Add Pleroma
GOD THAT SUCKED FUCK GOD I HATE ELIXR
This commit is contained in:
parent
5b1104b897
commit
54a8e4aa2d
84
inventory/group_vars/cowfee.moe.yml
Normal file
84
inventory/group_vars/cowfee.moe.yml
Normal file
@ -0,0 +1,84 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
|
||||
## BACKEND
|
||||
# ACME
|
||||
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
#acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
|
||||
acme_version: 2
|
||||
acme_webroot: "/var/www/acme"
|
||||
# AWS Backups
|
||||
aws_backup_bucket: "9iron-backups-general"
|
||||
# AWS SES
|
||||
aws_ses_user: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
||||
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
||||
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
||||
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
||||
38316564326537303236333266303432326164393435663665363963326363306237
|
||||
aws_ses_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
||||
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
||||
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
||||
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
||||
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
||||
3565626161343562396663353538653136376138373334336435
|
||||
# Pleroma
|
||||
pleroma_instance_desc: owo
|
||||
pleroma_instance_email: rehashedsalt@cock.li
|
||||
pleroma_instance_name: Cowfee
|
||||
pleroma_instance_notify_email: noreply@cowfee.moe
|
||||
pleroma_openreg: true
|
||||
pleroma_db_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34343838386134656236313462653531663839363030333630383332386535356431326436633137
|
||||
3261323632653635383930333131333235373437653733300a363562666264616138623832666137
|
||||
61333039646332343838346633363035343434303036643465353062353062303961383138643564
|
||||
3338393765393733340a626436653666363236643938613466643530326665653764333933393437
|
||||
37613033653864643965323162373366306233626235663461326266376662663634353066386139
|
||||
37636162313364623933396232366239633338363539626637373163333130373665373038363566
|
||||
65646633636638653335356536323334646632366164633532636634376632356166306139393766
|
||||
38633934623639366263
|
||||
pleroma_secret_key_base: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36333934336635613533333137636532363937613764353933636566663031316262333837323064
|
||||
6534653062626461633462636335346132353564653038330a326330326235623530393337333063
|
||||
37666666386637633839633737376465366439356461653363396665636137353264363762346461
|
||||
3765616634653234630a623061393834373964653939626564363263383435666366356339663136
|
||||
64613330656434653538363734393831353133316666326338366335383064356165333537383837
|
||||
31633939353565303661626233623064653838636435376239376361663362636164653962383561
|
||||
33366335623038653232613731333730363836653532363834663663343963303763323534343038
|
||||
61666238346239636634
|
||||
pleroma_signing_salt: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31306137646362333433313630363538333234643339353530333038393061663132633161356231
|
||||
3662386234633933633762363334333031306564353132380a633339323364633137396636616363
|
||||
64393536353362386336323662316262333763326138616364333237353262323232636335353436
|
||||
3563396435643363620a646337346561393863366361643536356363626334343264343861663131
|
||||
3466
|
||||
# snmpd
|
||||
snmp_location: "us-east-2"
|
||||
snmp_contact: "Salt <rehashedsalt@cock.li>"
|
||||
snmp_auth_user_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36373662333533616331623933343364663532326261653636363732323138633836356633623934
|
||||
6561333833343432353561366438313165383163366131630a653163666463356462633966666330
|
||||
38323965303639356635613565633030373836643132336332373730303137376165616163646538
|
||||
3162616233366236350a626130643230323264343938373134653034636232303130623134393531
|
||||
61366330316330646137336161623166343835316432363433373333323232383166
|
||||
snmp_priv_user_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
61316538316630333662633665646364356138613730633334653761626636633836363335383965
|
||||
6332303265323236383130383366336662626331613866340a636139366135313134303538613833
|
||||
61383662306163663634333538343733663836633834373462616265366365626533366334383031
|
||||
6265643764656461320a313137326430386532653538346462323463386538303966303830343037
|
||||
63333632656534333334383666666138353435383938623934663766623735656533
|
||||
snmp_int_user_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31616561323762653439346630653231646137626638383930346437323139666163316131333534
|
||||
6463313537316230363735346236323033386562373032330a326261393039663539353738643465
|
||||
36666136663930663463373731663534316232643637623732346331383737643233626235613439
|
||||
3733366462613133620a386336303434303130313636356339633939623638366236346234376566
|
||||
65386530663137393830636134653632623366333837616364396161666464613166
|
@ -53,3 +53,7 @@
|
||||
33306532343963383331623663616161626533633261383238646164663362396261633736636362
|
||||
373764613833343634346333613639626535
|
||||
tags: [ discord, adam ]
|
||||
- role: pleroma
|
||||
vars:
|
||||
pleroma_url: cowfee.moe
|
||||
tags: [ web, pleroma ]
|
||||
|
6
roles/pleroma/defaults/main.yml
Normal file
6
roles/pleroma/defaults/main.yml
Normal file
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
pleroma_arch: amd64
|
||||
pleroma_char_limit: 65535
|
||||
pleroma_openreg: false
|
||||
pleroma_webroot: /var/www/pleroma
|
8
roles/pleroma/handlers/main.yml
Normal file
8
roles/pleroma/handlers/main.yml
Normal file
@ -0,0 +1,8 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- name: restart pleroma
|
||||
systemd:
|
||||
name: pleroma
|
||||
state: restarted
|
||||
become: yes
|
6
roles/pleroma/meta/main.yml
Normal file
6
roles/pleroma/meta/main.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
allow_duplicates: no
|
||||
dependencies:
|
||||
- role: apache-php
|
||||
- role: postgresql
|
||||
- role: redis
|
143
roles/pleroma/tasks/main.yml
Normal file
143
roles/pleroma/tasks/main.yml
Normal file
@ -0,0 +1,143 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
- name: Install Pleroma
|
||||
block:
|
||||
- name: Set up system
|
||||
block:
|
||||
- name: Install packages
|
||||
apt:
|
||||
name:
|
||||
- curl
|
||||
- unzip
|
||||
#- ncurses # Comes installed by default on buntu
|
||||
- name: Create pleroma user
|
||||
user:
|
||||
name: pleroma
|
||||
password: "!"
