Stashing my work

defaults/main.yml

@@ -0,0 +1,4 @@
+# vim:ft=ansible:
+pleroma_home: /opt/pleroma
+pleroma_enabled: yes
+pleroma_name: default

handlers/main.yml

@@ -0,0 +1,8 @@
+# vim:ft=ansible:
+---
+- name: "restart pleroma {{ pleroma_name }}"
+  systemd:
+    name: "pleroma@{{ pleroma_name }}"
+    state: restarted
+  become: yes
+  when: pleroma_enabled

tasks/main.yml

@@ -0,0 +1,14 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- name: set up system
+  block:
+    - name: install packages
+      apt: name=curl,python3-psycopg2,unzip,libmagic-dev,ncurses-bin
+    - name: assure pleroma uesr
+      user: name=pleroma system=yes home={{ pleroma_home }}
+    - name: assure operational directory
+      file: path={{ pleroma_home }} state=directory owner=pleroma group=pleroma mode="3775"
+    - name: assure systemd unit
+      template: src=pleroma.service dest=/etc/systemd/system/pleroma@.service
+      notify: "restart pleroma {{ pleroma_name }}"

templates/pleroma.service

@@ -0,0 +1,26 @@
+# vim:ft=systemd
+[Unit]
+Description=Pleroma social network %i
+After=network.target
+
+[Service]
+User=pleroma
+Environment="HOME={{ pleroma_home }}/%i}"
+WorkingDirectory={{ pleroma_home }}/%i
+
+KillMode=process
+Restart=on-failure
+
+ExecStart={{ pleroma_home }}/%i/bin/pleroma start
+ExecStop={{ pleroma_home }}/%i/bin/pleroma stop
+
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+PrivateDevice=false
+NoNewPrivileges=true
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+
+[Install]
+WantedBy=multi-user.target
+