gnunux/dataset
1
0
Fork 0
forked from stove/dataset
Code Issues Pull requests Projects Releases Wiki Activity

add new services

Browse source
This commit is contained in:
Emmanuel Garette 2022-04-08 18:53:57 +02:00
parent 72dd2b4309
commit d2b6f2a05c
43 changed files with 2819 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
seed/applicationservice/2022.03.08/apache/manual/image/preinstall/apache.sh Normal file
View file

@ -0,0 +1 @@
PKG="$PKG mod_ssl"

4
seed/applicationservice/2022.03.08/base-fedora-36/applicationservice.yml Normal file
View file

@ -0,0 +1,4 @@
format: '0.1'
description: Information de base d'un serveur fedora version 36
depends:
- base-fedora

10
seed/applicationservice/2022.03.08/base-fedora-36/dictionaries/00-fedora-version.xml Normal file
View file

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<rougail version="0.10">
<variables>
<family name="general">
<variable name="os_version" type="string" description="OS Version" hidden="True">
<value>36</value>
</variable>
</family>
</variables>
</rougail>

7
seed/applicationservice/2022.03.08/base-fedora-36/manual/image/postinstall/base_fedora_version.sh Normal file
View file

@ -0,0 +1,7 @@
# ACTIVE NETWORKD
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"

1
seed/applicationservice/2022.03.08/base-fedora-36/manual/image/preinstall/base_fedora_version.sh Normal file
View file

@ -0,0 +1 @@
RELEASEVER=36

29
seed/applicationservice/2022.03.08/host-systemd-machined/templates/RPM-GPG-KEY-fedora-36-x86_64 Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGAkKwgBEAC+IQKqp/BI1VIvRRqcnRoAxkzsY3pxIS1L+C4gaWjIMf1eBBTq
v9eKd4xHsW80VL/tl81WZWO/7JXKmgHODiXrv4HmDIOo6Z1hxehjVRF3Ih4+sKHR
XCJgwcdJnMfqTKnHiycQggeDuheWbfjV2Fgmvxy0jh0M5PCB5taNz41LmPOaUQmn
PXcI05CjP5msKjRBObw5Cd2oad60pTNhnBWRf288S8W4wH4jNISOZLZTOf6HU5gJ
w9wU9RZoaz8kZPNArlJjZsN83S0XLCxpa6UUgYdzPDHOWGtcWGs3bvNAlTYuacun
oICOvTH/ZJU7mgaZbbdSPVLDJdLBKRVgHbdTAK0J913FEiU93GJR5bf/W5FMN7DV
6hsJVMiY/knJmkTFE9whDSjEc0TAYhQuC1HnzvMPGJvkeEz9nRqna5QUuo7V6LI4
fZNTSlqFyIi/Oa3ZoliOyOshxJmU3y1HaNcHerO1nFbTtZ7s/TKBhY9oFq4T4gJV
yFWy33p/JDxOtlVjpHEkzwXGdPe6R4xK8xHObEVraOMZMaweII+tMOGwVbxZu2kC
A1aflM+oeyU1Fx9qqM0+dYyHO+kp3M5UtfM006RcNcdfoGrA4l6z9sUnHKsYzOLP
RvKkzxiX3T91vHtRGCXjPOgOsJJzjkFtE1a5oFZg39fC99HZdbX0rUqAtQARAQAB
tDFGZWRvcmEgKDM2KSA8ZmVkb3JhLTM2LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
cmc+iQJOBBMBCAA4FiEEU97Sy5Iti42eY/0YmZ98vzircfQFAmAkKwgCGw8FCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQmZ98vzircfSGaxAAlDBWuY1Ch3YsssGE
uaeOuaHmDj08p08WUAFUPBN0ID+0pmRQjywFzrufw8Z2g/lHwic+tpXXr/RtMmcl
+WzLh1E34TRqEngjDJ27QBq1Jyid3h1manKLhZhJ8b1usKHP7Dqh7n+eMTv2Qgrt
6MrCNe4otWZ9WJ5vp/Bay5yAtU6lNoWBmJ+6BS1/2mg2jhoXrfg/Vey+/i6nYZIk
M4IcYCyGCi9rjc8NMgkCyzPkPJtsy2taB+VdUcZyjFpc1acmC8sR/2/SEl4+pOtM
UzW+OUOQFrerX/8MC5LqvmtsiPMyRDCOw3reJTXyoUIehoHoK9QtAdIRRP2nAkPy
GKycVzsLbtheJXUZharXL1DwOkpMNlm3hp9BxX89m7dLblMSjtrQPs8CkpAExAQW
FBltsD73ZhGnfE/XdWp7343m1w5W2m85/rczP+2et+c+HPmYTgaJTu8fAF0FoTDd
uD1r9DxRa2oN3YBiPP/nXnhJaH//GgF/RRw7Fbc66fCh8DTrMsPgmyi/O3/pdSGe
k0UqEfSdzNPbl7gVFlCbr4Ur5n1ph+sEZqOhMuyszLZZvYvUrHsDuanML5X25coP
h+rqyjHJJeYlS2tMAQB1fmHB0LWhRhKYaOROAXFmUutFUxVVoigNCl8mV561DCz6
6/zy81ZGeyUGOEIZ1NFuoY0EhC8=
=KaIq
-----END PGP PUBLIC KEY BLOCK-----

29
seed/applicationservice/2022.03.08/host-systemd-machined/templates/RPM-GPG-KEY-rpmfusion-free-fedora-36 Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2tu8EBEADnI6bmlE7ebLuYSBKJavk7gwX8L2S0lDwtmAFmNcxQ/tAhh5Gx
2RKEneou12pSxav8MvbKOr4IpJLLmuoQMLYkbQRHovgVfDYdtvK9T8tZH51ACtnC
KKr9SucnKhWpDk3/n/djV0I2qSesE6QcJVrh66bT/8nbyIFbbiYLOgE88YAX5Wdj
TkgmYXJ54l1MP/3N64pFlmk6myYCrLh7cibFYLZOW2Xwfq6Go6HOpGn9Cazb+T6m
LALkVPERu2QkcUhMqy/slD5tFFb7DW1gkwnYiu5PKwThW7laZgmw2yAgDV+JccdK
D9ZHALmy9GyQ1ZjDptpa5BObE5vazbuAbSndoIqwaMxCrlqhIYdmqz4m/HJ9BaC0
mRSkT6N9SqytZXFhu5/Ld6+/Ol3b+q28bnV64qQrDH6hgnrRdqCQpm8g7tZFuk5X
JsB/A+EfI2kE6YXqWaGdEx0XcqOv97n6sRZNweOHX3vSM0eLwmM2dpgc7RvMfcqr
73ylZ9CnWVUD6cl+wE8SnGnVVqYau2spZFzKVAcfi/Zwvh6wM7/83XC2mkIHmoFR
OY5aDWFhoFZFgiHHnmDv6kACNmSHb/oYRkvwQ+JhAQu4I9CYw1sxaUDjwtt7a+4I
mBZM8WuvAVLkqnF+MJetiL15/W834HjCNITV03t9593T6Z1Dxpfv4hy7YwARAQAB
tFVSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgyMDIwKSA8
cnBtZnVzaW9uLWJ1aWxkc3lzQGxpc3RzLnJwbWZ1c2lvbi5vcmc+iQJFBBMBCAAv
FiEE6aSRo94keBTn4Gfq4G+OzdZR/y4FAl2tu8ECGwMECwkIBwMVCAoCHgECF4AA
CgkQ4G+OzdZR/y4ZQhAAmF5A4XC9ymd94BFwsbbpCnx2YlfmsZwT1QzBu9njjkH7
MC4THknYe2B/muE5dPu3NseZMzue1Ou4KbMz4wq82731prLRu+iHAxAxJ1qd8whA
QGuRJAg8+YEXKhpwpD/8P/xJo9IRmPxPM+6mQVTlASv34CEIGff1vJr40tNiU53P
PZq9SWD3/uG84PQRmGXetfF2K3NkXqzkvQSM68JZiYR2+wMkoO9f72B7LTBrfkwy
RcFPA7kj65pysB+l2wez03Dh/MyA3LTusd9M6FGiSOUVpQZ+NUFipIisS3vh/Bgp
zMsj1NSsMLjUDcX8stR8GfVgTxSgWwHTNl75XwTZpJOKMoj97kh9zzLwBhZ1W+xo
8s2W7YqVnOUl8rPm7ZbOefGkamNg8bhqcyNIEbHqR5QZVzDBT2AxVcB6jsxSHf5b
sb+KEJff4g6E4fWPA/IYdtJ7DItbVXnkAjqD7ADUh7Xq7pOgfC/4Cledf27x73m+
sdBvKsEBrroAsX/v4z46mQApszkfjTUAXwj2lUT+ujoktJHXqR71jbY0+8JX6Fyw
6ZW0emxR++bt9ksLcsNmjOQP9TmQpi2CW4Z+Ol2tlwtlnKAo6ecx4aacHKg+FYuQ
HTJRq6E6GpCPn1avf1v797RM+3zzw9TYkadfVLIQQ4HYbYzienOgGGporclrtrQ=
=oOVZ
-----END PGP PUBLIC KEY BLOCK-----

BIN
seed/applicationservice/2022.03.08/lemonldap/templates/silique_video.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 KiB

10
seed/applicationservice/2022.03.08/peertube/DEBUG.md Normal file
View file

@ -0,0 +1,10 @@
# Mettre un mot de passe à l'utilisateur root
cd /usr/share/peertube/
export NODE_CONFIG_DIR=/etc/peertube/
export NODE_ENV=production
node ./dist/scripts/reset-password.js -u root
# Debug
sed -i "s/level: 'info' # 'debug'/level: 'debug' # 'debug'/g" /etc/peertube/production.yaml
systemctl restart peertube

3
seed/applicationservice/2022.03.08/peertube/FIXME Normal file
View file

@ -0,0 +1,3 @@
yarn(pkg) !
server/tools/ ?

