forked from stove/dataset
add new services
This commit is contained in:
parent
72dd2b4309
commit
d2b6f2a05c
43 changed files with 2819 additions and 0 deletions
|
@ -0,0 +1 @@
|
|||
PKG="$PKG mod_ssl"
|
|
@ -0,0 +1,4 @@
|
|||
format: '0.1'
|
||||
description: Information de base d'un serveur fedora version 36
|
||||
depends:
|
||||
- base-fedora
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<rougail version="0.10">
|
||||
<variables>
|
||||
<family name="general">
|
||||
<variable name="os_version" type="string" description="OS Version" hidden="True">
|
||||
<value>36</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
</rougail>
|
|
@ -0,0 +1,7 @@
|
|||
# ACTIVE NETWORKD
|
||||
mkdir $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
chmod 775 $IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/dbus-org.freedesktop.network1.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/multi-user.target.wants/systemd-networkd.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd-wait-online.service "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
|
||||
ln -s /usr/lib/systemd/system/systemd-networkd.socket "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/lib/systemd/system/sockets.target.wants/systemd-networkd.socket"
|
|
@ -0,0 +1 @@
|
|||
RELEASEVER=36
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGAkKwgBEAC+IQKqp/BI1VIvRRqcnRoAxkzsY3pxIS1L+C4gaWjIMf1eBBTq
|
||||
v9eKd4xHsW80VL/tl81WZWO/7JXKmgHODiXrv4HmDIOo6Z1hxehjVRF3Ih4+sKHR
|
||||
XCJgwcdJnMfqTKnHiycQggeDuheWbfjV2Fgmvxy0jh0M5PCB5taNz41LmPOaUQmn
|
||||
PXcI05CjP5msKjRBObw5Cd2oad60pTNhnBWRf288S8W4wH4jNISOZLZTOf6HU5gJ
|
||||
w9wU9RZoaz8kZPNArlJjZsN83S0XLCxpa6UUgYdzPDHOWGtcWGs3bvNAlTYuacun
|
||||
oICOvTH/ZJU7mgaZbbdSPVLDJdLBKRVgHbdTAK0J913FEiU93GJR5bf/W5FMN7DV
|
||||
6hsJVMiY/knJmkTFE9whDSjEc0TAYhQuC1HnzvMPGJvkeEz9nRqna5QUuo7V6LI4
|
||||
fZNTSlqFyIi/Oa3ZoliOyOshxJmU3y1HaNcHerO1nFbTtZ7s/TKBhY9oFq4T4gJV
|
||||
yFWy33p/JDxOtlVjpHEkzwXGdPe6R4xK8xHObEVraOMZMaweII+tMOGwVbxZu2kC
|
||||
A1aflM+oeyU1Fx9qqM0+dYyHO+kp3M5UtfM006RcNcdfoGrA4l6z9sUnHKsYzOLP
|
||||
RvKkzxiX3T91vHtRGCXjPOgOsJJzjkFtE1a5oFZg39fC99HZdbX0rUqAtQARAQAB
|
||||
tDFGZWRvcmEgKDM2KSA8ZmVkb3JhLTM2LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
|
||||
cmc+iQJOBBMBCAA4FiEEU97Sy5Iti42eY/0YmZ98vzircfQFAmAkKwgCGw8FCwkI
|
||||
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQmZ98vzircfSGaxAAlDBWuY1Ch3YsssGE
|
||||
uaeOuaHmDj08p08WUAFUPBN0ID+0pmRQjywFzrufw8Z2g/lHwic+tpXXr/RtMmcl
|
||||
+WzLh1E34TRqEngjDJ27QBq1Jyid3h1manKLhZhJ8b1usKHP7Dqh7n+eMTv2Qgrt
|
||||
6MrCNe4otWZ9WJ5vp/Bay5yAtU6lNoWBmJ+6BS1/2mg2jhoXrfg/Vey+/i6nYZIk
|
||||
M4IcYCyGCi9rjc8NMgkCyzPkPJtsy2taB+VdUcZyjFpc1acmC8sR/2/SEl4+pOtM
|
||||
UzW+OUOQFrerX/8MC5LqvmtsiPMyRDCOw3reJTXyoUIehoHoK9QtAdIRRP2nAkPy
|
||||
GKycVzsLbtheJXUZharXL1DwOkpMNlm3hp9BxX89m7dLblMSjtrQPs8CkpAExAQW
|
||||
FBltsD73ZhGnfE/XdWp7343m1w5W2m85/rczP+2et+c+HPmYTgaJTu8fAF0FoTDd
|
||||
uD1r9DxRa2oN3YBiPP/nXnhJaH//GgF/RRw7Fbc66fCh8DTrMsPgmyi/O3/pdSGe
|
||||
k0UqEfSdzNPbl7gVFlCbr4Ur5n1ph+sEZqOhMuyszLZZvYvUrHsDuanML5X25coP
|
||||
h+rqyjHJJeYlS2tMAQB1fmHB0LWhRhKYaOROAXFmUutFUxVVoigNCl8mV561DCz6
|
||||
6/zy81ZGeyUGOEIZ1NFuoY0EhC8=
|
||||
=KaIq
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF2tu8EBEADnI6bmlE7ebLuYSBKJavk7gwX8L2S0lDwtmAFmNcxQ/tAhh5Gx
|
||||
2RKEneou12pSxav8MvbKOr4IpJLLmuoQMLYkbQRHovgVfDYdtvK9T8tZH51ACtnC
|
||||
KKr9SucnKhWpDk3/n/djV0I2qSesE6QcJVrh66bT/8nbyIFbbiYLOgE88YAX5Wdj
|
||||
TkgmYXJ54l1MP/3N64pFlmk6myYCrLh7cibFYLZOW2Xwfq6Go6HOpGn9Cazb+T6m
|
||||
LALkVPERu2QkcUhMqy/slD5tFFb7DW1gkwnYiu5PKwThW7laZgmw2yAgDV+JccdK
|
||||
D9ZHALmy9GyQ1ZjDptpa5BObE5vazbuAbSndoIqwaMxCrlqhIYdmqz4m/HJ9BaC0
|
||||
mRSkT6N9SqytZXFhu5/Ld6+/Ol3b+q28bnV64qQrDH6hgnrRdqCQpm8g7tZFuk5X
|
||||
JsB/A+EfI2kE6YXqWaGdEx0XcqOv97n6sRZNweOHX3vSM0eLwmM2dpgc7RvMfcqr
|
||||
73ylZ9CnWVUD6cl+wE8SnGnVVqYau2spZFzKVAcfi/Zwvh6wM7/83XC2mkIHmoFR
|
||||
OY5aDWFhoFZFgiHHnmDv6kACNmSHb/oYRkvwQ+JhAQu4I9CYw1sxaUDjwtt7a+4I
|
||||
mBZM8WuvAVLkqnF+MJetiL15/W834HjCNITV03t9593T6Z1Dxpfv4hy7YwARAQAB
|
||||
tFVSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgyMDIwKSA8
|
||||
cnBtZnVzaW9uLWJ1aWxkc3lzQGxpc3RzLnJwbWZ1c2lvbi5vcmc+iQJFBBMBCAAv
|
||||
FiEE6aSRo94keBTn4Gfq4G+OzdZR/y4FAl2tu8ECGwMECwkIBwMVCAoCHgECF4AA
|
||||
CgkQ4G+OzdZR/y4ZQhAAmF5A4XC9ymd94BFwsbbpCnx2YlfmsZwT1QzBu9njjkH7
|
||||
MC4THknYe2B/muE5dPu3NseZMzue1Ou4KbMz4wq82731prLRu+iHAxAxJ1qd8whA
|
||||
QGuRJAg8+YEXKhpwpD/8P/xJo9IRmPxPM+6mQVTlASv34CEIGff1vJr40tNiU53P
|
||||
PZq9SWD3/uG84PQRmGXetfF2K3NkXqzkvQSM68JZiYR2+wMkoO9f72B7LTBrfkwy
|
||||
RcFPA7kj65pysB+l2wez03Dh/MyA3LTusd9M6FGiSOUVpQZ+NUFipIisS3vh/Bgp
|
||||
zMsj1NSsMLjUDcX8stR8GfVgTxSgWwHTNl75XwTZpJOKMoj97kh9zzLwBhZ1W+xo
|
||||
8s2W7YqVnOUl8rPm7ZbOefGkamNg8bhqcyNIEbHqR5QZVzDBT2AxVcB6jsxSHf5b
|
||||
sb+KEJff4g6E4fWPA/IYdtJ7DItbVXnkAjqD7ADUh7Xq7pOgfC/4Cledf27x73m+
|
||||
sdBvKsEBrroAsX/v4z46mQApszkfjTUAXwj2lUT+ujoktJHXqR71jbY0+8JX6Fyw
|
||||
6ZW0emxR++bt9ksLcsNmjOQP9TmQpi2CW4Z+Ol2tlwtlnKAo6ecx4aacHKg+FYuQ
|
||||
HTJRq6E6GpCPn1avf1v797RM+3zzw9TYkadfVLIQQ4HYbYzienOgGGporclrtrQ=
|
||||
=oOVZ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
Binary file not shown.
After Width: | Height: | Size: 2.6 KiB |
10
seed/applicationservice/2022.03.08/peertube/DEBUG.md
Normal file
10
seed/applicationservice/2022.03.08/peertube/DEBUG.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
# Mettre un mot de passe à l'utilisateur root
|
||||
cd /usr/share/peertube/
|
||||
export NODE_CONFIG_DIR=/etc/peertube/
|
||||
export NODE_ENV=production
|
||||
node ./dist/scripts/reset-password.js -u root
|
||||
|
||||
|
||||
# Debug
|
||||
sed -i "s/level: 'info' # 'debug'/level: 'debug' # 'debug'/g" /etc/peertube/production.yaml
|
||||
systemctl restart peertube
|
3
seed/applicationservice/2022.03.08/peertube/FIXME
Normal file
3
seed/applicationservice/2022.03.08/peertube/FIXME
Normal file
|
@ -0,0 +1,3 @@
|
|||
yarn(pkg) !
|
||||
|
||||
server/tools/ ?
|
|
@ -0,0 +1,10 @@
|
|||
format: '0.1'
|
||||
description: Peertube
|
||||
depends:
|
||||
- base-fedora-36
|
||||
- postgresql-client
|
||||
- relay-mail-client
|
||||
- reverse-proxy-client
|
||||
- redis-client
|
||||
- nginx-common
|
||||
- oauth2-client
|
|
@ -0,0 +1,68 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="peertube" target="multi-user">
|
||||
<override/>
|
||||
<file engine="none" source="sysuser-peertube.conf">/sysusers.d/0peertube.conf</file>
|
||||
<file engine="none" source="tmpfile-peertube.conf">/tmpfiles.d/0peertube.conf</file>
|
||||
<file>/etc/peertube/production.yaml</file>
|
||||
<file engine="none">/etc/pam.d/login</file>
|
||||
<file source="nginx.peertube.conf">/etc/nginx/conf.d/peertube.conf</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="peertube">
|
||||
<variable name="peertube_admin_email" type="mail" description="Adresse courriel de l'administrateur Peertube" mandatory="True"/>
|
||||
<variable name="peertube_short_description" type="string" description="Description courte de l'instance">
|
||||
<value>PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.</value>
|
||||
</variable>
|
||||
<variable name="peertube_description" type="string" description="Description de l'instance">
|
||||
<value>Welcome to this PeerTube instance!</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="oauth2_client">
|
||||
<variable name="oauth2_is_client_application" redefine='True'>
|
||||
<value>True</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_name" redefine='True'>
|
||||
<value>Vidéo</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_description" redefine='True'>
|
||||
<value>Plateforme de partage de vidéo Peertube</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_category" redefine='True'>
|
||||
<value>Réseaux sociaux</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_logo" redefine='True'>
|
||||
<value>silique_video.png</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
|
||||
</family>
|
||||
<family name="nginx" description="Reverse proxy">
|
||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_max_body_size" redefine="True">
|
||||
<value>12G</value>
|
||||
</variable>
|
||||
</family>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable">revprox_client_external_domainname</param>
|
||||
<param type="variable">revprox_client_location</param>
|
||||
<param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
|
||||
<target>oauth2_client_external</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="boolean">True</param>
|
||||
<param name="default" type="boolean">False</param>
|
||||
<param name="condition" type="variable">revprox_client_location</param>
|
||||
<param name="expected">/socket.io</param>
|
||||
<target>revprox_client_is_websocket</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
--- peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
|
||||
+++ peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
|
||||
@@ -110,6 +110,14 @@ async function register ({
|
||||
descriptionHTML: 'Will only allow login for users whose group array contains this group'
|
||||
})
|
||||
|
||||
+ registerSetting({
|
||||
+ name: 'signature-algorithm',
|
||||
+ label: 'Token signature algorithm',
|
||||
+ type: 'input',
|
||||
+ private: true,
|
||||
+ default: 'RS256'
|
||||
+ })
|
||||
+
|
||||
const router = getRouter()
|
||||
router.use('/code-cb', (req, res) => handleCb(peertubeHelpers, settingsManager, req, res))
|
||||
|
||||
@@ -159,7 +167,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
|
||||
'scope',
|
||||
'discover-url',
|
||||
'client-id',
|
||||
- 'client-secret'
|
||||
+ 'client-secret',
|
||||
+ 'signature-algorithm'
|
||||
])
|
||||
|
||||
if (!settings['discover-url']) {
|
||||
@@ -188,6 +197,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
|
||||
} else {
|
||||
clientOptions.token_endpoint_auth_method = 'none'
|
||||
}
|
||||
+ clientOptions.id_token_signed_response_alg = settings['signature-algorithm']
|
||||
+ clientOptions.authorization_signed_response_alg = settings['signature-algorithm']
|
||||
|
||||
store.client = new issuer.Client(clientOptions)
|
||||
|
||||
--- peertube/dist/server/helpers/custom-validators/activitypub/actor.js.ori 2022-04-06 13:58:17.752681849 +0000
|
||||
+++ peertube/dist/server/helpers/custom-validators/activitypub/actor.js 2022-04-06 13:58:22.268682531 +0000
|
||||
@@ -43,8 +43,8 @@
|
||||
function isActorPrivateKeyValid(privateKey) {
|
||||
return (0, misc_1.exists)(privateKey) &&
|
||||
typeof privateKey === 'string' &&
|
||||
- privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
|
||||
- privateKey.includes('-----END RSA PRIVATE KEY-----') &&
|
||||
+ privateKey.startsWith('-----BEGIN PRIVATE KEY-----') &&
|
||||
+ privateKey.includes('-----END PRIVATE KEY-----') &&
|
||||
validator_1.default.isLength(privateKey, constants_1.CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY);
|
||||
}
|
||||
exports.isActorPrivateKeyValid = isActorPrivateKeyValid;
|
||||
--- peertube/node_modules/pem/lib/pem.js.ori 2022-04-06 13:59:36.232693763 +0000
|
||||
+++ peertube/node_modules/pem/lib/pem.js 2022-04-06 13:59:48.916695687 +0000
|
||||
@@ -74,7 +74,7 @@
|
||||
|
||||
params.push(keyBitsize)
|
||||
|
||||
- openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {
|
||||
+ openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {
|
||||
function done (err) {
|
||||
if (err) {
|
||||
return callback(err)
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
||||
cat /proc/self/stat > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
|
||||
PLUGINS_DIR=/usr/share/peertube_plugins
|
||||
echo """#!/bin/bash
|
||||
set -ex
|
||||
mv /etc/resolv.conf /tmp
|
||||
echo "nameserver 9.9.9.9" > /etc/resolv.conf
|
||||
PLUGINS_DIR=$PLUGINS_DIR
|
||||
mkdir -p "\$PLUGINS_DIR"
|
||||
cd "\$PLUGINS_DIR"
|
||||
yarn add peertube-plugin-auth-openid-connect@0.0.7 --production
|
||||
mkdir -p "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
|
||||
chown peertube: "\$PLUGINS_DIR/data"
|
||||
chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
|
||||
|
||||
rm -f /etc/resolv.conf
|
||||
mv /tmp/resolv.conf /etc
|
||||
""" > "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
chroot "$IMAGE_NAME_RISOTTO_IMAGE_DIR" /install.sh
|
||||
rm "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/stat"
|
||||
rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
||||
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
|
||||
patch -p0 < $OLDPWD/peertube/postinstall/peertube.patch
|
||||
cd -
|
|
@ -0,0 +1,3 @@
|
|||
PKG="$PKG peertube yarnpkg"
|
||||
COPR="https://copr.fedorainfracloud.org/coprs/daftaupe/peertube/repo/fedora-36/daftaupe-peertube-fedora-36.repo"
|
||||
FUSION=true
|
17
seed/applicationservice/2022.03.08/peertube/templates/login
Normal file
17
seed/applicationservice/2022.03.08/peertube/templates/login
Normal file
|
@ -0,0 +1,17 @@
|
|||
# File from util-linux-*.x86_64 (not installed)
|
||||
#%PAM-1.0
|
||||
auth substack system-auth
|
||||
auth include postlogin
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||
session required pam_selinux.so open
|
||||
session required pam_namespace.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
