Ansible playbook for Pleroma.
This repository has been archived on 2023-05-06. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
Dan Anglin 20667709b2
ci: test environment docker image for CI pipelines
This commit includes a Dockerfile for building a test environment for
future CI pipelines. This commit also refactors the GitLab CI pipeline
files by splitting the jobs into different files:

- .gitlab-ci.yml: Global CI pipeline file.
- .gitlab/ci/test-env.gitlab-ci.yml: Jobs to test and publish the
docker image for the test environment.
- .gitlab/ci/playbook.gitlab-ci.yml: Jobs to test and publish the
docker image for the pleroma playbook
- .gitlab/ci/templates/docker.gitlab-ci.yml: Template jobs for
testing and publishing docker images.

Part of dananglin/pleroma-ansible-playbook#17
2020-07-10 07:22:39 +01:00
.gitlab ci: test environment docker image for CI pipelines 2020-07-10 07:22:39 +01:00
examples fix: update ansible role names 2020-03-21 17:22:59 +00:00
inventories final cleanup before production deployment 2019-11-02 19:34:30 +00:00
library fix: implement an upgrade procedure for Pleroma. 2020-03-06 12:04:48 +00:00
roles fix: update defaults 2020-05-09 17:50:51 +01:00
test/pleroma_test_env ci: test environment docker image for CI pipelines 2020-07-10 07:22:39 +01:00
.dockerignore feat: add Dockerfile to Dockerise the playbook 2020-04-22 19:21:59 +01:00
.gitignore ci: test environment docker image for CI pipelines 2020-07-10 07:22:39 +01:00
.gitlab-ci.yml ci: test environment docker image for CI pipelines 2020-07-10 07:22:39 +01:00
Dockerfile fix: upgrade ca-certificates 2020-07-08 03:01:20 +01:00
LICENSE chore: added MIT License. 2019-10-02 00:39:57 +00:00
Makefile ci: test environment docker image for CI pipelines 2020-07-10 07:22:39 +01:00
playbook.yml feat: add Dockerfile to Dockerise the playbook 2020-04-22 19:21:59 +01:00
README.md docs: update summary section 2020-05-09 16:35:37 +00:00

Ansible Playbook for Pleroma

Table of content

Summary

This project is a configurable playbook that can install, configure and customise Pleroma on an Alpine Linux host. The playbook is currently used to manage my personal instance at https://fedi.dananglin.me.uk. It currently only supports installing Pleroma on a single host but will support installing it across multipe hosts in the future.

This project was inspired by the official Pleroma OTP installation guide.

This project is developed over at https://gitlab.com/dananglin/pleroma-ansible-playbook. The master branch is mirrored over at https://github.com/dananglin/pleroma-ansible-playbook.

The project's icon (Books icon) was downloaded from Icons8.

Ansible roles

There are four roles used to install and configure your Pleroma instance:

  • init: merges the default configuration with your custom configuration.
  • pleroma-database: maintains the database layer by installing and configuring the PostgreSQL database server, creating the database user and creating and administrating the Pleroma database.
  • pleroma-main: maintains the main layer by handling the Pleroma installation, Pleroma upgrades and the configuration of the Pleroma frontend and backend.
  • pleroma-proxy: maintains the proxy layer by installing and configuring Nginx, creating the TLS certificates using Let's Encrypt, adding support for proving your Pleroma site with Keybase, etc.

Additional features

  • Let's Encrypt support: This playbook creates a TLS certificate using Let's Encrypt.
  • Keybase support: Pleroma does not support Keybase out of the box but you can still prove that your ownership of your Pleroma site.
  • Set default background: You can specify an image to use as the default background of your Pleroma site.
  • Upload custom themes: You can upload custom Pleroma themes in to your Pleroma instance.
  • Set default theme: You can specify the default Pleroma theme.

Requirements

For your controller host

  • The controller host should the following packages installed:
    • Ansible version 2.8+.
    • make
    • openssl

For your target Pleroma host

  • The target host should be running Alpine Linux version 3.10+.
  • A (sub)domain which resolves to the IP address of the target host.
  • A user with sudo privileges (optional, but preferable).
  • The following packages installed:
    • sudo
    • python (version 3.5 or higher)

Configuration

Here's an example configuration file that you can use as a starting point to configure your Pleroma instance. This typically goes in your host_vars directory but you can place it in your group_vars directory or even inside your playbook instead. The default configuration is located here which the init role will merge with your configuration. Any fields you configured will overwrite the default.

More documentation on the configuration will be available soon.

Secrets

Following secrets are not included in the default configuration and must be generated before running the playbook:

  • secretKeyBase: This is used to configure the secret_key_base in Pleroma. This is used to sign and verify cookies.
  • signingSalt: This is used to configure the signing_salt in Pleroma. This is used with the secret_key_base to generate a key for signing and verifying cookies.
  • vapid key pair for web push encryption: This is a private and public key pair so that Pleroma can used VAPID to identify itself to the web push service (for notifications in the browser).
  • database password: This is used to authenticate access to the Pleroma database.

Instructions on generating these can be found in the guide below. It is recommended to encrypt these secrets using Ansible Vault.

Guide to setting up and running the playbook

  • Copy the example inventory file to the root of this project.

    $ cp examples/inventory.yml ./
    
  • In the inventory file you've just copied change <ANSIBLE_HOSTS> to the IP address of the target host and change <ANSIBLE_USER> to the user on the target host with sudo privileges.

  • Copy the example playbook file to the root of the project.

    $ cp examples/site.yml ./
    
  • Copy the example host_vars directory to the root of this project. This directory contains the file used to configure your Pleroma instance. You should review and edit the configuration before running the playbook.

    $ cp -a examples/host_vars ./
    
  • Generate the secret key base and add this to the to the secretKeyBase field (don't forget to uncomment this).

    $ make secret_key_base
    
  • Generate the signing salt and add this to the signingSalt field.

    $ make signing_salt
    
  • Generate the key pair for web push encryption and add these to privateKey and publicKey fields.

    $ make vapid_key_pair
    
  • Create a password for your database and add this to the password field under db.

  • Optional (but recommended): Use Ansible Vault to encrypt the generated secret values above.

  • Run the playbook using one of the following commands:

    # If you're not using Ansible vault
    $ ansible-playbook -i inventory.yml site.yml
    
    # If you're using Ansible vault and want to be prompted for the password
    $ ansible-playbook -i inventory.yml site.yml --ask-vault-pass
    
    # If you're using Ansible vault and a password file
    $ ansible-playbook -i inventory.yml site.yml --vault-id /path/to/your/password-file