Context: Would YOU donate your idle CPU cycles to TankieTube?
Linux Steps
*Feel free to ask me any questions by PM, email, or commenting here.*
1. Install dependencies
Debian
$ sudo apt update
$ sudo apt install nodejs npm ffmpeg
$ sudo npm install -g @peertube/peertube-runner
Arch Linux
$ sudo pacman -Syu nodejs npm ffmpeg
$ sudo npm install -g @peertube/peertube-runner
2. Create the dedicated system user
$ sudo useradd -m -d /srv/prunner -s /bin/bash -p <random_password> prunner
3. Create the systemd unit
$ sudo nano /etc/systemd/system/prunner.service
Paste and save this.
spoiler
[Unit]
After=network.target
Description=PeerTube runner daemon
[Service]
CapabilityBoundingSet=~CAP_SYS_ADMIN
Environment=NODE_ENV=production
ExecStart=peertube-runner server --enable-job vod-web-video-transcoding --enable-job vod-hls-transcoding --enable-job vod-audio-merge-transcoding
Group=prunner
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=false
PrivateMounts=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/srv/prunner
Restart=always
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=true
RestrictSUIDSGID=true
SyslogIdentifier=prunner
SystemCallArchitectures=native
Type=simple
User=prunner
WorkingDirectory=/srv/prunner
[Install]
WantedBy=multi-user.target
4. Enable & start the systemd unit
Starting the process for the first time will generate the config file.
$ sudo systemctl daemon-reload
$ sudo systemctl enable prunner.service
$ sudo systemctl restart prunner.service
5. Edit the config file
$ sudo nano /srv/prunner/.config/peertube-runner-nodejs/default/config.toml
a. Under [jobs]
, set concurrency
equal to the number of virtual cores your CPU has.
b. Under, [
, set ]threads = 1
.
c. Save and exit.
6. Restart to load the configuration changes
$ sudo systemctl restart prunner.service
7. Email TankieTanuki@tankie.tube
a. OpSec: Use an email detached from your legal identity. Attachment to your Hexbear/Lemmy username is optional.
b. Put "TinyTanks" in the subject line.
c. In the body, request a nickname for your runner.
d. I'll reply with the final command to enter, which includes your secret token!
Windows/MacOS/Docker
*Comrades are welcome to contribute steps for alternate installations. I'm only good with Linux.*
If you add the ReadWritePaths I told you to
i'm learning a lot today