Add Pleroma

GOD THAT SUCKED
FUCK
GOD I HATE ELIXR
This commit is contained in:
Salt 2020-07-28 10:41:07 -05:00
parent 5b1104b897
commit 54a8e4aa2d
9 changed files with 350 additions and 0 deletions

View File

@ -0,0 +1,84 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
## BACKEND
# ACME
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
#acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
acme_version: 2
acme_webroot: "/var/www/acme"
# AWS Backups
aws_backup_bucket: "9iron-backups-general"
# AWS SES
aws_ses_user: !vault |
$ANSIBLE_VAULT;1.1;AES256
33643766376336316266373239386466373639633765333332353031373132383061346564633036
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
38353531306238613735623433663138643231663139363735373537393337636362636534656166
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
38316564326537303236333266303432326164393435663665363963326363306237
aws_ses_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
39306665653635383832623438656364616633643032663365643033316236333939363732363034
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
31653763346663656165343632336366343562333836396232636431323635333965336137316237
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
65663937643165613337373837633737653765303764303536386530616363343361326536633935
3565626161343562396663353538653136376138373334336435
# Pleroma
pleroma_instance_desc: owo
pleroma_instance_email: rehashedsalt@cock.li
pleroma_instance_name: Cowfee
pleroma_instance_notify_email: noreply@cowfee.moe
pleroma_openreg: true
pleroma_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34343838386134656236313462653531663839363030333630383332386535356431326436633137
3261323632653635383930333131333235373437653733300a363562666264616138623832666137
61333039646332343838346633363035343434303036643465353062353062303961383138643564
3338393765393733340a626436653666363236643938613466643530326665653764333933393437
37613033653864643965323162373366306233626235663461326266376662663634353066386139
37636162313364623933396232366239633338363539626637373163333130373665373038363566
65646633636638653335356536323334646632366164633532636634376632356166306139393766
38633934623639366263
pleroma_secret_key_base: !vault |
$ANSIBLE_VAULT;1.1;AES256
36333934336635613533333137636532363937613764353933636566663031316262333837323064
6534653062626461633462636335346132353564653038330a326330326235623530393337333063
37666666386637633839633737376465366439356461653363396665636137353264363762346461
3765616634653234630a623061393834373964653939626564363263383435666366356339663136
64613330656434653538363734393831353133316666326338366335383064356165333537383837
31633939353565303661626233623064653838636435376239376361663362636164653962383561
33366335623038653232613731333730363836653532363834663663343963303763323534343038
61666238346239636634
pleroma_signing_salt: !vault |
$ANSIBLE_VAULT;1.1;AES256
31306137646362333433313630363538333234643339353530333038393061663132633161356231
3662386234633933633762363334333031306564353132380a633339323364633137396636616363
64393536353362386336323662316262333763326138616364333237353262323232636335353436
3563396435643363620a646337346561393863366361643536356363626334343264343861663131
3466
# snmpd
snmp_location: "us-east-2"
snmp_contact: "Salt <rehashedsalt@cock.li>"
snmp_auth_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
36373662333533616331623933343364663532326261653636363732323138633836356633623934
6561333833343432353561366438313165383163366131630a653163666463356462633966666330
38323965303639356635613565633030373836643132336332373730303137376165616163646538
3162616233366236350a626130643230323264343938373134653034636232303130623134393531
61366330316330646137336161623166343835316432363433373333323232383166
snmp_priv_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
61316538316630333662633665646364356138613730633334653761626636633836363335383965
6332303265323236383130383366336662626331613866340a636139366135313134303538613833
61383662306163663634333538343733663836633834373462616265366365626533366334383031
6265643764656461320a313137326430386532653538346462323463386538303966303830343037
63333632656534333334383666666138353435383938623934663766623735656533
snmp_int_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
31616561323762653439346630653231646137626638383930346437323139666163316131333534
6463313537316230363735346236323033386562373032330a326261393039663539353738643465
36666136663930663463373731663534316232643637623732346331383737643233626235613439
3733366462613133620a386336303434303130313636356339633939623638366236346234376566
65386530663137393830636134653632623366333837616364396161666464613166

View File

@ -53,3 +53,7 @@
33306532343963383331623663616161626533633261383238646164663362396261633736636362
373764613833343634346333613639626535
tags: [ discord, adam ]
- role: pleroma
vars:
pleroma_url: cowfee.moe
tags: [ web, pleroma ]

View File

@ -0,0 +1,6 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
pleroma_arch: amd64
pleroma_char_limit: 65535
pleroma_openreg: false
pleroma_webroot: /var/www/pleroma

View File

@ -0,0 +1,8 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: restart pleroma
systemd:
name: pleroma
state: restarted
become: yes

View File

@ -0,0 +1,6 @@
---
allow_duplicates: no
dependencies:
- role: apache-php
- role: postgresql
- role: redis

