Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Archive abandoned project

Browse source
This commit is contained in:
Benoit 2025-02-15 00:56:26 +09:00
parent bc8862d90b
commit 65be894048
501 changed files with 24305 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
esh_piped/.gitignore vendored Normal file
View file

@ -0,0 +1,25 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/

3
esh_piped/.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "upstream"]
path = upstream
url = https://github.com/TeamPiped/Piped-Docker.git

10
esh_piped/CHANGELOG.md Normal file
View file

@ -0,0 +1,10 @@
# esh_archivebox CHANGELOG
This file is used to list changes made in each version of the esh_archivebox cookbook.
## 0.1.0
Initial release.
- change 0
- change 1

201
esh_piped/LICENSE Normal file
View file

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

16
esh_piped/Policyfile.rb Normal file
View file

@ -0,0 +1,16 @@
# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile/
# A name that describes what the system you're building with Chef does.
name 'esh_archivebox'
# Where to find external cookbooks:
default_source :supermarket
# run_list: chef-client will run these recipes in the order specified.
run_list 'esh_archivebox::default'
# Specify a custom source for a single cookbook:
cookbook 'esh_archivebox', path: '.'

5
esh_piped/README.md Normal file
View file

@ -0,0 +1,5 @@
# esh_archivebox
- [Upstream](https://github.com/TeamPiped/Piped-Docker)
Cookbook is made for commit `113e0da`.

115
esh_piped/chefignore Normal file
View file

@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

25
esh_piped/compliance/README.md Normal file
View file

@ -0,0 +1,25 @@
# compliance
This directory contains Chef InSpec profile, waiver and input objects which are used with the Chef Infra Compliance Phase.
Detailed information on the Chef Infra Compliance Phase can be found in the [Chef Documentation](https://docs.chef.io/chef_compliance_phase/).
```plain
./compliance
├── inputs
├── profiles
└── waivers
```
Use the `chef generate` command from Chef Workstation to create content for these directories:
```sh
# Generate a Chef InSpec profile
chef generate profile PROFILE_NAME
# Generate a Chef InSpec waiver file
chef generate waiver WAIVER_NAME
# Generate a Chef InSpec input file
chef generate input INPUT_NAME
```

33
esh_piped/files/default/nginx.conf Normal file
View file

@ -0,0 +1,33 @@
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nodelay on;
keepalive_timeout 65;
resolver 127.0.0.11 ipv6=off valid=10s;
include /etc/nginx/conf.d/*.conf;
}

18
esh_piped/files/default/ytproxy.conf Normal file
View file

@ -0,0 +1,18 @@
proxy_buffering on;
proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_set_header CF-Connecting-IP "";
proxy_hide_header "alt-svc";
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
aio threads=default;
aio_write on;
directio 16m;
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
proxy_max_temp_file_size 32m;
access_log off;
proxy_pass http://unix:/var/run/ytproxy/actix.sock;

31
esh_piped/kitchen.yml Normal file
View file

@ -0,0 +1,31 @@
---
driver:
name: vagrant
## The forwarded_port port feature lets you connect to ports on the VM guest
## via localhost on the host.
## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
# network:
# - ["forwarded_port", {guest: 80, host: 8080}]
provisioner:
name: chef_zero
## product_name and product_version specifies a specific Chef product and version to install.
## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
# product_name: chef
# product_version: 17
verifier:
name: inspec
platforms:
- name: ubuntu-20.04
- name: centos-8
suites:
- name: default
verifier:
inspec_tests:
- test/integration/default

20
esh_piped/metadata.rb Normal file
View file

@ -0,0 +1,20 @@
name 'esh_piped'
maintainer 'https://easyself.host'
maintainer_email 'esh@benpro.fr'
license 'Apache-2.0'
description 'Installs/Configures esh_piped'
version '0.1.0'
chef_version '>= 16.0'
supports 'ubuntu', '= 22.04'
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/esh_archivebox/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/esh_archivebox'

31
esh_piped/recipes/cleaning.rb Normal file
View file

@ -0,0 +1,31 @@
#
# Cookbook:: esh_archivebox
# Recipe:: cleaning
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Starting upstream a77f887 they switched from ytproxy to piped-proxy
# So we need to clean ytproxy container
execute 'Stop ytproxy container' do
command 'machinectl stop ytproxy'
action :run
only_if 'machinectl status ytproxy 2>/dev/null'
end
directory '/var/lib/machines/ytproxy' do
recursive true
action :delete
end

