Premier commit

roles/peertube/files/finish

@@ -0,0 +1,9 @@
+MYHOST=peertube.gsb.lan;
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml;
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj /CN="${MYHOST}"/O="${MYHOST}" -addext "subjectAltName = DNS:${MYHOST}";
+kubectl create secret tls tls-peertube --key tls.key --cert tls.cert;
+helm repo add postgresql https://charts.bitnami.com/bitnami;
+helm repo add redis https://charts.bitnami.com/bitnami;
+helm repo add mail https://bokysan.github.io/docker-postfix;
+helm install --create-namespace -n peertube peertube-gsb /root/tools/peertube/helm/ ;
+kubectl config view --raw > ~/.kube/config

roles/peertube/files/resolv.conf

@@ -0,0 +1,4 @@
+domain gsb.lan
+search gsb.lan
+nameserver 172.16.0.1
+nameserver 192.168.99.99

roles/peertube/files/values.yaml

@@ -0,0 +1,139 @@
+replicaCount: 1
+image:
+  repository: chocobozzz/peertube
+  pullPolicy: IfNotPresent
+  tag: "v5.0.1-bullseye"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: false
+  annotations: {}
+  name: ""
+podAnnotations: {}
+podSecurityContext: {}
+securityContext: {}
+
+service:
+  type: ClusterIP
+  port: 9000
+  nginxPort: 9001
+
+## default config for postgresql should work, but feel free to modify it if required.
+# must stay consistent with peertube configuration, otherwise peertube will crash
+postgresql:
+  enabled: true
+  primary:
+    persistence:
+      enabled: true
+      existingClaim: "pvc-postgres"
+  global:
+    postgresql:
+      auth:
+        postgrePassword: "admin"
+        username: "user"
+        password: "user"
+        database: "peertube"
+
+## the main list of variables tha will be applied in the peertube container
+# any error or misconfiguration will make peertube crash.
+peertube:
+  env:
+    dbUser: user # must be consistent with postgresql configuration
+    dbPasswd: user # must be consistent with postgresql configuration
+    dbSsl: false # disabled by default WARNING: ssl connection feature not tested, use at your own risk
+    dbHostname: peertube-gsb-postgresql # must be consistent with postgresql configuration
+    webHostname: peertube.gsb.lan # must be changed to your local setup
+    secret: b2753b0f37444974de0e81f04815e6a889fcf8960bd203a01b624d8fa8a37683
+    smtpHostname: peertube-gsb-mail # must be consistent with mail configuration
+    smtpPort: 587 # must be consistent with mail configuration
+    smtpFrom: noreply@lan.lan # not configured by default, add something meaningfull if you want
+    smtpTls: false # disabled by default WARNING: tls connection feature not tested, use at your own risk
+    smtpDisableStartTls: false # unless crashes related to tls/ssl, this should be unchanged
+    adminEmail: root@localhost.lan # use this if you want peopleto be able to reach you 
+    redisHostname: peertube-gsb-redis-master # must be consistent with redis configuration
+    redisAuth: peertube # must be consistent with redis configuration
+  app:
+    userCanRegister: true # control if people can register by themselves
+    rootPasswd: rootroot # CHANGE THIS! the default admin username is 'root' this variable define the password
+## the next section configure at wich quality videos will be transcoded 
+    transcoding360: true
+    transcoding480: true
+    transcoding720: true
+    transcoding1080: false
+    transcoding2160: false
+
+## the configuration of the postfix server called 'mail' here 
+# change these settings if you know what you are doing
+mail:
+  enbled: true
+  config:
+    general:
+      ALLOWED_SENDER_DOMAINS: "yes" 
+      DKIM_AUTOGENERATE: "yes"
+    opendkim:
+      RequireSafeKeys: "no"
+    postfix:
+       smtp_tls_security_level: "secure" # works by default, any other tls level is untested
+  persistence:
+    enabled: false
+  service:
+    port: 587
+
+## the configuration of the redis server
+redis:
+  master:
+    persistence:
+      enabled: true
+      existingClaim: "pvc-redis"
+  replica:
+    persistence:
+      enabled: true
+      existingClaim: "pvc-redis"
+  auth:
+    enbled: true
+    password: "peertube"
+
+## ingress configuration is very specific this part must be configured or else you'll get 503 or 404 errors
+ingress:
+  enabled: true
+  className: ""
+  annotations: 
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/proxy-body-size: 6G # this caps the size of imported videos, if set low this might prevent you from uploading videos
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: peertube.gsb.lan
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: tls-peertube
+    - hosts:
+      - peertube.gsb.lan
+
+resources: {}
+autoscaling:
+  enabled: false
+  minimumReplicas: 3
+  maximumReplicas: 20
+  targetCPUUtilizationPercentage: 90
+  targetMemoryUtilizationPercentage: 75
+  windowSeconds: 120
+  minCPUPercentage: 20
+  minMemoryPercentage: 30
+
+## this section should be configured to match your needs and available ressources
+persistence:
+  enabled: true
+  reclaimPolicy: Retain
+  redisVolumeStorage: 1Gi
+  peertubeVolumeStorage: 5Gi
+  postgresqlVolumeStorage: 1Gi
+  accessMode: ReadWriteOnce 
+
+nodeSelector: {}
+tolerations: []
+affinity: {}