1

.gitattributes

@@ -0,0 +1,2 @@
+*.sh    text eol=lf
+Vagrantfile text eol=lf

.gitignore

@@ -0,0 +1 @@
+.vagrant/

Vagrantfile

@@ -0,0 +1,75 @@
+
+$ENALBE_SYNC_FOLDER = false
+
+$ENALBE_SYNC_FOLDER = true if File.exist?("sync_shared")
+
+$HOST_NET =  File.readlines('net').first.chomp
+$VM_NAME = File.readlines('vmname').first.chomp
+$VM_MEM = File.readlines('vmmem').first.chomp.to_i
+$VM_VCPU = File.readlines('vmcpu').first.chomp.to_i
+
+$BOX = File.readlines('box').first.chomp
+
+$PROVIDER = File.readlines('provider').first.chomp
+
+$HOSTNAME = File.readlines('hostname').first.chomp
+
+if $PROVIDER =~ /hyperv|virtualbox/
+	ENV["VAGRANT_DEFAULT_PROVIDER"] = $PROVIDER
+end
+
+# Will not work on Hyper-V
+#$VM_DISK_SIZE = File.readlines('disksize').first.chomp
+
+
+$PROVISION_SSH_KEY_SCRIPT=<<EOF
+mkdir -p /root/.ssh
+chmod 0700 /root/.ssh
+cat /home/vagrant/.ssh/vagrant.pub >> /root/.ssh/authorized_keys
+chmod 0600 /root/.ssh/authorized_keys
+chown root:root -R /root/.ssh
+mkdir -p /home/vagrant/.ssh
+chmod 0700 /home/vagrant/.ssh
+echo /home/vagrant/.ssh/vagrant.pub >> /home/vagrant/.ssh/authorized_keys
+chmod 0600 /home/vagrant/.ssh/authorized_keys
+chown vagrant:vagrant -R /home/vagrant/.ssh
+EOF
+
+
+Vagrant.configure("2") do |config|
+  config.vm.box = $BOX
+
+## Remember to generate the vagrant private key.
+## ssh-keygen -f C:\Users\eliezer\.ssh\vagrant
+
+  config.ssh.insert_key = false
+  config.ssh.private_key_path = ['~/.ssh/vagrant', '~/.vagrant.d/insecure_private_key' ]
+
+  config.vm.provider "hyperv" do |hv, override|
+    hv.vmname = $VM_NAME
+    hv.maxmemory = $VM_MEM
+    hv.memory = $VM_MEM
+    hv.cpus = $VM_VCPU
+    override.vm.allowed_synced_folder_types = [:rsync]
+  end
+
+  config.vm.network "public_network", bridge: $HOST_NET
+
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+
+if $ENALBE_SYNC_FOLDER  == true
+  config.vm.synced_folder "shared/", "/vagrant", type: "rsync"
+end
+
+  config.vm.provision "file", source: "~/.ssh/vagrant.pub", destination: "/home/vagrant/.ssh/vagrant.pub"
+  config.vm.provision 'shell', inline: $PROVISION_SSH_KEY_SCRIPT
+
+if $ENALBE_SYNC_FOLDER  == true
+  config.vm.provision 'shell', inline: "stat /vagrant/init.sh && cd /vagrant && bash init.sh;true"
+end
+  
+if not $HOSTNAME.empty?
+	config.vm.provision 'shell', inline: "hostnamectl set-hostname #{$HOSTNAME}"
+end
+
+end