129
esh_piped/recipes/compose.rb Normal file
View file

@ -0,0 +1,129 @@
#
# Cookbook:: esh_piped
# Recipe:: compose
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
directory '/opt/piped' do
owner 'root'
group 'root'
mode '0755'
action :create
end
directory '/opt/piped/config' do
owner 'root'
group 'root'
mode '0755'
action :create
end
template '/opt/piped/config/config.properties' do
owner 'root'
group 'root'
mode '0400'
variables proxy_hostname: node['esh']['piped']['config']['proxy_hostname'],
captcha_api_key: node['esh']['piped']['config']['captcha_api_key'],
backend_hostname: node['esh']['piped']['config']['backend_hostname'],
frontend_hostname: node['esh']['piped']['config']['frontend_hostname'],
postgresql_password: node['esh']['piped']['config']['postgresql_password']
action :create
end
cookbook_file '/opt/piped/config/nginx.conf' do
owner 'root'
group 'root'
mode '0444'
action :create
end
template '/opt/piped/config/pipedapi.conf' do
owner 'root'
group 'root'
mode '0444'
variables backend_hostname: node['esh']['piped']['config']['backend_hostname']
action :create
end
template '/opt/piped/config/pipedproxy.conf' do
owner 'root'
group 'root'
mode '0444'
variables proxy_hostname: node['esh']['piped']['config']['proxy_hostname']
action :create
end
template '/opt/piped/config/pipedfrontend.conf' do
owner 'root'
group 'root'
mode '0444'
variables frontend_hostname: node['esh']['piped']['config']['frontend_hostname']
action :create
end
cookbook_file '/opt/piped/config/ytproxy.conf' do
owner 'root'
group 'root'
mode '0444'
action :create
end
template '/opt/piped/docker-compose.yml' do
owner 'root'
group 'root'
mode '0400'
variables backend_hostname: node['esh']['piped']['config']['backend_hostname'],
postgresql_password: node['esh']['piped']['config']['postgresql_password']
action :create
end
execute 'docker compose pull' do
command 'docker compose pull --quiet'
cwd '/opt/piped'
live_stream true
action :run
end
systemd_unit 'piped.service' do
content <<~EOU
[Unit]
Description=piped via docker compose
Requires=docker.service
After=docker.service
[Service]
Type=oneshot
RemainAfterExit=true
WorkingDirectory=/opt/piped
ExecStart=/usr/bin/docker compose up -d
ExecStop=/usr/bin/docker compose down
[Install]
WantedBy=multi-user.target
EOU
action [:create, :enable]
subscribes :restart, 'template[/opt/piped/config/config.properties]', :delayed
subscribes :restart, 'file[/opt/piped/config/nginx.conf]', :delayed
subscribes :restart, 'template[/opt/piped/config/pipedapi.conf]', :delayed
subscribes :restart, 'template[/opt/piped/config/pipedproxy.conf]', :delayed
subscribes :restart, 'template[/opt/piped/config/pipedfrontend.conf]', :delayed
subscribes :restart, 'file[/opt/piped/config/ytproxy.conf]', :delayed
subscribes :restart, 'template[/opt/piped/docker-compose.yml]', :delayed
end
service 'piped' do
action :nothing
subscribes :start, 'execute[docker compose pull]', :delayed
end

66
esh_piped/recipes/nginx.rb Normal file
View file

@ -0,0 +1,66 @@
#
# Cookbook:: esh_piped
# Recipe:: nginx
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apt_package 'nginx-full'
cookbook_file '/etc/nginx/nginx.conf' do
owner 'root'
group 'root'
mode '0644'
action :create
end
template '/etc/nginx/conf.d/pipedapi.conf' do
owner 'root'
group 'root'
mode '0644'
variables backend_hostname: "#{node['esh']['piped']['config']['backend_hostname']}.#{node['esh']['piped']['config']['domain']}"
action :create
end
template '/etc/nginx/conf.d/pipedproxy.conf' do
owner 'root'
group 'root'
mode '0644'
variables proxy_hostname: "#{node['esh']['piped']['config']['proxy_hostname']}.#{node['esh']['piped']['config']['domain']}"
action :create
end
template '/etc/nginx/conf.d/pipedfrontend.conf' do
owner 'root'
group 'root'
mode '0644'
variables frontend_hostname: "#{node['esh']['piped']['config']['frontend_hostname']}.#{node['esh']['piped']['config']['domain']}"
action :create
end
cookbook_file '/etc/nginx/snippets/ytproxy.conf' do
owner 'root'
group 'root'
mode '0644'
action :create
end
service 'nginx' do
action :nothing
subscribes :restart, 'file[/etc/nginx/nginx.conf]', :immediately
subscribes :restart, 'file[/etc/nginx/conf.d/pipedapi.conf]', :immediately
subscribes :restart, 'file[/etc/nginx/conf.d/pipedproxy.conf]', :immediately
subscribes :restart, 'file[/etc/nginx/conf.d/pipedfrontend.conf]', :immediately
subscribes :restart, 'file[/etc/nginx/snippets/ytproxy.conf]', :immediately
end

