chore: publish 4.1.0+v5.2.1-bullseye release

Re: coop-cloud/recipes-catalogue-json#4

.drone.yml

@@ -3,10 +3,13 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: peertube
+      generate_secrets: true
+      networks:
+       - proxy
       purge: true
       deploy_key:
         from_secret: drone_ssh_swarm_test
@@ -14,16 +17,25 @@ steps:
       DOMAIN: peertube.swarm-test.autonomic.zone
       STACK_NAME: peertube
       LETS_ENCRYPT_ENV: production
+      NGINX_CONFIG_VERSION: v1
+      APP_ENTRYPOINT_VERSION: v1
+      SECRET_DB_PASSWORD_VERSION: v1
 trigger:
   branch:
     - main
 ---
 kind: pipeline
-name: recipe release
+name: generate recipe catalogue
 steps:
   - name: release a new version
-    image: thecoopcloud/drone-abra:latest
+    image: plugins/downstream
     settings:
-      command: recipe peertube release
-      deploy_key:
-        from_secret: abra_bot_deploy_key
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -42,3 +42,9 @@ SECRET_DB_PASSWORD_VERSION=v1
 
 ## Live stream settings
 #COMPOSE_FILE="compose.yml:compose.rtmp.yml"
+
+## Live chat settings
+#PEERTUBE_LIVE_CHAT_ENABLED=1
+
+## Healthcheck settings
+PEERTUBE_LOG_PING_REQUESTS=false

README.md

@@ -6,14 +6,14 @@ An ActivityPub-federated video streaming platform using P2P directly in your web
 
 <!-- metadata -->
 
-- **Category**: Applications
-- **Status**: ❷💛
-- **Image**: [`chocobozzz/peertube`](https://hub.docker.com/r/chocobozzz/peertube), ❷💛, official
-- **Healthcheck**: ❶💚
-- **Backups**: ❸🍎
-- **Email**: ❶💚
-- **Tests**: ❌
-- **SSO**: ❸🍎
+* **Category**: Apps
+* **Status**: 2, beta
+* **Image**: [`chocobozzz/peertube`](https://hub.docker.com/r/chocobozzz/peertube), 4, upstream
+* **Healthcheck**: 3
+* **Backups**: 1
+* **Email**: 3
+* **Tests**: No
+* **SSO**: 1
 <!-- endmetadata -->
 
 ## Basic usage
@@ -22,21 +22,35 @@ An ActivityPub-federated video streaming platform using P2P directly in your web
 2. Deploy [`coop-cloud/traefik`]
 3. `abra app new peertube --secrets` (optionally with `--pass` if you'd like
    to save secrets in `pass`)
-4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
+4. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app YOURAPPDOMAIN deploy`
+5. `abra app deploy YOURAPPDOMAIN`
 6. Open the configured domain in your browser to finish set-up
 
+## Host-mode networking
+
+To avoid issues with performance, it is recommended to deploy your Traefik instance with:
+
+```
+COMPOSE_FILE="compose.yml:compose.host.yml:compose.peertube.yml"
+```
+
+This will avoid issues like [`#7`](https://git.coopcloud.tech/coop-cloud/peertube/issues/7).
+
 ## Email
 
 1. Deploy [`coop-cloud/postfix-relay`] or use an external SMTP relay
-2. `abra app YOURAPPDOMAIN config`, and uncomment the email lines and adjust as needed
-3. `abra app YOURAPPDOMAIN deploy`
+2. `abra app config YOURAPPDOMAIN`, and uncomment the email lines and adjust as needed
+3. `abra app deploy YOURAPPDOMAIN`
 
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
 [`coop-cloud/postfix-relay`]: https://git.autonomic.zone/coop-cloud/postfix-relay
 
+## Plugins
+
+- [`peertube-plugin-auth-openid-connect`](https://www.npmjs.com/package/peertube-plugin-auth-openid-connect) is the trusted OAuth2 support plugin (Keycloak integrations works!)
+
 ## Acknowledgements
 