box

@@ -0,0 +1 @@
+generic/alma9

hostname

@@ -0,0 +1 @@
+051-NgTech-K-KidsTube-20231010

net

@@ -0,0 +1 @@
+VMs_OUT

provider

@@ -0,0 +1 @@
+hyperv

shared/init.sh

@@ -0,0 +1,234 @@
+#!/usr/bin/env bash
+
+mkdir -p /opt/src/
+
+# Adding local path to PATH
+cd ~/
+touch .bash_profile
+echo 'export PATH=$PATH:/usr/local/bin:/usr/local/sbin:' >> .bash_profile
+source  ~/.bash_profile
+
+# Disable SELINUX
+setenforce 0
+sed -i -e "s@SELINUX=.*@SELINUX=disabled@g" /etc/selinux/config
+
+# Adding sysctl configs
+cat > /etc/sysctl.d/10-avideo.conf <<EOF
+net.core.default_qdisc=fq
+net.ipv4.tcp_congestion_control=bbr
+EOF
+
+sysctl --system
+
+
+# Step 1: Update the System
+dnf update -y && dnf upgrade -y
+
+dnf install -y epel-release
+
+/usr/bin/crb enable
+ 
+dnf install -y wget tar gzip git bash-completion htop fish vim rsync ruby ruby-devel rubygem-mysql2 unzip tree tmux mlocate 
+dnf install -y python3.9-devel python3.9 python3.9-pip
+
+#update-alternatives --install /usr/bin/python python /usr/bin/python3.11 1
+#update-alternatives --install /usr/bin/python python /usr/bin/python3.9 2
+
+#update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1
+#update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 2
+
+#update-alternatives --set python3  /usr/bin/python3.9
+#update-alternatives --set python  /usr/bin/python3.9
+
+# Install python dependencies
+python -m pip install --upgrade pip
+python -m pip install mycli
+
+python -m pip install youtube-dl
+python -m pip install yt-dlp
+
+cat > /etc/cron.d/youtube-dl <<EOF
+# Run youtub-dl cron jobs
+SHELL=/bin/bash
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+MAILTO=root
+@daily python -m pip install --upgrade youtube-dl > /dev/null
+@daily python -m pip install --upgrade yt-dlp > /dev/null
+EOF
+
+# Step 2: Install LAMP stack
+dnf install -y httpd mod_ssl httpd-tools
+
+sed -i -e "s@AllowOverride\ None@AllowOverride All@g" /etc/httpd/conf/httpd.conf
+
+mv -v /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.disabled
+cp -v /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.original
+
+cat <<EOF > /etc/httpd/conf.d/ssl.conf
+Listen 443 https
+
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+EOF
+
+mkdir -pv /etc/httpd/sites-enabled
+mkdir -pv /etc/httpd/sites-avaliable
+
+egrep "^IncludeOptional\ sites\-enabled\/\*\.conf" /etc/httpd/conf/httpd.conf || \
+echo 'IncludeOptional sites-enabled/*.conf' >> /etc/httpd/conf/httpd.conf
+httpd -t
+httpd -S
+
+## Gen certs
+
+mkdir -p /etc/ssl/local
+
+openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
+  -keyout /etc/ssl/local/localhost.key \
+  -out /etc/ssl/local/localhost.crt \
+  -days 3560 \
+  -subj "/C=IL/ST=Shomron/L=Karney Shomron/O=NgTech LTD/OU=IT/CN=020-NgTech-K-AVideo-Encoder"  \
+  -addext "subjectAltName = DNS:localhost,DNS:020-NgTech-K-AVideo-Encoder.k.ngtech.co.il,DNS:*.k.ngtech.co.il,DNS:*.ngtech.co.il" 
+
+
+## Setup vhosts
+cat  <<EOF > /etc/httpd/sites-avaliable/avideo.conf
+<VirtualHost *:80>
+    ServerName kids-tube.k.ngtech.co.il
+	ServerAlias kids-tube.ngtech.co.il
+	
+    DocumentRoot /var/www/AVideo
+    
+    <Directory /var/www/AVideo>
+       DirectoryIndex index.php
+       Options +FollowSymLinks
+       AllowOverride All
+       Require all granted
+    </Directory>
+
+</VirtualHost>
+<VirtualHost *:443>
+    ServerName kids-tube.k.ngtech.co.il
+	ServerAlias kids-tube.ngtech.co.il
+    DocumentRoot /var/www/AVideo
+    
+	ErrorLog logs/ssl_error_log
+	TransferLog logs/ssl_access_log
+	LogLevel warn
+	
+	SSLEngine on	
+	
+	SSLHonorCipherOrder on
+	SSLCipherSuite PROFILE=SYSTEM