10
seed/applicationservice/2022.03.08/peertube/applicationservice.yml Normal file
View file

@ -0,0 +1,10 @@
format: '0.1'
description: Peertube
depends:
- base-fedora-36
- postgresql-client
- relay-mail-client
- reverse-proxy-client
- redis-client
- nginx-common
- oauth2-client

68
seed/applicationservice/2022.03.08/peertube/dictionaries/30_peertube.xml Normal file
View file

@ -0,0 +1,68 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="peertube" target="multi-user">
<override/>
<file engine="none" source="sysuser-peertube.conf">/sysusers.d/0peertube.conf</file>
<file engine="none" source="tmpfile-peertube.conf">/tmpfiles.d/0peertube.conf</file>
<file>/etc/peertube/production.yaml</file>
<file engine="none">/etc/pam.d/login</file>
<file source="nginx.peertube.conf">/etc/nginx/conf.d/peertube.conf</file>
</service>
</services>
<variables>
<family name="peertube">
<variable name="peertube_admin_email" type="mail" description="Adresse courriel de l'administrateur Peertube" mandatory="True"/>
<variable name="peertube_short_description" type="string" description="Description courte de l'instance">
<value>PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.</value>
</variable>
<variable name="peertube_description" type="string" description="Description de l'instance">
<value>Welcome to this PeerTube instance!</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
</variable>
<variable name="oauth2_client_name" redefine='True'>
<value>Vidéo</value>
</variable>
<variable name="oauth2_client_description" redefine='True'>
<value>Plateforme de partage de vidéo Peertube</value>
</variable>
<variable name="oauth2_client_category" redefine='True'>
<value>Réseaux sociaux</value>
</variable>
<variable name="oauth2_client_logo" redefine='True'>
<value>silique_video.png</value>
</variable>
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
</family>
<family name="nginx" description="Reverse proxy">
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
<variable name="revprox_client_location" redefine="True">
<value>/</value>
</variable>
<variable name="revprox_client_max_body_size" redefine="True">
<value>12G</value>
</variable>
</family>
</family>
</variables>
<constraints>
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainname</param>
<param type="variable">revprox_client_location</param>
<param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
<target>oauth2_client_external</target>
</fill>
<fill name="calc_value">
<param type="boolean">True</param>
<param name="default" type="boolean">False</param>
<param name="condition" type="variable">revprox_client_location</param>
<param name="expected">/socket.io</param>
<target>revprox_client_is_websocket</target>
</fill>
</constraints>
</rougail>

60
seed/applicationservice/2022.03.08/peertube/manual/image/postinstall/peertube.patch Normal file
View file

@ -0,0 +1,60 @@
--- peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
+++ peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
@@ -110,6 +110,14 @@ async function register ({
descriptionHTML: 'Will only allow login for users whose group array contains this group'
})
+ registerSetting({
+ name: 'signature-algorithm',
+ label: 'Token signature algorithm',
+ type: 'input',
+ private: true,
+ default: 'RS256'
+ })
+
const router = getRouter()
router.use('/code-cb', (req, res) => handleCb(peertubeHelpers, settingsManager, req, res))
@@ -159,7 +167,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
'scope',
'discover-url',
'client-id',
- 'client-secret'
+ 'client-secret',
+ 'signature-algorithm'
])
if (!settings['discover-url']) {
@@ -188,6 +197,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
} else {
clientOptions.token_endpoint_auth_method = 'none'
}
+ clientOptions.id_token_signed_response_alg = settings['signature-algorithm']
+ clientOptions.authorization_signed_response_alg = settings['signature-algorithm']
store.client = new issuer.Client(clientOptions)
--- peertube/dist/server/helpers/custom-validators/activitypub/actor.js.ori 2022-04-06 13:58:17.752681849 +0000
+++ peertube/dist/server/helpers/custom-validators/activitypub/actor.js 2022-04-06 13:58:22.268682531 +0000
@@ -43,8 +43,8 @@
function isActorPrivateKeyValid(privateKey) {
return (0, misc_1.exists)(privateKey) &&
typeof privateKey === 'string' &&
- privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
- privateKey.includes('-----END RSA PRIVATE KEY-----') &&
+ privateKey.startsWith('-----BEGIN PRIVATE KEY-----') &&
+ privateKey.includes('-----END PRIVATE KEY-----') &&
validator_1.default.isLength(privateKey, constants_1.CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY);
}
exports.isActorPrivateKeyValid = isActorPrivateKeyValid;
--- peertube/node_modules/pem/lib/pem.js.ori 2022-04-06 13:59:36.232693763 +0000
+++ peertube/node_modules/pem/lib/pem.js 2022-04-06 13:59:48.916695687 +0000
@@ -74,7 +74,7 @@
params.push(keyBitsize)
- openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {
+ openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {
function done (err) {
if (err) {
return callback(err)

29
seed/applicationservice/2022.03.08/peertube/manual/image/postinstall/peertube.sh Normal file
View file

@ -0,0 +1,29 @@
#!/bin/bash
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
PLUGINS_DIR=/usr/share/peertube_plugins
echo """#!/bin/bash
set -ex
mv /etc/resolv.conf /tmp
echo "nameserver 9.9.9.9" > /etc/resolv.conf
PLUGINS_DIR=$PLUGINS_DIR
mkdir -p "\$PLUGINS_DIR"
cd "\$PLUGINS_DIR"
yarn add peertube-plugin-auth-openid-connect@0.0.7 --production
mkdir -p "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
chown peertube: "\$PLUGINS_DIR/data"
chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
rm -f /etc/resolv.conf
mv /tmp/resolv.conf /etc
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
patch -p0 < $OLDPWD/peertube/postinstall/peertube.patch
cd -

3
seed/applicationservice/2022.03.08/peertube/manual/image/preinstall/peertube.sh Normal file
View file

@ -0,0 +1,3 @@
PKG="$PKG peertube yarnpkg"
COPR="https://copr.fedorainfracloud.org/coprs/daftaupe/peertube/repo/fedora-36/daftaupe-peertube-fedora-36.repo"
FUSION=true

17
seed/applicationservice/2022.03.08/peertube/templates/login Normal file
View file

@ -0,0 +1,17 @@
# File from util-linux-*.x86_64 (not installed)
#%PAM-1.0
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so

271
seed/applicationservice/2022.03.08/peertube/templates/nginx.peertube.conf Normal file
View file

@ -0,0 +1,271 @@
# GNUNUX /usr/share/peertube/support/nginx/peertube
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
# Please check your Nginx installation features the following modules via 'nginx -V':
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
# THIRD PARTY MODULES: None.
# GNUNUX server {
# GNUNUX listen 80;
# GNUNUX listen [::]:80;
# GNUNUX server_name ${WEBSERVER_HOST};
# GNUNUX
# GNUNUX location /.well-known/acme-challenge/ {
# GNUNUX default_type "text/plain";
# GNUNUX root /var/www/certbot;
# GNUNUX }
# GNUNUX location / { return 301 https://$host$request_uri; }
# GNUNUX }
upstream %%domain_name_eth0 {
# GNUNUX server ${PEERTUBE_HOST};
server localhost:9000;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name %%domain_name_eth0;
# GNUNUX access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
# GNUNUX error_log /var/log/nginx/peertube.error.log;
##
# Certificates
# you need a certificate to run in production. see https://letsencrypt.org/
##
# GNUNUX ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
# GNUNUX ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
#>GNUNUX
ssl_client_certificate %%revprox_ca_file;
ssl_certificate %%revprox_cert_file;
ssl_certificate_key %%revprox_key_file;
#<GNUNUX
# GNUNUX location ^~ '/.well-known/acme-challenge' {
# GNUNUX default_type "text/plain";
# GNUNUX root /var/www/certbot;
# GNUNUX }
##
# Security hardening (as of Nov 15, 2020)
# based on Mozilla Guideline v5.6
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
ssl_session_timeout 1d; # defaults to 5m
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
##
# Application
##
location @api {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host %%revprox_client_external_domainname;
# proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100k; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://%%domain_name_eth0;
}
location / {
try_files /dev/null @api;
}
location = /api/v1/videos/upload-resumable {
client_max_body_size 0;
proxy_request_buffering off;
try_files /dev/null @api;
}
location = /api/v1/videos/upload {
limit_except POST HEAD { deny all; }
# This is the maximum upload size, which roughly matches the maximum size of a video file.
# Note that temporary space is needed equal to the total size of all concurrent uploads.
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
# on a dedicated filesystem.
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
##
# Websocket
##
location @api_websocket {
proxy_http_version 1.1;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host %%revprox_client_external_domainname;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
proxy_pass http://%%domain_name_eth0;
}
location /socket.io {
try_files /dev/null @api_websocket;
}
location /tracker/socket {
# Peers send a message to the tracker every 15 minutes
# Don't close the websocket before then
proxy_read_timeout 15m; # default is 60s
try_files /dev/null @api_websocket;
}
##
# Performance optimizations
# For extra performance please refer to https://github.com/denji/nginx-tuning
##
# GNUNUX root /var/www/peertube/storage;
root /usr/share/peertube;
# Enable compression for JS/CSS/HTML, for improved client load times.
# It might be nice to compress JSON/XML as returned by the API, but
# leaving that out to protect against potential BREACH attack.
gzip on;
gzip_vary on;
gzip_types # text/html is always compressed by HttpGzipModule
text/css
application/javascript
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
gzip_min_length 1000; # default is 20 bytes
gzip_buffers 16 8k;
gzip_comp_level 2; # default is 1
client_body_timeout 30s; # default is 60
client_header_timeout 10s; # default is 60
send_timeout 10s; # default is 60
keepalive_timeout 10s; # default is 75
resolver_timeout 10s; # default is 30
reset_timedout_connection on;
proxy_ignore_client_abort on;
tcp_nopush on; # send headers in one piece
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
#client_body_temp_path /var/www/peertube/storage/nginx/;
# Bypass PeerTube for performance reasons. Optional.
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-video-channel\.png))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
# GNUNUX root /var/www/peertube;
root /usr/share/peertube;
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
# GNUNUX alias /var/www/peertube/client/dist/$1;
alias /usr/share/peertube/client/dist/$1;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(thumbnails|avatars)/ {
root /srv/peertube;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
root /srv/peertube;
limit_rate_after 5M;
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
set $peertube_limit_rate 800k;
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
if ($request_uri ~ -fragmented.mp4$) {
set $peertube_limit_rate 5M;
}
# Use this line with nginx >= 1.17.0
#limit_rate $peertube_limit_rate;
# Or this line if your nginx < 1.17.0
set $limit_rate $peertube_limit_rate;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
if ($request_method = 'GET') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Don't spam access log file with byte range requests
access_log off;
}
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
# and enables direct copying data from one file descriptor to another.
sendfile on;
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
aio threads;
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;
}
}

5
seed/applicationservice/2022.03.08/peertube/templates/peertube.service Normal file
View file

@ -0,0 +1,5 @@
[Service]
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"

638
seed/applicationservice/2022.03.08/peertube/templates/production.yaml Normal file
View file