-Thanks to [@mirsal](https://git.autonomic.zone/mirsal) for the packaging work :heart:
+Thanks to [@mirsal](https://git.coopcloud.tech/mirsal) for the packaging work :heart:

abra.sh

@@ -1,7 +1,7 @@
 # shellcheck disable=SC2034,SC2145
 
-export NGINX_CONFIG_VERSION=v2
-export APP_ENTRYPOINT_VERSION=v1
+export NGINX_CONFIG_VERSION=v4
+export APP_ENTRYPOINT_VERSION=v6
 
 sub_npm() {
   abra__service_="app"

compose.yml

@@ -1,7 +1,9 @@
+---
 version: "3.8"
+
 services:
   web:
-    image: nginx:1.20.0
+    image: nginx:1.26.0
     networks:
       - proxy
       - internal
@@ -22,27 +24,41 @@ services:
     configs:
       - source: nginx_config
         target: /etc/nginx/nginx.conf
+    healthcheck:
+      test: curl -f http://app:9000/v1/api/ping || exit 1
+      interval: 5s
+      timeout: 3s
+      retries: 20
     deploy:
       restart_policy:
         condition: on-failure
+      update_config:
+        failure_action: rollback
+        order: start-first
+      rollback_config:
+        order: start-first
+      restart_policy:
+        max_attempts: 10
       labels:
         - "traefik.enable=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - coop-cloud.${STACK_NAME}.web.version=1.20.0-ea4560b8
+
   app:
-    image: chocobozzz/peertube:v3.2.1-buster
+    image: chocobozzz/peertube:v5.2.1-bullseye
     environment:
       - PEERTUBE_ADMIN_EMAIL
       - PEERTUBE_CONTACT_FORM_ENABLED
       - PEERTUBE_DB_HOSTNAME=db
-      - PEERTUBE_DB_PASSWORD_FILE=/run/secrets/db_password
       - PEERTUBE_DB_PORT=5432
       - PEERTUBE_DB_USERNAME=peertube
+      - PEERTUBE_LIVE_CHAT_ENABLED
+      - PEERTUBE_LOG_PING_REQUESTS
       - PEERTUBE_REDIS_HOSTNAME=cache
       - PEERTUBE_SIGNUP_ENABLED
+      - PEERTUBE_SMTP_ENABLED
       - PEERTUBE_TRANSCODING_ENABLED
       - PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.16.0.0/12", "10.0.0.0/8"]
       - PEERTUBE_WEBSERVER_HOSTNAME=${DOMAIN}
@@ -51,25 +67,26 @@ services:
     volumes:
       - app-data:/data
       - app-config:/config
-      - app-assets:/app/client/dist
+      - app-assets:/srv/client/dist
     secrets:
       - db_password
     configs:
       - source: app_entrypoint
         target: /docker-entrypoint.sh
         mode: 0555
-    command: npm start
+    command: node dist/server
     healthcheck:
-      test: 'nodejs -e "http.get(''http://localhost:9000/api/v1/ping'', (res) => { console.log(''status: '', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });"'
-      interval: 1m
-      timeout: 30s
-      retries: 3
-      start_period: 1m
+      test: curl -f http://localhost:9000/v1/api/ping || exit 1
+      interval: 10s
+      timeout: 3s
+      retries: 20
     entrypoint: /docker-entrypoint.sh
     networks:
       - internal
     deploy:
-      labels: ["coop-cloud.${STACK_NAME}.app.version=v3.2.1-buster-e4f797ee"]
+      labels:
+        - "coop-cloud.${STACK_NAME}.version=4.1.0+v5.2.1-bullseye"
+
   db:
     image: postgres:10-alpine
     environment:
@@ -82,23 +99,29 @@ services:
       - postgres-data:/var/lib/postgresql/data
     networks:
       - internal
-    deploy:
-      update_config:
-        failure_action: rollback
-        order: start-first
-      labels: ['coop-cloud.${STACK_NAME}.db.version=10-alpine-131220fe']
+    healthcheck:
+      test: pg_isready -U peertube
+      interval: 10s
+      timeout: 5s
+      retries: 10
+
   cache:
-    image: redis:4-alpine
+    image: redis:7-alpine
     volumes:
       - redis-data:/data
     networks:
       - internal
-    deploy:
-      labels: ['coop-cloud.${STACK_NAME}.cache.version=4-alpine-aaf7c123']
+    healthcheck:
+      test: redis-cli ping
+      interval: 10s
+      timeout: 5s
+      retries: 10
+
 networks:
   internal:
   proxy:
     external: true
+
 volumes:
   app-data:
   app-config:
@@ -107,6 +130,7 @@ volumes:
   nginx-cache:
   postgres-data:
   redis-data:
+
 configs:
   nginx_config:
     name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
@@ -114,7 +138,9 @@ configs:
     template_driver: golang
   app_entrypoint:
     name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
-    file: entrypoint.sh
+    file: entrypoint.sh.tmpl
+    template_driver: golang
+
 secrets:
   db_password:
     external: true

entrypoint.sh.tmpl

@@ -24,11 +24,20 @@ file_env() {
    unset "$fileVar"
 }
 
-file_env "PEERTUBE_DB_PASSWORD"
+export PEERTUBE_DB_PASSWORD=$(cat /run/secrets/db_password)
 
