hosting/mash-playbook
1
0
Fork 0
Code Pull requests Activity

Add PeerTube and Redis support

Browse source
This commit is contained in:
Slavi Pantaleev 2023-03-17 15:43:45 +02:00
parent 306c77fa51
commit e7740ed57b
7 changed files with 224 additions and 17 deletions

19
README.md
View file

@ -31,27 +31,14 @@ When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up w
- GitHub issues: [mother-of-all-self-hosting/mash-playbook/issues](https://github.com/mother-of-all-self-hosting/mash-playbook/issues)
## Related projects
You may also be interested in these other Ansible playbooks:
- [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) - for deploying a fully-featured [Matrix](https://matrix.org) homeserver
- [peertube-docker-ansible-deploy](https://github.com/spantaleev/peertube-docker-ansible-deploy) - for deploying a [PeerTube](https://joinpeertube.org/) video-platform server - this playbook will soon be merged into `mash-playbook`
The [Matrix](https://matrix.org) playbook ([matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)) will remain independent, because the Matrix ecosystem is incredibly large - lots of bots, bridges and other pieces of software. It deserves its own dedicated playbook.
All other playbooks are for smaller pieces and will be moved into into this playbook for ease of maintenance and all [reasons explained below](#why-create-such-a-mega-playbook).
## Why create such a mega playbook?
All our [Related](#related-projects) Ansible playbooks re-use roles (for Postgres, Traefik, etc.), but are still hard to maintain and there's a lot of duplication of effort.
We used to maintain separate playbooks for various services (Matrix, Nextcloud, Gitea, Vaultwarden, PeerTube, ..). They re-used roles (for Postgres, Traefik, etc.), but were still hard to maintain due to the large duplication of effort.
Most of these playbooks host services which require a Postgres database, a Traefik reverse-proxy, a backup solution, etc. All of them need to come with documentation, etc.
Most of these playbooks hosted services which require a Postgres database, a Traefik reverse-proxy, a backup solution, etc. All of them needed to come with documentation, etc.
All these things need to be created and kept up-to-date in each and every playbook.
Having to use a dedicated Ansible playbook for each and every piece of software means that you have to juggle many playbooks and make sure they don't conflict with one another when installing services on the same server. All [Related](#related-projects) playbooks interoperate nicely, but still require at least a bit of manual configuration to achieve this interoperability.
Having to use a dedicated Ansible playbook for each and every piece of software means that you have to juggle many playbooks and make sure they don't conflict with one another when installing services on the same server. All these related playbooks interoperated nicely, but still required at least a bit of manual configuration to achieve this interoperability.
Using specialized Ansible playbooks also means that trying out new software is difficult. Despite the playbooks being similar (which eases the learning curve), each one is still a new git repository you need to clone and maintain, etc.

87
docs/services/peertube.md Normal file
View file

@ -0,0 +1,87 @@
# PeerTube
[PeerTube](https://joinpeertube.org/) is a tool for sharing online videos developed by [Framasoft](https://framasoft.org/), a french non-profit.
## Dependencies
This service requires the following other services:
- a [Postgres](postgres.md) database
- a [Redis](redis.md) data-store
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# peertube #
# #
########################################################################
peertube_enabled: true
peertube_hostname: peertube.example.com
# PeerTube does not support being hosted at a subpath right now,
# so using the peertube_path_prefix variable is not possible.
# A PeerTube secret.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
peertube_config_secret: ''
# An email address to be associated with the `root` PeerTube administrator account.
peertube_config_admin_email: ''
# The initial password that the `root` PeerTube administrator account will be created with.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
peertube_config_root_user_initial_password: ''
# Uncomment and adjust this after completing the initial installation.
# Find the `traefik` network's IP address range by running the following command on the server:
# `docker network inspect traefik -f "{{ (index .IPAM.Config 0).Subnet }}"`
# Then, replace the example IP range below, and re-run the playbook.
# peertube_trusted_proxies_values_custom: ["172.21.0.0/16"]
########################################################################
# #
# /peertube #
# #
########################################################################
```
In the example configuration above, we configure the service to be hosted at `https://peertube.example.com`.
Hosting PeerTube under a subpath (by configuring the `peertube_path_prefix` variable) does not seem to be possible right now, due to PeerTube limitations.
## Usage
After [installation](../installing.md), you should be able to access your new PeerTube instance at the URL you've chosen (depending on `peertube_hostname` and `peertube_path_prefix` values set in `vars.yml`).
You should then be able to log in with:
- username: `root`
- password: the password you've set in `peertube_config_root_user_initial_password` in `vars.yml`
## Adjusting the trusted reverse-proxy networks
If you go to **Administration** -> **System** -> **Debug** (`/admin/system/debug`), you'll notice that PeerTube reports some local IP instead of your own IP address.
To fix this, you need to adjust the "trusted proxies" configuration setting.
The default installation uses a Traefik reverse-proxy, so we suggest that you make PeerTube trust the whole `traefik` container network.
To do this:
- SSH into the machine
- run this command to find the network range: `docker network inspect traefik -f "{{ (index .IPAM.Config 0).Subnet }}"` (e.g. `172.19.0.0/16`)
- adjust your `vars.yml` configuration to contain a variable like this: `peertube_trusted_proxies_values_custom: ["172.19.0.0/16"]`
Then, re-install the PeerTube component via the playbook by running: `just install-service peertube`
You should then see the **Debug** page report your actual IP address.

28
docs/services/redis.md Normal file
View file

@ -0,0 +1,28 @@
# Redis
[Redis](https://redis.io/) is an open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker.
Some of the services installed by this playbook require a Redis data store.
Enabling the Redis database service will automatically wire all other services to use it.
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# redis #
# #
########################################################################
redis_enabled: true
########################################################################
# #
# /redis #
# #
########################################################################
```