@ -0,0 +1,638 @@
%compiler-settings
commentStartToken = §
%end compiler-settings
listen:
hostname: 'localhost'
port: 9000
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
webserver:
https: true
hostname: '%%revprox_client_external_domainname'
port: 443
rates_limit:
api:
# 50 attempts in 10 seconds
window: 10 seconds
max: 50
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
signup:
# 2 attempts in 5 min (only succeeded attempts are taken into account)
window: 5 minutes
max: 2
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
- 'loopback'
# Your database name will be database.name OR 'peertube'+database.suffix
database:
hostname: '%%pg_client_server_domainname'
port: 5432
ssl: true
suffix: '_prod'
name: '%%pg_client_database'
username: '%%pg_client_username'
password: '%%pg_client_password'
pool:
max: 5
# Redis server for short time storage
# You can also specify a 'socket' path to a unix socket but first need to
# comment out hostname and port
redis:
hostname: '%%redis_client_server_domainname'
port: 6379
auth: '%%redis_client_password'
db: 0
# SMTP server to send emails
smtp:
# smtp or sendmail
transport: smtp
# Path to sendmail command. Required if you use sendmail transport
sendmail: null
hostname: '%%smtp_relay_address'
port: 25 # If you use StartTLS: 587
username: '%%smtp_relay_user'
password: '%%smtp_relay_password'
tls: false # If you use StartTLS: false
disable_starttls: false
ca_file: '/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt' # Used for self signed certificates
from_address: '%%peertube_admin_email'
email:
body:
signature: 'PeerTube'
subject:
prefix: '[PeerTube]'
# Update default PeerTube values
# Set by API when the field is not provided and put as default value in client
defaults:
# Change default values when publishing a video (upload/import/go Live)
publish:
download_enabled: true
comments_enabled: true
# public = 1, unlisted = 2, private = 3, internal = 4
privacy: 1
# CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
# You can also choose a custom licence value added by a plugin
# No licence by default
licence: null
p2p:
# Enable P2P by default
# Can be enabled/disabled by anonymous users and logged in users
webapp:
enabled: true
embed:
enabled: true
# From the project root directory
storage:
tmp: '/srv/peertube/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
bin: '/srv/peertube/bin/'
avatars: '/srv/peertube/avatars/'
videos: '/srv/peertube/videos/'
streaming_playlists: '/srv/peertube/streaming-playlists/'
redundancy: '/srv/peertube/redundancy/'
logs: '/srv/peertube/logs/'
previews: '/srv/peertube/previews/'
thumbnails: '/srv/peertube/thumbnails/'
torrents: '/srv/peertube/torrents/'
captions: '/srv/peertube/captions/'
cache: '/srv/peertube/cache/'
plugins: '/usr/share/peertube_plugins/'
# Overridable client files in client/dist/assets/images:
# - logo.svg
# - favicon.png
# - default-playlist.jpg
# - default-avatar-account.png
# - default-avatar-video-channel.png
# - and icons/*.png (PWA)
# Could contain for example assets/images/favicon.png
# If the file exists, peertube will serve it
# If not, peertube will fallback to the default file
client_overrides: '/srv/peertube/client-overrides/'
object_storage:
enabled: false
# Without protocol, will default to HTTPS
endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
region: 'us-east-1'
credentials:
# You can also use AWS_ACCESS_KEY_ID env variable
access_key_id: ''
# You can also use AWS_SECRET_ACCESS_KEY env variable
secret_access_key: ''
# Maximum amount to upload in one request to object storage
max_upload_part: 2GB
streaming_playlists:
bucket_name: 'streaming-playlists'
# Allows setting all buckets to the same value but with a different prefix
prefix: '' # Example: 'streaming-playlists:'
# Base url for object URL generation, scheme and host will be replaced by this URL
# Useful when you want to use a CDN/external proxy
base_url: '' # Example: 'https://mirror.example.com'
# Same settings but for webtorrent videos
videos:
bucket_name: 'videos'
prefix: ''
base_url: ''
log:
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
rotation:
enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
max_file_size: 12MB
max_files: 20
anonymize_ip: false
log_ping_requests: true
prettify_sql: false
trending:
videos:
interval_days: 7 # Compute trending videos for the last x days
algorithms:
enabled:
- 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
- 'hot' # adaptation of Reddit's 'Hot' algorithm
- 'most-viewed' # default, used initially by PeerTube as the trending page
- 'most-liked'
default: 'most-viewed'
# Cache remote videos on your server, to help other instances to broadcast the video
# You can define multiple caches using different sizes/strategies
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
redundancy:
videos:
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'most-views' # Cache videos that have the most views
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'trending' # Cache trending videos
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'recently-added' # Cache recently added videos
# min_views: 10 # Having at least x views
# Other instances that duplicate your content
remote_redundancy:
videos:
# 'nobody': Do not accept remote redundancies
# 'anybody': Accept remote redundancies from anybody
# 'followings': Accept redundancies from instance followings
accept_from: 'anybody'
csp:
enabled: false
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
report_uri:
security:
# Set the X-Frame-Options header to help to mitigate clickjacking attacks
frameguard:
enabled: true
tracker:
# If you disable the tracker, you disable the P2P aspect of PeerTube
enabled: true
# Only handle requests on your videos
# If you set this to false it means you have a public tracker
# Then, it is possible that clients overload your instance with external torrents
private: true
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
reject_too_many_announces: false
history:
videos:
# If you want to limit users videos history
# -1 means there is no limitations
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
max_age: -1
views:
videos:
# PeerTube creates a database entry every hour for each video to track views over a period of time
# This is used in particular by the Trending page
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
# -1 means no cleanup
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
remote:
max_age: '30 days'
# PeerTube buffers local video views before updating and federating the video
local_buffer_update_interval: '30 minutes'
ip_view_expiration: '1 hour'
plugins:
# The website PeerTube will ask for available PeerTube plugins and themes
# This is an unmoderated plugin index, so only install plugins/themes you trust
index:
enabled: false
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
url: 'https://packages.joinpeertube.org'
federation:
videos:
federate_unlisted: false
# Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments)
# It removes objects that do not exist anymore, and potentially fix their URLs
cleanup_remote_interactions: true
peertube:
check_latest_version:
# Check and notify admins of new PeerTube versions
enabled: false
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
url: 'https://joinpeertube.org/api/v1/versions.json'
webadmin:
configuration:
edition:
# Set this to false if you don't want to allow config edition in the web interface by instance admins
allowed: false
###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\
#
###############################################################################
cache:
previews:
size: 500 # Max number of previews you want to cache
captions:
size: 500 # Max number of video captions/subtitles you want to cache
torrents:
size: 500 # Max number of video torrents you want to cache
admin:
# Used to generate the root user at first startup
# And to receive emails from the contact form
email: '%%peertube_admin_email'
contact_form:
enabled: true
signup:
enabled: false
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
minimum_age: 16 # Used to configure the signup form
requires_email_verification: false
filters:
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
blacklist: []
user:
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
# Byte format is supported ("1GB" etc)
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
video_channels:
max_per_user: 20 # Allows each user to create up to 20 video channels.
# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
# Please, do not disable transcoding since many uploaded videos will not work
transcoding:
enabled: true
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
allow_additional_extensions: true
# If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
allow_audio_files: true
# Amount of threads used by ffmpeg for 1 transcoding job
threads: 1
# Amount of transcoding jobs to execute in parallel
concurrency: 1
# Choose the transcoding profile
# New profiles can be added by plugins
# Available in core PeerTube: 'default'
profile: 'default'
resolutions: # Only created if the original video has a higher resolution, uses more storage!
0p: false # audio-only (creates mp4 without video stream, always created when enabled)
144p: false
240p: false
360p: false
480p: false
720p: false
1080p: false
1440p: false
2160p: false
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
# If you also enabled the hls format, it will multiply videos storage by 2
# If disabled, breaks federation with PeerTube instances < 2.1
webtorrent:
enabled: false
# /!\ Requires ffmpeg >= 4.1
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
# * Resolution change is smoother
# * Faster playback in particular with long videos
# * More stable playback (less bugs/infinite loading)
# If you also enabled the webtorrent format, it will multiply videos storage by 2
hls:
enabled: true
live:
enabled: false
# Limit lives duration
# -1 == unlimited
max_duration: -1 # For example: '5 hours'
# Limit max number of live videos created on your instance
# -1 == unlimited
max_instance_lives: 20
# Limit max number of live videos created by a user on your instance
# -1 == unlimited
max_user_lives: 3
# Allow your users to save a replay of their live
# PeerTube will transcode segments in a video file
# If the user daily/total quota is reached, PeerTube will stop the live
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
allow_replay: true
# Your firewall should accept traffic from this port in TCP if you enable live
rtmp:
enabled: true
port: 1935
rtmps:
enabled: false
port: 1936
# Absolute path
key_file: ''
# Absolute path
cert_file: ''
# Allow to transcode the live streaming in multiple live resolutions
transcoding:
enabled: true
threads: 2
# Choose the transcoding profile
# New profiles can be added by plugins
# Available in core PeerTube: 'default'
profile: 'default'
resolutions:
144p: false
240p: false
360p: false
480p: false
720p: false
1080p: false
1440p: false
2160p: false
import:
# Add ability for your users to import remote videos (from YouTube, torrent...)
videos:
# Amount of import jobs to execute in parallel
concurrency: 1
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
http:
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
enabled: true
youtube_dl_release:
# Direct download URL to youtube-dl binary
# Github releases API is also supported
# Examples:
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
url: 'https://yt-dl.org/downloads/latest/youtube-dl'
# youtube-dl binary name
# yt-dlp is also supported
name: 'youtube-dl'
# Path to the python binary to execute for youtube-dl or yt-dlp
python_path: '/usr/bin/python3'
# IPv6 is very strongly rate-limited on most sites supported by youtube-dl
force_ipv4: false
# Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
torrent:
# We recommend to only enable magnet URI/torrent import if you trust your users
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
enabled: false
auto_blacklist:
# New videos automatically blacklisted so moderators can review before publishing
videos:
of_users:
enabled: false
# Instance settings
instance:
name: 'PeerTube'
short_description: '%%peertube_short_description'
description: '%%peertube_description' # Support markdown
terms: 'No terms for now.' # Support markdown
code_of_conduct: '' # Supports markdown
# Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
moderation_information: '' # Supports markdown
# Why did you create this instance?
creation_reason: '' # Supports Markdown
# Who is behind the instance? A single person? A non profit?
administrator: '' # Supports Markdown
# How long do you plan to maintain this instance?
maintenance_lifetime: '' # Supports Markdown
# How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
business_model: '' # Supports Markdown
# If you want to explain on what type of hardware your PeerTube instance runs
# Example: '2 vCore, 2GB RAM...'
hardware_information: '' # Supports Markdown
# What are the main languages of your instance? To interact with your users for example
# Uncomment or add the languages you want
# List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
languages:
# - en
# - es
- fr
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
# Uncomment or add the category ids you want
# List of supported categories: https://peertube.cpy.re/api/v1/videos/categories
categories:
# - 1 # Music
# - 2 # Films
# - 3 # Vehicles
# - 4 # Art
# - 5 # Sports
# - 6 # Travels
# - 7 # Gaming
# - 8 # People
# - 9 # Comedy
# - 10 # Entertainment
# - 11 # News & Politics
# - 12 # How To
# - 13 # Education
# - 14 # Activism
# - 15 # Science & Technology
# - 16 # Animals
# - 17 # Kids
# - 18 # Food
default_client_route: '/videos/trending'
# Whether or not the instance is dedicated to NSFW content
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
is_nsfw: false
# By default, `do_not_list` or `blur` or `display` NSFW videos
# Could be overridden per user with a setting
default_nsfw_policy: 'do_not_list'
customizations:
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add `/` to `Disallow:`
robots: |
User-agent: *
Disallow:
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
securitytxt:
'# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
services:
# Cards configuration to format video in Twitter
twitter:
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
# If false, we use an image link card that will redirect on your PeerTube instance
# Change it to `true`, and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
whitelisted: false
followers:
instance:
# Allow or not other instances to follow yours
enabled: true
# Whether or not an administrator must manually validate a new follower
manual_approval: false
followings:
instance:
# If you want to automatically follow back new instance followers
# If this option is enabled, use the mute feature instead of deleting followings
# /!\ Don't enable this if you don't have a reactive moderation team /!\
auto_follow_back:
enabled: false
# If you want to automatically follow instances of the public index
# If this option is enabled, use the mute feature instead of deleting followings
# /!\ Don't enable this if you don't have a reactive moderation team /!\
auto_follow_index:
enabled: false
# Host your own using https://framagit.org/framasoft/peertube/instances-peertube#peertube-auto-follow
index_url: ''
theme:
default: 'default'
broadcast_message:
enabled: false
message: '' # Support markdown
level: 'info' # 'info' | 'warning' | 'error'
dismissable: false
search:
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
# If enabled, the associated group will be able to "escape" from the instance follows
# That means they will be able to follow channels, watch videos, list videos of non followed instances
remote_uri:
users: true
anonymous: false
# Use a third party index instead of your local index, only for search results
# Useful to discover content outside of your instance
# If you enable search_index, you must enable remote_uri search for users
# If you do not enable remote_uri search for anonymous user, your instance will redirect the user on the origin instance
# instead of loading the video locally
search_index:
enabled: false
# URL of the search index, that should use the same search API and routes
# than PeerTube: https://docs.joinpeertube.org/api-rest-reference.html
# You should deploy your own with https://framagit.org/framasoft/peertube/search-index,
# and can use https://search.joinpeertube.org/ for tests, but keep in mind the latter is an unmoderated search index
url: ''
# You can disable local search, so users only use the search index
disable_local_search: false
# If you did not disable local search, you can decide to use the search index by default
is_default_search: false
# PeerTube client/interface configuration
client:
videos:
miniature:
# By default PeerTube client displays author username
prefer_author_display_name: false
menu:
login:
# If you enable only one external auth plugin
# You can automatically redirect your users on this external platform when they click on the login button
redirect_on_single_external_auth: false

