
|
||||||
|
|
||||||
|
As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube).
|
||||||
|
|
||||||
|
If you're only running PeerTube on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-peertube).
|
||||||
|
|
||||||
|
#### Using the shared Redis instance for PeerTube
|
||||||
|
|
||||||
|
To install a single (non-dedicated) Redis instance (`mash-redis`) and hook PeerTube to it, add the following **additional** configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
redis_enabled: true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# peertube #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Base configuration as shown above
|
||||||
|
|
||||||
|
# Point PeerTube to the shared Redis instance
|
||||||
|
peertube_config_redis_hostname: "{{ redis_identifier }}"
|
||||||
|
|
||||||
|
# Make sure the PeerTube service (mash-peertube.service) starts after the shared Redis service (mash-redis.service)
|
||||||
|
peertube_systemd_required_services_list_custom:
|
||||||
|
- "{{ redis_identifier }}.service"
|
||||||
|
|
||||||
|
# Make sure the PeerTube container is connected to the container network of the shared Redis service (mash-redis)
|
||||||
|
peertube_container_additional_networks_custom:
|
||||||
|
- "{{ redis_identifier }}"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /peertube #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
This will create a `mash-redis` Redis instance on this host.
|
||||||
|
|
||||||
|
This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube).
|
||||||
|
|
||||||
|
|
||||||
|
#### Creating a Redis instance dedicated to PeerTube
|
||||||
|
|
||||||
|
The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation.
|
||||||
|
|
||||||
|
Adjust your `inventory/hosts` file as described in [Re-do your inventory to add supplementary hosts](../running-multiple-instances.md#re-do-your-inventory-to-add-supplementary-hosts), adding a new supplementary host (e.g. if `peertube.example.com` is your main one, create `peertube.example.com-deps`).
|
||||||
|
|
||||||
|
Then, create a new `vars.yml` file for the
|
||||||
|
|
||||||
|
`inventory/host_vars/peertube.example.com-deps/vars.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Put a strong secret below, generated with `pwgen -s 64 1` or in another way
|
||||||
|
# Various other secrets will be derived from this secret automatically.
|
||||||
|
mash_playbook_generic_secret_key: ''
|
||||||
|
|
||||||
|
# Override service names and directory path prefixes
|
||||||
|
mash_playbook_service_identifier_prefix: 'mash-peertube-'
|
||||||
|
mash_playbook_service_base_directory_name_prefix: 'peertube-'
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /Playbook #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
redis_enabled: true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /redis #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
This will create a `mash-peertube-redis` instance on this host with its data in `/mash/peertube-redis`.
|
||||||
|
|
||||||
|
Then, adjust your main inventory host's variables file (`inventory/host_vars/peertube.example.com/vars.yml`) like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# peertube #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Base configuration as shown above
|
||||||
|
|
||||||
|
# Point PeerTube to its dedicated Redis instance
|
||||||
|
peertube_config_redis_hostname: mash-peertube-redis
|
||||||
|
|
||||||
|
# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service)
|
||||||
|
peertube_systemd_required_services_list_custom:
|
||||||
|
- "mash-peertube-redis.service"
|
||||||
|
|
||||||
|
# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis)
|
||||||
|
peertube_container_additional_networks_custom:
|
||||||
|
- "mash-peertube-redis"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /peertube #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
If you've decided to install a dedicated Redis instance for PeerTube, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `peertube.example.com-deps`), before running installation for the main one (e.g. `peertube.example.com`).
|
||||||
|
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
@ -68,6 +212,7 @@ You should then be able to log in with:
|
||||||
- username: `root`
|
- username: `root`
|
||||||
- password: the password you've set in `peertube_config_root_user_initial_password` in `vars.yml`
|
- password: the password you've set in `peertube_config_root_user_initial_password` in `vars.yml`
|
||||||
|
|
||||||
|
|
||||||
## Adjusting the trusted reverse-proxy networks
|
## Adjusting the trusted reverse-proxy networks
|
||||||
|
|
||||||
If you go to **Administration** -> **System** -> **Debug** (`/admin/system/debug`), you'll notice that PeerTube reports some local IP instead of your own IP address.
|
If you go to **Administration** -> **System** -> **Debug** (`/admin/system/debug`), you'll notice that PeerTube reports some local IP instead of your own IP address.
|
||||||
|
|
|
@ -4,12 +4,19 @@
|
||||||
|
|
||||||
Some of the services installed by this playbook require a Redis data store.
|
Some of the services installed by this playbook require a Redis data store.
|
||||||
|
|
||||||
Enabling the Redis database service will automatically wire all other services to use it.
|
**Warning**: Because Redis is not as flexible as [Postgres](postgres.md) when it comes to authentication and data separation, it's **recommended that you run separate Redis instances** (one for each service). Redis supports multiple database and a [SELECT](https://redis.io/commands/select/) command for switching between them. However, **reusing the same Redis instance is not good enough** because:
|
||||||
|
|
||||||
|
- if all services use the same Redis instance and database (id = 0), services may conflict with one another
|
||||||
|
- the number of databases is limited to [16 by default](https://github.com/redis/redis/blob/aa2403ca98f6a39b6acd8373f8de1a7ba75162d5/redis.conf#L376-L379), which may or may not be enough. With configuration changes, this is solveable.
|
||||||
|
- some services do not support switching the Redis database and always insist on using the default one (id = 0)
|
||||||
|
- Redis [does not support different authentication credentials for its different databases](https://stackoverflow.com/a/37262596), so each service can potentially read and modify other services' data
|
||||||
|
|
||||||
|
If you're only hosting a single service (like [PeerTube](peertube.md) or [NetBox](netbox.md)) on your server, you can get away with running a single instance. If you're hosting multiple services, you should prepare separate instances for each service.
|
||||||
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process to **host a single instance of the Redis service**:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
########################################################################
|
########################################################################
|
||||||
|
@ -26,3 +33,5 @@ redis_enabled: true
|
||||||
# #
|
# #
|
||||||
########################################################################
|
########################################################################
|
||||||
```
|
```
|
||||||
|
|
||||||
|
To **host multiple instances of the Redis service**, follow the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation or the **Redis** section (if available) of the service you're installing.