55
esh_piped/recipes/postgresql.rb Normal file
View file

@ -0,0 +1,55 @@
#
# Cookbook:: esh_piped
# Recipe:: postgresql
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
postgresql_install 'install posgresql' do
version '13'
repo_pgdg false
action :install_server
end
service 'postgresql@13-main' do
action :nothing
end
additional_config = {
'listen_addresses': "localhost,#{node['ipaddress']}",
}
postgresql_config 'update postgresql listen_addresses' do
version '13'
server_config additional_config
notifies :restart, 'service[postgresql@13-main]'
end
postgresql_user 'piped' do
password node['esh']['piped']['postgresql']['password']
createdb true
end
postgresql_database 'piped' do
owner 'piped'
end
postgresql_access 'piped_access' do
# type 'host'
database 'piped'
# user 'piped'
address '10.10.10.0/24'
auth_method 'md5'
notifies :reload, 'service[postgresql@13-main]', :immediately
end

26
esh_piped/recipes/service.rb Normal file
View file

@ -0,0 +1,26 @@
#
# Cookbook:: esh_piped
# Recipe:: service
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
template '/etc/hosts' do
variables piped_addr: node['esh']['piped']['docker']['piped']['ip_addr'],
pipedfrontend_addr: node['esh']['piped']['docker']['piped-frontend']['ip_addr'],
pipedproxy_addr: node['esh']['piped']['docker']['piped-proxy']['ip_addr']
owner 'root'
group 'root'
mode '0644'
end

36
esh_piped/recipes/system.rb Normal file
View file

@ -0,0 +1,36 @@
#
# Cookbook:: esh_piped
# Recipe:: system
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
directory '/etc/piped/' do
owner 'root'
group 'root'
mode '0700'
action :create
end
template '/etc/piped/config.properties' do
owner 'root'
group 'root'
mode '0755'
variables proxy_hostname: "#{node['esh']['piped']['config']['proxy_hostname']}.#{node['esh']['piped']['config']['domain']}",
captcha_api_key: node['esh']['piped']['config']['captcha_api_key'],
backend_hostname: "#{node['esh']['piped']['config']['backend_hostname']}.#{node['esh']['piped']['config']['domain']}",
frontend_hostname: "#{node['esh']['piped']['config']['frontend_hostname']}.#{node['esh']['piped']['config']['domain']}",
postgresql_password: node['esh']['piped']['postgresql']['password']
action :create
end

46
esh_piped/recipes/undocker.rb Normal file
View file

@ -0,0 +1,46 @@
#
# Cookbook:: esh_archivebox
# Recipe:: undocker
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
%w(piped piped-frontend piped-proxy).each do |image|
url = node['esh']['piped']['docker'][image]['url']
image = node['esh']['piped']['docker'][image]['image']
tag = node['esh']['piped']['docker'][image]['tag']
network = node['esh']['piped']['docker'][image]['network']
ip_addr = node['esh']['piped']['docker'][image]['ip_addr']
service = node['esh']['piped']['docker'][image]['service']
env = node['esh']['piped']['docker'][image]['env']
esh_undocker_download url do
image image
tag tag
end
esh_undocker_extract image do
tag tag
network network
env env
end
esh_undocker_network ip_addr do
image image
end
esh_undocker_service image do
content service
end
end

