upgrade peertube

seed/peertube/UPGRADE.md

@@ -0,0 +1,7 @@
+peertube-plugin-auth-openid-connect
+===================================
+
+Modify version in:
+- peertube/manual/image/postinstall/peertube.sh
+- peertube/templates/peertube.service
+- peertube/dictionaries/30_peertube.xml

seed/peertube/dictionaries/30_peertube.xml

@@ -63,7 +63,7 @@
     <fill name="calc_oauth2_client_external">
       <param type="variable">revprox_client_external_domainnames</param>
       <param type="variable">revprox_client_location</param>
-      <param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
+      <param>plugins/auth-openid-connect/0.1.0/auth/openid-connect</param>
       <target>oauth2_client_external</target>
     </fill>
     <fill name="calc_value">

seed/peertube/manual/image/postinstall/peertube.patch

@@ -1,60 +0,0 @@
---- peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js 
-+++ peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
-@@ -110,6 +110,14 @@ async function register ({
-     descriptionHTML: 'Will only allow login for users whose group array contains this group'
-   })
- 
-+  registerSetting({
-+    name: 'signature-algorithm',
-+    label: 'Token signature algorithm',
-+    type: 'input',
-+    private: true,
-+    default: 'RS256'
-+  })
-+
-   const router = getRouter()
-   router.use('/code-cb', (req, res) => handleCb(peertubeHelpers, settingsManager, req, res))
- 
-@@ -159,7 +167,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
-     'scope',
-     'discover-url',
-     'client-id',
--    'client-secret'
-+    'client-secret',
-+    'signature-algorithm'
-   ])
- 
-   if (!settings['discover-url']) {
-@@ -188,6 +197,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
-   } else {
-     clientOptions.token_endpoint_auth_method = 'none'
-   }
-+  clientOptions.id_token_signed_response_alg = settings['signature-algorithm']
-+  clientOptions.authorization_signed_response_alg = settings['signature-algorithm']
- 
-   store.client = new issuer.Client(clientOptions)
-
---- peertube/dist/server/helpers/custom-validators/activitypub/actor.js.ori	2022-04-06 13:58:17.752681849 +0000
-+++ peertube/dist/server/helpers/custom-validators/activitypub/actor.js	2022-04-06 13:58:22.268682531 +0000
-@@ -43,8 +43,8 @@
- function isActorPrivateKeyValid(privateKey) {
-     return (0, misc_1.exists)(privateKey) &&
-         typeof privateKey === 'string' &&
--        privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
--        privateKey.includes('-----END RSA PRIVATE KEY-----') &&
-+        privateKey.startsWith('-----BEGIN PRIVATE KEY-----') &&
-+        privateKey.includes('-----END PRIVATE KEY-----') &&
-         validator_1.default.isLength(privateKey, constants_1.CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY);
- }
- exports.isActorPrivateKeyValid = isActorPrivateKeyValid;
---- peertube/node_modules/pem/lib/pem.js.ori	2022-04-06 13:59:36.232693763 +0000
-+++ peertube/node_modules/pem/lib/pem.js	2022-04-06 13:59:48.916695687 +0000
-@@ -74,7 +74,7 @@
- 
-   params.push(keyBitsize)
- 
--  openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {
-+  openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {
-     function done (err) {
-       if (err) {
-         return callback(err)

seed/peertube/manual/image/postinstall/peertube.sh

@@ -8,7 +8,7 @@ echo "nameserver 9.9.9.9" > /etc/resolv.conf
 PLUGINS_DIR=$PLUGINS_DIR
 mkdir -p "\$PLUGINS_DIR"
 cd "\$PLUGINS_DIR"
-yarn add peertube-plugin-auth-openid-connect@0.0.7 --production
+yarn add peertube-plugin-auth-openid-connect@0.1.0 --production
 mkdir -p "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
 chown peertube: "\$PLUGINS_DIR/data"
 chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
@@ -23,5 +23,5 @@ rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
 
 rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
 cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
-patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
+#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
 cd -

seed/peertube/manual/image/preinstall/peertube.sh

@@ -1,3 +1,4 @@
-PKG="$PKG peertube yarnpkg"
+PKG="$PKG peertube peertube-tools yarnpkg"
+#PKG="$PKG peertube yarnpkg"
 COPR="https://copr.fedorainfracloud.org/coprs/daftaupe/peertube/repo/fedora-36/daftaupe-peertube-fedora-36.repo"
 FUSION=true

seed/peertube/templates/peertube.service

@@ -2,4 +2,4 @@
 Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
 ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
 ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
-ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"
+ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.1.0', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"

seed/peertube/templates/production.yaml

@@ -28,6 +28,10 @@ rates_limit:
     # 3 attempts in 5 min
     window: 5 minutes
     max: 3
+  receive_client_log:
+    # 10 attempts in 10 min
+    window: 10 minutes
+    max: 10
 