2
seed/applicationservice/2022.03.08/peertube/templates/sysuser-peertube.conf Normal file
View file

@ -0,0 +1,2 @@
g peertube 982 -
u peertube 983:982 "Peertube Server" /usr/share/peertube /sbin/nologin

1
seed/applicationservice/2022.03.08/peertube/templates/tmpfile-peertube.conf Normal file
View file

@ -0,0 +1 @@
d /srv/peertube/ 750 peertube nginx - -

11
seed/applicationservice/2022.03.08/piwigo/applicationservice.yml Normal file
View file

@ -0,0 +1,11 @@
format: '0.1'
description: Nextcloud
depends:
- base-fedora-35
- mariadb-client
- ldap-client-fedora
- oauth2-client
- relay-mail-client
- nginx-common
- php-fpm
- reverse-proxy-client

11
seed/applicationservice/2022.03.08/piwigo/dictionaries/31_piwigo.xml Normal file
View file

@ -0,0 +1,11 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="piwigo" manage="False">
</service>
</services>
<variables>
<family name="piwigo" description="Piwigo">
</family>
</variables>
</rougail>

9
seed/applicationservice/2022.03.08/piwigo/manual/image/postinstall/piwigo.sh Normal file
View file

@ -0,0 +1,9 @@
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
wget -q "https://github.com/Piwigo/Piwigo/archive/refs/tags/$app.tar.gz"
tar xf *tar.gz
rm -f *tar.gz
mv Piwigo-* piwigo
chown -R root: piwigo
cd -

10
seed/applicationservice/2022.03.08/pleroma/applicationservice.yml Normal file
View file

@ -0,0 +1,10 @@
format: '0.1'
description: Pleroma
depends:
- base-fedora-36
- postgresql-client
- relay-mail-client
- reverse-proxy-client
- redis-client
- nginx-common
- oauth2-client

68
seed/applicationservice/2022.03.08/pleroma/dictionaries/30_peertube.xml Normal file
View file

@ -0,0 +1,68 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="peertube" target="multi-user">
<override/>
<file engine="none" source="sysuser-peertube.conf">/sysusers.d/0peertube.conf</file>
<file engine="none" source="tmpfile-peertube.conf">/tmpfiles.d/0peertube.conf</file>
<file>/etc/peertube/production.yaml</file>
<file engine="none">/etc/pam.d/login</file>
<file source="nginx.peertube.conf">/etc/nginx/conf.d/peertube.conf</file>
</service>
</services>
<variables>
<family name="peertube">
<variable name="peertube_admin_email" type="mail" description="Adresse courriel de l'administrateur Peertube" mandatory="True"/>
<variable name="peertube_short_description" type="string" description="Description courte de l'instance">
<value>PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.</value>
</variable>
<variable name="peertube_description" type="string" description="Description de l'instance">
<value>Welcome to this PeerTube instance!</value>
</variable>
</family>
<family name="oauth2_client">
<variable name="oauth2_is_client_application" redefine='True'>
<value>True</value>
</variable>
<variable name="oauth2_client_name" redefine='True'>
<value>Vidéo</value>
</variable>
<variable name="oauth2_client_description" redefine='True'>
<value>Plateforme de partage de vidéo Peertube</value>
</variable>
<variable name="oauth2_client_category" redefine='True'>
<value>Réseaux sociaux</value>
</variable>
<variable name="oauth2_client_logo" redefine='True'>
<value>silique_video.png</value>
</variable>
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
</family>
<family name="nginx" description="Reverse proxy">
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
<variable name="revprox_client_location" redefine="True">
<value>/</value>
</variable>
<variable name="revprox_client_max_body_size" redefine="True">
<value>12G</value>
</variable>
</family>
</family>
</variables>
<constraints>
<fill name="calc_oauth2_client_external">
<param type="variable">revprox_client_external_domainname</param>
<param type="variable">revprox_client_location</param>
<param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
<target>oauth2_client_external</target>
</fill>
<fill name="calc_value">
<param type="boolean">True</param>
<param name="default" type="boolean">False</param>
<param name="condition" type="variable">revprox_client_location</param>
<param name="expected">/socket.io</param>
<target>revprox_client_is_websocket</target>
</fill>
</constraints>
</rougail>

4
seed/applicationservice/2022.03.08/pleroma/manual/image/postinstall/pleroma.sh Normal file
View file

@ -0,0 +1,4 @@
#!/bin/bash
# https://docs-develop.pleroma.social/backend/installation/otp_en/
arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"

2
seed/applicationservice/2022.03.08/pleroma/manual/image/preinstall/pleroma.sh Normal file
View file

@ -0,0 +1,2 @@
PKG="$PKG ffmpeg"
FUSION=true

17
seed/applicationservice/2022.03.08/pleroma/templates/login Normal file
View file

@ -0,0 +1,17 @@
# File from util-linux-*.x86_64 (not installed)
#%PAM-1.0
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so

271
seed/applicationservice/2022.03.08/pleroma/templates/nginx.peertube.conf Normal file
View file

@ -0,0 +1,271 @@
# GNUNUX /usr/share/peertube/support/nginx/peertube
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
# Please check your Nginx installation features the following modules via 'nginx -V':
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
# THIRD PARTY MODULES: None.
# GNUNUX server {
# GNUNUX listen 80;
# GNUNUX listen [::]:80;
# GNUNUX server_name ${WEBSERVER_HOST};
# GNUNUX
# GNUNUX location /.well-known/acme-challenge/ {
# GNUNUX default_type "text/plain";
# GNUNUX root /var/www/certbot;
# GNUNUX }
# GNUNUX location / { return 301 https://$host$request_uri; }
# GNUNUX }
upstream %%domain_name_eth0 {
# GNUNUX server ${PEERTUBE_HOST};
server localhost:9000;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name %%domain_name_eth0;
# GNUNUX access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
# GNUNUX error_log /var/log/nginx/peertube.error.log;
##
# Certificates
# you need a certificate to run in production. see https://letsencrypt.org/
##
# GNUNUX ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
# GNUNUX ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
#>GNUNUX
ssl_client_certificate %%revprox_ca_file;
ssl_certificate %%revprox_cert_file;
ssl_certificate_key %%revprox_key_file;
#<GNUNUX
# GNUNUX location ^~ '/.well-known/acme-challenge' {
# GNUNUX default_type "text/plain";
# GNUNUX root /var/www/certbot;
# GNUNUX }
##
# Security hardening (as of Nov 15, 2020)
# based on Mozilla Guideline v5.6
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
ssl_session_timeout 1d; # defaults to 5m
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
##
# Application
##
location @api {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host %%revprox_client_external_domainname;
# proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100k; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://%%domain_name_eth0;
}
location / {
try_files /dev/null @api;
}
location = /api/v1/videos/upload-resumable {
client_max_body_size 0;
proxy_request_buffering off;
try_files /dev/null @api;
}
location = /api/v1/videos/upload {
limit_except POST HEAD { deny all; }
# This is the maximum upload size, which roughly matches the maximum size of a video file.
# Note that temporary space is needed equal to the total size of all concurrent uploads.
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
# on a dedicated filesystem.
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
##
# Websocket
##
location @api_websocket {
proxy_http_version 1.1;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host %%revprox_client_external_domainname;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
proxy_pass http://%%domain_name_eth0;
}
location /socket.io {
try_files /dev/null @api_websocket;
}
location /tracker/socket {
# Peers send a message to the tracker every 15 minutes
# Don't close the websocket before then
proxy_read_timeout 15m; # default is 60s
try_files /dev/null @api_websocket;
}
##
# Performance optimizations
# For extra performance please refer to https://github.com/denji/nginx-tuning
##
# GNUNUX root /var/www/peertube/storage;
root /usr/share/peertube;
# Enable compression for JS/CSS/HTML, for improved client load times.
# It might be nice to compress JSON/XML as returned by the API, but
# leaving that out to protect against potential BREACH attack.
gzip on;
gzip_vary on;
gzip_types # text/html is always compressed by HttpGzipModule
text/css
application/javascript
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
gzip_min_length 1000; # default is 20 bytes
gzip_buffers 16 8k;
gzip_comp_level 2; # default is 1
client_body_timeout 30s; # default is 60
client_header_timeout 10s; # default is 60
send_timeout 10s; # default is 60
keepalive_timeout 10s; # default is 75
resolver_timeout 10s; # default is 30
reset_timedout_connection on;
proxy_ignore_client_abort on;
tcp_nopush on; # send headers in one piece
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
#client_body_temp_path /var/www/peertube/storage/nginx/;
# Bypass PeerTube for performance reasons. Optional.
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-video-channel\.png))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
# GNUNUX root /var/www/peertube;
root /usr/share/peertube;
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
# GNUNUX alias /var/www/peertube/client/dist/$1;
alias /usr/share/peertube/client/dist/$1;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(thumbnails|avatars)/ {
root /srv/peertube;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;
}
# Bypass PeerTube for performance reasons. Optional.
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
root /srv/peertube;
limit_rate_after 5M;
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
set $peertube_limit_rate 800k;
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
if ($request_uri ~ -fragmented.mp4$) {
set $peertube_limit_rate 5M;
}
# Use this line with nginx >= 1.17.0
#limit_rate $peertube_limit_rate;
# Or this line if your nginx < 1.17.0
set $limit_rate $peertube_limit_rate;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
if ($request_method = 'GET') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Don't spam access log file with byte range requests
access_log off;
}
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
# and enables direct copying data from one file descriptor to another.
sendfile on;
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
aio threads;
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
rewrite ^/static/(.*)$ /$1 break;
try_files $uri @api;
}
}