|
||||
home: /opt/pleroma
|
||||
shell: /usr/sbin/nologin
|
||||
- name: Set up PostgreSQL
|
||||
block:
|
||||
- name: Create DB user
|
||||
postgresql_user:
|
||||
name: pleroma
|
||||
password: "{{ pleroma_db_password }}"
|
||||
- name: Create DB
|
||||
postgresql_db:
|
||||
name: pleroma
|
||||
owner: pleroma
|
||||
- name: Create extensions
|
||||
postgresql_ext:
|
||||
db: pleroma
|
||||
name: "{{ item }}"
|
||||
loop:
|
||||
- citext
|
||||
- pg_trgm
|
||||
- uuid-ossp
|
||||
become: yes
|
||||
become_user: postgres
|
||||
- name: Set up Apache
|
||||
block:
|
||||
- name: Enable modules
|
||||
command:
|
||||
cmd: a2enmod "{{ item }}"
|
||||
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
|
||||
loop:
|
||||
- proxy
|
||||
- proxy_http
|
||||
notify: restart apache
|
||||
- name: Template out vhost
|
||||
template:
|
||||
src: "apache2-vhost-ssl.conf"
|
||||
dest: "/etc/apache2/sites-available/{{ pleroma_url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Create webroot
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ pleroma_webroot }}"
|
||||
- name: Enable site
|
||||
command:
|
||||
cmd: "a2ensite {{ pleroma_url }}.conf"
|
||||
creates: "/etc/apache2/sites-enabled/{{ pleroma_url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: https
|
||||
vars:
|
||||
website_url: "{{ pleroma_url }}"
|
||||
- name: Install Pleroma
|
||||
block:
|
||||
- name: Get latest release zip
|
||||
get_url:
|
||||
url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{ pleroma_arch }}"
|
||||
dest: "/opt/pleroma/release.zip"
|
||||
register: r
|
||||
- name: Install Pleroma
|
||||
block:
|
||||
- name: Unzip release
|
||||
unarchive:
|
||||
src: "/opt/pleroma/release.zip"
|
||||
remote_src: yes
|
||||
dest: "/opt/pleroma"
|
||||
- name: Remove old release
|
||||
file:
|
||||
path: "/opt/pleroma/{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- bin
|
||||
- lib
|
||||
- releases
|
||||
- installation
|
||||
- erts-10.3.5.2 # Don't give me shit for hardcoding this version string in
|
||||
- name: Move release out of folder
|
||||
shell: mv -f /opt/pleroma/release/* /opt/pleroma/
|
||||
- name: Clean up
|
||||
file:
|
||||
path: /opt/pleroma/release
|
||||
state: absent
|
||||
- name: Assign ownership
|
||||
file:
|
||||
path: /opt/pleroma
|
||||
owner: pleroma
|
||||
group: pleroma
|
||||
recurse: yes
|
||||
when: r is changed
|
||||
- name: Create directory structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: pleroma
|
||||
group: pleroma
|
||||
mode: "0750"
|
||||
loop:
|
||||
- /etc/pleroma
|
||||
- /opt/pleroma
|
||||
- /var/lib/pleroma
|
||||
- /var/lib/pleroma/uploads
|
||||
- /var/lib/pleroma/static
|
||||
- name: Template out configs
|
||||
template:
|
||||
src: config.exs
|
||||
dest: /etc/pleroma/config.exs
|
||||
owner: pleroma
|
||||
group: pleroma
|
||||
notify: restart pleroma
|
||||
- name: Migrate DB
|
||||
command: /opt/pleroma/bin/pleroma_ctl migrate
|
||||
args:
|
||||
chdir: /opt/pleroma
|
||||
changed_when: false
|
||||
- name: Template out service
|
||||
template:
|
||||
src: "pleroma.service"
|
||||
dest: "/etc/systemd/system/pleroma.service"
|
||||
notify: restart pleroma
|
||||
- name: Start and enable service
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
name: pleroma.service
|
||||
state: started
|
||||
enabled: yes
|
||||
# TODO: BACKUPS BACKUPS BACKUPS
|
||||
become: yes
|
35
roles/pleroma/templates/apache2-vhost-ssl.conf
Normal file
35
