Re-import and update Peertube to current security standards

jafner-net/config/peertube/.env

@@ -0,0 +1,2 @@
+# Docker volume location
+DOCKER_VOLUME=/mnt/nas/DockerData/peertube/

jafner-net/config/peertube/docker-compose.yml

@@ -0,0 +1,79 @@
+version: "3.3"
+
+services:
+  peertube:
+    image: chocobozzz/peertube:production-buster
+    container_name: peertube_peertube
+    logging:
+      driver: loki
+      options:
+        loki-url: http://localhost:3100/loki/api/v1/push
+        loki-batch-size: "50"
+        loki-retries: "1"
+        loki-timeout: "2s"
+        keep-file: "true"
+    networks:
+      web:
+      peertube:
+        ipv4_address: 172.80.0.42
+    env_file:
+      - peertube.env
+      - peertube_secrets.env
+    ports:
+     - "1935:1935" # Livestream RTMP port
+    volumes:
+      - assets:/app/client/dist
+      - ${DOCKER_VOLUME}/data:/data
+      - ${DOCKER_VOLUME}/config:/config
+    labels:
+      - "traefik.http.routers.peertube.rule=Host(`video.jafner.net`)"
+      - "traefik.http.routers.peertube.tls.certresolver=lets-encrypt"
+      - "traefik.http.services.peertube.loadbalancer.server.port=9000"
+    depends_on:
+      - postgres
+      - redis
+      - postfix
+    restart: "no"
+
+  postgres:
+    image: postgres:13-alpine
+    container_name: peertube_postgres
+    networks:
+      - peertube
+    env_file:
+      - .env
+    volumes:
+      - ${DOCKER_VOLUME}/db:/var/lib/postgresql/data
+    restart: "no"
+
+  redis:
+    image: redis:6-alpine
+    container_name: peertube_redis
+    networks:
+      - peertube
+    volumes:
+      - ${DOCKER_VOLUME}/redis:/data
+    restart: "no"
+
+  postfix:
+    image: mwader/postfix-relay
+    container_name: peertube_postfix
+    networks:
+      - peertube
+    env_file:
+      - .env
+    volumes:
+      - ${DOCKER_VOLUME}/opendkim/keys:/etc/opendkim/keys
+    restart: "no"
+
+networks:
+  peertube:
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.80.0.0/16
+  web:
+    external: true
+
+volumes:
+  assets:

jafner-net/config/peertube/peertube.env

@@ -0,0 +1,48 @@
+# Database / Postgres service configuration
+POSTGRES_USER=postgresuser
+#POSTGRES_PASSWORD=postgrespassword
+# Postgres database name "peertube"
+POSTGRES_DB=peertube
+# Editable only with a suffix :
+#POSTGRES_DB=peertube_prod
+#PEERTUBE_DB_SUFFIX=_prod
+PEERTUBE_DB_USERNAME=postgresuser
+#PEERTUBE_DB_PASSWORD=postgrespassword
+PEERTUBE_DB_SSL=false
+# Default to Postgres service name "postgres" in docker-compose.yml
+PEERTUBE_DB_HOSTNAME=postgres
+
+# Server configuration
+PEERTUBE_WEBSERVER_HOSTNAME=video.jafner.net
+# If you do not use https and a reverse-proxy in docker-compose.yml
+#PEERTUBE_WEBSERVER_PORT=80
+#PEERTUBE_WEBSERVER_HTTPS=false
+# If you need more than one IP as trust_proxy
+# pass them as a comma separated array:
+PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.80.0.0/16"]
+
+# E-mail configuration
+# If you use a Custom SMTP server
+PEERTUBE_SMTP_USERNAME=noreply@jafner.net
+#PEERTUBE_SMTP_PASSWORD=<see peertube_secrets.env>
+# Default to Postfix service name "postfix" in docker-compose.yml
+# May be the hostname of your Custom SMTP server
+PEERTUBE_SMTP_HOSTNAME=smtp.gmail.com
+PEERTUBE_SMTP_PORT=465
+PEERTUBE_SMTP_FROM=noreply@jafner.net
+PEERTUBE_SMTP_TLS=false
+PEERTUBE_SMTP_DISABLE_STARTTLS=false
+PEERTUBE_ADMIN_EMAIL=joey@jafner.net
+
+# Postfix service configuration
+POSTFIX_myhostname=jafner.net
+# If you need to generate a list of sub/DOMAIN keys
+# pass them as a whitespace separated string <DOMAIN>=<selector>
+OPENDKIM_DOMAINS=jafner.net=peertube
+# see https://github.com/wader/postfix-relay/pull/18
+OPENDKIM_RequireSafeKeys=no
+
+# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
+PEERTUBE_SIGNUP_ENABLED=true
+#PEERTUBE_TRANSCODING_ENABLED=true
+#PEERTUBE_CONTACT_FORM_ENABLED=true