5
seed/applicationservice/2022.03.08/pleroma/templates/peertube.service Normal file
View file

@ -0,0 +1,5 @@
[Service]
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"

638
seed/applicationservice/2022.03.08/pleroma/templates/production.yaml Normal file
View file

@ -0,0 +1,638 @@
%compiler-settings
commentStartToken = §
%end compiler-settings
listen:
hostname: 'localhost'
port: 9000
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
webserver:
https: true
hostname: '%%revprox_client_external_domainname'
port: 443
rates_limit:
api:
# 50 attempts in 10 seconds
window: 10 seconds
max: 50
login:
# 15 attempts in 5 min
window: 5 minutes
max: 15
signup:
# 2 attempts in 5 min (only succeeded attempts are taken into account)
window: 5 minutes
max: 2
ask_send_email:
# 3 attempts in 5 min
window: 5 minutes
max: 3
# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
- 'loopback'
# Your database name will be database.name OR 'peertube'+database.suffix
database:
hostname: '%%pg_client_server_domainname'
port: 5432
ssl: true
suffix: '_prod'
name: '%%pg_client_database'
username: '%%pg_client_username'
password: '%%pg_client_password'
pool:
max: 5
# Redis server for short time storage
# You can also specify a 'socket' path to a unix socket but first need to
# comment out hostname and port
redis:
hostname: '%%redis_client_server_domainname'
port: 6379
auth: '%%redis_client_password'
db: 0
# SMTP server to send emails
smtp:
# smtp or sendmail
transport: smtp
# Path to sendmail command. Required if you use sendmail transport
sendmail: null
hostname: '%%smtp_relay_address'
port: 25 # If you use StartTLS: 587
username: '%%smtp_relay_user'
password: '%%smtp_relay_password'
tls: false # If you use StartTLS: false
disable_starttls: false
ca_file: '/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt' # Used for self signed certificates
from_address: '%%peertube_admin_email'
email:
body:
signature: 'PeerTube'
subject:
prefix: '[PeerTube]'
# Update default PeerTube values
# Set by API when the field is not provided and put as default value in client
defaults:
# Change default values when publishing a video (upload/import/go Live)
publish:
download_enabled: true
comments_enabled: true
# public = 1, unlisted = 2, private = 3, internal = 4
privacy: 1
# CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
# You can also choose a custom licence value added by a plugin
# No licence by default
licence: null
p2p:
# Enable P2P by default
# Can be enabled/disabled by anonymous users and logged in users
webapp:
enabled: true
embed:
enabled: true
# From the project root directory
storage:
tmp: '/srv/peertube/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
bin: '/srv/peertube/bin/'
avatars: '/srv/peertube/avatars/'
videos: '/srv/peertube/videos/'
streaming_playlists: '/srv/peertube/streaming-playlists/'
redundancy: '/srv/peertube/redundancy/'
logs: '/srv/peertube/logs/'
previews: '/srv/peertube/previews/'
thumbnails: '/srv/peertube/thumbnails/'
torrents: '/srv/peertube/torrents/'
captions: '/srv/peertube/captions/'
cache: '/srv/peertube/cache/'
plugins: '/usr/share/peertube_plugins/'
# Overridable client files in client/dist/assets/images:
# - logo.svg
# - favicon.png
# - default-playlist.jpg
# - default-avatar-account.png
# - default-avatar-video-channel.png
# - and icons/*.png (PWA)
# Could contain for example assets/images/favicon.png
# If the file exists, peertube will serve it
# If not, peertube will fallback to the default file
client_overrides: '/srv/peertube/client-overrides/'
object_storage:
enabled: false
# Without protocol, will default to HTTPS
endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
region: 'us-east-1'
credentials:
# You can also use AWS_ACCESS_KEY_ID env variable
access_key_id: ''
# You can also use AWS_SECRET_ACCESS_KEY env variable
secret_access_key: ''
# Maximum amount to upload in one request to object storage
max_upload_part: 2GB
streaming_playlists:
bucket_name: 'streaming-playlists'
# Allows setting all buckets to the same value but with a different prefix
prefix: '' # Example: 'streaming-playlists:'
# Base url for object URL generation, scheme and host will be replaced by this URL
# Useful when you want to use a CDN/external proxy
base_url: '' # Example: 'https://mirror.example.com'
# Same settings but for webtorrent videos
videos:
bucket_name: 'videos'
prefix: ''
base_url: ''
log:
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
rotation:
enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
max_file_size: 12MB
max_files: 20
anonymize_ip: false
log_ping_requests: true
prettify_sql: false
trending:
videos:
interval_days: 7 # Compute trending videos for the last x days
algorithms:
enabled:
- 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
- 'hot' # adaptation of Reddit's 'Hot' algorithm
- 'most-viewed' # default, used initially by PeerTube as the trending page
- 'most-liked'
default: 'most-viewed'
# Cache remote videos on your server, to help other instances to broadcast the video
# You can define multiple caches using different sizes/strategies
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
redundancy:
videos:
check_interval: '1 hour' # How often you want to check new videos to cache
strategies: # Just uncomment strategies you want
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'most-views' # Cache videos that have the most views
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'trending' # Cache trending videos
# -
# size: '10GB'
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
# min_lifetime: '48 hours'
# strategy: 'recently-added' # Cache recently added videos
# min_views: 10 # Having at least x views
# Other instances that duplicate your content
remote_redundancy:
videos:
# 'nobody': Do not accept remote redundancies
# 'anybody': Accept remote redundancies from anybody
# 'followings': Accept redundancies from instance followings
accept_from: 'anybody'
csp:
enabled: false
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
report_uri:
security:
# Set the X-Frame-Options header to help to mitigate clickjacking attacks
frameguard:
enabled: true
tracker:
# If you disable the tracker, you disable the P2P aspect of PeerTube
enabled: true
# Only handle requests on your videos
# If you set this to false it means you have a public tracker
# Then, it is possible that clients overload your instance with external torrents
private: true
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
reject_too_many_announces: false
history:
videos:
# If you want to limit users videos history
# -1 means there is no limitations
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
max_age: -1
views:
videos:
# PeerTube creates a database entry every hour for each video to track views over a period of time
# This is used in particular by the Trending page
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
# -1 means no cleanup
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
remote:
max_age: '30 days'
# PeerTube buffers local video views before updating and federating the video
local_buffer_update_interval: '30 minutes'
ip_view_expiration: '1 hour'
plugins:
# The website PeerTube will ask for available PeerTube plugins and themes
# This is an unmoderated plugin index, so only install plugins/themes you trust
index:
enabled: false
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
url: 'https://packages.joinpeertube.org'
federation:
videos:
federate_unlisted: false
# Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments)
# It removes objects that do not exist anymore, and potentially fix their URLs
cleanup_remote_interactions: true
peertube:
check_latest_version:
# Check and notify admins of new PeerTube versions
enabled: false
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
url: 'https://joinpeertube.org/api/v1/versions.json'
webadmin:
configuration:
edition:
# Set this to false if you don't want to allow config edition in the web interface by instance admins
allowed: false
###############################################################################
#
# From this point, all the following keys can be overridden by the web interface
# (local-production.json file). If you need to change some values, prefer to
# use the web interface because the configuration will be automatically
# reloaded without any need to restart PeerTube
#
# /!\ If you already have a local-production.json file, the modification of the
# following keys will have no effect /!\
#
###############################################################################
cache:
previews:
size: 500 # Max number of previews you want to cache
captions:
size: 500 # Max number of video captions/subtitles you want to cache
torrents:
size: 500 # Max number of video torrents you want to cache
admin:
# Used to generate the root user at first startup
# And to receive emails from the contact form
email: '%%peertube_admin_email'
contact_form:
enabled: true
signup:
enabled: false
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
minimum_age: 16 # Used to configure the signup form
requires_email_verification: false
filters:
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
whitelist: []
blacklist: []
user:
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
# Byte format is supported ("1GB" etc)
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
video_channels:
max_per_user: 20 # Allows each user to create up to 20 video channels.
# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
# Please, do not disable transcoding since many uploaded videos will not work
transcoding:
enabled: true
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
allow_additional_extensions: true
# If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
allow_audio_files: true
# Amount of threads used by ffmpeg for 1 transcoding job
threads: 1
# Amount of transcoding jobs to execute in parallel
concurrency: 1
# Choose the transcoding profile
# New profiles can be added by plugins
# Available in core PeerTube: 'default'
profile: 'default'
resolutions: # Only created if the original video has a higher resolution, uses more storage!
0p: false # audio-only (creates mp4 without video stream, always created when enabled)
144p: false
240p: false
360p: false
480p: false
720p: false
1080p: false
1440p: false
2160p: false
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
# If you also enabled the hls format, it will multiply videos storage by 2
# If disabled, breaks federation with PeerTube instances < 2.1
webtorrent:
enabled: false
# /!\ Requires ffmpeg >= 4.1
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
# * Resolution change is smoother
# * Faster playback in particular with long videos
# * More stable playback (less bugs/infinite loading)
# If you also enabled the webtorrent format, it will multiply videos storage by 2
hls:
enabled: true
live:
enabled: false
# Limit lives duration
# -1 == unlimited
max_duration: -1 # For example: '5 hours'
# Limit max number of live videos created on your instance
# -1 == unlimited
max_instance_lives: 20
# Limit max number of live videos created by a user on your instance
# -1 == unlimited
max_user_lives: 3
# Allow your users to save a replay of their live
# PeerTube will transcode segments in a video file
# If the user daily/total quota is reached, PeerTube will stop the live
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
allow_replay: true
# Your firewall should accept traffic from this port in TCP if you enable live
rtmp:
enabled: true
port: 1935
rtmps:
enabled: false
port: 1936
# Absolute path
key_file: ''
# Absolute path
cert_file: ''
# Allow to transcode the live streaming in multiple live resolutions
transcoding:
enabled: true
threads: 2
# Choose the transcoding profile
# New profiles can be added by plugins
# Available in core PeerTube: 'default'
profile: 'default'
resolutions:
144p: false
240p: false
360p: false
480p: false
720p: false
1080p: false
1440p: false
2160p: false
import:
# Add ability for your users to import remote videos (from YouTube, torrent...)
videos:
# Amount of import jobs to execute in parallel
concurrency: 1
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
http:
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
enabled: true
youtube_dl_release:
# Direct download URL to youtube-dl binary
# Github releases API is also supported
# Examples:
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
url: 'https://yt-dl.org/downloads/latest/youtube-dl'
# youtube-dl binary name
# yt-dlp is also supported
name: 'youtube-dl'
# Path to the python binary to execute for youtube-dl or yt-dlp
python_path: '/usr/bin/python3'
# IPv6 is very strongly rate-limited on most sites supported by youtube-dl
force_ipv4: false
# Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
torrent:
# We recommend to only enable magnet URI/torrent import if you trust your users
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
enabled: false
auto_blacklist:
# New videos automatically blacklisted so moderators can review before publishing
videos:
of_users:
enabled: false
# Instance settings
instance:
name: 'PeerTube'
short_description: '%%peertube_short_description'
description: '%%peertube_description' # Support markdown
terms: 'No terms for now.' # Support markdown
code_of_conduct: '' # Supports markdown
# Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
moderation_information: '' # Supports markdown
# Why did you create this instance?
creation_reason: '' # Supports Markdown
# Who is behind the instance? A single person? A non profit?
administrator: '' # Supports Markdown
# How long do you plan to maintain this instance?
maintenance_lifetime: '' # Supports Markdown
# How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
business_model: '' # Supports Markdown
# If you want to explain on what type of hardware your PeerTube instance runs
# Example: '2 vCore, 2GB RAM...'
hardware_information: '' # Supports Markdown
# What are the main languages of your instance? To interact with your users for example
# Uncomment or add the languages you want
# List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
languages:
# - en
# - es
- fr
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
# Uncomment or add the category ids you want
# List of supported categories: https://peertube.cpy.re/api/v1/videos/categories
categories:
# - 1 # Music
# - 2 # Films
# - 3 # Vehicles
# - 4 # Art
# - 5 # Sports
# - 6 # Travels
# - 7 # Gaming
# - 8 # People
# - 9 # Comedy
# - 10 # Entertainment
# - 11 # News & Politics
# - 12 # How To
# - 13 # Education
# - 14 # Activism
# - 15 # Science & Technology
# - 16 # Animals
# - 17 # Kids
# - 18 # Food
default_client_route: '/videos/trending'
# Whether or not the instance is dedicated to NSFW content
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
is_nsfw: false
# By default, `do_not_list` or `blur` or `display` NSFW videos
# Could be overridden per user with a setting
default_nsfw_policy: 'do_not_list'
customizations:
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add `/` to `Disallow:`
robots: |
User-agent: *
Disallow:
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
securitytxt:
'# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
services:
# Cards configuration to format video in Twitter
twitter:
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
# If false, we use an image link card that will redirect on your PeerTube instance
# Change it to `true`, and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
whitelisted: false
followers:
instance:
# Allow or not other instances to follow yours
enabled: true
# Whether or not an administrator must manually validate a new follower
manual_approval: false
followings:
instance:
# If you want to automatically follow back new instance followers
# If this option is enabled, use the mute feature instead of deleting followings
# /!\ Don't enable this if you don't have a reactive moderation team /!\
auto_follow_back:
enabled: false
# If you want to automatically follow instances of the public index
# If this option is enabled, use the mute feature instead of deleting followings
# /!\ Don't enable this if you don't have a reactive moderation team /!\
auto_follow_index:
enabled: false
# Host your own using https://framagit.org/framasoft/peertube/instances-peertube#peertube-auto-follow
index_url: ''
theme:
default: 'default'
broadcast_message:
enabled: false
message: '' # Support markdown
level: 'info' # 'info' | 'warning' | 'error'
dismissable: false
search:
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
# If enabled, the associated group will be able to "escape" from the instance follows
# That means they will be able to follow channels, watch videos, list videos of non followed instances
remote_uri:
users: true
anonymous: false
# Use a third party index instead of your local index, only for search results
# Useful to discover content outside of your instance
# If you enable search_index, you must enable remote_uri search for users
# If you do not enable remote_uri search for anonymous user, your instance will redirect the user on the origin instance
# instead of loading the video locally
search_index:
enabled: false
# URL of the search index, that should use the same search API and routes
# than PeerTube: https://docs.joinpeertube.org/api-rest-reference.html
# You should deploy your own with https://framagit.org/framasoft/peertube/search-index,
# and can use https://search.joinpeertube.org/ for tests, but keep in mind the latter is an unmoderated search index
url: ''
# You can disable local search, so users only use the search index
disable_local_search: false
# If you did not disable local search, you can decide to use the search index by default
is_default_search: false
# PeerTube client/interface configuration
client:
videos:
miniature:
# By default PeerTube client displays author username
prefer_author_display_name: false
menu:
login:
# If you enable only one external auth plugin
# You can automatically redirect your users on this external platform when they click on the login button
redirect_on_single_external_auth: false

