From b03c997960dfcd69a9393e52b6df1f3784b0a831 Mon Sep 17 00:00:00 2001 From: Dan Anglin Date: Thu, 24 Oct 2019 22:51:53 +0100 Subject: [PATCH] change: add a site playbook to the project. This merge request changes the project from a single role project to a single playbook project with multiple plays and roles. The single playbook has multiple plays with each having its own role to install and configure the different components to run Pleroma. (postgres database, pleroma backend and nginx). Certain playbooks can be executed by specifying the relevant tags. This change is the first of many changes to start supporting installations on both single and multiple hosts. This change includes also includes: - inventory file. - host_vars directory for users to add their variables. - an init playbook to merge the default and the user defined config for Pleroma. - users can now specify whether to validate certs when performing acme challenges (default: true). - more task templating. --- .gitignore | 2 ++ README.md | 4 +-- host_vars/.gitkeep | 0 hosts.yml | 12 +++++++ {defaults => roles/init/defaults}/main.yml | 1 + roles/init/tasks/main.yml | 3 ++ .../pleroma-backend/tasks/main.yml | 8 ++--- .../templates}/etc_pleroma_config.exs.j2 | 0 roles/pleroma-backend/vars/main.yml | 16 +++++++++ .../pleroma-nginx/tasks/main.yml | 3 ++ .../etc_ngnix_confd_pleroma.conf.j2 | 0 {vars => roles/pleroma-nginx/vars}/main.yml | 18 ---------- .../pleroma-postgres/handlers}/main.yml | 0 .../pleroma-postgres/tasks/main.yml | 2 +- ..._postgresql_confd_postgresql_override.conf | 0 .../templates}/etc_postgresql_pg_hba.conf.j2 | 0 roles/pleroma-postgres/vars/main.yml | 7 ++++ site.yml | 34 +++++++++++++++++++ tasks/main.yml | 32 ----------------- 19 files changed, 85 insertions(+), 57 deletions(-) create mode 100644 .gitignore create mode 100644 host_vars/.gitkeep create mode 100644 hosts.yml rename {defaults => roles/init/defaults}/main.yml (98%) create mode 100644 roles/init/tasks/main.yml rename tasks/pleroma.yml => roles/pleroma-backend/tasks/main.yml (93%) rename {templates => roles/pleroma-backend/templates}/etc_pleroma_config.exs.j2 (100%) create mode 100644 roles/pleroma-backend/vars/main.yml rename tasks/nginx.yml => roles/pleroma-nginx/tasks/main.yml (97%) rename {templates => roles/pleroma-nginx/templates}/etc_ngnix_confd_pleroma.conf.j2 (100%) rename {vars => roles/pleroma-nginx/vars}/main.yml (52%) rename {handlers => roles/pleroma-postgres/handlers}/main.yml (100%) rename tasks/postgres.yml => roles/pleroma-postgres/tasks/main.yml (98%) rename {templates => roles/pleroma-postgres/templates}/etc_postgresql_confd_postgresql_override.conf (100%) rename {templates => roles/pleroma-postgres/templates}/etc_postgresql_pg_hba.conf.j2 (100%) create mode 100644 roles/pleroma-postgres/vars/main.yml create mode 100644 site.yml delete mode 100644 tasks/main.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5a83f4c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +host_vars/* +!host_vars/.gitkeep diff --git a/README.md b/README.md index 36dcc7b..5ecf80b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# plemora-ansible-role +# plemora-ansible-playbook -This role installs and configures Pleroma, PostgreSQL and Nginx on a single instance with Alpine Linux. +**Description:** This playbook installs and configures Pleroma, PostgreSQL and Nginx on a single Alpine Linux host. diff --git a/host_vars/.gitkeep b/host_vars/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/hosts.yml b/hosts.yml new file mode 100644 index 0000000..3184b25 --- /dev/null +++ b/hosts.yml @@ -0,0 +1,12 @@ +--- +all: + children: + pleroma_database: + hosts: + pleroma: + pleroma_backend: + hosts: + pleroma: + pleroma_webserver: + hosts: + pleroma: diff --git a/defaults/main.yml b/roles/init/defaults/main.yml similarity index 98% rename from defaults/main.yml rename to roles/init/defaults/main.yml index 785692b..bea20b5 100644 --- a/defaults/main.yml +++ b/roles/init/defaults/main.yml @@ -48,3 +48,4 @@ pleroma_defaults: acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory" remainingDays: 10 termsAgreed: no + validateCerts: true diff --git a/roles/init/tasks/main.yml b/roles/init/tasks/main.yml new file mode 100644 index 0000000..ed6682e --- /dev/null +++ b/roles/init/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Combining Pleroma config details + set_fact: pleroma="{{ pleroma_defaults | combine(pleroma, recursive=true) }}" diff --git a/tasks/pleroma.yml b/roles/pleroma-backend/tasks/main.yml similarity index 93% rename from tasks/pleroma.yml rename to roles/pleroma-backend/tasks/main.yml index ea8c0ae..c90c93d 100644 --- a/tasks/pleroma.yml +++ b/roles/pleroma-backend/tasks/main.yml @@ -37,13 +37,13 @@ - name: Ensuring that the release build of pleroma is downloaded. get_url: - url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl - dest: /tmp/pleroma.zip + url: "{{ pleroma_download_url }}" + dest: "{{ pleroma_download_dest }}" - name: Unzipping the release build of pleroma. unarchive: remote_src: yes - src: /tmp/pleroma.zip + src: "{{ pleroma_download_dest }}" dest: /tmp owner: "{{ pleroma_user.name }}" group: "{{ pleroma_user.group }}" @@ -95,5 +95,5 @@ path: "{{ item }}" state: absent loop: - - /tmp/pleroma.zip + - "{{ pleroma_download_dest }}" - /tmp/release diff --git a/templates/etc_pleroma_config.exs.j2 b/roles/pleroma-backend/templates/etc_pleroma_config.exs.j2 similarity index 100% rename from templates/etc_pleroma_config.exs.j2 rename to roles/pleroma-backend/templates/etc_pleroma_config.exs.j2 diff --git a/roles/pleroma-backend/vars/main.yml b/roles/pleroma-backend/vars/main.yml new file mode 100644 index 0000000..b1993f8 --- /dev/null +++ b/roles/pleroma-backend/vars/main.yml @@ -0,0 +1,16 @@ +--- +pleroma_user: + group: pleroma + home: /opt/pleroma + id: 1200 + name: pleroma + shell: /bin/false + +pleroma_config_dir: /etc/pleroma + +pleroma_base_data_dir: /var/lib/pleroma +pleroma_static_dir: "{{ pleroma_base_data_dir }}/static" +pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads" + +pleroma_download_url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl +pleroma_download_dest: /tmp/pleroma.zip diff --git a/tasks/nginx.yml b/roles/pleroma-nginx/tasks/main.yml similarity index 97% rename from tasks/nginx.yml rename to roles/pleroma-nginx/tasks/main.yml index 1f626d5..cf58c0f 100644 --- a/tasks/nginx.yml +++ b/roles/pleroma-nginx/tasks/main.yml @@ -140,6 +140,7 @@ remaining_days: "{{ pleroma.ssl.letsEncrypt.remainingDays }}" select_crypto_backend: cryptography terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}" + validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}" register: acme_challenge when: pleroma.ssl.letsEncrypt.enable @@ -162,6 +163,8 @@ select_crypto_backend: cryptography terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}" data: "{{ acme_challenge }}" + validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}" + register: acme_challenge when: pleroma.ssl.letsEncrypt.enable - name: Nginx -- Updating file permissions of the SSL certificate. diff --git a/templates/etc_ngnix_confd_pleroma.conf.j2 b/roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2 similarity index 100% rename from templates/etc_ngnix_confd_pleroma.conf.j2 rename to roles/pleroma-nginx/templates/etc_ngnix_confd_pleroma.conf.j2 diff --git a/vars/main.yml b/roles/pleroma-nginx/vars/main.yml similarity index 52% rename from vars/main.yml rename to roles/pleroma-nginx/vars/main.yml index 15bd338..6b855ad 100644 --- a/vars/main.yml +++ b/roles/pleroma-nginx/vars/main.yml @@ -1,21 +1,9 @@ --- -pleroma_user: - group: pleroma - home: /opt/pleroma - id: 1200 - name: pleroma - shell: /bin/false - pleroma_deps_nginx: nginx, py-cryptography -pleroma_config_dir: /etc/pleroma pleroma_nginx_conf_dir: /etc/nginx/conf.d pleroma_nginx_conf_file: "{{ pleroma_nginx_conf_dir }}/pleroma.conf" -pleroma_base_data_dir: /var/lib/pleroma -pleroma_static_dir: "{{ pleroma_base_data_dir }}/static" -pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads" - pleroma_ssl_folder: /etc/ssl/pleroma pleroma_ssl_privateKeyPath: "{{ pleroma_ssl_folder }}/pleroma.key" pleroma_ssl_privateAcmeAccountKeyPath: "{{ pleroma_ssl_folder}}/acme_account.key" @@ -24,9 +12,3 @@ pleroma_ssl_selfSignedCertPath: "{{ pleroma_ssl_folder }}/pleroma-self-signed.cr pleroma_ssl_fullChainCert: "{{ pleroma_ssl_folder }}/{{ pleroma.config.host }}-fullchain.pem" pleroma_letsEncrypt_baseDir: /var/lib/letsencrypt - -pleroma_postgres_log_dir: /var/log/postgresql -pleroma_postgres_base_conf: /etc/postgresql -pleroma_postgres_confd: "{{ pleroma_postgres_base_conf }}/conf.d" -pleroma_postgres_confd_symlink: /var/lib/postgresql/11/data/pg_conf.d -pleroma_postgres_unix_socket_dir: /var/run/postgresql diff --git a/handlers/main.yml b/roles/pleroma-postgres/handlers/main.yml similarity index 100% rename from handlers/main.yml rename to roles/pleroma-postgres/handlers/main.yml diff --git a/tasks/postgres.yml b/roles/pleroma-postgres/tasks/main.yml similarity index 98% rename from tasks/postgres.yml rename to roles/pleroma-postgres/tasks/main.yml index 1f2be1b..2363f9b 100644 --- a/tasks/postgres.yml +++ b/roles/pleroma-postgres/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Postgres -- Ensure that PostgreSQL is installed. apk: - name: postgresql, postgresql-contrib, py-psycopg2 + name: "{{ pleroma_postgres_packages }}" state: present - name: Postgres -- Ensure that the database is initialised. diff --git a/templates/etc_postgresql_confd_postgresql_override.conf b/roles/pleroma-postgres/templates/etc_postgresql_confd_postgresql_override.conf similarity index 100% rename from templates/etc_postgresql_confd_postgresql_override.conf rename to roles/pleroma-postgres/templates/etc_postgresql_confd_postgresql_override.conf diff --git a/templates/etc_postgresql_pg_hba.conf.j2 b/roles/pleroma-postgres/templates/etc_postgresql_pg_hba.conf.j2 similarity index 100% rename from templates/etc_postgresql_pg_hba.conf.j2 rename to roles/pleroma-postgres/templates/etc_postgresql_pg_hba.conf.j2 diff --git a/roles/pleroma-postgres/vars/main.yml b/roles/pleroma-postgres/vars/main.yml new file mode 100644 index 0000000..a246a5f --- /dev/null +++ b/roles/pleroma-postgres/vars/main.yml @@ -0,0 +1,7 @@ +--- +pleroma_postgres_packages: postgresql, postgresql-contrib, py-psycopg2 +pleroma_postgres_log_dir: /var/log/postgresql +pleroma_postgres_base_conf: /etc/postgresql +pleroma_postgres_confd: "{{ pleroma_postgres_base_conf }}/conf.d" +pleroma_postgres_confd_symlink: /var/lib/postgresql/11/data/pg_conf.d +pleroma_postgres_unix_socket_dir: /var/run/postgresql diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..63d33ba --- /dev/null +++ b/site.yml @@ -0,0 +1,34 @@ +--- +- name: Initialising the site playbook. + hosts: all + roles: + - init + tags: + - always + +- name: Installing and configuring PostgreSQL for Pleroma. + hosts: pleroma_database + become: yes + become_method: sudo + roles: + - pleroma-postgres + tags: + - pleroma-postgres + +- name: Installing and configuring the Pleroma backend. + hosts: pleroma_backend + become: yes + become_method: sudo + roles: + - pleroma-backend + tags: + - pleroma-be + +- name: Installing and configuring Nginx for Pleroma. + hosts: pleroma_webserver + become: yes + become_method: sudo + roles: + - pleroma-nginx + tags: + - pleroma-nginx diff --git a/tasks/main.yml b/tasks/main.yml deleted file mode 100644 index 022af1a..0000000 --- a/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Combining Pleroma config details - set_fact: pleroma="{{ pleroma_defaults | combine(pleroma, recursive=true) }}" - tags: - - always - -- name: Installing and configuring PostgreSQL. - include_tasks: - file: postgres.yml - apply: - tags: - - postgres - tags: - - postgres - -- name: Installing and configuring Pleroma. - include_tasks: - file: pleroma.yml - apply: - tags: - - pleroma - tags: - - pleroma - -- name: Installing and configuring Nginx. - include_tasks: - file: nginx.yml - apply: - tags: - - nginx - tags: - - nginx