-if [ -z "$PEERTUBE_SMTP_ENABLED" ]; then
-   file_env "PEERTUBE_SMTP_PASSWORD"
-fi
+{{ if eq (env "PEERTUBE_SMTP_ENABLED") "1" }}
+file_env "PEERTUBE_SMTP_PASSWORD"
+{{ end }}
+
+{{ if eq (env "PEERTUBE_LIVE_CHAT_ENABLED") "1" }}
+apt -y update && apt install -y prosody && apt -y clean
+mkdir -p /run/prosody && chown prosody:prosody /run/prosody
+{{ end }}
+
+# Copy the client files over to a named volume
+# so that they may be served by nginx directly
+cp -ar /app/client/dist /srv/client
 
 # upstream entrypoint
 # https://github.com/Chocobozzz/PeerTube/blob/66f77f63437c6774acbd72584a9839a7636ea167/support/docker/production/entrypoint.sh

nginx.conf.tmpl

@@ -170,6 +170,21 @@ http {
       try_files $uri @api;
     }
 
+    # Plugin websocket routes
+    location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
+      try_files /dev/null @api_websocket;
+    }
+
+    location ~ ^(/static/(webseed|streaming-playlists)/private/)|^/download {
+      # We can't rate limit a try_files directive, so we need to duplicate @api
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host            $host;
+      proxy_set_header X-Real-IP       $remote_addr;
+      
+      proxy_limit_rate 5M;
+      proxy_pass http://backend;
+    }
+
     # Bypass PeerTube for performance reasons. Optional.
     location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
       limit_rate_after            5M;

release/2.0.0+v4.0.0-bullseye

@@ -0,0 +1,27 @@
+This major release went fairly smoothly, there are 2 post-migration steps which
+are listed on the release notes:
+
+    https://github.com/Chocobozzz/PeerTube/releases/tag/v4.0.0
+
+However, you need to do the second part first, adding additional config options
+and/or changing the old ones. When you try to run the data migration, it'll
+error out telling you which one you need to deal with, so that will help to guide.
+
+Here's what I did:
+
+abra app run tv.lumbung.space app bash
+apt update && apt install vim
+vi /config/production.yml # change options
+
+Then, in another shell:
+
+abra app run --user peertube tv.lumbung.space app bash
+
+export NODE_CONFIG_DIR=/config
+export NODE_ENV=production
+export PEERTUBE_DB_PASSWORD=$(cat /run/secrets/db_password)
+node dist/scripts/migrations/peertube-4.0.js
+
+After, this I ran a restart of the app service, and things went fine.
+
+abra app restart tv.lumbung.space app

release/3.0.0+v4.3.0-bullseye

@@ -0,0 +1,4 @@
+Redis needs to be ugpraded to >= 6 and you can't downgrade afterwards, so
+beware!
+
+-- @decentral1se / Autonomic

release/4.0.0+v5.0.1-bullseye

@@ -0,0 +1,14 @@
+This will break your deployment!
+You need to add new lines to /config/production.yaml as shown here:
+https://github.com/Chocobozzz/PeerTube/blob/v5.0.0/config/production.yaml.example#L14
+https://github.com/Chocobozzz/PeerTube/blob/v5.0.0/config/production.yaml.example#L153
+
+you can do that from the host as the file is inside a volume. It should be in /var/lib/docker/volumes/<peertube stack name>_app-config/_data/production.yaml on your host machine. It's important to save the secret that you're putting in the file somewhere else, as the container has write access to the file, and it's possible it could overwrite it, causing the secret to disappear. We don't know what happens to your data if you lose that secret.
+
+You'll also have to run a migration as described in https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0
+
+abra app run <app name> app bash -u peertube
+and when inside the container:
+node dist/scripts/migrations/peertube-5.0.js
+
+knoflook & decentralise @ Autonomic Co-op