+	SSLProxyCipherSuite PROFILE=SYSTEM
+	SSLCertificateFile /etc/ssl/local/localhost.crt
+	SSLCertificateKeyFile /etc/ssl/local/localhost.key
+	#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+	#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+	<Directory "/var/www/cgi-bin">
+		SSLOptions +StdEnvVars
+	</Directory>	
+
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+	
+    <Directory /var/www/AVideo>
+       DirectoryIndex index.php
+       Options +FollowSymLinks
+       AllowOverride All
+       Require all granted
+    </Directory>
+
+</VirtualHost>
+EOF
+
+cd /etc/httpd/sites-enabled && ln -s ../sites-avaliable/avideo.conf && cd -
+
+httpd -t
+httpd -S
+
+systemctl enable httpd
+systemctl start httpd
+
+dnf install -y php php-cli php-fpm php-curl php-mysqlnd php-gd php-readline php-mbstring php-apcu php-xml php-dom php-opcache php-zip php-intl php-common php-bcmath php-json
+dnf install -y perl-Image-ExifTool
+
+sed -i -e "s@^post_max_size.*@post_max_size = 1024M@g" \
+    -e "s@^upload_max_filesize.*@upload_max_filesize = 1024M@g" \
+    -e "s@^memory_limit.*@memory_limit = 1024M@g" \
+    -e "s@^max_execution_time.*@max_execution_time = 7200@g" /etc/php.ini
+sed -i -e "s@^\;env\[PATH\]@env[PATH]@g" /etc/php-fpm.d/www.conf
+
+systemctl start php-fpm
+systemctl enable php-fpm
+
+dnf module reset -y mariadb
+dnf module enable -y mariadb:10.5
+
+dnf install -y mariadb-server
+
+systemctl start mariadb
+systemctl enable mariadb
+
+
+
+# Step 3: Create a database and user for avideo and avideoEncoder
+echo "CREATE DATABASE avideo CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root
+echo "CREATE USER 'avideo'@'localhost' IDENTIFIED BY 'avideo';" | mysql -u root
+echo "GRANT ALL PRIVILEGES ON avideo.* TO 'avideo'@'localhost';" | mysql -u root 
+echo "FLUSH PRIVILEGES;" | mysql -u root
+
+echo "CREATE DATABASE avideoEncoder CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root
+echo "CREATE USER 'avideoEncoder'@'localhost' IDENTIFIED BY 'avideoEncoder';" | mysql -u root
+echo "GRANT ALL PRIVILEGES ON avideoEncoder.* TO 'avideoEncoder'@'localhost';" | mysql -u root
+echo "FLUSH PRIVILEGES;" | mysql -u root
+
+echo "CREATE DATABASE AVideoResources CHARACTER SET utf8 COLLATE utf8_general_ci;" | mysql -u root
+echo "CREATE USER 'AVideoResources'@'localhost' IDENTIFIED BY 'AVideoResources';" | mysql -u root
+echo "GRANT ALL PRIVILEGES ON AVideoResources.* TO 'AVideoResources'@'localhost';" | mysql -u root
+echo "FLUSH PRIVILEGES;" | mysql -u root
+
+
+# Step 4: Install Avideo
+mkdir -p /var/www/src
+
+git clone --depth 1 https://github.com/WWBN/AVideo.git /var/www/AVideo
+
+git clone --depth 1 https://github.com/WWBN/AVideo-Encoder.git /var/www/AVideo-Encoder
+
+chown -R apache:apache /var/www/
+find /var/www/ -type d -exec chmod 775 {} \;
+find /var/www/ -type f -exec chmod 664 {} \;
+
+systemctl restart httpd
+
+firewall-cmd --add-service=http --permanent
+firewall-cmd --add-service=https --permanent
+firewall-cmd --add-service=mysql --permanent
+
+firewall-cmd --reload
+
+
+# Install  ffmpeg
+#https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
+
+
+stat /opt/src/ffmpeg-release-amd64-static.tar.xz || wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz -O /opt/src/ffmpeg-release-amd64-static.tar.xz
+tar xvf /opt/src/ffmpeg-release-amd64-static.tar.xz -C /opt/src/
+cp -v /opt/src/ffmpeg-*amd64-static/{ffmpeg,ffprobe,qt-faststart} /usr/local/bin/

sync_shared

@@ -0,0 +1 @@
+

vmcpu

@@ -0,0 +1 @@
+4

vmmem

@@ -0,0 +1 @@
+4096

vmname

@@ -0,0 +1 @@
+051-NgTech-K-KidsTube-20231010