« home

Scripting for Politics

22 Jun 2019

As promised to the members of the Partito Pirata (the Italian Pirate Party) I wrote a little shell script that automatically installs a simple self-contained PeerTube instance on a clean-state Debian GNU/Linux.

Together with the Project Winston Smith that promised to provide hardware and bandwidth, this little work should help all the members of the Partito Pirata to avoid YouTube and to stop sending to Google’s servers the political interests of the people who visit their forum and website.

In an age where programmers have so much power to summon daemons that act on the physical world, I think we should always feel responsible for those who don’t have access to our knowledge.

My hope with the Partito Pirata is that they will accept the challenge to spread Hacker’s Curiosity through Informatics.

Informatics should not be a weapon to gain Power!
It should be a rock to build Democracy upon.

Enough words. Here is the code:


# Copyright (C) 2019 Giacomo Tesio <giacomo@tesio.it>
# This software is a hack and it is released accordingly under the
# Hacking License available at http://www.tesio.it/documents/HACK.txt


if [ "$PASSWORD" = "" ]; then

	echo usage: sudo ./peertube-install.sh domain email password twitter
	echo This script install PeerTube on a Debian GNU/Linux 9.9
	echo "  domain   is the domain name user will use to access your instance, thus"
	echo "           - A and AAAA records must be configured on your DNS"
	echo "           - it won't be easy to modify it after the installation"
	echo "  email    is the email address that will be used by Let's Encrypt"
	echo "  password is the peertube user's password on both the OS and the DB"	
	echo "           it is ALSO the instance's administrator's password"
	echo "  twitter  is a Twitter account name to be used WITH the initial @"
	echo At the end of the installation you should double-check:
	echo /var/www/peertube/config/production.yaml
	echo /etc/nginx/sites-available/peertube
	echo /etc/systemd/system/peertube.service
	echo /etc/letsencrypt/live/
	exit 1

echo PeerTube Installation

dnsError() {
	echo ERROR: cannot resolve $DOMAIN
	echo Please configure your A/AAAA record on the DNS
	exit 2

debinst() {
	for pkg in "$@"; do
		dpkg -l "$pkg"|grep ii > /dev/null || apt-get install -y "$pkg"

installCertbot() {
	if [ ! -f $BACKPORT_LIST ]; then
		echo -n Adding backports.list... 
		echo deb http://deb.debian.org/debian stretch-backports main > $BACKPORT_LIST
		echo done.

	apt-get update

	apt-get install -y -t stretch-backports certbot python-certbot-nginx

installNodeJS() {
	curl -sL https://deb.nodesource.com/setup_8.x | bash -
	debinst nodejs

	curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
	echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
	apt-get update && apt-get install yarn

initPeertubeDB() {
	sudo -u postgres psql -c "CREATE USER peertube WITH PASSWORD '$PASSWORD';"
	sudo -u postgres createdb -O peertube peertube_prod
	sudo -u postgres psql -c "CREATE EXTENSION pg_trgm;" peertube_prod
	sudo -u postgres psql -c "CREATE EXTENSION unaccent;" peertube_prod

createPeertubeUser() {
	if [ ! -d /var/www/peertube ]; then
		useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube
		echo "peertube:$PASSWORD"|chpasswd

installPeertube() {
	VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION"
	cd /var/www/peertube && sudo -u peertube mkdir config storage versions && cd versions
	sudo -u peertube wget -q "https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip"
	sudo -u peertube unzip peertube-${VERSION}.zip && sudo -u peertube rm peertube-${VERSION}.zip
	cd ../ && sudo -u peertube ln -s versions/peertube-${VERSION} ./peertube-latest
	cd ./peertube-latest && sudo -H -u peertube yarn install --production --pure-lockfile

configurePeertube() {
	cd /var/www/peertube && sudo -u peertube cp peertube-latest/config/production.yaml.example config/production.yaml
	sudo -u peertube sed -i -e "s/\@Chocobozzz/$TWITTER/" config/production.yaml
	sudo -u peertube sed -i -e "s/admin\@example.com/$EMAIL/" config/production.yaml
	sudo -u peertube sed -i -e "s/example.com/$DOMAIN/" config/production.yaml
	sudo -u peertube sed -i -e "s/password: 'peertube'/password: '$PASSWORD'/" config/production.yaml	
	cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube
	sed -i -e "s/peertube.example.com/$DOMAIN/" /etc/nginx/sites-available/peertube
	ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube
	# configure let's encrypt
	systemctl stop nginx
	sed -i -e "s/ssl_certificate/#ssl_certificate/" /etc/nginx/sites-available/peertube # Comment ssl_certificate and ssl_certificate_key lines
	certbot --authenticator standalone --installer nginx --post-hook "systemctl start nginx" -n --agree-tos -m "$EMAIL" --domains "$DOMAIN"
	sed -i -e "s/#ssl_certificate/ssl_certificate/" /etc/nginx/sites-available/peertube # Uncomment ssl_certificate and ssl_certificate_key lines
	systemctl reload nginx

tuneTCPIP() {
	cp /var/www/peertube/peertube-latest/support/sysctl.d/30-peertube-tcp.conf /etc/sysctl.d/
	sysctl -p /etc/sysctl.d/30-peertube-tcp.conf

	cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/
	systemctl daemon-reload
	systemctl enable peertube
	systemctl start peertube
	journalctl -feu peertube

# check domain resolution (or Let's Encrypt will complain)
getent hosts $DOMAIN  > /dev/null || dnsError

# Install dependencies
debinst unzip curl

dpkg -l certbot|grep ii > /dev/null || installCertbot
dpkg -l nodejs|grep ii > /dev/null || installNodeJS
dpkg -l yarn|grep ii > /dev/null || installYarn

debinst nginx ffmpeg postgresql postgresql-contrib openssl g++ make redis-server git python-dev

systemctl start redis postgresql

# Install Peertube
test -d /var/www/peertube/versions || installPeertube
test -f /etc/nginx/sites-available/peertube || configurePeertube

# TCP/IP tuning
test -f /etc/sysctl.d/30-peertube-tcp.conf || tuneTCPIP

# Systemd setup
test -f /etc/systemd/system/peertube.service || setupSystemd