2
seed/applicationservice/2022.03.08/pleroma/templates/sysuser-peertube.conf Normal file
View file

@ -0,0 +1,2 @@
g peertube 982 -
u peertube 983:982 "Peertube Server" /usr/share/peertube /sbin/nologin

1
seed/applicationservice/2022.03.08/pleroma/templates/tmpfile-peertube.conf Normal file
View file

@ -0,0 +1 @@
d /srv/peertube/ 750 peertube nginx - -

2
seed/applicationservice/2022.03.08/postgresql-client/templates/ca_PostgreSQL.crt Normal file
View file

@ -0,0 +1,2 @@
%%get_chain(authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL")

1
seed/applicationservice/2022.03.08/postgresql-client/templates/postgresql.crt Normal file
View file

@ -0,0 +1 @@
%%get_certificate(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name='PostgreSQL', type="client")

1
seed/applicationservice/2022.03.08/postgresql-client/templates/postgresql.key Normal file
View file

@ -0,0 +1 @@
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name='PostgreSQL', type="client")

1
seed/applicationservice/2022.03.08/postgresql-server/templates/ca_PostgreSQL.crt Normal file
View file

@ -0,0 +1 @@
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="PostgreSQL")

1
seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.crt Normal file
View file

@ -0,0 +1 @@
%%get_certificate(%%domain_name_eth0, 'PostgreSQL')

1
seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.key Normal file
View file

@ -0,0 +1 @@
%%get_private_key(%%domain_name_eth0, 'PostgreSQL')

105
seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/21_nginx_client.xml Normal file
View file

@ -0,0 +1,105 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="nginx" manage="False">
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
<file file_type="variable" source="revprox.crt">revprox_cert_file</file>
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_key_file</file>
</service>
</services>
<variables>
<family name="nginx" description="Reverse proxy">
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
<variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
<value>/</value>
</variable>
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
<value>False</value>
</variable>
<variable name="revprox_client_max_body_size" description="Taille maximum du corps"/>
</family>
<variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
<variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
<value>443</value>
</variable>
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
<value>root</value>
</variable>
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
<value>root</value>
</variable>
<variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
<variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
<variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
<variable name="nginx_default" exists="True" redefine="True" remove_fill="True" mandatory="False"/>
</family>
</variables>
<constraints>
<fill name="calc_web_address">
<param type="variable">domain_name_eth0</param>
<param type="variable">revprox_client_port</param>
<param type="variable">revprox_client_local_location</param>
<target>revprox_client_web_address</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_ca_directory</param>
<param>ca_InternalReverseProxy.crt</param>
<param name="join">/</param>
<target>revprox_ca_file</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_cert_directory</param>
<param>revprox.crt</param>
<param name="join">/</param>
<target>revprox_cert_file</target>
</fill>
<fill name="calc_value">
<param type="variable">tls_key_directory</param>
<param>revprox.key</param>
<param name="join">/</param>
<target>revprox_key_file</target>
</fill>
<fill name="set_linked">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_clients</param>
<param name="linked_value" type="variable">revprox_client_external_domainname</param>
<param name="linked_returns">ip</param>
<param name="dynamic">0</param>
<target>revprox_client_server_ip</target>
</fill>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_location</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<target>revprox_client_location</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_is_websocket</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<param name="leader_provider">revprox_location</param>
<param name="leader_value" type="variable">revprox_client_location</param>
<target>revprox_client_is_websocket</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_max_body_size</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<param name="leader_provider">revprox_location</param>
<param name="leader_value" type="variable">revprox_client_location</param>
<target>revprox_client_max_body_size</target>
</check>
<check name="set_linked_configuration">
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
<param name="linked_provider">revprox_url</param>
<param name="leader_provider">revprox_location</param>
<param name="leader_value" type="variable">revprox_client_location</param>
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
<target>revprox_client_web_address</target>
</check>
</constraints>
</rougail>

420
seed/applicationservice/2022.03.08/roundcube/templates/silique_cloud.svg Normal file
View file

