--- - name: Instalar peertube sobre Debian 11 hosts: debian remote_user: ansible gather_facts: yes become: false vars: #domain: "video.core" domain: "video.56k.es" email: "fanta@56k.es" peertubeVersion: "v5.0.1" peertubeURL: "https://github.com/Chocobozzz/PeerTube/releases/download/{{peertubeVersion}}/peertube-{{peertubeVersion}}.zip" nodeURL: "https://deb.nodesource.com/setup_16.x" sysUser: "peertube" dbUser: "{{sysUser}}" dbName: "{{sysUser}}_prod" vars_prompt: - name: "ansible_become_pass" prompt: "Become password (sudo)" private: yes - name: "SystemUserPasswd" prompt: "System Password for USER {{sysUser}}" private: yes - name: "dbPasswd" prompt: "PSQL DB Password" private: yes tasks: - name: "DIR - Comprobamos si existe el directory /var/www/{{sysUser}}" stat: path: /var/www/{{sysUser}} register: peertubeDir - name: "DIR - Muestra un mensaje cuando el directorio /var/www/{{sysUser}} ya existe" debug: msg: "/var/www/{{sysUser}} actualmente ya existe" when: peertubeDir.stat.exists - name: "DIR - /var/www/{{sysUser}} no existe y por tanto se crea el directorio" become: true file: path: /var/www/{{sysUser}} state: directory mode: 0755 group: root owner: root when: peertubeDir.stat.exists == false - name: "USER - Se crea el usuario {{sysUser}} con /var/www/{{sysUser}} como home" become: true ansible.builtin.user: name: "{{sysUser}}" comment: "{{sysUser}} User" home: /var/www/{{sysUser}} shell: /bin/bash password: "{{ SystemUserPasswd | password_hash('sha512') }}" - name: "USER - Cambiamos permisos de /var/www/{{sysUser}} con owner {{sysUser}}" become: true ansible.builtin.file: path: /var/www/{{sysUser}} owner: "{{sysUser}}" group: "{{sysUser}}" mode: '0755' - name: "DIR - Se crea el directorio /var/www/{{sysUser}}/config" become: true file: path: /var/www/{{sysUser}}/config state: directory mode: 0750 group: peertube owner: peertube - name: "DIR - Se crea el directorio /var/www/{{sysUser}}/storage" become: true file: path: /var/www/{{sysUser}}/storage state: directory mode: 0755 group: peertube owner: peertube - name: "DIR - Se crea el directorio /var/www/{{sysUser}}/versions" become: true file: path: /var/www/{{sysUser}}/versions state: directory mode: 0755 group: peertube owner: peertube - name: "DEPS - Instalamos dependencias" become: true ansible.builtin.package: name: - python3-apt - git - unzip - curl - bash - sudo - python-dev - cron - openssl - libssl-dev - libssl-doc - postgresql - postgresql-contrib - postgresql-client - libpq-dev - python3-psycopg2 - certbot - nginx - openssl - make - wget - ffmpeg - redis-server - gcc - g++ - vim - nano state: latest - name: "DB - PSQL - Drop db {{dbName}}" ansible.builtin.command: "sudo -u postgres dropdb {{dbName}}" become: yes ignore_errors: yes args: - name: "DB - PSQL - Drop user {{dbUser}}" ansible.builtin.command: "sudo -u postgres dropuser {{dbUser}}" become: yes ignore_errors: yes args: - name: "DB - PSQL - Create user {{dbUser}} with the password" ansible.builtin.command: sudo -u postgres psql -c "create role {{dbUser}} with login password '{{dbPasswd}}';" become: yes ignore_errors: yes args: chdir: "/var/www/{{sysUser}}" - name: "DB - PSQL - Create db {{dbName}}" ansible.builtin.command: sudo -u postgres createdb -O {{dbUser}} -E UTF8 -T template0 {{dbName}} become: yes - name: "DB - PSQL - Create db extension pg_trgm" ansible.builtin.command: sudo -u postgres psql -c "CREATE EXTENSION pg_trgm;" {{dbName}} become: yes - name: "DB - PSQL - Create db extension unaccent" ansible.builtin.command: sudo -u postgres psql -c "CREATE EXTENSION unaccent;" {{dbName}} become: yes - name: "ZIP - Download peertube zip to /tmp/peertube.zip" become: yes ansible.builtin.get_url: url: "{{peertubeURL}}" dest: "/tmp/peertube.zip" mode: '0440' - name: "ZIP - Unzip peertube.zip to /var/www/{{sysUser}}/versions/" become: yes ansible.builtin.unarchive: src: "/tmp/peertube.zip" dest: "/var/www/{{sysUser}}/versions" remote_src: yes - name: "DIR - Cambiamos Owner a peertube de los archivos descomprimidos" become: yes file: path: "/var/www/{{sysUser}}/versions" owner: peertube recurse: true group: peertube - name: "DIR - Creamos un enlace simbolico peertube-latest apuntando a la versiĆ³n" become: yes ansible.builtin.file: src: "/var/www/{{sysUser}}/versions/peertube-{{peertubeVersion}}" dest: "/var/www/{{sysUser}}/peertube-latest" owner: peertube group: peertube state: link - name: "DIR - Cambiamos Owner a peertube del directorio enlace simbolico" become: true ansible.builtin.file: path: "/var/www/{{sysUser}}/peertube-latest" owner: peertube group: peertube - name: "NODE - Descargamos script para instalar repositorio de nodejs" become: yes ansible.builtin.get_url: url: "{{nodeURL}}" dest: "/tmp/setup.x" mode: '0777' - name: "NODE - Ejecutamos script para instalar repositorio de nodejs" ansible.builtin.command: "bash /tmp/setup.x" become: yes - name: "NODE - Instalamos nodejs" become: true ansible.builtin.package: name: - nodejs state: latest - name: "NODE - Instalamos yarn desde npm" ansible.builtin.command: "npm install --global yarn" become: yes - name: "NODE - Instalamos peertube con yarn" become: yes ansible.builtin.command: "sudo -H -u {{sysUser}} yarn install --production --pure-lockfile" args: chdir: "/var/www/{{sysUser}}/{{sysUser}}-latest" - name: "CONFIG - Copiamos configuracion default.yaml" become: yes ansible.builtin.command: "sudo -u peertube cp /var/www/peertube/peertube-latest/config/default.yaml /var/www/peertube/config/default.yaml" - name: "CONFIG - Copiamos configuracion production.yaml" become: yes ansible.builtin.command: "sudo -u peertube cp /var/www/peertube/peertube-latest/config/production.yaml.example /var/www/peertube/config/production.yaml" - name: "CONFIG - Cambiamos en production.yaml el dominio example.com por {{domain}}" become: yes ansible.builtin.command: "sed -i 's/example.com/{{domain}}/g' /var/www/peertube/config/production.yaml" - name: "CONFIG - Generamos clave con openssl rand -hex 32" become: yes ansible.builtin.command: "openssl rand -hex 32" register: peertubeOpenSSLKey - name: "CONFIG - Mostramos la key {{peertubeOpenSSLKey.stdout}}" debug: msg: "{{peertubeOpenSSLKey.stdout}}" - name: "CONFIG - Metemos en production.yaml la key que hemos generado" become: yes ansible.builtin.command: "sed -i \"s/peertube: ''/peertube: '{{peertubeOpenSSLKey.stdout}}'/g\" /var/www/peertube/config/production.yaml" - name: "CONFIG - Metemos en production.yaml la password de la base de datos" become: yes ansible.builtin.command: "sed -i \"s/password: 'peertube'/password: '{{dbPasswd}}'/g\" /var/www/peertube/config/production.yaml" - name: "CONFIG - Copiamos nginx config" become: yes ansible.builtin.command: "sudo cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube" - name: "CONFIG - Cambiamos dominio en nginx config" become: yes ansible.builtin.command: "sed -i \"s/${WEBSERVER_HOST}/{{domain}}/g\" /etc/nginx/sites-available/peertube" - name: "CONFIG - Cambiamos host en nginx config" become: yes ansible.builtin.command: "sed -i \"s/${PEERTUBE_HOST}/127.0.0.1:9000/g\" /etc/nginx/sites-available/peertube" - name: "CONFIG - Creamos un enlace simbolico para activar la nginx config" become: yes ansible.builtin.file: src: "/etc/nginx/sites-available/peertube" dest: "/etc/nginx/sites-enabled/peertube" state: link - name: "NGINX paramos el servicio nginx" become: yes ansible.builtin.service: name: nginx state: stopped - name: "DIR - Comprobamos si tiene ya el certificado SSL" become: yes stat: path: "/etc/letsencrypt/live/{{domain}}" register: certDir - name: "NGINX - Obtenemos certificado SSL letsencrypt con certbot [{{domain}} {{email}} ]" become: yes ansible.builtin.command: "certbot certonly --standalone -d {{domain}} --email {{email}} --agree-tos" when: certDir.stat.exists == false - name: "NGINX iniciamos el servicio nginx" become: yes ansible.builtin.service: name: nginx state: started - name: "SYSTEMD - Copiamos el template de servicio" become: yes ansible.builtin.command: "sudo cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/" - name: "SYSTEMD - Daemon reload" become: yes ansible.builtin.systemd: state: restarted daemon_reload: yes name: nginx - name: "SYSTEMD - Enable service" become: yes ansible.builtin.service: name: peertube enabled: yes - name: "SYSTEMD - Iniciamos el servicio peertube" become: yes ansible.builtin.service: name: peertube state: started # NODE_CONFIG_DIR=/var/www/peertube/config NODE_ENV=production npm run reset-password -- -u root