 # Proxies to trust to get real client IP
 # If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
@@ -49,7 +53,7 @@ database:
 
 # Redis server for short time storage
 # You can also specify a 'socket' path to a unix socket but first need to
-# comment out hostname and port
+# set 'hostname' and 'port' to null
 redis:
   hostname: '%%redis_client_server_domainname'
   port: 6379
@@ -95,11 +99,13 @@ defaults:
     licence: null
 
   p2p:
-    # Enable P2P by default
+    # Enable P2P by default in PeerTube client
     # Can be enabled/disabled by anonymous users and logged in users
     webapp:
       enabled: true
 
+    # Enable P2P by default in PeerTube embed
+    # Can be enabled/disabled by URL option
     embed:
       enabled: true
 
@@ -138,6 +144,9 @@ object_storage:
 
   region: 'us-east-1'
 
+  # Set this ACL on each uploaded object
+  upload_acl: 'public-read'
+
   credentials:
     # You can also use AWS_ACCESS_KEY_ID env variable
     access_key_id: ''
@@ -145,7 +154,10 @@ object_storage:
     secret_access_key: ''
 
   # Maximum amount to upload in one request to object storage
+# GNUNUX  max_upload_part: 100MB
+#>GNUNUX
   max_upload_part: 2GB
+#<GNUNUX
 
   streaming_playlists:
     bucket_name: 'streaming-playlists'
@@ -165,20 +177,46 @@ object_storage:
 
 log:
   level: 'info' # 'debug' | 'info' | 'warn' | 'error'
+
   rotation:
+# GNUNUX    enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
+#>GNUNUX
     enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
+#<GNUNUX
     max_file_size: 12MB
     max_files: 20
+
   anonymize_ip: false
+
   log_ping_requests: true
+  log_tracker_unknown_infohash: true
+
   prettify_sql: false
 
+  # Accept warn/error logs coming from the client
+  accept_client_log: true
+
+# Highly experimental support of Open Telemetry
+open_telemetry:
+  metrics:
+    enabled: false
+
+    # Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
+    prometheus_exporter:
+      port: 9091
+
+  tracing:
+    enabled: false
+
+    # Send traces to a Jaeger compatible endpoint
+    jaeger_exporter:
+      endpoint: ''
+
 trending:
   videos:
     interval_days: 7 # Compute trending videos for the last x days
     algorithms:
       enabled:
-        - 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
         - 'hot' # adaptation of Reddit's 'Hot' algorithm
         - 'most-viewed' # default, used initially by PeerTube as the trending page
         - 'most-liked'
@@ -227,7 +265,7 @@ security:
     enabled: true
 
 tracker:
-  # If you disable the tracker, you disable the P2P aspect of PeerTube
+  # If you disable the tracker, you disable the P2P on your PeerTube instance
   enabled: true
   # Only handle requests on your videos
   # If you set this to false it means you have a public tracker
@@ -258,11 +296,21 @@ views:
 
     ip_view_expiration: '1 hour'
 
+# Used to get country location of views of local videos
+geo_ip:
+  enabled: true
+
+  country:
+    database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb'
+
 plugins:
   # The website PeerTube will ask for available PeerTube plugins and themes
   # This is an unmoderated plugin index, so only install plugins/themes you trust
   index:
+# GNUNUX    enabled: true
+#>GNUNUX
     enabled: false
+#<GNUNUX
     check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
     url: 'https://packages.joinpeertube.org'
 
@@ -277,7 +325,10 @@ federation:
 peertube:
   check_latest_version:
     # Check and notify admins of new PeerTube versions
+# GNUNUX    enabled: true
+#>GNUNUX
     enabled: false
+#<GNUNUX
     # You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
     url: 'https://joinpeertube.org/api/v1/versions.json'
 
@@ -285,17 +336,30 @@ webadmin:
   configuration:
     edition:
       # Set this to false if you don't want to allow config edition in the web interface by instance admins
+# GNUNUX      allowed: true
+#>GNUNUX
       allowed: false
+#<GNUNUX
+
+# XML, Atom or JSON feeds
+feeds:
+  videos:
+    # Default number of videos displayed in feeds
+    count: 20
+
+  comments:
+    # Default number of comments displayed in feeds
+    count: 20
 