session include postlogin
|
||||
-session optional pam_ck_connector.so
|
|
@ -0,0 +1,271 @@
|
|||
# GNUNUX /usr/share/peertube/support/nginx/peertube
|
||||
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
|
||||
# Please check your Nginx installation features the following modules via 'nginx -V':
|
||||
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
|
||||
# THIRD PARTY MODULES: None.
|
||||
|
||||
# GNUNUX server {
|
||||
# GNUNUX listen 80;
|
||||
# GNUNUX listen [::]:80;
|
||||
# GNUNUX server_name ${WEBSERVER_HOST};
|
||||
# GNUNUX
|
||||
# GNUNUX location /.well-known/acme-challenge/ {
|
||||
# GNUNUX default_type "text/plain";
|
||||
# GNUNUX root /var/www/certbot;
|
||||
# GNUNUX }
|
||||
# GNUNUX location / { return 301 https://$host$request_uri; }
|
||||
# GNUNUX }
|
||||
|
||||
upstream %%domain_name_eth0 {
|
||||
# GNUNUX server ${PEERTUBE_HOST};
|
||||
server localhost:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name %%domain_name_eth0;
|
||||
|
||||
# GNUNUX access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
# GNUNUX error_log /var/log/nginx/peertube.error.log;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
# GNUNUX ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
|
||||
# GNUNUX ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
|
||||
#>GNUNUX
|
||||
ssl_client_certificate %%revprox_ca_file;
|
||||
ssl_certificate %%revprox_cert_file;
|
||||
ssl_certificate_key %%revprox_key_file;
|
||||
#<GNUNUX
|
||||
|
||||
# GNUNUX location ^~ '/.well-known/acme-challenge' {
|
||||
# GNUNUX default_type "text/plain";
|
||||
# GNUNUX root /var/www/certbot;
|
||||
# GNUNUX }
|
||||
|
||||
##
|
||||
# Security hardening (as of Nov 15, 2020)
|
||||
# based on Mozilla Guideline v5.6
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
|
||||
ssl_session_timeout 1d; # defaults to 5m
|
||||
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
|
||||
ssl_session_tickets off;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
|
||||
##
|
||||
# Application
|
||||
##
|
||||
|
||||
location @api {
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host %%revprox_client_external_domainname;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 100k; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://%%domain_name_eth0;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload-resumable {
|
||||
client_max_body_size 0;
|
||||
proxy_request_buffering off;
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload {
|
||||
limit_except POST HEAD { deny all; }
|
||||
|
||||
# This is the maximum upload size, which roughly matches the maximum size of a video file.
|
||||
# Note that temporary space is needed equal to the total size of all concurrent uploads.
|
||||
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
|
||||
# on a dedicated filesystem.
|
||||
client_max_body_size 12G; # default is 1M
|
||||
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
||||
client_max_body_size 6M; # default is 1M
|
||||
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
##
|
||||
# Websocket
|
||||
##
|
||||
|
||||
location @api_websocket {
|
||||
proxy_http_version 1.1;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host %%revprox_client_external_domainname;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://%%domain_name_eth0;
|
||||
}
|
||||
|
||||
location /socket.io {
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
location /tracker/socket {
|
||||
# Peers send a message to the tracker every 15 minutes
|
||||
# Don't close the websocket before then
|
||||
proxy_read_timeout 15m; # default is 60s
|
||||
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
##
|
||||
# Performance optimizations
|
||||
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
||||
##
|
||||
|
||||
# GNUNUX root /var/www/peertube/storage;
|
||||
root /usr/share/peertube;
|
||||
|
||||
# Enable compression for JS/CSS/HTML, for improved client load times.
|
||||
# It might be nice to compress JSON/XML as returned by the API, but
|
||||
# leaving that out to protect against potential BREACH attack.
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_types # text/html is always compressed by HttpGzipModule
|
||||
text/css
|
||||
application/javascript
|
||||
font/truetype
|
||||
font/opentype
|
||||
application/vnd.ms-fontobject
|
||||
image/svg+xml;
|
||||
gzip_min_length 1000; # default is 20 bytes
|
||||
gzip_buffers 16 8k;
|
||||
gzip_comp_level 2; # default is 1
|
||||
|
||||
client_body_timeout 30s; # default is 60
|
||||
client_header_timeout 10s; # default is 60
|
||||
send_timeout 10s; # default is 60
|
||||
keepalive_timeout 10s; # default is 75
|
||||
resolver_timeout 10s; # default is 30
|
||||
reset_timedout_connection on;
|
||||
proxy_ignore_client_abort on;
|
||||
|
||||
tcp_nopush on; # send headers in one piece
|
||||
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
|
||||
|
||||
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
|
||||
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
|
||||
#client_body_temp_path /var/www/peertube/storage/nginx/;
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
|
||||
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-video-channel\.png))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
# GNUNUX root /var/www/peertube;
|
||||
root /usr/share/peertube;
|
||||
|
||||
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
# GNUNUX alias /var/www/peertube/client/dist/$1;
|
||||
alias /usr/share/peertube/client/dist/$1;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(thumbnails|avatars)/ {
|
||||
root /srv/peertube;
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
|
||||
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
|
||||
root /srv/peertube;
|
||||
limit_rate_after 5M;
|
||||
|
||||
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
|
||||
set $peertube_limit_rate 800k;
|
||||
|
||||
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
|
||||
if ($request_uri ~ -fragmented.mp4$) {
|
||||
set $peertube_limit_rate 5M;
|
||||
}
|
||||
|
||||
# Use this line with nginx >= 1.17.0
|
||||
#limit_rate $peertube_limit_rate;
|
||||
# Or this line if your nginx < 1.17.0
|
||||
set $limit_rate $peertube_limit_rate;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
if ($request_method = 'GET') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
|
||||
# Don't spam access log file with byte range requests
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
|
||||
# and enables direct copying data from one file descriptor to another.
|
||||
sendfile on;
|
||||
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
|
||||
aio threads;
|
||||
|
||||
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
[Service]
|
||||
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
|
||||
ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"
|
|
@ -0,0 +1,638 @@
|
|||
%compiler-settings
|
||||
commentStartToken = §
|
||||
%end compiler-settings
|
||||
listen:
|
||||
hostname: 'localhost'
|
||||
port: 9000
|
||||
|
||||
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
|
||||
webserver:
|
||||
https: true
|
||||
hostname: '%%revprox_client_external_domainname'
|
||||
port: 443
|
||||
|
||||
rates_limit:
|
||||
api:
|
||||
# 50 attempts in 10 seconds
|
||||
window: 10 seconds
|
||||
max: 50
|
||||
login:
|
||||
# 15 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 15
|
||||
signup:
|
||||
# 2 attempts in 5 min (only succeeded attempts are taken into account)
|
||||
window: 5 minutes
|
||||
max: 2
|
||||
ask_send_email:
|
||||
# 3 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 3
|
||||
|
||||
# Proxies to trust to get real client IP
|
||||
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
|
||||
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
|
||||
trust_proxy:
|
||||
- 'loopback'
|
||||
|
||||
# Your database name will be database.name OR 'peertube'+database.suffix
|
||||
database:
|
||||
hostname: '%%pg_client_server_domainname'
|
||||
port: 5432
|
||||
ssl: true
|
||||
suffix: '_prod'
|
||||
name: '%%pg_client_database'
|
||||
username: '%%pg_client_username'
|
||||
password: '%%pg_client_password'
|
||||
pool:
|
||||
max: 5
|
||||
|
||||
# Redis server for short time storage
|
||||
# You can also specify a 'socket' path to a unix socket but first need to
|
||||
# comment out hostname and port
|
||||
redis:
|
||||
hostname: '%%redis_client_server_domainname'
|
||||
port: 6379
|
||||
auth: '%%redis_client_password'
|
||||
db: 0
|
||||
|
||||
# SMTP server to send emails
|
||||
smtp:
|
||||
# smtp or sendmail
|
||||
transport: smtp
|
||||
# Path to sendmail command. Required if you use sendmail transport
|
||||
sendmail: null
|
||||
hostname: '%%smtp_relay_address'
|
||||
port: 25 # If you use StartTLS: 587
|
||||
username: '%%smtp_relay_user'
|
||||
password: '%%smtp_relay_password'
|
||||
tls: false # If you use StartTLS: false
|
||||
disable_starttls: false
|
||||
ca_file: '/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt' # Used for self signed certificates
|
||||
from_address: '%%peertube_admin_email'
|
||||
|
||||
email:
|
||||
body:
|
||||
signature: 'PeerTube'
|
||||
subject:
|
||||
prefix: '[PeerTube]'
|
||||
|
||||
# Update default PeerTube values
|
||||
# Set by API when the field is not provided and put as default value in client
|
||||
defaults:
|
||||
# Change default values when publishing a video (upload/import/go Live)
|
||||
publish:
|
||||
download_enabled: true
|
||||
|
||||
comments_enabled: true
|
||||
|
||||
# public = 1, unlisted = 2, private = 3, internal = 4
|
||||
privacy: 1
|
||||
|
||||
# CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
|
||||
# You can also choose a custom licence value added by a plugin
|
||||
# No licence by default
|
||||
licence: null
|
||||
|
||||
p2p:
|
||||
# Enable P2P by default
|
||||
# Can be enabled/disabled by anonymous users and logged in users
|
||||
webapp:
|
||||
enabled: true
|
||||
|
||||
embed:
|
||||
enabled: true
|
||||
|
||||
# From the project root directory
|
||||
storage:
|
||||
tmp: '/srv/peertube/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
|
||||
bin: '/srv/peertube/bin/'
|
||||
avatars: '/srv/peertube/avatars/'
|
||||
videos: '/srv/peertube/videos/'
|
||||
streaming_playlists: '/srv/peertube/streaming-playlists/'
|
||||
redundancy: '/srv/peertube/redundancy/'
|
||||
logs: '/srv/peertube/logs/'
|
||||
previews: '/srv/peertube/previews/'
|
||||
thumbnails: '/srv/peertube/thumbnails/'
|
||||
torrents: '/srv/peertube/torrents/'
|
||||
captions: '/srv/peertube/captions/'
|
||||
cache: '/srv/peertube/cache/'
|
||||
plugins: '/usr/share/peertube_plugins/'
|
||||
# Overridable client files in client/dist/assets/images:
|
||||
# - logo.svg
|
||||
# - favicon.png
|
||||
# - default-playlist.jpg
|
||||
# - default-avatar-account.png
|
||||
# - default-avatar-video-channel.png
|
||||
# - and icons/*.png (PWA)
|
||||
# Could contain for example assets/images/favicon.png
|
||||
# If the file exists, peertube will serve it
|
||||
# If not, peertube will fallback to the default file
|
||||
client_overrides: '/srv/peertube/client-overrides/'
|
||||
|
||||
object_storage:
|
||||
enabled: false
|
||||
|
||||
# Without protocol, will default to HTTPS
|
||||
endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
|
||||
|
||||
region: 'us-east-1'
|
||||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: ''
|
||||
# You can also use AWS_SECRET_ACCESS_KEY env variable
|
||||
secret_access_key: ''
