From 6d307963dd3dc69bfcb924b608820ec6aa994783 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Wed, 5 Apr 2023 19:23:37 -0700 Subject: [PATCH] Re-import and update Peertube to current security standards --- archives/jafner-net/peertube/project.env | 0 jafner-net/config/peertube/.env | 2 + jafner-net/config/peertube/docker-compose.yml | 79 +++++++++++++++++++ jafner-net/config/peertube/peertube.env | 48 +++++++++++ 4 files changed, 129 insertions(+) delete mode 100644 archives/jafner-net/peertube/project.env create mode 100644 jafner-net/config/peertube/.env create mode 100644 jafner-net/config/peertube/docker-compose.yml create mode 100644 jafner-net/config/peertube/peertube.env diff --git a/archives/jafner-net/peertube/project.env b/archives/jafner-net/peertube/project.env deleted file mode 100644 index e69de29..0000000 diff --git a/jafner-net/config/peertube/.env b/jafner-net/config/peertube/.env new file mode 100644 index 0000000..165e9a1 --- /dev/null +++ b/jafner-net/config/peertube/.env @@ -0,0 +1,2 @@ +# Docker volume location +DOCKER_VOLUME=/mnt/nas/DockerData/peertube/ \ No newline at end of file diff --git a/jafner-net/config/peertube/docker-compose.yml b/jafner-net/config/peertube/docker-compose.yml new file mode 100644 index 0000000..b95ee97 --- /dev/null +++ b/jafner-net/config/peertube/docker-compose.yml @@ -0,0 +1,79 @@ +version: "3.3" + +services: + peertube: + image: chocobozzz/peertube:production-buster + container_name: peertube_peertube + logging: + driver: loki + options: + loki-url: http://localhost:3100/loki/api/v1/push + loki-batch-size: "50" + loki-retries: "1" + loki-timeout: "2s" + keep-file: "true" + networks: + web: + peertube: + ipv4_address: 172.80.0.42 + env_file: + - peertube.env + - peertube_secrets.env + ports: + - "1935:1935" # Livestream RTMP port + volumes: + - assets:/app/client/dist + - ${DOCKER_VOLUME}/data:/data + - ${DOCKER_VOLUME}/config:/config + labels: + - "traefik.http.routers.peertube.rule=Host(`video.jafner.net`)" + - "traefik.http.routers.peertube.tls.certresolver=lets-encrypt" + - "traefik.http.services.peertube.loadbalancer.server.port=9000" + depends_on: + - postgres + - redis + - postfix + restart: "no" + + postgres: + image: postgres:13-alpine + container_name: peertube_postgres + networks: + - peertube + env_file: + - .env + volumes: + - ${DOCKER_VOLUME}/db:/var/lib/postgresql/data + restart: "no" + + redis: + image: redis:6-alpine + container_name: peertube_redis + networks: + - peertube + volumes: + - ${DOCKER_VOLUME}/redis:/data + restart: "no" + + postfix: + image: mwader/postfix-relay + container_name: peertube_postfix + networks: + - peertube + env_file: + - .env + volumes: + - ${DOCKER_VOLUME}/opendkim/keys:/etc/opendkim/keys + restart: "no" + +networks: + peertube: + ipam: + driver: default + config: + - subnet: 172.80.0.0/16 + web: + external: true + +volumes: + assets: diff --git a/jafner-net/config/peertube/peertube.env b/jafner-net/config/peertube/peertube.env new file mode 100644 index 0000000..925e468 --- /dev/null +++ b/jafner-net/config/peertube/peertube.env @@ -0,0 +1,48 @@ +# Database / Postgres service configuration +POSTGRES_USER=postgresuser +#POSTGRES_PASSWORD=postgrespassword +# Postgres database name "peertube" +POSTGRES_DB=peertube +# Editable only with a suffix : +#POSTGRES_DB=peertube_prod +#PEERTUBE_DB_SUFFIX=_prod +PEERTUBE_DB_USERNAME=postgresuser +#PEERTUBE_DB_PASSWORD=postgrespassword +PEERTUBE_DB_SSL=false +# Default to Postgres service name "postgres" in docker-compose.yml +PEERTUBE_DB_HOSTNAME=postgres + +# Server configuration +PEERTUBE_WEBSERVER_HOSTNAME=video.jafner.net +# If you do not use https and a reverse-proxy in docker-compose.yml +#PEERTUBE_WEBSERVER_PORT=80 +#PEERTUBE_WEBSERVER_HTTPS=false +# If you need more than one IP as trust_proxy +# pass them as a comma separated array: +PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.80.0.0/16"] + +# E-mail configuration +# If you use a Custom SMTP server +PEERTUBE_SMTP_USERNAME=noreply@jafner.net +#PEERTUBE_SMTP_PASSWORD= +# Default to Postfix service name "postfix" in docker-compose.yml +# May be the hostname of your Custom SMTP server +PEERTUBE_SMTP_HOSTNAME=smtp.gmail.com +PEERTUBE_SMTP_PORT=465 +PEERTUBE_SMTP_FROM=noreply@jafner.net +PEERTUBE_SMTP_TLS=false +PEERTUBE_SMTP_DISABLE_STARTTLS=false +PEERTUBE_ADMIN_EMAIL=joey@jafner.net + +# Postfix service configuration +POSTFIX_myhostname=jafner.net +# If you need to generate a list of sub/DOMAIN keys +# pass them as a whitespace separated string = +OPENDKIM_DOMAINS=jafner.net=peertube +# see https://github.com/wader/postfix-relay/pull/18 +OPENDKIM_RequireSafeKeys=no + +# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ +PEERTUBE_SIGNUP_ENABLED=true +#PEERTUBE_TRANSCODING_ENABLED=true +#PEERTUBE_CONTACT_FORM_ENABLED=true