Context: Would YOU donate your idle CPU cycles to TankieTube?


Linux Steps

*Feel free to ask me any questions by PM, email, or commenting here.*

1. Install dependencies

Debian

$ sudo apt update
$ sudo apt install nodejs npm ffmpeg
$ sudo npm install -g @peertube/peertube-runner 

Arch Linux

$ sudo pacman -Syu nodejs npm ffmpeg
$ sudo npm install -g @peertube/peertube-runner 

2. Create the dedicated system user

$ sudo useradd -m -d /srv/prunner -s /bin/bash -p <random_password> prunner

3. Create the systemd unit

$ sudo nano /etc/systemd/system/prunner.service

Paste and save this.

spoiler
[Unit]
After=network.target
Description=PeerTube runner daemon

[Service]
CapabilityBoundingSet=~CAP_SYS_ADMIN
Environment=NODE_ENV=production
ExecStart=peertube-runner server --enable-job vod-web-video-transcoding --enable-job vod-hls-transcoding --enable-job vod-audio-merge-transcoding
Group=prunner
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=false
PrivateMounts=true 
PrivateTmp=true
ProtectClock=true 
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/srv/prunner
Restart=always
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 
RestrictNamespaces=true
RestrictSUIDSGID=true
SyslogIdentifier=prunner
SystemCallArchitectures=native
Type=simple
User=prunner
WorkingDirectory=/srv/prunner

[Install]
WantedBy=multi-user.target

4. Enable & start the systemd unit

Starting the process for the first time will generate the config file.

$ sudo systemctl daemon-reload
$ sudo systemctl enable prunner.service
$ sudo systemctl restart prunner.service

5. Edit the config file

$ sudo nano /srv/prunner/.config/peertube-runner-nodejs/default/config.toml

a. Under [jobs], set concurrency equal to the number of virtual cores your CPU has.

b. Under, [ffmpeg], set threads = 1.

c. Save and exit.

6. Restart to load the configuration changes

$ sudo systemctl restart prunner.service

7. Email TankieTanuki@tankie.tube

a. OpSec: Use an email detached from your legal identity. Attachment to your Hexbear/Lemmy username is optional.

b. Put "TinyTanks" in the subject line.

c. In the body, request a nickname for your runner.

d. I'll reply with the final command to enter, which includes your secret token!



Windows/MacOS/Docker

*Comrades are welcome to contribute steps for alternate installations. I'm only good with Linux.*


Source

  • Grebgreb [he/him]
    ·
    24 days ago

    I have an old computer I may be able to setup for this, however it's an old prebuilt desktop for web browsing. If it's too weak would it be a waste of time to try this?

    This seems more like the sort of thing to run on something you can periodically nuke, and maybe put behind an external firewall that only allows communication with the tankietube servers. Maybe some comrades have spare credit on a cloud provider that would be suited for this.

    Also do you know how valid the security concerns are? I did not know ffmpeg had vulnerabilities. Additionally would using the linux equivalent of hosts file + windows firewall be adequate enough or would something more advanced be minimum?

    This is assuming the computer still works and I can get linux running. Also tinytanks is a really cute name

    • TankieTanuki [he/him]
      hexagon
      ·
      edit-2
      24 days ago

      The TinyTanks program is horizontal scaling, which means that every TinyTank, no matter how smol, is CREDIT TO TEAM! stalin-approval

      I don't think it's anything to be concerned about TBH.