|
||||
|
||||
# Maximum amount to upload in one request to object storage
|
||||
max_upload_part: 2GB
|
||||
|
||||
streaming_playlists:
|
||||
bucket_name: 'streaming-playlists'
|
||||
|
||||
# Allows setting all buckets to the same value but with a different prefix
|
||||
prefix: '' # Example: 'streaming-playlists:'
|
||||
|
||||
# Base url for object URL generation, scheme and host will be replaced by this URL
|
||||
# Useful when you want to use a CDN/external proxy
|
||||
base_url: '' # Example: 'https://mirror.example.com'
|
||||
|
||||
# Same settings but for webtorrent videos
|
||||
videos:
|
||||
bucket_name: 'videos'
|
||||
prefix: ''
|
||||
base_url: ''
|
||||
|
||||
log:
|
||||
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
|
||||
rotation:
|
||||
enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
|
||||
max_file_size: 12MB
|
||||
max_files: 20
|
||||
anonymize_ip: false
|
||||
log_ping_requests: true
|
||||
prettify_sql: false
|
||||
|
||||
trending:
|
||||
videos:
|
||||
interval_days: 7 # Compute trending videos for the last x days
|
||||
algorithms:
|
||||
enabled:
|
||||
- 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
|
||||
- 'hot' # adaptation of Reddit's 'Hot' algorithm
|
||||
- 'most-viewed' # default, used initially by PeerTube as the trending page
|
||||
- 'most-liked'
|
||||
default: 'most-viewed'
|
||||
|
||||
# Cache remote videos on your server, to help other instances to broadcast the video
|
||||
# You can define multiple caches using different sizes/strategies
|
||||
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
|
||||
redundancy:
|
||||
videos:
|
||||
check_interval: '1 hour' # How often you want to check new videos to cache
|
||||
strategies: # Just uncomment strategies you want
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'most-views' # Cache videos that have the most views
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'trending' # Cache trending videos
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'recently-added' # Cache recently added videos
|
||||
# min_views: 10 # Having at least x views
|
||||
|
||||
# Other instances that duplicate your content
|
||||
remote_redundancy:
|
||||
videos:
|
||||
# 'nobody': Do not accept remote redundancies
|
||||
# 'anybody': Accept remote redundancies from anybody
|
||||
# 'followings': Accept redundancies from instance followings
|
||||
accept_from: 'anybody'
|
||||
|
||||
csp:
|
||||
enabled: false
|
||||
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
|
||||
report_uri:
|
||||
|
||||
security:
|
||||
# Set the X-Frame-Options header to help to mitigate clickjacking attacks
|
||||
frameguard:
|
||||
enabled: true
|
||||
|
||||
tracker:
|
||||
# If you disable the tracker, you disable the P2P aspect of PeerTube
|
||||
enabled: true
|
||||
# Only handle requests on your videos
|
||||
# If you set this to false it means you have a public tracker
|
||||
# Then, it is possible that clients overload your instance with external torrents
|
||||
private: true
|
||||
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
|
||||
reject_too_many_announces: false
|
||||
|
||||
history:
|
||||
videos:
|
||||
# If you want to limit users videos history
|
||||
# -1 means there is no limitations
|
||||
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
|
||||
max_age: -1
|
||||
|
||||
views:
|
||||
videos:
|
||||
# PeerTube creates a database entry every hour for each video to track views over a period of time
|
||||
# This is used in particular by the Trending page
|
||||
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
|
||||
# -1 means no cleanup
|
||||
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
|
||||
remote:
|
||||
max_age: '30 days'
|
||||
|
||||
# PeerTube buffers local video views before updating and federating the video
|
||||
local_buffer_update_interval: '30 minutes'
|
||||
|
||||
ip_view_expiration: '1 hour'
|
||||
|
||||
plugins:
|
||||
# The website PeerTube will ask for available PeerTube plugins and themes
|
||||
# This is an unmoderated plugin index, so only install plugins/themes you trust
|
||||
index:
|
||||
enabled: false
|
||||
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
|
||||
url: 'https://packages.joinpeertube.org'
|
||||
|
||||
federation:
|
||||
videos:
|
||||
federate_unlisted: false
|
||||
|
||||
# Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments)
|
||||
# It removes objects that do not exist anymore, and potentially fix their URLs
|
||||
cleanup_remote_interactions: true
|
||||
|
||||
peertube:
|
||||
check_latest_version:
|
||||
# Check and notify admins of new PeerTube versions
|
||||
enabled: false
|
||||
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
|
||||
url: 'https://joinpeertube.org/api/v1/versions.json'
|
||||
|
||||
webadmin:
|
||||
configuration:
|
||||
edition:
|
||||
# Set this to false if you don't want to allow config edition in the web interface by instance admins
|
||||
allowed: false
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
# From this point, all the following keys can be overridden by the web interface
|
||||
# (local-production.json file). If you need to change some values, prefer to
|
||||
# use the web interface because the configuration will be automatically
|
||||
# reloaded without any need to restart PeerTube
|
||||
#
|
||||
# /!\ If you already have a local-production.json file, the modification of the
|
||||
# following keys will have no effect /!\
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
cache:
|
||||
previews:
|
||||
size: 500 # Max number of previews you want to cache
|
||||
captions:
|
||||
size: 500 # Max number of video captions/subtitles you want to cache
|
||||
torrents:
|
||||
size: 500 # Max number of video torrents you want to cache
|
||||
|
||||
admin:
|
||||
# Used to generate the root user at first startup
|
||||
# And to receive emails from the contact form
|
||||
email: '%%peertube_admin_email'
|
||||
|
||||
contact_form:
|
||||
enabled: true
|
||||
|
||||
signup:
|
||||
enabled: false
|
||||
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
|
||||
minimum_age: 16 # Used to configure the signup form
|
||||
requires_email_verification: false
|
||||
filters:
|
||||
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
|
||||
whitelist: []
|
||||
blacklist: []
|
||||
|
||||
user:
|
||||
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
|
||||
# Byte format is supported ("1GB" etc)
|
||||
# -1 == unlimited
|
||||
video_quota: -1
|
||||
video_quota_daily: -1
|
||||
|
||||
video_channels:
|
||||
max_per_user: 20 # Allows each user to create up to 20 video channels.
|
||||
|
||||
# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
|
||||
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
|
||||
# Please, do not disable transcoding since many uploaded videos will not work
|
||||
transcoding:
|
||||
enabled: true
|
||||
|
||||
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
|
||||
allow_additional_extensions: true
|
||||
|
||||
# If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
|
||||
allow_audio_files: true
|
||||
|
||||
# Amount of threads used by ffmpeg for 1 transcoding job
|
||||
threads: 1
|
||||
# Amount of transcoding jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Choose the transcoding profile
|
||||
# New profiles can be added by plugins
|
||||
# Available in core PeerTube: 'default'
|
||||
profile: 'default'
|
||||
|
||||
resolutions: # Only created if the original video has a higher resolution, uses more storage!
|
||||
0p: false # audio-only (creates mp4 without video stream, always created when enabled)
|
||||
144p: false
|
||||
240p: false
|
||||
360p: false
|
||||
480p: false
|
||||
720p: false
|
||||
1080p: false
|
||||
1440p: false
|
||||
2160p: false
|
||||
|
||||
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
|
||||
# If you also enabled the hls format, it will multiply videos storage by 2
|
||||
# If disabled, breaks federation with PeerTube instances < 2.1
|
||||
webtorrent:
|
||||
enabled: false
|
||||
|
||||
# /!\ Requires ffmpeg >= 4.1
|
||||
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
|
||||
# * Resolution change is smoother
|
||||
# * Faster playback in particular with long videos
|
||||
# * More stable playback (less bugs/infinite loading)
|
||||
# If you also enabled the webtorrent format, it will multiply videos storage by 2
|
||||
hls:
|
||||
enabled: true
|
||||
|
||||
live:
|
||||
enabled: false
|
||||
|
||||
# Limit lives duration
|
||||
# -1 == unlimited
|
||||
max_duration: -1 # For example: '5 hours'
|
||||
|
||||
# Limit max number of live videos created on your instance
|
||||
# -1 == unlimited
|
||||
max_instance_lives: 20
|
||||
|
||||
# Limit max number of live videos created by a user on your instance
|
||||
# -1 == unlimited
|
||||
max_user_lives: 3
|
||||
|
||||
# Allow your users to save a replay of their live
|
||||
# PeerTube will transcode segments in a video file
|
||||
# If the user daily/total quota is reached, PeerTube will stop the live
|
||||
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
|
||||
allow_replay: true
|
||||
|
||||
# Your firewall should accept traffic from this port in TCP if you enable live
|
||||
rtmp:
|
||||
enabled: true
|
||||
port: 1935
|
||||
|
||||
rtmps:
|
||||
enabled: false
|
||||
port: 1936
|
||||
# Absolute path
|
||||
key_file: ''
|
||||
# Absolute path
|
||||
cert_file: ''
|
||||
|
||||
# Allow to transcode the live streaming in multiple live resolutions
|
||||
transcoding:
|
||||
enabled: true
|
||||
threads: 2
|
||||
|
||||
# Choose the transcoding profile
|
||||
# New profiles can be added by plugins
|
||||
# Available in core PeerTube: 'default'
|
||||
profile: 'default'
|
||||
|
||||
resolutions:
|
||||
144p: false
|
||||
240p: false
|
||||
360p: false
|
||||
480p: false
|
||||
720p: false
|
||||
1080p: false
|
||||
1440p: false
|
||||
2160p: false
|
||||
|
||||
import:
|
||||
# Add ability for your users to import remote videos (from YouTube, torrent...)
|
||||
videos:
|
||||
# Amount of import jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
|
||||
http:
|
||||
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
|
||||
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
|
||||
enabled: true
|
||||
|
||||
youtube_dl_release:
|
||||
# Direct download URL to youtube-dl binary
|
||||
# Github releases API is also supported
|
||||
# Examples:
|
||||
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
|
||||
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
|
||||
url: 'https://yt-dl.org/downloads/latest/youtube-dl'
|
||||
|
||||
# youtube-dl binary name
|
||||
# yt-dlp is also supported
|
||||
name: 'youtube-dl'
|
||||
|
||||
# Path to the python binary to execute for youtube-dl or yt-dlp
|
||||
python_path: '/usr/bin/python3'
|
||||
|
||||
# IPv6 is very strongly rate-limited on most sites supported by youtube-dl
|
||||
force_ipv4: false
|
||||
|
||||
# Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
|
||||
torrent:
|
||||
# We recommend to only enable magnet URI/torrent import if you trust your users
|
||||
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
|
||||
enabled: false
|
||||
|
||||
auto_blacklist:
|
||||
# New videos automatically blacklisted so moderators can review before publishing
|
||||
videos:
|
||||
of_users:
|
||||
enabled: false
|
||||
|
||||
# Instance settings
|
||||
instance:
|
||||
name: 'PeerTube'
|
||||
short_description: '%%peertube_short_description'
|
||||
description: '%%peertube_description' # Support markdown
|
||||
terms: 'No terms for now.' # Support markdown
|
||||
code_of_conduct: '' # Supports markdown
|
||||
|
||||
# Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
|
||||
moderation_information: '' # Supports markdown
|
||||
|
||||
# Why did you create this instance?
|
||||
creation_reason: '' # Supports Markdown
|
||||
|
||||
# Who is behind the instance? A single person? A non profit?
|
||||
administrator: '' # Supports Markdown
|
||||
|
||||
# How long do you plan to maintain this instance?
|
||||
maintenance_lifetime: '' # Supports Markdown
|
||||
|
||||
# How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
|
||||
business_model: '' # Supports Markdown
|
||||
|
||||
# If you want to explain on what type of hardware your PeerTube instance runs
|
||||
# Example: '2 vCore, 2GB RAM...'
|
||||
hardware_information: '' # Supports Markdown
|
||||
|
||||
# What are the main languages of your instance? To interact with your users for example
|
||||
# Uncomment or add the languages you want
|
||||
# List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
|
||||
languages:
|
||||
# - en
|
||||
# - es
|
||||
- fr
|
||||
|
||||
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
|
||||
# Uncomment or add the category ids you want
|
||||
# List of supported categories: https://peertube.cpy.re/api/v1/videos/categories
|
||||
categories:
|
||||
# - 1 # Music
|
||||
# - 2 # Films
|
||||
# - 3 # Vehicles
|
||||
# - 4 # Art
|
||||
# - 5 # Sports
|
||||
# - 6 # Travels
|
||||
# - 7 # Gaming
|
||||
# - 8 # People
|
||||
# - 9 # Comedy
|
||||
# - 10 # Entertainment
|
||||
# - 11 # News & Politics
|
||||
# - 12 # How To
|
||||
# - 13 # Education
|
||||
# - 14 # Activism
|
||||
# - 15 # Science & Technology
|
||||
# - 16 # Animals
|
||||
# - 17 # Kids
|
||||
# - 18 # Food
|
||||
|
||||
default_client_route: '/videos/trending'
|
||||
|
||||
# Whether or not the instance is dedicated to NSFW content
|
||||
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
|
||||
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
|
||||
is_nsfw: false
|
||||
# By default, `do_not_list` or `blur` or `display` NSFW videos
|
||||
# Could be overridden per user with a setting
|
||||
default_nsfw_policy: 'do_not_list'
|
||||
|
||||
customizations:
|
||||
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
|
||||
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
|
||||
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add `/` to `Disallow:`
|
||||
robots: |
|
||||
User-agent: *
|
||||
Disallow:
|
||||
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
|
||||
securitytxt:
|
||||
'# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
|
||||
|
||||
services:
|
||||
# Cards configuration to format video in Twitter
|
||||
twitter:
|
||||
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
|
||||
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
|
||||
# If false, we use an image link card that will redirect on your PeerTube instance
|
||||
# Change it to `true`, and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
|
||||
whitelisted: false
|
||||
|
||||
followers:
|
||||
instance:
|
||||
# Allow or not other instances to follow yours
|
||||
enabled: true
|
||||
# Whether or not an administrator must manually validate a new follower
|
||||
manual_approval: false
|
||||
|
||||
followings:
|
||||
instance:
|
||||
# If you want to automatically follow back new instance followers
|
||||
# If this option is enabled, use the mute feature instead of deleting followings
|
||||
# /!\ Don't enable this if you don't have a reactive moderation team /!\
|
||||
auto_follow_back:
|
||||
enabled: false
|
||||
|
||||
# If you want to automatically follow instances of the public index
|
||||
# If this option is enabled, use the mute feature instead of deleting followings
|
||||
# /!\ Don't enable this if you don't have a reactive moderation team /!\
|
||||
auto_follow_index:
|
||||
enabled: false
|
||||
# Host your own using https://framagit.org/framasoft/peertube/instances-peertube#peertube-auto-follow
|
||||
index_url: ''
|
||||
|
||||
theme:
|
||||
default: 'default'
|
||||
|
||||
broadcast_message:
|
||||
enabled: false
|
||||
message: '' # Support markdown
|
||||
level: 'info' # 'info' | 'warning' | 'error'
|
||||
dismissable: false
|
||||
|
||||
search:
|
||||
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
|
||||
# If enabled, the associated group will be able to "escape" from the instance follows
|
||||
# That means they will be able to follow channels, watch videos, list videos of non followed instances
|
||||
remote_uri:
|
||||
users: true
|
||||
anonymous: false
|
||||
|
||||
# Use a third party index instead of your local index, only for search results
|
||||
# Useful to discover content outside of your instance
|
||||
# If you enable search_index, you must enable remote_uri search for users
|
||||
# If you do not enable remote_uri search for anonymous user, your instance will redirect the user on the origin instance
|
||||
# instead of loading the video locally
|
||||
search_index:
|
||||
enabled: false
|
||||
# URL of the search index, that should use the same search API and routes
|
||||
# than PeerTube: https://docs.joinpeertube.org/api-rest-reference.html
|
||||
# You should deploy your own with https://framagit.org/framasoft/peertube/search-index,
|
||||
# and can use https://search.joinpeertube.org/ for tests, but keep in mind the latter is an unmoderated search index
|
||||
url: ''
|
||||
# You can disable local search, so users only use the search index
|
||||
disable_local_search: false
|
||||
# If you did not disable local search, you can decide to use the search index by default
|
||||
is_default_search: false
|
||||
|
||||
# PeerTube client/interface configuration
|
||||
client:
|
||||
videos:
|
||||
miniature:
|
||||
# By default PeerTube client displays author username
|
||||
prefer_author_display_name: false
|
||||
|
||||
menu:
|
||||
login:
|
||||
# If you enable only one external auth plugin
|
||||
# You can automatically redirect your users on this external platform when they click on the login button
|
||||
redirect_on_single_external_auth: false
|
|
@ -0,0 +1,2 @@
|
|||
g peertube 982 -
|
||||
u peertube 983:982 "Peertube Server" /usr/share/peertube /sbin/nologin
|
|
@ -0,0 +1 @@
|
|||
d /srv/peertube/ 750 peertube nginx - -
|
|
@ -0,0 +1,11 @@
|
|||
format: '0.1'
|
||||
description: Nextcloud
|
||||
depends:
|
||||
- base-fedora-35
|
||||
- mariadb-client
|
||||
- ldap-client-fedora
|
||||
- oauth2-client
|
||||
- relay-mail-client
|
||||
- nginx-common
|
||||
- php-fpm
|
||||
- reverse-proxy-client
|
|
@ -0,0 +1,11 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="piwigo" manage="False">
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="piwigo" description="Piwigo">
|
||||
</family>
|
||||
</variables>
|
||||
</rougail>
|
|
@ -0,0 +1,9 @@
|
|||
mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/local/share"
|
||||
app=$(wget https://api.github.com/repos/Piwigo/Piwigo/releases/latest -q -O - | jq -r '.tag_name')
|
||||
wget -q "https://github.com/Piwigo/Piwigo/archive/refs/tags/$app.tar.gz"
|
||||
tar xf *tar.gz
|
||||
rm -f *tar.gz
|
||||
mv Piwigo-* piwigo
|
||||
chown -R root: piwigo
|
||||
cd -
|
|
@ -0,0 +1,10 @@
|
|||
format: '0.1'
|
||||
description: Pleroma
|
||||
depends:
|
||||
- base-fedora-36
|
||||
- postgresql-client
|
||||
- relay-mail-client
|
||||
- reverse-proxy-client
|
||||
- redis-client
|
||||
- nginx-common
|
||||
- oauth2-client
|
|
@ -0,0 +1,68 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="peertube" target="multi-user">
|
||||
<override/>
|
||||
<file engine="none" source="sysuser-peertube.conf">/sysusers.d/0peertube.conf</file>
|
||||
<file engine="none" source="tmpfile-peertube.conf">/tmpfiles.d/0peertube.conf</file>
|
||||
<file>/etc/peertube/production.yaml</file>
|
||||
<file engine="none">/etc/pam.d/login</file>
|
||||
<file source="nginx.peertube.conf">/etc/nginx/conf.d/peertube.conf</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="peertube">
|
||||
<variable name="peertube_admin_email" type="mail" description="Adresse courriel de l'administrateur Peertube" mandatory="True"/>
|
||||
<variable name="peertube_short_description" type="string" description="Description courte de l'instance">
|
||||
<value>PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.</value>
|
||||
</variable>
|
||||
<variable name="peertube_description" type="string" description="Description de l'instance">
|
||||
<value>Welcome to this PeerTube instance!</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="oauth2_client">
|
||||
<variable name="oauth2_is_client_application" redefine='True'>
|
||||
<value>True</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_name" redefine='True'>
|
||||
<value>Vidéo</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_description" redefine='True'>
|
||||
<value>Plateforme de partage de vidéo Peertube</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_category" redefine='True'>
|
||||
<value>Réseaux sociaux</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_logo" redefine='True'>
|
||||
<value>silique_video.png</value>
|
||||
</variable>
|
||||
<variable name="oauth2_client_external" redefine="True" remove_fill="True"/>
|
||||
</family>
|
||||
<family name="nginx" description="Reverse proxy">
|
||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
||||
<variable name="revprox_client_location" redefine="True">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_max_body_size" redefine="True">
|
||||
<value>12G</value>
|
||||
</variable>
|
||||
</family>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable">revprox_client_external_domainname</param>
|
||||
<param type="variable">revprox_client_location</param>
|
||||
<param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
|
||||
<target>oauth2_client_external</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="boolean">True</param>
|
||||
<param name="default" type="boolean">False</param>
|
||||
<param name="condition" type="variable">revprox_client_location</param>
|
||||
<param name="expected">/socket.io</param>
|
||||
<target>revprox_client_is_websocket</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
# https://docs-develop.pleroma.social/backend/installation/otp_en/
|
||||
|
||||
arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"
|
|
@ -0,0 +1,2 @@
|
|||
PKG="$PKG ffmpeg"
|
||||
FUSION=true
|
17
seed/applicationservice/2022.03.08/pleroma/templates/login
Normal file
17
seed/applicationservice/2022.03.08/pleroma/templates/login
Normal file
|
@ -0,0 +1,17 @@
|
|||
# File from util-linux-*.x86_64 (not installed)
|
||||
#%PAM-1.0
|
||||
auth substack system-auth
|
||||
auth include postlogin
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||
session required pam_selinux.so open
|
||||
session required pam_namespace.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
session include postlogin
|
||||
-session optional pam_ck_connector.so
|
|
@ -0,0 +1,271 @@
|
|||
# GNUNUX /usr/share/peertube/support/nginx/peertube
|
||||
# Minimum Nginx version required: 1.13.0 (released Apr 25, 2017)
|
||||
# Please check your Nginx installation features the following modules via 'nginx -V':
|
||||
# STANDARD HTTP MODULES: Core, Proxy, Rewrite, Access, Gzip, Headers, HTTP/2, Log, Real IP, SSL, Thread Pool, Upstream, AIO Multithreading.
|
||||
# THIRD PARTY MODULES: None.
|
||||
|
||||
# GNUNUX server {
|
||||
# GNUNUX listen 80;
|
||||
# GNUNUX listen [::]:80;
|
||||
# GNUNUX server_name ${WEBSERVER_HOST};
|
||||
# GNUNUX
|
||||
# GNUNUX location /.well-known/acme-challenge/ {
|
||||
# GNUNUX default_type "text/plain";
|
||||
# GNUNUX root /var/www/certbot;
|
||||
# GNUNUX }
|
||||
# GNUNUX location / { return 301 https://$host$request_uri; }
|
||||
# GNUNUX }
|
||||
|
||||
upstream %%domain_name_eth0 {
|
||||
# GNUNUX server ${PEERTUBE_HOST};
|
||||
server localhost:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name %%domain_name_eth0;
|
||||
|
||||
# GNUNUX access_log /var/log/nginx/peertube.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
# GNUNUX error_log /var/log/nginx/peertube.error.log;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
# GNUNUX ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
|
||||
# GNUNUX ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
|
||||
#>GNUNUX
|
||||
ssl_client_certificate %%revprox_ca_file;
|
||||
ssl_certificate %%revprox_cert_file;
|
||||
ssl_certificate_key %%revprox_key_file;
|
||||
#<GNUNUX
|
||||
|
||||
# GNUNUX location ^~ '/.well-known/acme-challenge' {
|
||||
# GNUNUX default_type "text/plain";
|
||||
# GNUNUX root /var/www/certbot;
|
||||
# GNUNUX }
|
||||
|
||||
##
|
||||
# Security hardening (as of Nov 15, 2020)
|
||||
# based on Mozilla Guideline v5.6
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
|
||||
ssl_session_timeout 1d; # defaults to 5m
|
||||
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
|
||||
ssl_session_tickets off;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
|
||||
##
|
||||
# Application
|
||||
##
|
||||
|
||||
location @api {
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host %%revprox_client_external_domainname;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
client_max_body_size 100k; # default is 1M
|
||||
|
||||
proxy_connect_timeout 10m;
|
||||
proxy_send_timeout 10m;
|
||||
proxy_read_timeout 10m;
|
||||
send_timeout 10m;
|
||||
|
||||
proxy_pass http://%%domain_name_eth0;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload-resumable {
|
||||
client_max_body_size 0;
|
||||
proxy_request_buffering off;
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location = /api/v1/videos/upload {
|
||||
limit_except POST HEAD { deny all; }
|
||||
|
||||
# This is the maximum upload size, which roughly matches the maximum size of a video file.
|
||||
# Note that temporary space is needed equal to the total size of all concurrent uploads.
|
||||
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
|
||||
# on a dedicated filesystem.
|
||||
client_max_body_size 12G; # default is 1M
|
||||
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
||||
client_max_body_size 6M; # default is 1M
|
||||
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
||||
|
||||
try_files /dev/null @api;
|
||||
}
|
||||
|
||||
##
|
||||
# Websocket
|
||||
##
|
||||
|
||||
location @api_websocket {
|
||||
proxy_http_version 1.1;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host %%revprox_client_external_domainname;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://%%domain_name_eth0;
|
||||
}
|
||||
|
||||
location /socket.io {
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
location /tracker/socket {
|
||||
# Peers send a message to the tracker every 15 minutes
|
||||
# Don't close the websocket before then
|
||||
proxy_read_timeout 15m; # default is 60s
|
||||
|
||||
try_files /dev/null @api_websocket;
|
||||
}
|
||||
|
||||
##
|
||||
# Performance optimizations
|
||||
# For extra performance please refer to https://github.com/denji/nginx-tuning
|
||||
##
|
||||
|
||||
# GNUNUX root /var/www/peertube/storage;
|
||||
root /usr/share/peertube;
|
||||
|
||||
# Enable compression for JS/CSS/HTML, for improved client load times.
|
||||
# It might be nice to compress JSON/XML as returned by the API, but
|
||||
# leaving that out to protect against potential BREACH attack.
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_types # text/html is always compressed by HttpGzipModule
|
||||
text/css
|
||||
application/javascript
|
||||
font/truetype
|
||||
font/opentype
|
||||
application/vnd.ms-fontobject
|
||||
image/svg+xml;
|
||||
gzip_min_length 1000; # default is 20 bytes
|
||||
gzip_buffers 16 8k;
|
||||
gzip_comp_level 2; # default is 1
|
||||
|
||||
client_body_timeout 30s; # default is 60
|
||||
client_header_timeout 10s; # default is 60
|
||||
send_timeout 10s; # default is 60
|
||||
keepalive_timeout 10s; # default is 75
|
||||
resolver_timeout 10s; # default is 30
|
||||
reset_timedout_connection on;
|
||||
proxy_ignore_client_abort on;
|
||||
|
||||
tcp_nopush on; # send headers in one piece
|
||||
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
|
||||
|
||||
# If you have a small /var/lib partition, it could be interesting to store temp nginx uploads in a different place
|
||||
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
|
||||
#client_body_temp_path /var/www/peertube/storage/nginx/;
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
# Should be consistent with client-overrides assets list in /server/controllers/client.ts
|
||||
location ~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-video-channel\.png))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
# GNUNUX root /var/www/peertube;
|
||||
root /usr/share/peertube;
|
||||
|
||||
try_files /storage/client-overrides/$1 /peertube-latest/client/dist/$1 @api;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$ {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable"; # Cache 1 year
|
||||
|
||||
# GNUNUX alias /var/www/peertube/client/dist/$1;
|
||||
alias /usr/share/peertube/client/dist/$1;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(thumbnails|avatars)/ {
|
||||
root /srv/peertube;
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Cache-Control "public, max-age=7200"; # Cache response 2 hours
|
||||
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
|
||||
# Bypass PeerTube for performance reasons. Optional.
|
||||
location ~ ^/static/(webseed|redundancy|streaming-playlists)/ {
|
||||
root /srv/peertube;
|
||||
limit_rate_after 5M;
|
||||
|
||||
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client
|
||||
set $peertube_limit_rate 800k;
|
||||
|
||||
# Increase rate limit in HLS mode, because we don't have multiple simultaneous connections
|
||||
if ($request_uri ~ -fragmented.mp4$) {
|
||||
set $peertube_limit_rate 5M;
|
||||
}
|
||||
|
||||
# Use this line with nginx >= 1.17.0
|
||||
#limit_rate $peertube_limit_rate;
|
||||
# Or this line if your nginx < 1.17.0
|
||||
set $limit_rate $peertube_limit_rate;
|
||||
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
add_header Access-Control-Max-Age 1728000; # Preflight request can be cached 20 days
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
if ($request_method = 'GET') {
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
add_header Access-Control-Allow-Methods 'GET, OPTIONS';
|
||||
add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
||||
|
||||
# Don't spam access log file with byte range requests
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
|
||||
# and enables direct copying data from one file descriptor to another.
|
||||
sendfile on;
|
||||
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
|
||||
aio threads;
|
||||
|
||||
rewrite ^/static/webseed/(.*)$ /videos/$1 break;
|
||||
rewrite ^/static/(.*)$ /$1 break;
|
||||
|
||||
try_files $uri @api;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
[Service]
|
||||
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
|
||||
ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"
|
|
@ -0,0 +1,638 @@
|
|||
%compiler-settings
|
||||
commentStartToken = §
|
||||
%end compiler-settings
|
||||
listen:
|
||||
hostname: 'localhost'
|
||||
port: 9000
|
||||
|
||||
# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
|
||||
webserver:
|
||||
https: true
|
||||
hostname: '%%revprox_client_external_domainname'
|
||||
port: 443
|
||||
|
||||
rates_limit:
|
||||
api:
|
||||
# 50 attempts in 10 seconds
|
||||
window: 10 seconds
|
||||
max: 50
|
||||
login:
|
||||
# 15 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 15
|
||||
signup:
|
||||
# 2 attempts in 5 min (only succeeded attempts are taken into account)
|
||||
window: 5 minutes
|
||||
max: 2
|
||||
ask_send_email:
|
||||
# 3 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 3
|
||||
|
||||
# Proxies to trust to get real client IP
|
||||
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
|
||||
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
|
||||
trust_proxy:
|
||||
- 'loopback'
|
||||
|
||||
# Your database name will be database.name OR 'peertube'+database.suffix
|
||||
database:
|
||||
hostname: '%%pg_client_server_domainname'
|
||||
port: 5432
|
||||
ssl: true
|
||||
suffix: '_prod'
|
||||
name: '%%pg_client_database'
|
||||
username: '%%pg_client_username'
|
||||
password: '%%pg_client_password'
|
||||
pool:
|
||||
max: 5
|
||||
|
||||
# Redis server for short time storage
|
||||
# You can also specify a 'socket' path to a unix socket but first need to
|
||||
# comment out hostname and port
|
||||
redis:
|
||||
hostname: '%%redis_client_server_domainname'
|
||||
port: 6379
|
||||
auth: '%%redis_client_password'
|
||||
db: 0
|
||||
|
||||
# SMTP server to send emails
|
||||
smtp:
|
||||
# smtp or sendmail
|
||||
transport: smtp
|
||||
# Path to sendmail command. Required if you use sendmail transport
|
||||
sendmail: null
|
||||
hostname: '%%smtp_relay_address'
|
||||
port: 25 # If you use StartTLS: 587
|
||||
username: '%%smtp_relay_user'
|
||||
password: '%%smtp_relay_password'
|
||||
tls: false # If you use StartTLS: false
|
||||
disable_starttls: false
|
||||
ca_file: '/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt' # Used for self signed certificates
|
||||
from_address: '%%peertube_admin_email'
|
||||
|
||||
email:
|
||||
body:
|
||||
signature: 'PeerTube'
|
||||
subject:
|
||||
prefix: '[PeerTube]'
|
||||
|
||||
# Update default PeerTube values
|
||||
# Set by API when the field is not provided and put as default value in client
|
||||
defaults:
|
||||
# Change default values when publishing a video (upload/import/go Live)
|
||||
publish:
|
||||
download_enabled: true
|
||||
|
||||
comments_enabled: true
|
||||
|
||||
# public = 1, unlisted = 2, private = 3, internal = 4
|
||||
privacy: 1
|
||||
|
||||
# CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
|
||||
# You can also choose a custom licence value added by a plugin
|
||||
# No licence by default
|
||||
licence: null
|
||||
|
||||
p2p:
|
||||
# Enable P2P by default
|
||||
# Can be enabled/disabled by anonymous users and logged in users
|
||||
webapp:
|
||||
enabled: true
|
||||
|
||||
embed:
|
||||
enabled: true
|
||||
|
||||
# From the project root directory
|
||||
storage:
|
||||
tmp: '/srv/peertube/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
|
||||
bin: '/srv/peertube/bin/'
|
||||
avatars: '/srv/peertube/avatars/'
|
||||
videos: '/srv/peertube/videos/'
|
||||
streaming_playlists: '/srv/peertube/streaming-playlists/'
|
||||
redundancy: '/srv/peertube/redundancy/'
|
||||
logs: '/srv/peertube/logs/'
|
||||
previews: '/srv/peertube/previews/'
|
||||
thumbnails: '/srv/peertube/thumbnails/'
|
||||
torrents: '/srv/peertube/torrents/'
|
||||
captions: '/srv/peertube/captions/'
|
||||
cache: '/srv/peertube/cache/'
|
||||
plugins: '/usr/share/peertube_plugins/'
|
||||
# Overridable client files in client/dist/assets/images:
|
||||
# - logo.svg
|
||||
# - favicon.png
|
||||
# - default-playlist.jpg
|
||||
# - default-avatar-account.png
|
||||
# - default-avatar-video-channel.png
|
||||
# - and icons/*.png (PWA)
|
||||
# Could contain for example assets/images/favicon.png
|
||||
# If the file exists, peertube will serve it
|
||||
# If not, peertube will fallback to the default file
|
||||
client_overrides: '/srv/peertube/client-overrides/'
|
||||
|
||||
object_storage:
|
||||
enabled: false
|
||||
|
||||
# Without protocol, will default to HTTPS
|
||||
endpoint: '' # 's3.amazonaws.com' or 's3.fr-par.scw.cloud' for example
|
||||
|
||||
region: 'us-east-1'
|
||||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: ''
|
||||
# You can also use AWS_SECRET_ACCESS_KEY env variable
|
||||
secret_access_key: ''
|
||||
|
||||
# Maximum amount to upload in one request to object storage
|
||||
max_upload_part: 2GB
|
||||
|
||||
streaming_playlists:
|
||||
bucket_name: 'streaming-playlists'
|
||||
|
||||
# Allows setting all buckets to the same value but with a different prefix
|
||||
prefix: '' # Example: 'streaming-playlists:'
|
||||
|
||||
# Base url for object URL generation, scheme and host will be replaced by this URL
|
||||
# Useful when you want to use a CDN/external proxy
|
||||
base_url: '' # Example: 'https://mirror.example.com'
|
||||
|
||||
# Same settings but for webtorrent videos
|
||||
videos:
|
||||
bucket_name: 'videos'
|
||||
prefix: ''
|
||||
base_url: ''
|
||||
|
||||
log:
|
||||
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
|
||||
rotation:
|
||||
enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
|
||||
max_file_size: 12MB
|
||||
max_files: 20
|
||||
anonymize_ip: false
|
||||
log_ping_requests: true
|
||||
prettify_sql: false
|
||||
|
||||
trending:
|
||||
videos:
|
||||
interval_days: 7 # Compute trending videos for the last x days
|
||||
algorithms:
|
||||
enabled:
|
||||
- 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
|
||||
- 'hot' # adaptation of Reddit's 'Hot' algorithm
|
||||
- 'most-viewed' # default, used initially by PeerTube as the trending page
|
||||
- 'most-liked'
|
||||
default: 'most-viewed'
|
||||
|
||||
# Cache remote videos on your server, to help other instances to broadcast the video
|
||||
# You can define multiple caches using different sizes/strategies
|
||||
# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following
|
||||
redundancy:
|
||||
videos:
|
||||
check_interval: '1 hour' # How often you want to check new videos to cache
|
||||
strategies: # Just uncomment strategies you want
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'most-views' # Cache videos that have the most views
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'trending' # Cache trending videos
|
||||
# -
|
||||
# size: '10GB'
|
||||
# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances)
|
||||
# min_lifetime: '48 hours'
|
||||
# strategy: 'recently-added' # Cache recently added videos
|
||||
# min_views: 10 # Having at least x views
|
||||
|
||||
# Other instances that duplicate your content
|
||||
remote_redundancy:
|
||||
videos:
|
||||
# 'nobody': Do not accept remote redundancies
|
||||
# 'anybody': Accept remote redundancies from anybody
|
||||
# 'followings': Accept redundancies from instance followings
|
||||
accept_from: 'anybody'
|
||||
|
||||
csp:
|
||||
enabled: false
|
||||
report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk!
|
||||
report_uri:
|
||||
|
||||
security:
|
||||
# Set the X-Frame-Options header to help to mitigate clickjacking attacks
|
||||
frameguard:
|
||||
enabled: true
|
||||
|
||||
tracker:
|
||||
# If you disable the tracker, you disable the P2P aspect of PeerTube
|
||||
enabled: true
|
||||
# Only handle requests on your videos
|
||||
# If you set this to false it means you have a public tracker
|
||||
# Then, it is possible that clients overload your instance with external torrents
|
||||
private: true
|
||||
# Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers)
|
||||
reject_too_many_announces: false
|
||||
|
||||
history:
|
||||
videos:
|
||||
# If you want to limit users videos history
|
||||
# -1 means there is no limitations
|
||||
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
|
||||
max_age: -1
|
||||
|
||||
views:
|
||||
videos:
|
||||
# PeerTube creates a database entry every hour for each video to track views over a period of time
|
||||
# This is used in particular by the Trending page
|
||||
# PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
|
||||
# -1 means no cleanup
|
||||
# Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
|
||||
remote:
|
||||
max_age: '30 days'
|
||||
|
||||
# PeerTube buffers local video views before updating and federating the video
|
||||
local_buffer_update_interval: '30 minutes'
|
||||
|
||||
ip_view_expiration: '1 hour'
|
||||
|
||||
plugins:
|
||||
# The website PeerTube will ask for available PeerTube plugins and themes
|
||||
# This is an unmoderated plugin index, so only install plugins/themes you trust
|
||||
index:
|
||||
enabled: false
|
||||
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
|
||||
url: 'https://packages.joinpeertube.org'
|
||||
|
||||
federation:
|
||||
videos:
|
||||
federate_unlisted: false
|
||||
|
||||
# Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments)
|
||||
# It removes objects that do not exist anymore, and potentially fix their URLs
|
||||
cleanup_remote_interactions: true
|
||||
|
||||
peertube:
|
||||
check_latest_version:
|
||||
# Check and notify admins of new PeerTube versions
|
||||
enabled: false
|
||||
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
|
||||
url: 'https://joinpeertube.org/api/v1/versions.json'
|
||||
|
||||
webadmin:
|
||||
configuration:
|
||||
edition:
|
||||
# Set this to false if you don't want to allow config edition in the web interface by instance admins
|
||||
allowed: false
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
# From this point, all the following keys can be overridden by the web interface
|
||||
# (local-production.json file). If you need to change some values, prefer to
|
||||
# use the web interface because the configuration will be automatically
|
||||
# reloaded without any need to restart PeerTube
|
||||
#
|
||||
# /!\ If you already have a local-production.json file, the modification of the
|
||||
# following keys will have no effect /!\
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
cache:
|
||||
previews:
|
||||
size: 500 # Max number of previews you want to cache
|
||||
captions:
|
||||
size: 500 # Max number of video captions/subtitles you want to cache
|
||||
torrents:
|
||||
size: 500 # Max number of video torrents you want to cache
|
||||
|
||||
admin:
|
||||
# Used to generate the root user at first startup
|
||||
# And to receive emails from the contact form
|
||||
email: '%%peertube_admin_email'
|
||||
|
||||
contact_form:
|
||||
enabled: true
|
||||
|
||||
signup:
|
||||
enabled: false
|
||||
limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited
|
||||
minimum_age: 16 # Used to configure the signup form
|
||||
requires_email_verification: false
|
||||
filters:
|
||||
cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist
|
||||
whitelist: []
|
||||
blacklist: []
|
||||
|
||||
user:
|
||||
# Default value of maximum video bytes the user can upload (does not take into account transcoded files)
|
||||
# Byte format is supported ("1GB" etc)
|
||||
# -1 == unlimited
|
||||
video_quota: -1
|
||||
video_quota_daily: -1
|
||||
|
||||
video_channels:
|
||||
max_per_user: 20 # Allows each user to create up to 20 video channels.
|
||||
|
||||
# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
|
||||
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
|
||||
# Please, do not disable transcoding since many uploaded videos will not work
|
||||
transcoding:
|
||||
enabled: true
|
||||
|
||||
# Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos
|
||||
allow_additional_extensions: true
|
||||
|
||||
# If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file
|
||||
allow_audio_files: true
|
||||
|
||||
# Amount of threads used by ffmpeg for 1 transcoding job
|
||||
threads: 1
|
||||
# Amount of transcoding jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Choose the transcoding profile
|
||||
# New profiles can be added by plugins
|
||||
# Available in core PeerTube: 'default'
|
||||
profile: 'default'
|
||||
|
||||
resolutions: # Only created if the original video has a higher resolution, uses more storage!
|
||||
0p: false # audio-only (creates mp4 without video stream, always created when enabled)
|
||||
144p: false
|
||||
240p: false
|
||||
360p: false
|
||||
480p: false
|
||||
720p: false
|
||||
1080p: false
|
||||
1440p: false
|
||||
2160p: false
|
||||
|
||||
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
|
||||
# If you also enabled the hls format, it will multiply videos storage by 2
|
||||
# If disabled, breaks federation with PeerTube instances < 2.1
|
||||
webtorrent:
|
||||
enabled: false
|
||||
|
||||
# /!\ Requires ffmpeg >= 4.1
|
||||
# Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent:
|
||||
# * Resolution change is smoother
|
||||
# * Faster playback in particular with long videos
|
||||
# * More stable playback (less bugs/infinite loading)
|
||||
# If you also enabled the webtorrent format, it will multiply videos storage by 2
|
||||
hls:
|
||||
enabled: true
|
||||
|
||||
live:
|
||||
enabled: false
|
||||
|
||||
# Limit lives duration
|
||||
# -1 == unlimited
|
||||
max_duration: -1 # For example: '5 hours'
|
||||
|
||||
# Limit max number of live videos created on your instance
|
||||
# -1 == unlimited
|
||||
max_instance_lives: 20
|
||||
|
||||
# Limit max number of live videos created by a user on your instance
|
||||
# -1 == unlimited
|
||||
max_user_lives: 3
|
||||
|
||||
# Allow your users to save a replay of their live
|
||||
# PeerTube will transcode segments in a video file
|
||||
# If the user daily/total quota is reached, PeerTube will stop the live
|
||||
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
|
||||
allow_replay: true
|
||||
|
||||
# Your firewall should accept traffic from this port in TCP if you enable live
|
||||
rtmp:
|
||||
enabled: true
|
||||
port: 1935
|
||||
|
||||
rtmps:
|
||||
enabled: false
|
||||
port: 1936
|
||||
# Absolute path
|
||||
key_file: ''
|
||||
# Absolute path
|
||||
cert_file: ''
|
||||
|
||||
# Allow to transcode the live streaming in multiple live resolutions
|
||||
transcoding:
|
||||
enabled: true
|
||||
threads: 2
|
||||
|
||||
# Choose the transcoding profile
|
||||
# New profiles can be added by plugins
|
||||
# Available in core PeerTube: 'default'
|
||||
profile: 'default'
|
||||
|
||||
resolutions:
|
||||
144p: false
|
||||
240p: false
|
||||
360p: false
|
||||
480p: false
|
||||
720p: false
|
||||
1080p: false
|
||||
1440p: false
|
||||
2160p: false
|
||||
|
||||
import:
|
||||
# Add ability for your users to import remote videos (from YouTube, torrent...)
|
||||
videos:
|
||||
# Amount of import jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
|
||||
http:
|
||||
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
|
||||
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
|
||||
enabled: true
|
||||
|
||||
youtube_dl_release:
|
||||
# Direct download URL to youtube-dl binary
|
||||
# Github releases API is also supported
|
||||
# Examples:
|
||||
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
|
||||
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
|
||||
url: 'https://yt-dl.org/downloads/latest/youtube-dl'
|
||||
|
||||
# youtube-dl binary name
|
||||
# yt-dlp is also supported
|
||||
name: 'youtube-dl'
|
||||
|
||||
# Path to the python binary to execute for youtube-dl or yt-dlp
|
||||
python_path: '/usr/bin/python3'
|
||||
|
||||
# IPv6 is very strongly rate-limited on most sites supported by youtube-dl
|
||||
force_ipv4: false
|
||||
|
||||
# Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file)
|
||||
torrent:
|
||||
# We recommend to only enable magnet URI/torrent import if you trust your users
|
||||
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
|
||||
enabled: false
|
||||
|
||||
auto_blacklist:
|
||||
# New videos automatically blacklisted so moderators can review before publishing
|
||||
videos:
|
||||
of_users:
|
||||
enabled: false
|
||||
|
||||
# Instance settings
|
||||
instance:
|
||||
name: 'PeerTube'
|
||||
short_description: '%%peertube_short_description'
|
||||
description: '%%peertube_description' # Support markdown
|
||||
terms: 'No terms for now.' # Support markdown
|
||||
code_of_conduct: '' # Supports markdown
|
||||
|
||||
# Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc
|
||||
moderation_information: '' # Supports markdown
|
||||
|
||||
# Why did you create this instance?
|
||||
creation_reason: '' # Supports Markdown
|
||||
|
||||
# Who is behind the instance? A single person? A non profit?
|
||||
administrator: '' # Supports Markdown
|
||||
|
||||
# How long do you plan to maintain this instance?
|
||||
maintenance_lifetime: '' # Supports Markdown
|
||||
|
||||
# How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising?
|
||||
business_model: '' # Supports Markdown
|
||||
|
||||
# If you want to explain on what type of hardware your PeerTube instance runs
|
||||
# Example: '2 vCore, 2GB RAM...'
|
||||
hardware_information: '' # Supports Markdown
|
||||
|
||||
# What are the main languages of your instance? To interact with your users for example
|
||||
# Uncomment or add the languages you want
|
||||
# List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
|
||||
languages:
|
||||
# - en
|
||||
# - es
|
||||
- fr
|
||||
|
||||
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
|
||||
# Uncomment or add the category ids you want
|
||||
# List of supported categories: https://peertube.cpy.re/api/v1/videos/categories
|
||||
categories:
|
||||
# - 1 # Music
|
||||
# - 2 # Films
|
||||
# - 3 # Vehicles
|
||||
# - 4 # Art
|
||||
# - 5 # Sports
|
||||
# - 6 # Travels
|
||||
# - 7 # Gaming
|
||||
# - 8 # People
|
||||
# - 9 # Comedy
|
||||
# - 10 # Entertainment
|
||||
# - 11 # News & Politics
|
||||
# - 12 # How To
|
||||
# - 13 # Education
|
||||
# - 14 # Activism
|
||||
# - 15 # Science & Technology
|
||||
# - 16 # Animals
|
||||
# - 17 # Kids
|
||||
# - 18 # Food
|
||||
|
||||
default_client_route: '/videos/trending'
|
||||
|
||||
# Whether or not the instance is dedicated to NSFW content
|
||||
# Enabling it will allow other administrators to know that you are mainly federating sensitive content
|
||||
# Moreover, the NSFW checkbox on video upload will be automatically checked by default
|
||||
is_nsfw: false
|
||||
# By default, `do_not_list` or `blur` or `display` NSFW videos
|
||||
# Could be overridden per user with a setting
|
||||
default_nsfw_policy: 'do_not_list'
|
||||
|
||||
customizations:
|
||||
javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
|
||||
css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
|
||||
# Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add `/` to `Disallow:`
|
||||
robots: |
|
||||
User-agent: *
|
||||
Disallow:
|
||||
# Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
|
||||
securitytxt:
|
||||
'# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
|
||||
|
||||
services:
|
||||
# Cards configuration to format video in Twitter
|
||||
twitter:
|
||||
username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
|
||||
# If true, a video player will be embedded in the Twitter feed on PeerTube video share
|
||||
# If false, we use an image link card that will redirect on your PeerTube instance
|
||||
# Change it to `true`, and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted
|
||||
whitelisted: false
|
||||
|
||||
followers:
|
||||
instance:
|
||||
# Allow or not other instances to follow yours
|
||||
enabled: true
|
||||
# Whether or not an administrator must manually validate a new follower
|
||||
manual_approval: false
|
||||
|
||||
followings:
|
||||
instance:
|
||||
# If you want to automatically follow back new instance followers
|
||||
# If this option is enabled, use the mute feature instead of deleting followings
|
||||
# /!\ Don't enable this if you don't have a reactive moderation team /!\
|
||||
auto_follow_back:
|
||||
enabled: false
|
||||
|
||||
# If you want to automatically follow instances of the public index
|
||||
# If this option is enabled, use the mute feature instead of deleting followings
|
||||
# /!\ Don't enable this if you don't have a reactive moderation team /!\
|
||||
auto_follow_index:
|
||||
enabled: false
|
||||
# Host your own using https://framagit.org/framasoft/peertube/instances-peertube#peertube-auto-follow
|
||||
index_url: ''
|
||||
|
||||
theme:
|
||||
default: 'default'
|
||||
|
||||
broadcast_message:
|
||||
enabled: false
|
||||
message: '' # Support markdown
|
||||
level: 'info' # 'info' | 'warning' | 'error'
|
||||
dismissable: false
|
||||
|
||||
search:
|
||||
# Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance
|
||||
# If enabled, the associated group will be able to "escape" from the instance follows
|
||||
# That means they will be able to follow channels, watch videos, list videos of non followed instances
|
||||
remote_uri:
|
||||
users: true
|
||||
anonymous: false
|
||||
|
||||
# Use a third party index instead of your local index, only for search results
|
||||
# Useful to discover content outside of your instance
|
||||
# If you enable search_index, you must enable remote_uri search for users
|
||||
# If you do not enable remote_uri search for anonymous user, your instance will redirect the user on the origin instance
|
||||
# instead of loading the video locally
|
||||
search_index:
|
||||
enabled: false
|
||||
# URL of the search index, that should use the same search API and routes
|
||||
# than PeerTube: https://docs.joinpeertube.org/api-rest-reference.html
|
||||
# You should deploy your own with https://framagit.org/framasoft/peertube/search-index,
|
||||
# and can use https://search.joinpeertube.org/ for tests, but keep in mind the latter is an unmoderated search index
|
||||
url: ''
|
||||
# You can disable local search, so users only use the search index
|
||||
disable_local_search: false
|
||||
# If you did not disable local search, you can decide to use the search index by default
|
||||
is_default_search: false
|
||||
|
||||
# PeerTube client/interface configuration
|
||||
client:
|
||||
videos:
|
||||
miniature:
|
||||
# By default PeerTube client displays author username
|
||||
prefer_author_display_name: false
|
||||
|
||||
menu:
|
||||
login:
|
||||
# If you enable only one external auth plugin
|
||||
# You can automatically redirect your users on this external platform when they click on the login button
|
||||
redirect_on_single_external_auth: false
|
|
@ -0,0 +1,2 @@
|
|||
g peertube 982 -
|
||||
u peertube 983:982 "Peertube Server" /usr/share/peertube /sbin/nologin
|
|
@ -0,0 +1 @@
|
|||
d /srv/peertube/ 750 peertube nginx - -
|
|
@ -0,0 +1,2 @@
|
|||
%%get_chain(authority_cn=%%pg_client_server_domainname, authority_name="PostgreSQL")
|
||||
|
|
@ -0,0 +1 @@
|
|||
%%get_certificate(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name='PostgreSQL', type="client")
|
|
@ -0,0 +1 @@
|
|||
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name='PostgreSQL', type="client")
|
|
@ -0,0 +1 @@
|
|||
%%get_chain(authority_cn=%%domain_name_eth0, authority_name="PostgreSQL")
|
|
@ -0,0 +1 @@
|
|||
%%get_certificate(%%domain_name_eth0, 'PostgreSQL')
|
|
@ -0,0 +1 @@
|
|||
%%get_private_key(%%domain_name_eth0, 'PostgreSQL')
|
|
@ -0,0 +1,105 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="nginx" manage="False">
|
||||
<file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
|
||||
<file file_type="variable" source="revprox.crt">revprox_cert_file</file>
|
||||
<file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_key_file</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
<family name="nginx" description="Reverse proxy">
|
||||
<variable name="revprox_client_server_domainname" type="domainname" description="Nom de domaine du serveur mandataire inverse" mandatory='True'/>
|
||||
<variable name="revprox_client_server_ip" type="ip" hidden='True'/>
|
||||
<variable name="revprox_client_external_domainname" type="domainname" description="Nom de domaine exterieur du serveur" mandatory='True' provider="external_domainname"/>
|
||||
<family name="revprox_client" description="Point d'entré des clients" leadership="True">
|
||||
<variable name="revprox_client_location" type="filename" description="Nom de l'arborescence racine du site" mandatory="True" multi="True">
|
||||
<value>/</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_is_websocket" type="boolean" description="Le point d'entré est de types websocket" mandatory="True">
|
||||
<value>False</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_max_body_size" description="Taille maximum du corps"/>
|
||||
</family>
|
||||
<variable name="revprox_client_local_location" type="filename" description="Nom de l'arborescene racine du site localement" hidden='True'/>
|