8
docs/supported-services.md
View file

@ -7,18 +7,24 @@
| [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) |
| [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) |
| [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) |
| [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) |
| [PostgreSQL](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) |
| [Radicale](https://miniflux.app/) | A Free and Open-Source CalDAV and CardDAV Server (solution for hosting contacts and calendars) | [Link](services/radicale.md) |
| [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) |
| [Traefik](https://doc.traefik.io/traefik/) | A container-aware reverse-proxy server | [Link](services/traefik.md) |
| [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | A lightweight unofficial and compatible implementation of the [Bitwarden](https://bitwarden.com/) password manager | [Link](services/vaultwarden.md) |
| [Uptime-kuma](https://uptime.kuma.pet/) | A fancy self-hosted monitoring tool | [Link](services/uptime-kuma.md) |
| [Woodpecker CI](https://woodpecker-ci.org/) | A simple Continuous Integration (CI) engine with great extensibility. | [Link](services/woodpecker-ci.md) |
## Related playbooks
- [matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) - for deploying a fully-featured [Matrix](https://matrix.org) homeserver. This playbook will remain independent, because the Matrix ecosystem is incredibly large - lots of bots, bridges and other pieces of software. It deserves its own dedicated playbook.
## Coming soon
| Name | Description |
| ------------------------------ | ------------------------------------- |
| [PeerTube](https://joinpeertube.org/), by absorbing [peertube-docker-ansible-deploy](https://github.com/spantaleev/peertube-docker-ansible-deploy) | A video-platform server |
| [Garage](https://garagehq.deuxfleurs.fr/), by absorbing [garage-docker-ansible-deploy](https://github.com/moan0s/garage-docker-ansible-deploy) | Open-source distributed object storage service tailored for self-hosting |
| [Prometheus](https://prometheus.io/)| Monitoring system and time series database |

88
group_vars/mash_servers
View file

@ -28,8 +28,12 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else [])
+
([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else [])
+
([{'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']}] if radicale_enabled else [])
+
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else [])
+
([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else [])
+
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
@ -91,6 +95,12 @@ devture_postgres_managed_databases_auto: |
'password': nextcloud_database_password,
}] if nextcloud_enabled else [])
+
([{
'name': peertube_config_database_name,
'username': peertube_config_database_username,
'password': peertube_config_database_password,
}] if peertube_enabled else [])
+
([{
'name': vaultwarden_database_name,
'username': vaultwarden_database_username,
@ -398,6 +408,61 @@ nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key)
########################################################################
# #
# peertube #
# #
########################################################################
peertube_enabled: false
peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube"
peertube_base_path: "{{ mash_playbook_base_path }}/peertube"
peertube_uid: "{{ mash_playbook_uid }}"
peertube_gid: "{{ mash_playbook_gid }}"
peertube_container_additional_networks: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
+
([redis_container_network] if peertube_config_redis_hostname == redis_identifier else [])
) | unique
}}
peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
peertube_config_database_username: peertube
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
peertube_config_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}"
peertube_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
+
([redis_identifier ~ '.service'] if redis_enabled and peertube_config_redis_hostname == redis_identifier else [])
}}
########################################################################
# #
# /peertube #
# #
########################################################################
########################################################################
# #
# radicale #
@ -431,6 +496,29 @@ radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certReso
########################################################################
# #
# redis #
# #
########################################################################
redis_enabled: false
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis"
redis_base_path: "{{ mash_playbook_base_path }}/redis"
redis_uid: "{{ mash_playbook_uid }}"
redis_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /redis #
# #
########################################################################
########################################################################
# #
# vaultwarden #

7
requirements.yml
View file

@ -48,6 +48,9 @@
- src: git+https://gitlab.com/etke.cc/roles/uptime_kuma.git
version: v1.20.2-1
- src: git+https://gitlab.com/etke.cc/roles/redis.git
version: v7.0.9-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-vaultwarden.git
name: vaultwarden
version: v1.27.0-1
@ -63,3 +66,7 @@
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-collabora-online.git
name: collabora_online
version: v22.05.12.1.1-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git
name: peertube
version: v5.0.1-0

4
setup.yml
View file

@ -52,8 +52,12 @@
- role: galaxy/nextcloud
- role: peertube
- role: galaxy/radicale
- role: galaxy/redis
- role: galaxy/vaultwarden
- role: galaxy/uptime_kuma