@ -0,0 +1,420 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
version="1.1"
id="svg2"
width="177.44817"
height="84.108955"
viewBox="0 0 177.44817 84.108956"
sodipodi:docname="silique_cloud.svg"
inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
inkscape:export-filename="/home/gnunux/Silique/silique_cloud.png"
inkscape:export-xdpi="216.39999"
inkscape:export-ydpi="216.39999"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<defs
id="defs6">
<linearGradient
id="linearGradient4842">
<stop
id="stop4838"
style="stop-color:#ffe96b;stop-opacity:1"
offset="0" />
<stop
id="stop4840"
style="stop-color:#91c644;stop-opacity:1"
offset="1" />
</linearGradient>
<linearGradient
inkscape:collect="always"
id="linearGradient126196">
<stop
style="stop-color:#007203;stop-opacity:1;"
offset="0"
id="stop126192" />
<stop
style="stop-color:#007203;stop-opacity:0;"
offset="1"
id="stop126194" />
</linearGradient>
<linearGradient
inkscape:collect="always"
id="fond_vert">
<stop
style="stop-color:#007203;stop-opacity:1;"
offset="0"
id="stop38409" />
<stop
style="stop-color:#5ca20e;stop-opacity:1"
offset="1"
id="stop38411" />
</linearGradient>
<linearGradient
id="linearGradient14755"
inkscape:swatch="solid">
<stop
style="stop-color:#9bca48;stop-opacity:1;"
offset="0"
id="stop14753" />
</linearGradient>
<marker
style="overflow:visible"
id="Arrow1Lstart"
refX="0"
refY="0"
orient="auto"
inkscape:stockid="Arrow1Lstart"
inkscape:isstock="true">
<path
transform="matrix(0.8,0,0,0.8,10,0)"
style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
d="M 0,0 5,-5 -12.5,0 5,5 Z"
id="path2092" />
</marker>
<linearGradient
inkscape:collect="always"
xlink:href="#linearGradient126196"
id="linearGradient126198"
x1="228.22656"
y1="202.49219"
x2="324.28137"
y2="202.49219"
gradientUnits="userSpaceOnUse" />
<clipPath
id="clipPath530"
clipPathUnits="userSpaceOnUse">
<path
id="path532"
inkscape:connector-curvature="0"
d="m 492.82,620.53 c 0,0 -1.181,-8.485 -10.269,-16.019 -9.092,-7.53 -31.685,-15.146 -46.705,-33.749 -15.018,-18.601 -7.72,-36.875 -3.868,-42.334 2.211,-3.134 5.562,-3.876 8.019,-3.935 -0.91,4.277 -1.486,9.019 -1.24,13.954 1.975,19.781 17.473,32.284 19.949,34.611 1.349,1.202 3.866,3.206 6.919,5.426 3.133,2.181 6.435,4.655 9.461,7.536 6.074,5.517 10.949,11.079 10.935,11.079 0.012,0 -4.141,-6.116 -9.656,-12.355 -2.642,-3.15 -5.994,-6.258 -8.846,-8.643 -2.823,-2.472 -5.122,-4.588 -6.416,-5.743 -1.264,-1.176 -5.338,-4.717 -9.235,-10.434 -1.967,-2.905 -3.76,-6.166 -5.493,-10.141 -1.684,-3.434 -2.509,-7.461 -2.548,-11.521 -0.062,-7.086 1.858,-14.012 3.846,-19.377 2.668,-1.382 6.865,-1.834 13.43,0.615 5.236,2.902 9.737,6.218 13.616,9.831 l -6.202,8.169 11.594,-2.494 c 3.872,4.61 6.918,9.569 9.3,14.689 l -11.267,3.398 14.096,3.661 c 2.466,7.16 3.802,14.474 4.41,21.474 l -11.195,-1.946 -0.114,-0.047 0.067,0.04 -1.22,-0.213 12.821,8.513 c 0.57,19.967 -4.189,35.955 -4.189,35.955" />
</clipPath>
<clipPath
id="clipPath554"
clipPathUnits="userSpaceOnUse">
<path
id="path556"
inkscape:connector-curvature="0"
d="m 435.85,570.76 c 13.509,16.729 33.148,24.578 43.571,31.466 -8.989,-8.201 -29.577,-17.459 -42.001,-36.625 -11.215,-17.302 -5.693,-33.296 -1.208,-40.414 -1.528,0.569 -3.041,1.559 -4.23,3.239 -3.852,5.459 -11.15,23.733 3.868,42.334" />
</clipPath>
<linearGradient
id="linearGradient886"
y2="7.5225039"
y1="7.5225039"
x1="7.7122393"
gradientTransform="matrix(0.03841487,0,0,0.03915282,255.99999,340.61689)"
x2="416.12695"
gradientUnits="userSpaceOnUse">
<stop
id="stop888"
style="stop-color:#004f00"
offset="0" />
<stop
id="stop889"
style="stop-color:#92c705"
offset="1" />
</linearGradient>
<linearGradient
id="linearGradient882"
y2="324.68274"
y1="157.96686"
x2="312.29535"
x1="207.02525"
gradientTransform="matrix(0.03700393,0,0,0.0406457,255.99999,340.61689)"
gradientUnits="userSpaceOnUse"
spreadMethod="pad">
<stop
id="stop884"
style="stop-color:#ffe96b;stop-opacity:1"
offset="0" />
<stop
id="stop885"
style="stop-color:#91c644;stop-opacity:1"
offset="1" />
</linearGradient>
<linearGradient
inkscape:collect="always"
xlink:href="#linearGradient882"
id="linearGradient2848"
x1="260.90359"
y1="348.3031"
x2="266.93088"
y2="352.25424"
gradientUnits="userSpaceOnUse" />
<linearGradient
id="linearGradient2220"
y2="439.15341"
xlink:href="#linearGradient4842"
gradientUnits="userSpaceOnUse"
x2="127.65018"
y1="306.14713"
x1="-15.283262"
inkscape:collect="always"
gradientTransform="matrix(0.03070057,0,0,0.03070057,241.2189,385.12111)" />
<linearGradient
id="linearGradient1762">
<stop
id="stop1758"
style="stop-color:#91c644;stop-opacity:1"
offset="0" />
<stop
id="stop1760"
style="stop-color:#85a25a;stop-opacity:1"
offset="1" />
</linearGradient>
<linearGradient
id="linearGradient2222"
y2="226.93604"
xlink:href="#linearGradient4842"
gradientUnits="userSpaceOnUse"
x2="326.89941"
gradientTransform="matrix(0.03070057,0,0,-0.03070057,241.2189,407.43705)"
y1="17.076748"
x1="116.66689"
inkscape:collect="always" />
<linearGradient
inkscape:collect="always"
xlink:href="#linearGradient4842"
id="linearGradient1766"
x1="-77.476402"
y1="256.38412"
x2="417.90433"
y2="338.79333"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.03070057,0,0,0.03070057,241.2189,385.12111)" />
<linearGradient
inkscape:collect="always"
xlink:href="#fond_vert"
id="linearGradient117744"
x1="163.58594"
y1="176.38477"
x2="267.45612"
y2="176.4704"
gradientUnits="userSpaceOnUse"
gradientTransform="translate(-4.5684325,17.666728)" />
<linearGradient
inkscape:collect="always"
xlink:href="#fond_vert"
id="linearGradient1964"
x1="114.961"
y1="205.82333"
x2="292.40918"
y2="205.82333"
gradientUnits="userSpaceOnUse"
gradientTransform="translate(0.712326,1.22743)" />
</defs>
<sodipodi:namedview
id="namedview4"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
showgrid="false"
inkscape:zoom="5.656854"
inkscape:cx="88.653517"
inkscape:cy="47.376156"
inkscape:window-width="1920"
inkscape:window-height="1011"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="g8" />
<g
inkscape:groupmode="layer"
inkscape:label="Image"
id="g8"
transform="translate(-115.67333,-164.99629)">
<path
style="mix-blend-mode:normal;fill:url(#linearGradient1964);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4.162;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 156.21634,241.25216 c -36.77875,-0.52415 -40.28886,-59.93704 -37.81186,-73.76847 4.31487,-6.88361 5.16377,67.54956 53.91071,53.40865 7.63767,-0.10896 7.46241,-0.48863 13.68295,0 0,0 6.02631,2.83696 11.70294,0 5.22924,0.25068 10.25553,-0.0838 14.96127,0 0,0 5.67039,3.50471 11.34285,0 5.0883,0.0159 9.51716,-0.0359 13.05654,0 8.45048,4.08054 11.69352,-0.0346 13.68994,0 26.68644,0.65642 13.91688,-3.86364 38.61636,18.90144 -21.12865,9.24298 -8.34416,6.82043 -38.1506,7.05356 -5.24229,-2.03839 -8.53586,-2.46696 -13.52289,0 -3.55366,-0.002 -7.27687,0.0168 -11.17766,0 -4.69904,-2.2063 -6.65631,-2.36355 -12.33414,0 -4.57699,-0.0288 -9.36866,-0.10654 -14.3819,0 -4.34019,-2.68118 -7.61214,-2.67501 -13.50967,0 -12.85877,0.19749 -16.15141,1.41622 -30.07484,-5.59518 z"
id="path827-0-6-1-75"
sodipodi:nodetypes="ccccccccccccccccc" />
<path
style="mix-blend-mode:normal;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:#91c644;stroke-width:4.162;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 156.21634,241.25216 c -36.77875,-0.52415 -40.28886,-59.93704 -37.81186,-73.76847 4.31487,-6.88361 5.16377,67.54956 53.91071,53.40865 7.63767,-0.10896 7.46241,-0.48863 13.68295,0 0,0 6.02631,2.83696 11.70294,0 5.22924,0.25068 10.25553,-0.0838 14.96127,0 0,0 5.67039,3.50471 11.34285,0 5.0883,0.0159 9.51716,-0.0359 13.05654,0 8.45048,4.08054 11.69352,-0.0346 13.68994,0 26.68644,0.65642 13.91688,-3.86364 38.61636,18.90144 -21.12865,9.24298 -8.34416,6.82043 -38.1506,7.05356 -5.24229,-2.03839 -8.53586,-2.46696 -13.52289,0 -3.55366,-0.002 -7.27687,0.0168 -11.17766,0 -4.69904,-2.2063 -6.65631,-2.36355 -12.33414,0 -4.57699,-0.0288 -9.36866,-0.10654 -14.3819,0 -4.34019,-2.68118 -7.61214,-2.67501 -13.50967,0 -12.85877,0.19749 -16.15141,1.41622 -30.07484,-5.59518 z"
id="path827-0-6-1-3"
sodipodi:nodetypes="ccccccccccccccccc" />
<path
style="fill:none;stroke:#91c644;stroke-width:4.162;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 235.82819,238.00607 7.42578,7.47041"
id="path91935"
sodipodi:nodetypes="cc" />
<path
style="fill:none;stroke:#91c644;stroke-width:4.162;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 263.62793,234.46973 9.35742,0.004 5.46192,-3.47167"
id="path153373"
sodipodi:nodetypes="ccc" />
<path
style="fill:none;stroke:#91c644;stroke-width:3.93761;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 172.07706,233.36811 -11.95437,0.28623 -3.98525,7.95874"
id="path153586"
sodipodi:nodetypes="ccc" />
<path
style="fill:none;stroke:#91c644;stroke-width:4.162;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 211.91015,231.56698 6.38309,-2.13379 0.199,-6.5135"
id="path92149-7"
sodipodi:nodetypes="ccc" />
<g
id="g2694"
transform="translate(76.763398,0.17972214)">
<path
id="path2822"
d="m 172.07706,238.93915 v -1.85702 l 9.28505,-3.71402 9.28506,3.71402 v 1.85702 l -9.28506,3.71401 z"
fill="#a6e2ff"
style="fill:#ace55a;fill-opacity:1;stroke-width:0.371401" />
<path
id="path2824"
d="m 172.07706,237.08213 v -1.85702 l 9.28505,-3.71402 9.28506,3.71402 v 1.85702 l -9.28506,3.71401 z"
fill="#74ca61"
style="fill:#91c644;fill-opacity:1;stroke-width:0.371401" />
<path
id="path2833"
d="m 172.07706,235.22511 v -1.857 l 9.28505,-3.71404 9.28506,3.71404 v 1.857 l -9.28506,3.71404 z"