 ###############################################################################
 #
-# From this point, all the following keys can be overridden by the web interface
+# From this point, almost all following keys can be overridden by the web interface
 # (local-production.json file). If you need to change some values, prefer to
 # use the web interface because the configuration will be automatically
 # reloaded without any need to restart PeerTube
 #
-# /!\ If you already have a local-production.json file, the modification of the
+# /!\ If you already have a local-production.json file, modification of some of
-# following keys will have no effect /!\
+# the following keys will have no effect /!\
 #
 ###############################################################################
 
@@ -368,6 +432,9 @@ transcoding:
     1440p: false
     2160p: false
 
+  # Transcode and keep original resolution, even if it's above your maximum enabled resolution
+  always_transcode_original_resolution: true
+
   # Generate videos in a WebTorrent format (what we do since the first PeerTube release)
   # If you also enabled the hls format, it will multiply videos storage by 2
   # If disabled, breaks federation with PeerTube instances < 2.1
@@ -404,19 +471,43 @@ live:
   # /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
   allow_replay: true
 
+  # Allow your users to change latency settings (small latency/default/high latency)
+  # Small latency live streams cannot use P2P
+  # High latency live streams can increase P2P ratio
+  latency_setting:
+    enabled: true
+
   # Your firewall should accept traffic from this port in TCP if you enable live
   rtmp:
     enabled: true
+
+    # Listening hostname/port for RTMP server
+    # '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
+    # Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
+    hostname: null
     port: 1935
 
+    # Public hostname of your RTMP server
+    # Use null to use the same value than `webserver.hostname`
+    public_hostname: null
+
   rtmps:
     enabled: false
+
+    # Listening hostname/port for RTMPS server
+    # '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
+    # Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
+    hostname: null
     port: 1936
-    # Absolute path
+
+    # Absolute paths
     key_file: ''
-    # Absolute path
     cert_file: ''
 
+    # Public hostname of your RTMPS server
+    # Use null to use the same value than `webserver.hostname`
+    public_hostname: null
+
   # Allow to transcode the live streaming in multiple live resolutions
   transcoding:
     enabled: true
@@ -437,17 +528,31 @@ live:
       1440p: false
       2160p: false
 
+    # Also transcode original resolution, even if it's above your maximum enabled resolution
+    always_transcode_original_resolution: true
+
+video_studio:
+  # Enable video edition by users (cut, add intro/outro, add watermark etc)
+  # If enabled, users can create transcoding tasks as they wish
+  enabled: false
+
 import:
   # Add ability for your users to import remote videos (from YouTube, torrent...)
   videos:
     # Amount of import jobs to execute in parallel
     concurrency: 1
 
+    # Set a custom video import timeout to not block import queue
+    timeout: '2 hours'
+
     # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
     http:
       # We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
       # See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
+# GNUNUX      enabled: false
+#>GNUNUX
       enabled: true
+#<GNUNUX
 
       youtube_dl_release:
         # Direct download URL to youtube-dl binary
@@ -455,11 +560,11 @@ import:
         # Examples:
         #   * https://api.github.com/repos/ytdl-org/youtube-dl/releases
         #   * https://api.github.com/repos/yt-dlp/yt-dlp/releases
-        url: 'https://yt-dl.org/downloads/latest/youtube-dl'
+        #   * https://yt-dl.org/downloads/latest/youtube-dl
+        url: 'https://api.github.com/repos/yt-dlp/yt-dlp/releases'
 
-        # youtube-dl binary name
+        # Release binary name: 'yt-dlp' or 'youtube-dl'
-        # yt-dlp is also supported
+        name: 'yt-dlp'
-        name: 'youtube-dl'
 
         # Path to the python binary to execute for youtube-dl or yt-dlp
         python_path: '/usr/bin/python3'
@@ -473,6 +578,17 @@ import:
       # See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
       enabled: false
 
+  # Add ability for your users to synchronize their channels with external channels, playlists, etc.
+  video_channel_synchronization:
+    enabled: false
+
+    max_per_user: 10
+
+    check_interval: 1 hour
+
+    # Number of latest published videos to check and to potentially import when syncing a channel
+    videos_limit_per_synchronization: 10
+
 auto_blacklist:
   # New videos automatically blacklisted so moderators can review before publishing
   videos:
@@ -512,7 +628,10 @@ instance:
   languages:
 #    - en
 #    - es
+# GNUNUX    - fr
+#>GNUNUX
     - fr
+#<GNUNUX
 
   # You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
   # Uncomment or add the category ids you want
@@ -630,6 +749,11 @@ client:
     miniature:
       # By default PeerTube client displays author username
       prefer_author_display_name: false
+      display_author_avatar: false
+    resumable_upload:
+      # Max size of upload chunks, e.g. '90MB'
+      # If null, it will be calculated based on network speed
+      max_chunk_size: null
 
   menu:
     login: