diff --git a/kubernetes/apps/fediverse/peertube/app/config/production.yml b/kubernetes/apps/fediverse/peertube/app/config/production.yml new file mode 100644 index 0000000..e2a9c42 --- /dev/null +++ b/kubernetes/apps/fediverse/peertube/app/config/production.yml @@ -0,0 +1,676 @@ +##### Mount this file at /app/config/production.yaml +--- +rates_limit: + api: + # 50 attempts in 10 seconds + window: 10 seconds + max: 50 + login: + # 15 attempts in 5 min + window: 5 minutes + max: 15 + signup: + # 2 attempts in 5 min (only succeeded attempts are taken into account) + window: 5 minutes + max: 2 + ask_send_email: + # 3 attempts in 5 min + window: 5 minutes + max: 3 + receive_client_log: + # 10 attempts in 10 min + window: 10 minutes + max: 10 + +oauth2: + token_lifetime: + access_token: '1 day' + refresh_token: '2 weeks' + +# Proxies to trust to get real client IP +# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' +# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) +trust_proxy: + - 'loopback' + +# Your database name will be database.name OR 'peertube'+database.suffix +database: + pool: + max: 5 + +# Redis server for short time storage +# You can also specify a 'socket' path to a unix socket but first need to +# set 'hostname' and 'port' to null +redis: + sentinel: + enabled: true + enable_tls: false + master_name: 'redis-master' + sentinels: + - hostname: 'redis-peertube.fediverse.svc.cluster.local' + port: 26379 + +email: + body: + signature: 'Khazadtube' + subject: + prefix: '[PeerTube]' + +# Update default PeerTube values +# Set by API when the field is not provided and put as default value in client +defaults: + # Change default values when publishing a video (upload/import/go Live) + publish: + download_enabled: true + + comments_enabled: true + + # public = 1, unlisted = 2, private = 3, internal = 4 + privacy: 1 + + # CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7 + # You can also choose a custom licence value added by a plugin + # No licence by default + licence: null + + p2p: + # Enable P2P by default in PeerTube client + # Can be enabled/disabled by anonymous users and logged in users + webapp: + enabled: true + + # Enable P2P by default in PeerTube embed + # Can be enabled/disabled by URL option + embed: + enabled: true + +# From the project root directory +storage: + tmp: '/storage/tmp/' # Use to download data (imports etc), store uploaded files before and during processing... + tmp_persistent: '/storage/tmp-persistent/' # As tmp but the directory is not cleaned up between PeerTube restarts + bin: '/storage/bin/' + avatars: '/storage/avatars/' + videos: '/storage/videos/' + streaming_playlists: '/storage/streaming-playlists/' + redundancy: '/storage/redundancy/' + logs: '/storage/logs/' + previews: '/storage/previews/' + thumbnails: '/storage/thumbnails/' + torrents: '/storage/torrents/' + captions: '/storage/captions/' + cache: '/storage/cache/' + plugins: '/storage/plugins/' + well_known: '/storage/well-known/' + # Overridable client files in client/dist/assets/images: + # - logo.svg + # - favicon.png + # - default-playlist.jpg + # - default-avatar-account.png + # - default-avatar-video-channel.png + # - and icons/*.png (PWA) + # Could contain for example assets/images/favicon.png + # If the file exists, peertube will serve it + # If not, peertube will fallback to the default file + client_overrides: '/storage/client-overrides/' + +static_files: + # Require and check user authentication when accessing private files (internal/private video files) + private_files_require_auth: true + +log: + level: 'info' # 'debug' | 'info' | 'warn' | 'error' + + rotation: + enabled: true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate + max_file_size: 12MB + max_files: 20 + + anonymize_ip: false + + log_ping_requests: true + log_tracker_unknown_infohash: true + + prettify_sql: false + + # Accept warn/error logs coming from the client + accept_client_log: true + +trending: + videos: + interval_days: 7 # Compute trending videos for the last x days for 'most-viewed' algorithm + + algorithms: + enabled: + - 'hot' # Adaptation of Reddit's 'Hot' algorithm + - 'most-viewed' # Number of views in the last x days + - 'most-liked' # Global views since the upload of the video + + default: 'most-viewed' + +# Cache remote videos on your server, to help other instances to broadcast the video +# You can define multiple caches using different sizes/strategies +# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following +redundancy: + videos: + check_interval: '1 hour' # How often you want to check new videos to cache + strategies: # Just uncomment strategies you want +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'most-views' # Cache videos that have the most views +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'trending' # Cache trending videos +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'recently-added' # Cache recently added videos +# min_views: 10 # Having at least x views + +# Other instances that duplicate your content +remote_redundancy: + videos: + # 'nobody': Do not accept remote redundancies + # 'anybody': Accept remote redundancies from anybody + # 'followings': Accept redundancies from instance followings + accept_from: 'anybody' + +csp: + enabled: false + report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! + report_uri: + +security: + # Set the X-Frame-Options header to help to mitigate clickjacking attacks + frameguard: + enabled: true + + # Set x-powered-by HTTP header to "PeerTube" + # Can help remote software to know this is a PeerTube instance + powered_by_header: + enabled: true + +tracker: + # If you disable the tracker, you disable the P2P on your PeerTube instance + enabled: true + # Only handle requests on your videos + # If you set this to false it means you have a public tracker + # Then, it is possible that clients overload your instance with external torrents + private: true + # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers) + reject_too_many_announces: false + +history: + videos: + # If you want to limit users videos history + # -1 means there is no limitations + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + max_age: -1 + +views: + videos: + # PeerTube creates a database entry every hour for each video to track views over a period of time + # This is used in particular by the Trending page + # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered) + # -1 means no cleanup + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + remote: + max_age: '30 days' + + # PeerTube buffers local video views before updating and federating the video + local_buffer_update_interval: '30 minutes' + + ip_view_expiration: '1 hour' + +# Used to get country location of views of local videos +geo_ip: + enabled: true + + country: + database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb' + +plugins: + # The website PeerTube will ask for available PeerTube plugins and themes + # This is an unmoderated plugin index, so only install plugins/themes you trust + index: + enabled: true + check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions + url: 'https://packages.joinpeertube.org' + +federation: + videos: + federate_unlisted: false + + # Add a weekly job that cleans up remote AP interactions on local videos (shares, rates and comments) + # It removes objects that do not exist anymore, and potentially fix their URLs + cleanup_remote_interactions: true + +peertube: + check_latest_version: + # Check and notify admins of new PeerTube versions + enabled: true + # You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json + url: 'https://joinpeertube.org/api/v1/versions.json' + +webadmin: + configuration: + edition: + # Set this to false if you don't want to allow config edition in the web interface by instance admins + allowed: true + +# XML, Atom or JSON feeds +feeds: + videos: + # Default number of videos displayed in feeds + count: 20 + + comments: + # Default number of comments displayed in feeds + count: 20 + +remote_runners: + # Consider jobs that are processed by a remote runner as stalled after this period of time without any update + stalled_jobs: + live: '30 seconds' + vod: '2 minutes' + +############################################################################### +# +# From this point, almost all following keys can be overridden by the web interface +# (local-production.json file). If you need to change some values, prefer to +# use the web interface because the configuration will be automatically +# reloaded without any need to restart PeerTube +# +# /!\ If you already have a local-production.json file, modification of some of +# the following keys will have no effect /!\ +# +############################################################################### + +cache: + previews: + size: 500 # Max number of previews you want to cache + captions: + size: 500 # Max number of video captions/subtitles you want to cache + torrents: + size: 500 # Max number of video torrents you want to cache + +admin: + # Used to generate the root user at first startup + # And to receive emails from the contact form + email: 'joe@veri.dev' + +contact_form: + enabled: true + +signup: + enabled: false + + limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited + + minimum_age: 16 # Used to configure the signup form + + # Users fill a form to register so moderators can accept/reject the registration + requires_approval: true + requires_email_verification: false + + filters: + cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist + whitelist: [] + blacklist: [] + +user: + history: + videos: + # Enable or disable video history by default for new users. + enabled: true + # Default value of maximum video bytes the user can upload (does not take into account transcoded files) + # Byte format is supported ("1GB" etc) + # -1 == unlimited + video_quota: -1 + video_quota_daily: -1 + +video_channels: + max_per_user: 20 # Allows each user to create up to 20 video channels. + +# If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag +# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions +# Please, do not disable transcoding since many uploaded videos will not work +transcoding: + enabled: true + + # Allow your users to upload .mkv, .mov, .avi, .wmv, .flv, .f4v, .3g2, .3gp, .mts, m2ts, .mxf, .nut videos + allow_additional_extensions: true + + # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file + allow_audio_files: true + + # Enable remote runners to transcode your videos + # If enabled, your instance won't transcode the videos itself + # At least 1 remote runner must be configured to transcode your videos + remote_runners: + enabled: false + + # Amount of threads used by ffmpeg for 1 local transcoding job + threads: 1 + # Amount of local transcoding jobs to execute in parallel + concurrency: 1 + + # Choose the local transcoding profile + # New profiles can be added by plugins + # Available in core PeerTube: 'default' + profile: 'default' + + resolutions: # Only created if the original video has a higher resolution, uses more storage! + 0p: false # audio-only (creates mp4 without video stream, always created when enabled) + 144p: false + 240p: false + 360p: false + 480p: false + 720p: false + 1080p: false + 1440p: false + 2160p: false + + # Transcode and keep original resolution, even if it's above your maximum enabled resolution + always_transcode_original_resolution: true + + # Generate videos in a WebTorrent format (what we do since the first PeerTube release) + # If you also enabled the hls format, it will multiply videos storage by 2 + # If disabled, breaks federation with PeerTube instances < 2.1 + webtorrent: + enabled: false + + # /!\ Requires ffmpeg >= 4.1 + # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent: + # * Resolution change is smoother + # * Faster playback in particular with long videos + # * More stable playback (less bugs/infinite loading) + # If you also enabled the webtorrent format, it will multiply videos storage by 2 + hls: + enabled: true + +live: + enabled: false + + # Limit lives duration + # -1 == unlimited + max_duration: -1 # For example: '5 hours' + + # Limit max number of live videos created on your instance + # -1 == unlimited + max_instance_lives: 20 + + # Limit max number of live videos created by a user on your instance + # -1 == unlimited + max_user_lives: 3 + + # Allow your users to save a replay of their live + # PeerTube will transcode segments in a video file + # If the user daily/total quota is reached, PeerTube will stop the live + # /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay + allow_replay: true + + # Allow your users to change latency settings (small latency/default/high latency) + # Small latency live streams cannot use P2P + # High latency live streams can increase P2P ratio + latency_setting: + enabled: true + + # Your firewall should accept traffic from this port in TCP if you enable live + rtmp: + enabled: true + + # Listening hostname/port for RTMP server + # '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4 + # Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise + hostname: null + port: 1935 + + # Public hostname of your RTMP server + # Use null to use the same value than `webserver.hostname` + public_hostname: null + + rtmps: + enabled: false + + # Listening hostname/port for RTMPS server + # '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4 + # Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise + hostname: null + port: 1936 + + # Absolute paths + key_file: '' + cert_file: '' + + # Public hostname of your RTMPS server + # Use null to use the same value than `webserver.hostname` + public_hostname: null + + # Allow to transcode the live streaming in multiple live resolutions + transcoding: + enabled: true + + # Enable remote runners to transcode your videos + # If enabled, your instance won't transcode the videos itself + # At least 1 remote runner must be configured to transcode your videos + remote_runners: + enabled: false + + # Amount of threads used by ffmpeg per live when using local transcoding + threads: 2 + + # Choose the local transcoding profile + # New profiles can be added by plugins + # Available in core PeerTube: 'default' + profile: 'default' + + resolutions: + 144p: false + 240p: false + 360p: false + 480p: false + 720p: false + 1080p: false + 1440p: false + 2160p: false + + # Also transcode original resolution, even if it's above your maximum enabled resolution + always_transcode_original_resolution: true + +video_studio: + # Enable video edition by users (cut, add intro/outro, add watermark etc) + # If enabled, users can create transcoding tasks as they wish + enabled: false + + + # Enable remote runners to transcode studio tasks + # If enabled, your instance won't transcode the videos itself + # At least 1 remote runner must be configured to transcode your videos + remote_runners: + enabled: false + +import: + # Add ability for your users to import remote videos (from YouTube, torrent...) + videos: + # Amount of import jobs to execute in parallel + concurrency: 1 + + # Set a custom video import timeout to not block import queue + timeout: '2 hours' + + # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + http: + # We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server + # See https://docs.joinpeertube.org/maintain/configuration#security for more information + enabled: false + + youtube_dl_release: + # Direct download URL to youtube-dl binary + # Github releases API is also supported + # Examples: + # * https://api.github.com/repos/ytdl-org/youtube-dl/releases + # * https://api.github.com/repos/yt-dlp/yt-dlp/releases + # * https://yt-dl.org/downloads/latest/youtube-dl + url: 'https://api.github.com/repos/yt-dlp/yt-dlp/releases' + + # Release binary name: 'yt-dlp' or 'youtube-dl' + name: 'yt-dlp' + + # Path to the python binary to execute for youtube-dl or yt-dlp + python_path: '/usr/bin/python3' + + # IPv6 is very strongly rate-limited on most sites supported by youtube-dl + force_ipv4: false + + # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + torrent: + # We recommend to only enable magnet URI/torrent import if you trust your users + # See https://docs.joinpeertube.org/maintain/configuration#security for more information + enabled: false + + # Add ability for your users to synchronize their channels with external channels, playlists, etc + video_channel_synchronization: + enabled: false + + max_per_user: 10 + + check_interval: 1 hour + + # Number of latest published videos to check and to potentially import when syncing a channel + videos_limit_per_synchronization: 10 + + # Max number of videos to import when the user asks for full sync + full_sync_videos_limit: 1000 + +auto_blacklist: + # New videos automatically blacklisted so moderators can review before publishing + videos: + of_users: + enabled: false + +# Instance settings +instance: + name: 'PeerTube' + short_description: 'PeerTube, an ActivityPub-federated video streaming platform using P2P directly in your web browser.' + description: 'Welcome to this PeerTube instance!' # Support markdown + terms: 'No terms for now.' # Support markdown + code_of_conduct: '' # Supports markdown + + # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc + moderation_information: '' # Supports markdown + + # Why did you create this instance? + creation_reason: '' # Supports Markdown + + # Who is behind the instance? A single person? A non profit? + administrator: '' # Supports Markdown + + # How long do you plan to maintain this instance? + maintenance_lifetime: '' # Supports Markdown + + # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising? + business_model: '' # Supports Markdown + + # If you want to explain on what type of hardware your PeerTube instance runs + # Example: '2 vCore, 2GB RAM...' + hardware_information: '' # Supports Markdown + + # What are the main languages of your instance? To interact with your users for example + # Uncomment or add the languages you want + # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages + languages: + - en + + # You can specify the main categories of your instance (dedicated to music, gaming or politics etc) + # Uncomment or add the category ids you want + # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories + categories: +# - 1 # Music +# - 2 # Films +# - 3 # Vehicles +# - 4 # Art +# - 5 # Sports +# - 6 # Travels +# - 7 # Gaming +# - 8 # People +# - 9 # Comedy +# - 10 # Entertainment +# - 11 # News & Politics +# - 12 # How To +# - 13 # Education +# - 14 # Activism +# - 15 # Science & Technology +# - 16 # Animals +# - 17 # Kids +# - 18 # Food + + default_client_route: '/videos/trending' + + # Whether or not the instance is dedicated to NSFW content + # Enabling it will allow other administrators to know that you are mainly federating sensitive content + # Moreover, the NSFW checkbox on video upload will be automatically checked by default + is_nsfw: false + # By default, `do_not_list` or `blur` or `display` NSFW videos + # Could be overridden per user with a setting + default_nsfw_policy: 'do_not_list' + + customizations: + javascript: '' # Directly your JavaScript code (without