fill="#ffe96b"
style="stroke-width:0.371401" />
<path
id="path3609"
d="m 172.07706,233.36811 v -1.85702 l 9.28505,-3.71401 9.28506,3.71401 v 1.85702 l -9.28506,3.71402 z"
fill="#f78047"
style="fill:#546738;fill-opacity:1;stroke-width:0.371401" />
<path
id="path3687"
d="m 172.07706,231.51109 v -1.85702 l 9.28505,-3.71401 9.28506,3.71401 v 1.85702 l -9.34486,3.71402 z"
fill="#ee4043"
style="fill:#91c644;fill-opacity:1;stroke-width:0.371401" />
<path
id="path2820"
fill="#f8555a"
d="m 172.07706,229.65407 9.28505,3.71404 9.28506,-3.71404 -9.28506,-3.71401 z"
style="fill:#c1ec82;fill-opacity:1;stroke-width:0.371401" />
<path
id="path3739"
d="m 178.01949,231.88249 6.31384,0.3714 c -1.33704,0 -2.59981,-1.1142 -2.59981,-1.857 -0.33426,0.3714 -2.48841,1.4856 -3.71403,1.4856 z"
fill="#bf3336"
style="fill:#608e1e;fill-opacity:1;stroke-width:0.371401" />
<path
id="path2835"
d="m 172.07706,229.65407 v 9.28508 l 9.28505,3.71401 v -9.28505 z"
fill-opacity="0.098039"
sodipodi:nodetypes="ccccc"
style="stroke-width:0.371401" />
</g>
<g
id="g2753"
transform="matrix(0.04657204,0,0,0.04657204,195.73217,220.61663)">
<path
id="path585"
style="fill-opacity:0"
d="m 110.53373,192.39147 0.718,163.36 227.83,-0.95 -0.72,-163.36 -227.83,0.95 z" />
<path
id="path634"
style="fill:#dbf7b3;fill-opacity:1;fill-rule:evenodd;stroke-width:13.442;stroke-linejoin:bevel"
d="m 65.741729,146.00947 c 1.246,26.392 -2.011,107.15 -1.74,124.25 0.21,14.65 30.478,6.03 42.869001,6.27 1.689,-18 -0.454,-74.53 1.049,-90.36 31.084,5.04 208.15,1.72 233.82,0.48 0.34,22.68 1.83,75.28 0.12,89.99 17.12,-0.94 15.5,4.71 22.76,-2.61 0.62,-26.9 -0.47,-88.33 0.89,-129.06 -6.4,-11.469 -10.25,-16.655 -19.55,-21.743 -38.6,0.156 -232.57,-1.632 -259.820001,-0.999 -7.734,6.204 -12.918,12.305 -20.402,23.78 z" />
<path
id="path632"
style="fill:#dbf7b3;fill-opacity:1;fill-rule:evenodd;stroke-width:13.442;stroke-linejoin:bevel"
d="m 67.148729,395.59147 c 1.246,-26.39 -2.011,-107.15 -1.74,-124.25 0.21,-14.65 30.478,-6.03 42.869001,-6.27 1.689,18 3.766,73.12 5.27,88.96 24.056,3.39 201.12,-0.32 226.79,0.92 0.35,-22.68 1.83,-76.69 0.13,-91.39 17.11,0.93 25.35,2.32 26.98,4.02 0.62,26.89 -1.88,88.32 -0.52,129.05 -6.4,11.47 -10.26,16.66 -19.55,21.74 -38.6,-0.15 -232.57,1.64 -259.830001,1 -7.727,-6.2 -12.911,-12.3 -20.395,-23.78 z" />
<path
id="path578"
style="fill:#ffffff;fill-rule:evenodd"
d="m 82.179729,402.83147 4.295,-244 c 0,0.002 0,8.27 1.073,-2.066 1.074,-10.339 17.179001,-14.474 17.179001,-14.474 l 195.41,-10.339 c 0,0 -199.7,-2.068 -207.220001,0 -7.513,2.068 -16.102,7.237 -17.176,15.508 -1.074,8.271 0,247.1 0,247.1 l 6.442,8.27 z" />
<path
id="path579"
style="fill:#68912d;fill-opacity:1;fill-rule:evenodd"
d="m 355.48373,133.30747 -4.29,251.99 c 0,0 0,-8.27 -1.08,2.07 -1.07,10.34 -17.17,14.47 -17.17,14.47 l -195.41,10.34 c 0,0 199.7,2.07 207.22,0 7.51,-2.07 16.1,-7.24 17.17,-15.51 1.08,-8.27 -1.01,-244.1 0,-255.09 l -6.44,-8.274 z" />
<path
id="path586"
style="fill:#bdfffd;fill-opacity:0.8316;fill-rule:evenodd"
d="m 106.56273,187.85147 v 81.96 h 233.06 v -81.96 z" />
<path
id="path577"
style="fill:none;stroke:#91c644;stroke-width:6.3395;stroke-opacity:1"
d="m 107.66773,360.19147 h 236.25 l -2.1,-172.48" />
<path
id="path593"
style="fill:#ffff80;fill-opacity:0.907909;fill-rule:evenodd;stroke:#e46900;stroke-width:6.25;stroke-linejoin:bevel;stroke-opacity:0.5561"
d="m 281.61373,263.81147 c 4.07,0 5.09,-6 17.3,-7 12.21,-1 35.62,2 38.67,8 3.05,6 0,88.95 0,88.95 l -226.95,1 c 0,0 166.91,-26.99 159.78,-39.98 -7.12,-12.99 -31.55,-22.99 -28.49,-28.98 3.05,-6 29.51,-16.99 39.69,-21.99 z" />
<path
id="path581"
style="fill:#649eff;fill-opacity:0.4286;fill-rule:evenodd;stroke:#0000d4;stroke-width:4.4808;stroke-linejoin:bevel;stroke-opacity:0.6837"
d="m 110.96473,270.66147 c 2.879,-1.42 159.76,-1.42 159.76,-1.42 0,0 -50.2,12.14 -4.14,36.17 46.05,24.03 -155.62,48.64 -155.62,48.64 l 10e-4,-83.39 z" />
<path
id="path580"
style="fill:none;stroke:#91c644;stroke-width:6.25;stroke-opacity:1"
d="m 341.63373,189.71147 h -233.97 l 2.034,171.7" />
<path
id="path590"
style="fill:#ffff80;fill-opacity:0.6582;fill-rule:evenodd;stroke:#ff0000;stroke-width:4.4808;stroke-opacity:0.6429"
d="m 172.85373,219.77147 c 0,7.81 -6.77,14.14 -15.11,14.14 -8.35,0 -15.11,-6.33 -15.11,-14.14 0,-7.8 6.76,-14.13 15.11,-14.13 8.34,0 15.11,6.33 15.11,14.13 z" />
<path
id="path591"
style="fill:#ecf480;fill-opacity:0.602;fill-rule:evenodd"
d="m 136.87373,270.66147 c 5.76,0 18.71,7.06 14.39,8.48 -4.32,1.41 -20.149,5.65 -11.51,8.48 8.63,2.83 23.03,2.83 15.83,7.07 -7.2,4.24 -14.39,8.48 -10.08,9.89 4.32,1.41 12.96,9.89 20.15,5.65 7.2,-4.24 5.76,-9.89 0,-12.72 -5.75,-2.82 -18.71,-4.24 -11.51,-8.48 7.2,-4.24 25.91,0 24.47,-5.65 -1.44,-5.66 -10.08,-2.83 -17.27,-4.24 -7.2,-1.42 30.22,-5.66 21.59,-7.07 -8.64,-1.41 -43.18,0 -46.06,-1.41 z" />
<path
id="path576"
style="fill:none;stroke:#91c644;stroke-width:20;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
d="m 69.148729,397.59147 c 1.246,-26.39 -1.196,-235.14 1.073,-252.27 5.276,-11.834 15.411,-16.487 21.709,-19.472 62.133001,0.116 222.420001,-1.202 260.660001,-1.202 5.39,4.136 11.73,8.732 18.25,15.508 0.62,26.896 -3.28,217.75 -1.92,258.48 -6.4,11.47 -10.26,16.66 -19.55,21.74 -38.6,-0.15 -232.57,1.64 -259.830001,1 -7.727,-6.2 -12.911,-12.3 -20.395,-23.78 z" />
</g>
<g
id="g3666"
transform="matrix(1.0647964,0,0,1.0647964,-49.256187,-137.85828)"
style="stroke:none;stroke-width:1.00019121;stroke-miterlimit:4;stroke-dasharray:none">
<g
id="g2785"
style="stroke:none;stroke-width:1.00019121;stroke-miterlimit:4;stroke-dasharray:none">
<path
id="path164"
style="fill:url(#linearGradient886);fill-rule:evenodd;stroke:none;stroke-width:1.00019121;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none"
d="m 256.54492,347.35489 c 3.58382,-0.48749 10.18573,-6.16558 10.44867,-6.23306 0.3122,0.0163 3.5443,8.36879 4.84156,9.68932 -1.13515,0.69963 -7.53769,5.05331 -9.80024,5.89333 -3.04474,-3.13941 -5.89138,-9.11418 -5.48999,-9.34959 z" />
<path
id="path163"
style="mix-blend-mode:normal;fill:url(#linearGradient2848);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.00019121;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none"
d="m 262.15355,356.6847 c -0.12023,-1.63544 -0.22067,-6.50647 -1.24995,-8.38159 -0.008,-0.23889 3.70641,-2.64881 3.79367,-2.57784 0.11944,10e-4 0.35175,2.40177 0.23114,2.7512 0.12255,0.20904 4.47157,-1.89994 7.27009,-4.51385 0.42544,-0.10106 0.28078,6.43395 -0.25907,6.81518 -0.66511,0.36067 -8.89932,5.80684 -9.78588,5.9069 z" />
</g>
</g>
<g
id="g4848"
transform="translate(-31.377865,-88.795766)">
<g
id="g4735"
transform="matrix(0.7334806,0,0,0.7334806,25.750307,31.287723)">
<rect
id="rect2160"
style="color:#000000;fill:url(#linearGradient2220);fill-opacity:1;stroke:#4c7115;stroke-width:0.153503;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
rx="1.6666112"
ry="1.6666112"
height="17.36762"
width="26.490295"
y="387.60583"
x="238.93828" />
<path
id="path3221"
sodipodi:nodetypes="ccccccccc"
style="color:#000000;fill:url(#linearGradient2222);fill-opacity:1;stroke:#4c7115;stroke-width:0.0921017;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
d="m 240.60489,404.95215 c -0.92329,0 -1.66646,-0.74296 -1.66646,-1.66643 v -1.28267 l 12.25813,-7.49094 c 0.71685,-0.4381 1.87058,-0.4381 2.58744,0 l 11.64411,7.11578 v 1.65783 c 0,0.92347 -0.74295,1.66643 -1.66642,1.66643 h -23.15683 z" />
<path
id="rect3141"
sodipodi:nodetypes="ccccccccc"
style="color:#000000;fill:url(#linearGradient1766);fill-opacity:1;stroke:#4c7115;stroke-width:0.196201;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
d="m 240.60489,387.60595 c -0.92329,0 -1.66646,0.74302 -1.66646,1.66649 v 1.28267 l 12.25813,7.49094 c 0.71685,0.4381 1.87058,0.4381 2.58744,0 l 11.64411,-7.11578 v -1.65783 c 0,-0.92347 -0.74295,-1.66649 -1.66642,-1.66649 h -23.15683 z" />
</g>
</g>
<text
xml:space="preserve"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:40px;line-height:1.25;font-family:'WenQuanYi Micro Hei';-inkscape-font-specification:'WenQuanYi Micro Hei';letter-spacing:-2.01px;word-spacing:0px;fill:url(#linearGradient117744);fill-opacity:1;stroke:none"
x="156.98627"
y="204.44211"
id="text103160"><tspan
sodipodi:role="line"
id="tspan103158"
x="156.98627"
y="204.44211"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:'WenQuanYi Micro Hei';-inkscape-font-specification:'WenQuanYi Micro Hei Bold';fill:url(#linearGradient117744);fill-opacity:1">Silique</tspan></text>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 21 KiB

40
seed/applicationservice/2022.03.08/roundcube/templates/watermark.html Normal file
View file

@ -0,0 +1,40 @@
<!DOCTYPE html>
<!-- GNUNUX: /usr/share/roundcubemail/skins/elastic/watermark.html -->
<html>
<head>
<meta charset="UTF-8">
<title></title>
<style type="text/css">
html, body { height: 100%; overflow: hidden; }
body {
background: url(silique_cloud.svg) center no-repeat #fff;
background-size: 30%;
background-blend-mode: luminosity;
}
html:not(.dark-mode) body:before {
content: "";
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
background: rgba(255, 255, 255, .85);
}
html.dark-mode > body {
background-color: #21292c;
background-blend-mode: soft-light;
}
</style>
<script>
try {
if (document.cookie.indexOf('colorMode=dark') > -1
|| (document.cookie.indexOf('colorMode=light') === -1 && window.matchMedia('(prefers-color-scheme: dark)').matches)
) {
document.documentElement.className += ' dark-mode';
}
} catch (e) { }
</script>
</head>
<body></body>
</html>