93
esh_piped/templates/default/config.properties Normal file
View file

@ -0,0 +1,93 @@
# The port to Listen on.
PORT: 8080
# The number of workers to use for the server
HTTP_WORKERS: 2
# Proxy
PROXY_PART: https://PROXY_HOSTNAME
# Outgoing HTTP Proxy - eg: 127.0.0.1:8118
#HTTP_PROXY: 127.0.0.1:8118
# Captcha Parameters
CAPTCHA_BASE_URL: https://api.capmonster.cloud/
CAPTCHA_API_KEY: INSERT_HERE
# Public API URL
API_URL: https://BACKEND_HOSTNAME
# Public Frontend URL
FRONTEND_URL: https://FRONTEND_HOSTNAME
# Enable haveibeenpwned compromised password API
COMPROMISED_PASSWORD_CHECK: true
# Disable Registration
DISABLE_REGISTRATION: false
# Feed Retention Time in Days
FEED_RETENTION: 30
# Disable CPU expensive timers (for nodes with low CPU, at least one node should have this disabled)
DISABLE_TIMERS:false
# RYD Proxy URL (see https://github.com/TeamPiped/RYD-Proxy)
RYD_PROXY_URL:https://ryd-proxy.kavin.rocks
# SponsorBlock Servers(s)
# Comma separated list of SponsorBlock Servers to use
SPONSORBLOCK_SERVERS:https://sponsor.ajay.app,https://sponsorblock.kavin.rocks
# Disable the usage of RYD
DISABLE_RYD:false
# Disable API server (node just runs timers if enabled)
DISABLE_SERVER:false
# Disable the inclusion of LBRY streams
DISABLE_LBRY:false
# How long should unauthenticated subscriptions last for
SUBSCRIPTIONS_EXPIRY:30
# Send consent accepted cookie
# This is required for certain features to work in some countries
CONSENT_COOKIE:true
# Sentry DSN
# Use Sentry to log errors and trace performance
#SENTRY_DSN:INSERT_HERE
# Matrix Client Server URL
MATRIX_SERVER:https://matrix-client.matrix.org
# Matrix Access Token
# If not present, will work in anon mode
#MATRIX_TOKEN:INSERT_HERE
# Geo Restriction Checker for federated bypassing of Geo Restrictions
#GEO_RESTRICTION_CHECKER_URL:INSERT_HERE
# S3 Configuration Data (compatible with any provider that offers an S3 compatible API)
#S3_ENDPOINT:INSERT_HERE
#S3_ACCESS_KEY:INSERT_HERE
#S3_SECRET_KEY:INSERT_HERE
#S3_BUCKET:INSERT_HERE
# Hibernate properties
hibernate.connection.url:jdbc:postgresql://postgres:5432/piped
hibernate.connection.driver_class:org.postgresql.Driver
hibernate.dialect:org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.username:piped
hibernate.connection.password:changeme
# Frontend configuration
#frontend.statusPageUrl:changeme
#frontend.donationUrl:changeme
# Hibernate properties
hibernate.connection.url: jdbc:postgresql://postgres:5432/piped
hibernate.connection.driver_class: org.postgresql.Driver
hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.username: piped
hibernate.connection.password: changeme

93
esh_piped/templates/default/config.properties.erb Normal file
View file

@ -0,0 +1,93 @@
# The port to Listen on.
PORT: 8080
# The number of workers to use for the server
HTTP_WORKERS: 2
# Proxy
PROXY_PART: https://<%= @proxy_hostname %>
# Outgoing HTTP Proxy - eg: 127.0.0.1:8118
#HTTP_PROXY: 127.0.0.1:8118
# Captcha Parameters
CAPTCHA_BASE_URL: https://api.capmonster.cloud/
CAPTCHA_API_KEY: <%= @captcha_api_key %>
# Public API URL
API_URL: https://<%= @backend_hostname %>
# Public Frontend URL
FRONTEND_URL: https://<%= @frontend_hostname %>
# Enable haveibeenpwned compromised password API
COMPROMISED_PASSWORD_CHECK: true
# Disable Registration
DISABLE_REGISTRATION: false
# Feed Retention Time in Days
FEED_RETENTION: 30
# Disable CPU expensive timers (for nodes with low CPU, at least one node should have this disabled)
DISABLE_TIMERS:false
# RYD Proxy URL (see https://github.com/TeamPiped/RYD-Proxy)
RYD_PROXY_URL:https://ryd-proxy.kavin.rocks
# SponsorBlock Servers(s)
# Comma separated list of SponsorBlock Servers to use
SPONSORBLOCK_SERVERS:https://sponsor.ajay.app,https://sponsorblock.kavin.rocks
# Disable the usage of RYD
DISABLE_RYD:false
# Disable API server (node just runs timers if enabled)
DISABLE_SERVER:false
# Disable the inclusion of LBRY streams
DISABLE_LBRY:false
# How long should unauthenticated subscriptions last for
SUBSCRIPTIONS_EXPIRY:30
# Send consent accepted cookie
# This is required for certain features to work in some countries
CONSENT_COOKIE:true
# Sentry DSN
# Use Sentry to log errors and trace performance
#SENTRY_DSN:INSERT_HERE
# Matrix Client Server URL
MATRIX_SERVER:https://matrix-client.matrix.org
# Matrix Access Token
# If not present, will work in anon mode
#MATRIX_TOKEN:INSERT_HERE
# Geo Restriction Checker for federated bypassing of Geo Restrictions
#GEO_RESTRICTION_CHECKER_URL:INSERT_HERE
# S3 Configuration Data (compatible with any provider that offers an S3 compatible API)
#S3_ENDPOINT:INSERT_HERE
#S3_ACCESS_KEY:INSERT_HERE
#S3_SECRET_KEY:INSERT_HERE
#S3_BUCKET:INSERT_HERE
# Hibernate properties
hibernate.connection.url:jdbc:postgresql://postgres:5432/piped
hibernate.connection.driver_class:org.postgresql.Driver
hibernate.dialect:org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.username:piped
hibernate.connection.password:changeme
# Frontend configuration
#frontend.statusPageUrl:changeme
#frontend.donationUrl:changeme
# Hibernate properties
hibernate.connection.url: jdbc:postgresql://postgres:5432/piped
hibernate.connection.driver_class: org.postgresql.Driver
hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.username: piped
hibernate.connection.password: <%= @postgresql_password %>