||||
<variable name="revprox_client_web_address" type="web_address" description="Nom de domaine du client du mandataire inverse" hidden='True'/>
|
||||
<variable name="revprox_client_port" type="port" description="Port du client du mandataire inverse" hidden='True'>
|
||||
<value>443</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_owner" type="unix_user" description="Reverse proxy certificate owner">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
<variable name="revprox_client_cert_group" type="unix_user" description="Reverse proxy certificate group">
|
||||
<value>root</value>
|
||||
</variable>
|
||||
<variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
|
||||
<variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
|
||||
<variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
|
||||
<variable name="nginx_default" exists="True" redefine="True" remove_fill="True" mandatory="False"/>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name="calc_web_address">
|
||||
<param type="variable">domain_name_eth0</param>
|
||||
<param type="variable">revprox_client_port</param>
|
||||
<param type="variable">revprox_client_local_location</param>
|
||||
<target>revprox_client_web_address</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_ca_directory</param>
|
||||
<param>ca_InternalReverseProxy.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>revprox_ca_file</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_cert_directory</param>
|
||||
<param>revprox.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>revprox_cert_file</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_key_directory</param>
|
||||
<param>revprox.key</param>
|
||||
<param name="join">/</param>
|
||||
<target>revprox_key_file</target>
|
||||
</fill>
|
||||
<fill name="set_linked">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_clients</param>
|
||||
<param name="linked_value" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="linked_returns">ip</param>
|
||||
<param name="dynamic">0</param>
|
||||
<target>revprox_client_server_ip</target>
|
||||
</fill>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_location</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<target>revprox_client_location</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_is_websocket</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="leader_provider">revprox_location</param>
|
||||
<param name="leader_value" type="variable">revprox_client_location</param>
|
||||
<target>revprox_client_is_websocket</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_max_body_size</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<param name="leader_provider">revprox_location</param>
|
||||
<param name="leader_value" type="variable">revprox_client_location</param>
|
||||
<target>revprox_client_max_body_size</target>
|
||||
</check>
|
||||
<check name="set_linked_configuration">
|
||||
<param name="linked_server" type="variable">revprox_client_server_domainname</param>
|
||||
<param name="linked_provider">revprox_url</param>
|
||||
<param name="leader_provider">revprox_location</param>
|
||||
<param name="leader_value" type="variable">revprox_client_location</param>
|
||||
<param name="dynamic" type="variable">revprox_client_external_domainname</param>
|
||||
<target>revprox_client_web_address</target>
|
||||
</check>
|
||||
</constraints>
|
||||
</rougail>
|
|
@ -0,0 +1,420 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
version="1.1"
|
||||
id="svg2"
|
||||
width="177.44817"
|
||||
height="84.108955"
|
||||
viewBox="0 0 177.44817 84.108956"
|
||||
sodipodi:docname="silique_cloud.svg"
|
||||
inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
|
||||
inkscape:export-filename="/home/gnunux/Silique/silique_cloud.png"
|
||||
inkscape:export-xdpi="216.39999"
|
||||
inkscape:export-ydpi="216.39999"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:svg="http://www.w3.org/2000/svg">
|
||||
<defs
|
||||
id="defs6">
|
||||
<linearGradient
|
||||
id="linearGradient4842">
|
||||
<stop
|
||||
id="stop4838"
|
||||
style="stop-color:#ffe96b;stop-opacity:1"
|
||||
offset="0" />
|
||||
<stop
|
||||
id="stop4840"
|
||||
style="stop-color:#91c644;stop-opacity:1"
|
||||
offset="1" />
|
||||
</linearGradient>
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
id="linearGradient126196">
|
||||
<stop
|
||||
style="stop-color:#007203;stop-opacity:1;"
|
||||
offset="0"
|
||||
id="stop126192" />
|
||||
<stop
|
||||
style="stop-color:#007203;stop-opacity:0;"
|
||||
offset="1"
|
||||
id="stop126194" />
|
||||
</linearGradient>
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
id="fond_vert">
|
||||
<stop
|
||||
style="stop-color:#007203;stop-opacity:1;"
|
||||
offset="0"
|
||||
id="stop38409" />
|
||||
<stop
|
||||
style="stop-color:#5ca20e;stop-opacity:1"
|
||||
offset="1"
|
||||
id="stop38411" />
|
||||
</linearGradient>
|
||||
<linearGradient
|
||||
id="linearGradient14755"
|
||||
inkscape:swatch="solid">
|
||||
<stop
|
||||
style="stop-color:#9bca48;stop-opacity:1;"
|
||||
offset="0"
|
||||
id="stop14753" />
|
||||
</linearGradient>
|
||||
<marker
|
||||
style="overflow:visible"
|
||||
id="Arrow1Lstart"
|
||||
refX="0"
|
||||
refY="0"
|
||||
orient="auto"
|
||||
inkscape:stockid="Arrow1Lstart"
|
||||
inkscape:isstock="true">
|
||||
<path
|
||||
transform="matrix(0.8,0,0,0.8,10,0)"
|
||||
style="fill:context-stroke;fill-rule:evenodd;stroke:context-stroke;stroke-width:1pt"
|
||||
d="M 0,0 5,-5 -12.5,0 5,5 Z"
|
||||
id="path2092" />
|
||||
</marker>
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
xlink:href="#linearGradient126196"
|
||||
id="linearGradient126198"
|
||||
x1="228.22656"
|
||||
y1="202.49219"
|
||||
x2="324.28137"
|
||||
y2="202.49219"
|
||||
gradientUnits="userSpaceOnUse" />
|
||||
<clipPath
|
||||
id="clipPath530"
|
||||
clipPathUnits="userSpaceOnUse">
|
||||
<path
|
||||
id="path532"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 492.82,620.53 c 0,0 -1.181,-8.485 -10.269,-16.019 -9.092,-7.53 -31.685,-15.146 -46.705,-33.749 -15.018,-18.601 -7.72,-36.875 -3.868,-42.334 2.211,-3.134 5.562,-3.876 8.019,-3.935 -0.91,4.277 -1.486,9.019 -1.24,13.954 1.975,19.781 17.473,32.284 19.949,34.611 1.349,1.202 3.866,3.206 6.919,5.426 3.133,2.181 6.435,4.655 9.461,7.536 6.074,5.517 10.949,11.079 10.935,11.079 0.012,0 -4.141,-6.116 -9.656,-12.355 -2.642,-3.15 -5.994,-6.258 -8.846,-8.643 -2.823,-2.472 -5.122,-4.588 -6.416,-5.743 -1.264,-1.176 -5.338,-4.717 -9.235,-10.434 -1.967,-2.905 -3.76,-6.166 -5.493,-10.141 -1.684,-3.434 -2.509,-7.461 -2.548,-11.521 -0.062,-7.086 1.858,-14.012 3.846,-19.377 2.668,-1.382 6.865,-1.834 13.43,0.615 5.236,2.902 9.737,6.218 13.616,9.831 l -6.202,8.169 11.594,-2.494 c 3.872,4.61 6.918,9.569 9.3,14.689 l -11.267,3.398 14.096,3.661 c 2.466,7.16 3.802,14.474 4.41,21.474 l -11.195,-1.946 -0.114,-0.047 0.067,0.04 -1.22,-0.213 12.821,8.513 c 0.57,19.967 -4.189,35.955 -4.189,35.955" />
|
||||
</clipPath>
|
||||
<clipPath
|
||||
id="clipPath554"
|
||||
clipPathUnits="userSpaceOnUse">
|
||||
<path
|
||||
id="path556"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 435.85,570.76 c 13.509,16.729 33.148,24.578 43.571,31.466 -8.989,-8.201 -29.577,-17.459 -42.001,-36.625 -11.215,-17.302 -5.693,-33.296 -1.208,-40.414 -1.528,0.569 -3.041,1.559 -4.23,3.239 -3.852,5.459 -11.15,23.733 3.868,42.334" />
|
||||
</clipPath>
|
||||
<linearGradient
|
||||
id="linearGradient886"
|
||||
y2="7.5225039"
|
||||
y1="7.5225039"
|
||||
x1="7.7122393"
|
||||
gradientTransform="matrix(0.03841487,0,0,0.03915282,255.99999,340.61689)"
|
||||
x2="416.12695"
|
||||
gradientUnits="userSpaceOnUse">
|
||||
<stop
|
||||
id="stop888"
|
||||
style="stop-color:#004f00"
|
||||
offset="0" />
|
||||
<stop
|
||||
id="stop889"
|
||||
style="stop-color:#92c705"
|
||||
offset="1" />
|
||||
</linearGradient>
|
||||
<linearGradient
|
||||
id="linearGradient882"
|
||||
y2="324.68274"
|
||||
y1="157.96686"
|
||||
x2="312.29535"
|
||||
x1="207.02525"
|
||||
gradientTransform="matrix(0.03700393,0,0,0.0406457,255.99999,340.61689)"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
spreadMethod="pad">
|
||||
<stop
|
||||
id="stop884"
|
||||
style="stop-color:#ffe96b;stop-opacity:1"
|
||||
offset="0" />
|
||||
<stop
|
||||
id="stop885"
|
||||
style="stop-color:#91c644;stop-opacity:1"
|
||||
offset="1" />
|
||||
</linearGradient>
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
xlink:href="#linearGradient882"
|
||||
id="linearGradient2848"
|
||||
x1="260.90359"
|
||||
y1="348.3031"
|
||||
x2="266.93088"
|
||||
y2="352.25424"
|
||||
gradientUnits="userSpaceOnUse" />
|
||||
<linearGradient
|
||||
id="linearGradient2220"
|
||||
y2="439.15341"
|
||||
xlink:href="#linearGradient4842"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
x2="127.65018"
|
||||
y1="306.14713"
|
||||
x1="-15.283262"
|
||||
inkscape:collect="always"
|
||||
gradientTransform="matrix(0.03070057,0,0,0.03070057,241.2189,385.12111)" />
|
||||
<linearGradient
|
||||
id="linearGradient1762">
|
||||
<stop
|
||||
id="stop1758"
|
||||
style="stop-color:#91c644;stop-opacity:1"
|
||||
offset="0" />
|
||||
<stop
|
||||
id="stop1760"
|
||||
style="stop-color:#85a25a;stop-opacity:1"
|
||||
offset="1" />
|
||||
</linearGradient>
|
||||
<linearGradient
|
||||
id="linearGradient2222"
|
||||
y2="226.93604"
|
||||
xlink:href="#linearGradient4842"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
x2="326.89941"
|
||||
gradientTransform="matrix(0.03070057,0,0,-0.03070057,241.2189,407.43705)"
|
||||
y1="17.076748"
|
||||
x1="116.66689"
|
||||
inkscape:collect="always" />
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
xlink:href="#linearGradient4842"
|
||||
id="linearGradient1766"
|
||||
x1="-77.476402"
|
||||
y1="256.38412"
|
||||
x2="417.90433"
|
||||
y2="338.79333"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="matrix(0.03070057,0,0,0.03070057,241.2189,385.12111)" />
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
xlink:href="#fond_vert"
|
||||
id="linearGradient117744"
|
||||
x1="163.58594"
|
||||
y1="176.38477"
|
||||
x2="267.45612"
|
||||
y2="176.4704"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="translate(-4.5684325,17.666728)" />
|
||||
<linearGradient
|
||||
inkscape:collect="always"
|
||||
xlink:href="#fond_vert"
|
||||
id="linearGradient1964"
|
||||
x1="114.961"
|
||||
y1="205.82333"
|
||||
x2="292.40918"
|
||||
y2="205.82333"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="translate(0.712326,1.22743)" />
|
||||
</defs>
|
||||
<sodipodi:namedview
|
||||
id="namedview4"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pagecheckerboard="0"
|
||||
showgrid="false"
|
||||
inkscape:zoom="5.656854"
|
||||
inkscape:cx="88.653517"
|
||||
inkscape:cy="47.376156"
|
||||
inkscape:window-width="1920"
|
||||
inkscape:window-height="1011"
|
||||
inkscape:window-x="0"
|
||||
inkscape:window-y="0"
|
||||
inkscape:window-maximized="1"
|
||||
inkscape:current-layer="g8" />
|
||||
<g
|
||||
inkscape:groupmode="layer"
|
||||
inkscape:label="Image"
|
||||
id="g8"
|
||||
transform="translate(-115.67333,-164.99629)">
|
||||
<path
|
||||
style="mix-blend-mode:normal;fill:url(#linearGradient1964);fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4.162;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 156.21634,241.25216 c -36.77875,-0.52415 -40.28886,-59.93704 -37.81186,-73.76847 4.31487,-6.88361 5.16377,67.54956 53.91071,53.40865 7.63767,-0.10896 7.46241,-0.48863 13.68295,0 0,0 6.02631,2.83696 11.70294,0 5.22924,0.25068 10.25553,-0.0838 14.96127,0 0,0 5.67039,3.50471 11.34285,0 5.0883,0.0159 9.51716,-0.0359 13.05654,0 8.45048,4.08054 11.69352,-0.0346 13.68994,0 26.68644,0.65642 13.91688,-3.86364 38.61636,18.90144 -21.12865,9.24298 -8.34416,6.82043 -38.1506,7.05356 -5.24229,-2.03839 -8.53586,-2.46696 -13.52289,0 -3.55366,-0.002 -7.27687,0.0168 -11.17766,0 -4.69904,-2.2063 -6.65631,-2.36355 -12.33414,0 -4.57699,-0.0288 -9.36866,-0.10654 -14.3819,0 -4.34019,-2.68118 -7.61214,-2.67501 -13.50967,0 -12.85877,0.19749 -16.15141,1.41622 -30.07484,-5.59518 z"
|
||||
id="path827-0-6-1-75"
|
||||
sodipodi:nodetypes="ccccccccccccccccc" />
|
||||
<path
|
||||
style="mix-blend-mode:normal;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:#91c644;stroke-width:4.162;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 156.21634,241.25216 c -36.77875,-0.52415 -40.28886,-59.93704 -37.81186,-73.76847 4.31487,-6.88361 5.16377,67.54956 53.91071,53.40865 7.63767,-0.10896 7.46241,-0.48863 13.68295,0 0,0 6.02631,2.83696 11.70294,0 5.22924,0.25068 10.25553,-0.0838 14.96127,0 0,0 5.67039,3.50471 11.34285,0 5.0883,0.0159 9.51716,-0.0359 13.05654,0 8.45048,4.08054 11.69352,-0.0346 13.68994,0 26.68644,0.65642 13.91688,-3.86364 38.61636,18.90144 -21.12865,9.24298 -8.34416,6.82043 -38.1506,7.05356 -5.24229,-2.03839 -8.53586,-2.46696 -13.52289,0 -3.55366,-0.002 -7.27687,0.0168 -11.17766,0 -4.69904,-2.2063 -6.65631,-2.36355 -12.33414,0 -4.57699,-0.0288 -9.36866,-0.10654 -14.3819,0 -4.34019,-2.68118 -7.61214,-2.67501 -13.50967,0 -12.85877,0.19749 -16.15141,1.41622 -30.07484,-5.59518 z"