View File

@ -0,0 +1,143 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install Pleroma
block:
- name: Set up system
block:
- name: Install packages
apt:
name:
- curl
- unzip
#- ncurses # Comes installed by default on buntu
- name: Create pleroma user
user:
name: pleroma
password: "!"
home: /opt/pleroma
shell: /usr/sbin/nologin
- name: Set up PostgreSQL
block:
- name: Create DB user
postgresql_user:
name: pleroma
password: "{{ pleroma_db_password }}"
- name: Create DB
postgresql_db:
name: pleroma
owner: pleroma
- name: Create extensions
postgresql_ext:
db: pleroma
name: "{{ item }}"
loop:
- citext
- pg_trgm
- uuid-ossp
become: yes
become_user: postgres
- name: Set up Apache
block:
- name: Enable modules
command:
cmd: a2enmod "{{ item }}"
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
loop:
- proxy
- proxy_http
notify: restart apache
- name: Template out vhost
template:
src: "apache2-vhost-ssl.conf"
dest: "/etc/apache2/sites-available/{{ pleroma_url }}.conf"
notify: restart apache
- name: Create webroot
file:
state: directory
path: "{{ pleroma_webroot }}"
- name: Enable site
command:
cmd: "a2ensite {{ pleroma_url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ pleroma_url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ pleroma_url }}"
- name: Install Pleroma
block:
- name: Get latest release zip
get_url:
url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{ pleroma_arch }}"
dest: "/opt/pleroma/release.zip"
register: r
- name: Install Pleroma
block:
- name: Unzip release
unarchive:
src: "/opt/pleroma/release.zip"
remote_src: yes
dest: "/opt/pleroma"
- name: Remove old release
file:
path: "/opt/pleroma/{{ item }}"
state: absent
loop:
- bin
- lib
- releases
- installation
- erts-10.3.5.2 # Don't give me shit for hardcoding this version string in
- name: Move release out of folder
shell: mv -f /opt/pleroma/release/* /opt/pleroma/
- name: Clean up
file:
path: /opt/pleroma/release
state: absent
- name: Assign ownership
file:
path: /opt/pleroma
owner: pleroma
group: pleroma
recurse: yes
when: r is changed
- name: Create directory structure
file:
path: "{{ item }}"
state: directory
owner: pleroma
group: pleroma
mode: "0750"
loop:
- /etc/pleroma
- /opt/pleroma
- /var/lib/pleroma
- /var/lib/pleroma/uploads
- /var/lib/pleroma/static
- name: Template out configs
template:
src: config.exs
dest: /etc/pleroma/config.exs
owner: pleroma
group: pleroma
notify: restart pleroma
- name: Migrate DB
command: /opt/pleroma/bin/pleroma_ctl migrate
args:
chdir: /opt/pleroma
changed_when: false
- name: Template out service
template:
src: "pleroma.service"
dest: "/etc/systemd/system/pleroma.service"
notify: restart pleroma
- name: Start and enable service
systemd:
daemon_reload: yes
name: pleroma.service
state: started
enabled: yes
# TODO: BACKUPS BACKUPS BACKUPS
become: yes

View File

@ -0,0 +1,35 @@
# Configuration for {{ pleroma_url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Need this for SSL proxying, apparently
SSLProxyEngine on
# Website configuration
<VirtualHost *:80>
ServerName {{ pleroma_url }}
Redirect permanent / https://{{ pleroma_url }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ pleroma_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ pleroma_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ pleroma_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ pleroma_url }}
DocumentRoot {{ pleroma_webroot }}
<Directory "{{ pleroma_webroot }}">
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
</Directory>
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
ProxyPassReverse / https://127.0.0.1:4000/
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
</VirtualHost>

View File

@ -0,0 +1,38 @@
# WARNING: THIS FILE CONTAINS SENSITIVE INFORMATION
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "{{ pleroma_url }}", scheme: "https", port: 443],
http: [ip: {127, 0, 0, 1}, port: 4000],
secret_key_base: "{{ pleroma_secret_key_base }}",
signing_salt: "{{ pleroma_signing_salt }}"
config :pleroma, :instance,
name: "{{ pleroma_instance_name }}",
desc: "{{ pleroma_instance_desc }}",
email: "{{ pleroma_instance_email }}",
notify_email: "{{ pleroma_instance_notify_email }}",
limit: "{{ pleroma_char_limit }}",
registrations_open: "{{ pleroma_openreg }}",
static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Upload,
uploader: Pleroma.Uploaders.Local,
filters: [Pleroma.Upload.Filter.Dedupe]
config :pleroma, Pleroma.Uploaders.Local,
uploads: "/var/lib/pleroma/uploads"
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "{{ pleroma_db_password }}",
database: "pleroma",
hostname: "localhost",
pool_size: 10
config :pleroma, :database, rum_enabled: false

View File

@ -0,0 +1,26 @@
# vim:ft=systemd
[Unit]
Description=Pleroma social network
After=network.target postgresql.service
[Service]
User=pleroma
Environment="HOME=/opt/pleroma"
WorkingDirectory=/opt/pleroma
KillMode=process
Restart=on-failure
ExecStart=/opt/pleroma/bin/pleroma start
ExecStop=/opt/pleroma/bin/pleroma stop
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
PrivateDevice=false
NoNewPrivileges=true
CapabilityBoundingSet=~CAP_SYS_ADMIN
[Install]
WantedBy=multi-user.target