roles/pleroma/templates/apache2-vhost-ssl.conf
Normal file
@ -0,0 +1,35 @@
|
||||
# Configuration for {{ pleroma_url }}
|
||||
# vim:ft=apache:
|
||||
|
||||
# Accept connections from non-SNI clients
|
||||
SSLStrictSNIVHostCheck off
|
||||
# Need this for SSL proxying, apparently
|
||||
SSLProxyEngine on
|
||||
|
||||
# Website configuration
|
||||
<VirtualHost *:80>
|
||||
ServerName {{ pleroma_url }}
|
||||
Redirect permanent / https://{{ pleroma_url }}
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/cert/crt/{{ pleroma_url }}.crt
|
||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ pleroma_url }}.key
|
||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ pleroma_url }}-fullchain.crt
|
||||
SSLProtocol {{ ssl_protocol }}
|
||||
SSLCipherSuite {{ ssl_cipher_suite }}
|
||||
ServerName {{ pleroma_url }}
|
||||
DocumentRoot {{ pleroma_webroot }}
|
||||
<Directory "{{ pleroma_webroot }}">
|
||||
Require all granted
|
||||
AllowOverride All
|
||||
Options MultiViews FollowSymlinks
|
||||
</Directory>
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests Off
|
||||
ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
|
||||
ProxyPassReverse / https://127.0.0.1:4000/
|
||||
|
||||
RequestHeader set X_FORWARDED_PROTO 'https'
|
||||
RequestHeader set X-Forwarded-Ssl on
|
||||
</VirtualHost>
|
38
roles/pleroma/templates/config.exs
Normal file
38
roles/pleroma/templates/config.exs
Normal file
@ -0,0 +1,38 @@
|
||||
# WARNING: THIS FILE CONTAINS SENSITIVE INFORMATION
|
||||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [host: "{{ pleroma_url }}", scheme: "https", port: 443],
|
||||
http: [ip: {127, 0, 0, 1}, port: 4000],
|
||||
secret_key_base: "{{ pleroma_secret_key_base }}",
|
||||
signing_salt: "{{ pleroma_signing_salt }}"
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "{{ pleroma_instance_name }}",
|
||||
desc: "{{ pleroma_instance_desc }}",
|
||||
email: "{{ pleroma_instance_email }}",
|
||||
notify_email: "{{ pleroma_instance_notify_email }}",
|
||||
limit: "{{ pleroma_char_limit }}",
|
||||
registrations_open: "{{ pleroma_openreg }}",
|
||||
static_dir: "/var/lib/pleroma/static"
|
||||
|
||||
config :pleroma, Pleroma.Upload,
|
||||
uploader: Pleroma.Uploaders.Local,
|
||||
filters: [Pleroma.Upload.Filter.Dedupe]
|
||||
|
||||
config :pleroma, Pleroma.Uploaders.Local,
|
||||
uploads: "/var/lib/pleroma/uploads"
|
||||
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: false,
|
||||
redirect_on_failure: true
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: "pleroma",
|
||||
password: "{{ pleroma_db_password }}",
|
||||
database: "pleroma",
|
||||
hostname: "localhost",
|
||||
pool_size: 10
|
||||
|
||||
config :pleroma, :database, rum_enabled: false
|
26
roles/pleroma/templates/pleroma.service
Normal file
26
roles/pleroma/templates/pleroma.service
Normal file
@ -0,0 +1,26 @@
|
||||
# vim:ft=systemd
|
||||
[Unit]
|
||||
Description=Pleroma social network
|
||||
After=network.target postgresql.service
|
||||
|
||||
[Service]
|
||||
User=pleroma
|
||||
Environment="HOME=/opt/pleroma"
|
||||
WorkingDirectory=/opt/pleroma
|
||||
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
|
||||
ExecStart=/opt/pleroma/bin/pleroma start
|
||||
ExecStop=/opt/pleroma/bin/pleroma stop
|
||||
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
PrivateDevice=false
|
||||
NoNewPrivileges=true
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
Loading…
Reference in New Issue
Block a user