|
||||
id="path827-0-6-1-3"
|
||||
sodipodi:nodetypes="ccccccccccccccccc" />
|
||||
<path
|
||||
style="fill:none;stroke:#91c644;stroke-width:4.162;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 235.82819,238.00607 7.42578,7.47041"
|
||||
id="path91935"
|
||||
sodipodi:nodetypes="cc" />
|
||||
<path
|
||||
style="fill:none;stroke:#91c644;stroke-width:4.162;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 263.62793,234.46973 9.35742,0.004 5.46192,-3.47167"
|
||||
id="path153373"
|
||||
sodipodi:nodetypes="ccc" />
|
||||
<path
|
||||
style="fill:none;stroke:#91c644;stroke-width:3.93761;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 172.07706,233.36811 -11.95437,0.28623 -3.98525,7.95874"
|
||||
id="path153586"
|
||||
sodipodi:nodetypes="ccc" />
|
||||
<path
|
||||
style="fill:none;stroke:#91c644;stroke-width:4.162;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 211.91015,231.56698 6.38309,-2.13379 0.199,-6.5135"
|
||||
id="path92149-7"
|
||||
sodipodi:nodetypes="ccc" />
|
||||
<g
|
||||
id="g2694"
|
||||
transform="translate(76.763398,0.17972214)">
|
||||
<path
|
||||
id="path2822"
|
||||
d="m 172.07706,238.93915 v -1.85702 l 9.28505,-3.71402 9.28506,3.71402 v 1.85702 l -9.28506,3.71401 z"
|
||||
fill="#a6e2ff"
|
||||
style="fill:#ace55a;fill-opacity:1;stroke-width:0.371401" />
|
||||
<path
|
||||
id="path2824"
|
||||
d="m 172.07706,237.08213 v -1.85702 l 9.28505,-3.71402 9.28506,3.71402 v 1.85702 l -9.28506,3.71401 z"
|
||||
fill="#74ca61"
|
||||
style="fill:#91c644;fill-opacity:1;stroke-width:0.371401" />
|
||||
<path
|
||||
id="path2833"
|
||||
d="m 172.07706,235.22511 v -1.857 l 9.28505,-3.71404 9.28506,3.71404 v 1.857 l -9.28506,3.71404 z"
|
||||
fill="#ffe96b"
|
||||
style="stroke-width:0.371401" />
|
||||
<path
|
||||
id="path3609"
|
||||
d="m 172.07706,233.36811 v -1.85702 l 9.28505,-3.71401 9.28506,3.71401 v 1.85702 l -9.28506,3.71402 z"
|
||||
fill="#f78047"
|
||||
style="fill:#546738;fill-opacity:1;stroke-width:0.371401" />
|
||||
<path
|
||||
id="path3687"
|
||||
d="m 172.07706,231.51109 v -1.85702 l 9.28505,-3.71401 9.28506,3.71401 v 1.85702 l -9.34486,3.71402 z"
|
||||
fill="#ee4043"
|
||||
style="fill:#91c644;fill-opacity:1;stroke-width:0.371401" />
|
||||
<path
|
||||
id="path2820"
|
||||
fill="#f8555a"
|
||||
d="m 172.07706,229.65407 9.28505,3.71404 9.28506,-3.71404 -9.28506,-3.71401 z"
|
||||
style="fill:#c1ec82;fill-opacity:1;stroke-width:0.371401" />
|
||||
<path
|
||||
id="path3739"
|
||||
d="m 178.01949,231.88249 6.31384,0.3714 c -1.33704,0 -2.59981,-1.1142 -2.59981,-1.857 -0.33426,0.3714 -2.48841,1.4856 -3.71403,1.4856 z"
|
||||
fill="#bf3336"
|
||||
style="fill:#608e1e;fill-opacity:1;stroke-width:0.371401" />
|
||||
<path
|
||||
id="path2835"
|
||||
d="m 172.07706,229.65407 v 9.28508 l 9.28505,3.71401 v -9.28505 z"
|
||||
fill-opacity="0.098039"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="stroke-width:0.371401" />
|
||||
</g>
|
||||
<g
|
||||
id="g2753"
|
||||
transform="matrix(0.04657204,0,0,0.04657204,195.73217,220.61663)">
|
||||
<path
|
||||
id="path585"
|
||||
style="fill-opacity:0"
|
||||
d="m 110.53373,192.39147 0.718,163.36 227.83,-0.95 -0.72,-163.36 -227.83,0.95 z" />
|
||||
<path
|
||||
id="path634"
|
||||
style="fill:#dbf7b3;fill-opacity:1;fill-rule:evenodd;stroke-width:13.442;stroke-linejoin:bevel"
|
||||
d="m 65.741729,146.00947 c 1.246,26.392 -2.011,107.15 -1.74,124.25 0.21,14.65 30.478,6.03 42.869001,6.27 1.689,-18 -0.454,-74.53 1.049,-90.36 31.084,5.04 208.15,1.72 233.82,0.48 0.34,22.68 1.83,75.28 0.12,89.99 17.12,-0.94 15.5,4.71 22.76,-2.61 0.62,-26.9 -0.47,-88.33 0.89,-129.06 -6.4,-11.469 -10.25,-16.655 -19.55,-21.743 -38.6,0.156 -232.57,-1.632 -259.820001,-0.999 -7.734,6.204 -12.918,12.305 -20.402,23.78 z" />
|
||||
<path
|
||||
id="path632"
|
||||
style="fill:#dbf7b3;fill-opacity:1;fill-rule:evenodd;stroke-width:13.442;stroke-linejoin:bevel"
|
||||
d="m 67.148729,395.59147 c 1.246,-26.39 -2.011,-107.15 -1.74,-124.25 0.21,-14.65 30.478,-6.03 42.869001,-6.27 1.689,18 3.766,73.12 5.27,88.96 24.056,3.39 201.12,-0.32 226.79,0.92 0.35,-22.68 1.83,-76.69 0.13,-91.39 17.11,0.93 25.35,2.32 26.98,4.02 0.62,26.89 -1.88,88.32 -0.52,129.05 -6.4,11.47 -10.26,16.66 -19.55,21.74 -38.6,-0.15 -232.57,1.64 -259.830001,1 -7.727,-6.2 -12.911,-12.3 -20.395,-23.78 z" />
|
||||
<path
|
||||
id="path578"
|
||||
style="fill:#ffffff;fill-rule:evenodd"
|
||||
d="m 82.179729,402.83147 4.295,-244 c 0,0.002 0,8.27 1.073,-2.066 1.074,-10.339 17.179001,-14.474 17.179001,-14.474 l 195.41,-10.339 c 0,0 -199.7,-2.068 -207.220001,0 -7.513,2.068 -16.102,7.237 -17.176,15.508 -1.074,8.271 0,247.1 0,247.1 l 6.442,8.27 z" />
|
||||
<path
|
||||
id="path579"
|
||||
style="fill:#68912d;fill-opacity:1;fill-rule:evenodd"
|
||||
d="m 355.48373,133.30747 -4.29,251.99 c 0,0 0,-8.27 -1.08,2.07 -1.07,10.34 -17.17,14.47 -17.17,14.47 l -195.41,10.34 c 0,0 199.7,2.07 207.22,0 7.51,-2.07 16.1,-7.24 17.17,-15.51 1.08,-8.27 -1.01,-244.1 0,-255.09 l -6.44,-8.274 z" />
|
||||
<path
|
||||
id="path586"
|
||||
style="fill:#bdfffd;fill-opacity:0.8316;fill-rule:evenodd"
|
||||
d="m 106.56273,187.85147 v 81.96 h 233.06 v -81.96 z" />
|
||||
<path
|
||||
id="path577"
|
||||
style="fill:none;stroke:#91c644;stroke-width:6.3395;stroke-opacity:1"
|
||||
d="m 107.66773,360.19147 h 236.25 l -2.1,-172.48" />
|
||||
<path
|
||||
id="path593"
|
||||
style="fill:#ffff80;fill-opacity:0.907909;fill-rule:evenodd;stroke:#e46900;stroke-width:6.25;stroke-linejoin:bevel;stroke-opacity:0.5561"
|
||||
d="m 281.61373,263.81147 c 4.07,0 5.09,-6 17.3,-7 12.21,-1 35.62,2 38.67,8 3.05,6 0,88.95 0,88.95 l -226.95,1 c 0,0 166.91,-26.99 159.78,-39.98 -7.12,-12.99 -31.55,-22.99 -28.49,-28.98 3.05,-6 29.51,-16.99 39.69,-21.99 z" />
|
||||
<path
|
||||
id="path581"
|
||||
style="fill:#649eff;fill-opacity:0.4286;fill-rule:evenodd;stroke:#0000d4;stroke-width:4.4808;stroke-linejoin:bevel;stroke-opacity:0.6837"
|
||||
d="m 110.96473,270.66147 c 2.879,-1.42 159.76,-1.42 159.76,-1.42 0,0 -50.2,12.14 -4.14,36.17 46.05,24.03 -155.62,48.64 -155.62,48.64 l 10e-4,-83.39 z" />
|
||||
<path
|
||||
id="path580"
|
||||
style="fill:none;stroke:#91c644;stroke-width:6.25;stroke-opacity:1"
|
||||
d="m 341.63373,189.71147 h -233.97 l 2.034,171.7" />
|
||||
<path
|
||||
id="path590"
|
||||
style="fill:#ffff80;fill-opacity:0.6582;fill-rule:evenodd;stroke:#ff0000;stroke-width:4.4808;stroke-opacity:0.6429"
|
||||
d="m 172.85373,219.77147 c 0,7.81 -6.77,14.14 -15.11,14.14 -8.35,0 -15.11,-6.33 -15.11,-14.14 0,-7.8 6.76,-14.13 15.11,-14.13 8.34,0 15.11,6.33 15.11,14.13 z" />
|
||||
<path
|
||||
id="path591"
|
||||
style="fill:#ecf480;fill-opacity:0.602;fill-rule:evenodd"
|
||||
d="m 136.87373,270.66147 c 5.76,0 18.71,7.06 14.39,8.48 -4.32,1.41 -20.149,5.65 -11.51,8.48 8.63,2.83 23.03,2.83 15.83,7.07 -7.2,4.24 -14.39,8.48 -10.08,9.89 4.32,1.41 12.96,9.89 20.15,5.65 7.2,-4.24 5.76,-9.89 0,-12.72 -5.75,-2.82 -18.71,-4.24 -11.51,-8.48 7.2,-4.24 25.91,0 24.47,-5.65 -1.44,-5.66 -10.08,-2.83 -17.27,-4.24 -7.2,-1.42 30.22,-5.66 21.59,-7.07 -8.64,-1.41 -43.18,0 -46.06,-1.41 z" />
|
||||
<path
|
||||
id="path576"
|
||||
style="fill:none;stroke:#91c644;stroke-width:20;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 69.148729,397.59147 c 1.246,-26.39 -1.196,-235.14 1.073,-252.27 5.276,-11.834 15.411,-16.487 21.709,-19.472 62.133001,0.116 222.420001,-1.202 260.660001,-1.202 5.39,4.136 11.73,8.732 18.25,15.508 0.62,26.896 -3.28,217.75 -1.92,258.48 -6.4,11.47 -10.26,16.66 -19.55,21.74 -38.6,-0.15 -232.57,1.64 -259.830001,1 -7.727,-6.2 -12.911,-12.3 -20.395,-23.78 z" />
|
||||
</g>
|
||||
<g
|
||||
id="g3666"
|
||||
transform="matrix(1.0647964,0,0,1.0647964,-49.256187,-137.85828)"
|
||||
style="stroke:none;stroke-width:1.00019121;stroke-miterlimit:4;stroke-dasharray:none">
|
||||
<g
|
||||
id="g2785"
|
||||
style="stroke:none;stroke-width:1.00019121;stroke-miterlimit:4;stroke-dasharray:none">
|
||||
<path
|
||||
id="path164"
|
||||
style="fill:url(#linearGradient886);fill-rule:evenodd;stroke:none;stroke-width:1.00019121;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
d="m 256.54492,347.35489 c 3.58382,-0.48749 10.18573,-6.16558 10.44867,-6.23306 0.3122,0.0163 3.5443,8.36879 4.84156,9.68932 -1.13515,0.69963 -7.53769,5.05331 -9.80024,5.89333 -3.04474,-3.13941 -5.89138,-9.11418 -5.48999,-9.34959 z" />
|
||||
<path
|
||||
id="path163"
|
||||
style="mix-blend-mode:normal;fill:url(#linearGradient2848);fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:1.00019121;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
d="m 262.15355,356.6847 c -0.12023,-1.63544 -0.22067,-6.50647 -1.24995,-8.38159 -0.008,-0.23889 3.70641,-2.64881 3.79367,-2.57784 0.11944,10e-4 0.35175,2.40177 0.23114,2.7512 0.12255,0.20904 4.47157,-1.89994 7.27009,-4.51385 0.42544,-0.10106 0.28078,6.43395 -0.25907,6.81518 -0.66511,0.36067 -8.89932,5.80684 -9.78588,5.9069 z" />
|
||||
</g>
|
||||
</g>
|
||||
<g
|
||||
id="g4848"
|
||||
transform="translate(-31.377865,-88.795766)">
|
||||
<g
|
||||
id="g4735"
|
||||
transform="matrix(0.7334806,0,0,0.7334806,25.750307,31.287723)">
|
||||
<rect
|
||||
id="rect2160"
|
||||
style="color:#000000;fill:url(#linearGradient2220);fill-opacity:1;stroke:#4c7115;stroke-width:0.153503;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
|
||||
rx="1.6666112"
|
||||
ry="1.6666112"
|
||||
height="17.36762"
|
||||
width="26.490295"
|
||||
y="387.60583"
|
||||
x="238.93828" />
|
||||
<path
|
||||
id="path3221"
|
||||
sodipodi:nodetypes="ccccccccc"
|
||||
style="color:#000000;fill:url(#linearGradient2222);fill-opacity:1;stroke:#4c7115;stroke-width:0.0921017;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
|
||||
d="m 240.60489,404.95215 c -0.92329,0 -1.66646,-0.74296 -1.66646,-1.66643 v -1.28267 l 12.25813,-7.49094 c 0.71685,-0.4381 1.87058,-0.4381 2.58744,0 l 11.64411,7.11578 v 1.65783 c 0,0.92347 -0.74295,1.66643 -1.66642,1.66643 h -23.15683 z" />
|
||||
<path
|
||||
id="rect3141"
|
||||
sodipodi:nodetypes="ccccccccc"
|
||||
style="color:#000000;fill:url(#linearGradient1766);fill-opacity:1;stroke:#4c7115;stroke-width:0.196201;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
|
||||
d="m 240.60489,387.60595 c -0.92329,0 -1.66646,0.74302 -1.66646,1.66649 v 1.28267 l 12.25813,7.49094 c 0.71685,0.4381 1.87058,0.4381 2.58744,0 l 11.64411,-7.11578 v -1.65783 c 0,-0.92347 -0.74295,-1.66649 -1.66642,-1.66649 h -23.15683 z" />
|
||||
</g>
|
||||
</g>
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:40px;line-height:1.25;font-family:'WenQuanYi Micro Hei';-inkscape-font-specification:'WenQuanYi Micro Hei';letter-spacing:-2.01px;word-spacing:0px;fill:url(#linearGradient117744);fill-opacity:1;stroke:none"
|
||||
x="156.98627"
|
||||
y="204.44211"
|
||||
id="text103160"><tspan
|
||||
sodipodi:role="line"
|
||||
id="tspan103158"
|
||||
x="156.98627"
|
||||
y="204.44211"
|
||||
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:'WenQuanYi Micro Hei';-inkscape-font-specification:'WenQuanYi Micro Hei Bold';fill:url(#linearGradient117744);fill-opacity:1">Silique</tspan></text>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 21 KiB |
|
@ -0,0 +1,40 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- GNUNUX: /usr/share/roundcubemail/skins/elastic/watermark.html -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title></title>
|
||||
<style type="text/css">
|
||||
html, body { height: 100%; overflow: hidden; }
|
||||
body {
|
||||
background: url(silique_cloud.svg) center no-repeat #fff;
|
||||
background-size: 30%;
|
||||
background-blend-mode: luminosity;
|
||||
}
|
||||
html:not(.dark-mode) body:before {
|
||||
content: "";
|
||||
position: absolute;
|
||||
top: 0;
|
||||
bottom: 0;
|
||||
left: 0;
|
||||
right: 0;
|
||||
background: rgba(255, 255, 255, .85);
|
||||
}
|
||||
html.dark-mode > body {
|
||||
background-color: #21292c;
|
||||
background-blend-mode: soft-light;
|
||||
}
|
||||
</style>
|
||||
<script>
|
||||
try {
|
||||
if (document.cookie.indexOf('colorMode=dark') > -1
|
||||
|| (document.cookie.indexOf('colorMode=light') === -1 && window.matchMedia('(prefers-color-scheme: dark)').matches)
|
||||
) {
|
||||
document.documentElement.className += ' dark-mode';
|
||||
}
|
||||
} catch (e) { }
|
||||
</script>
|
||||
</head>
|
||||
<body></body>
|
||||
</html>
|
||||
|
Loading…
Reference in a new issue