66
esh_piped/templates/default/docker-compose.yml.erb Normal file
View file

@ -0,0 +1,66 @@
version: "3"
services:
pipedfrontend:
image: 1337kavin/piped-frontend:latest
restart: unless-stopped
depends_on:
- piped
container_name: piped-frontend
entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/<%= @backend_hostname %>/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"'
piped-proxy:
image: 1337kavin/piped-proxy:latest
restart: unless-stopped
environment:
- UDS=1
volumes:
- piped-proxy:/app/socket
container_name: piped-proxy
piped:
image: 1337kavin/piped:latest
restart: unless-stopped
volumes:
- ./config/config.properties:/app/config.properties:ro
depends_on:
- postgres
container_name: piped-backend
nginx:
image: nginx:mainline-alpine
restart: unless-stopped
ports:
- "8080:80"
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/pipedapi.conf:/etc/nginx/conf.d/pipedapi.conf:ro
- ./config/pipedproxy.conf:/etc/nginx/conf.d/pipedproxy.conf:ro
- ./config/pipedfrontend.conf:/etc/nginx/conf.d/pipedfrontend.conf:ro
- ./config/ytproxy.conf:/etc/nginx/snippets/ytproxy.conf:ro
- piped-proxy:/var/run/ytproxy
container_name: nginx
depends_on:
- piped
- piped-proxy
- pipedfrontend
postgres:
image: postgres:15
restart: unless-stopped
volumes:
- /var/lib/postgresql:/var/lib/postgresql/data
environment:
- POSTGRES_DB=piped
- POSTGRES_USER=piped
- POSTGRES_PASSWORD=<%= @postgresql_password %>
container_name: postgres
watchtower:
image: containrrr/watchtower
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_INCLUDE_RESTARTING=true
container_name: watchtower
command: piped-frontend piped-backend piped-proxy varnish nginx postgres watchtower
volumes:
piped-proxy: null

9
esh_piped/templates/default/hosts.erb Normal file
View file

@ -0,0 +1,9 @@
127.0.1.1 <%= node['hostname'] %>
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
<%= @piped_addr %> piped
<%= @pipedfrontend_addr %> pipedfrontend
<%= @pipedproxy_addr %> pipedproxy

15
esh_piped/templates/default/pipedapi.conf.erb Normal file
View file

@ -0,0 +1,15 @@
proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off;
server {
listen 80;
server_name <%= @backend_hostname %>;
set $backend "http://piped:8080";
location / {
proxy_cache pipedapi;
proxy_pass $backend;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
}
}

12
esh_piped/templates/default/pipedfrontend.conf.erb Normal file
View file

@ -0,0 +1,12 @@
server {
listen 80;
server_name <%= @frontend_hostname %>;
set $backend "http://pipedfrontend:80";
location / {
proxy_pass $backend;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
}
}

14
esh_piped/templates/default/pipedproxy.conf.erb Normal file
View file

@ -0,0 +1,14 @@
server {
listen 80;
server_name <%= @proxy_hostname %>;
location ~ (/videoplayback|/api/v4/|/api/manifest/) {
include snippets/ytproxy.conf;
add_header Cache-Control private always;
}
location / {
include snippets/ytproxy.conf;
add_header Cache-Control "public, max-age=604800";
}
}

16
esh_piped/test/integration/default/default_test.rb Normal file
View file

@ -0,0 +1,16 @@
# Chef InSpec test for recipe esh_archivebox::default
# The Chef InSpec reference, with examples and extensive documentation, can be
# found at https://docs.chef.io/inspec/resources/
unless os.windows?
# This is an example test, replace with your own test.
describe user('root'), :skip do
it { should exist }
end
end
# This is an example test, replace it with your own test.
describe port(80), :skip do
it { should_not be_listening }
end