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
| [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) |
|
| [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) |
|
||||||
| [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) |
|
| [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) |
|
||||||
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
|
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
|
||||||
|
| [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) |
|
||||||
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |
|
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |
|
||||||
| [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) |
|
| [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) |
|
||||||
| [Postgres](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) |
|
| [Postgres](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) |
|
||||||
|
|
|
@ -95,6 +95,12 @@ devture_systemd_service_manager_services_list_auto: |
|
||||||
+
|
+
|
||||||
([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else [])
|
([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else [])
|
||||||
+
|
+
|
||||||
|
([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else [])
|
||||||
|
+
|
||||||
|
([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else [])
|
||||||
|
+
|
||||||
|
([{'name': (netbox_identifier + '-housekeeping.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-housekeeping']}] if netbox_enabled else [])
|
||||||
|
+
|
||||||
([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else [])
|
([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else [])
|
||||||
+
|
+
|
||||||
([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else [])
|
([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else [])
|
||||||
|
@ -188,6 +194,12 @@ devture_postgres_managed_databases_auto: |
|
||||||
'password': redmine_database_password,
|
'password': redmine_database_password,
|
||||||
}] if redmine_enabled else [])
|
}] if redmine_enabled else [])
|
||||||
+
|
+
|
||||||
|
([{
|
||||||
|
'name': netbox_database_name,
|
||||||
|
'username': netbox_database_username,
|
||||||
|
'password': netbox_database_password,
|
||||||
|
}] if netbox_enabled else [])
|
||||||
|
+
|
||||||
([{
|
([{
|
||||||
'name': nextcloud_database_name,
|
'name': nextcloud_database_name,
|
||||||
'username': nextcloud_database_username,
|
'username': nextcloud_database_username,
|
||||||
|
@ -762,6 +774,52 @@ nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
netbox_enabled: false
|
||||||
|
|
||||||
|
netbox_identifier: "{{ mash_playbook_service_identifier_prefix }}netbox"
|
||||||
|
|
||||||
|
netbox_uid: "{{ mash_playbook_uid }}"
|
||||||
|
netbox_gid: "{{ mash_playbook_gid }}"
|
||||||
|
|
||||||
|
netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}netbox"
|
||||||
|
|
||||||
|
netbox_systemd_required_services_list_auto: |
|
||||||
|
{{
|
||||||
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
|
||||||
|
}}
|
||||||
|
|
||||||
|
netbox_container_additional_networks_auto: |
|
||||||
|
{{
|
||||||
|
(
|
||||||
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
||||||
|
+
|
||||||
|
([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else [])
|
||||||
|
) | unique
|
||||||
|
}}
|
||||||
|
|
||||||
|
netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
||||||
|
netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
||||||
|
netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
||||||
|
netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
||||||
|
|
||||||
|
netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
||||||
|
netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
||||||
|
netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /netbox #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
# #
|
# #
|
||||||
# peertube #
|
# peertube #
|
||||||
|
@ -783,8 +841,6 @@ peertube_container_additional_networks_auto: |
|
||||||
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
||||||
+
|
+
|
||||||
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
|
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
|
||||||
+
|
|
||||||
([redis_container_network] if peertube_config_redis_hostname == redis_identifier else [])
|
|
||||||
) | unique
|
) | unique
|
||||||
}}
|
}}
|
||||||
|
|
||||||
|
@ -798,13 +854,9 @@ peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}
|
||||||
peertube_config_database_username: peertube
|
peertube_config_database_username: peertube
|
||||||
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
|
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
|
||||||
|
|
||||||
peertube_config_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}"
|
|
||||||
|
|
||||||
peertube_systemd_required_services_list_auto: |
|
peertube_systemd_required_services_list_auto: |
|
||||||
{{
|
{{
|
||||||
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
|
||||||
+
|
|
||||||
([redis_identifier ~ '.service'] if redis_enabled and peertube_config_redis_hostname == redis_identifier else [])
|
|
||||||
}}
|
}}
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
|
@ -73,6 +73,9 @@
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git
|
||||||
version: v1.19.0-0
|
version: v1.19.0-0
|
||||||
name: gitea
|
name: gitea
|
||||||
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git
|
||||||
|
version: v3.4.6-2.5.1-0
|
||||||
|
name: netbox
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git
|
||||||
version: v26.0.0-0
|
version: v26.0.0-0
|
||||||
name: nextcloud
|
name: nextcloud
|
||||||
|
|
|
@ -74,6 +74,8 @@
|
||||||
|
|
||||||
- role: galaxy/hubsite
|
- role: galaxy/hubsite
|
||||||
|
|
||||||
|
- role: galaxy/netbox
|
||||||
|
|
||||||
- role: galaxy/nextcloud
|
- role: galaxy/nextcloud
|
||||||
|
|
||||||
- role: galaxy/peertube
|
- role: galaxy/peertube
|
||||||
|
|
Loading…
Reference in a new issue