change: add a site playbook to the project.
This merge request changes the project from a single role project to a single playbook project with multiple plays and roles. The single playbook has multiple plays with each having its own role to install and configure the different components to run Pleroma. (postgres database, pleroma backend and nginx). Certain playbooks can be executed by specifying the relevant tags. This change is the first of many changes to start supporting installations on both single and multiple hosts. This change includes also includes: - inventory file. - host_vars directory for users to add their variables. - an init playbook to merge the default and the user defined config for Pleroma. - users can now specify whether to validate certs when performing acme challenges (default: true). - more task templating.
This commit is contained in:
parent
ebba1a1248
commit
b03c997960
19 changed files with 85 additions and 57 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
host_vars/*
|
||||
!host_vars/.gitkeep
|
|
@ -1,3 +1,3 @@
|
|||
# plemora-ansible-role
|
||||
# plemora-ansible-playbook
|
||||
|
||||
This role installs and configures Pleroma, PostgreSQL and Nginx on a single instance with Alpine Linux.
|
||||
**Description:** This playbook installs and configures Pleroma, PostgreSQL and Nginx on a single Alpine Linux host.
|
||||
|
|
0
host_vars/.gitkeep
Normal file
0
host_vars/.gitkeep
Normal file
12
hosts.yml
Normal file
12
hosts.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
all:
|
||||
children:
|
||||
pleroma_database:
|
||||
hosts:
|
||||
pleroma:
|
||||
pleroma_backend:
|
||||
hosts:
|
||||
pleroma:
|
||||
pleroma_webserver:
|
||||
hosts:
|
||||
pleroma:
|
|
@ -48,3 +48,4 @@ pleroma_defaults:
|
|||
acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
remainingDays: 10
|
||||
termsAgreed: no
|
||||
validateCerts: true
|
3
roles/init/tasks/main.yml
Normal file
3
roles/init/tasks/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: Combining Pleroma config details
|
||||
set_fact: pleroma="{{ pleroma_defaults | combine(pleroma, recursive=true) }}"
|
|
@ -37,13 +37,13 @@
|
|||
|
||||
- name: Ensuring that the release build of pleroma is downloaded.
|
||||
get_url:
|
||||
url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl
|
||||
dest: /tmp/pleroma.zip
|
||||
url: "{{ pleroma_download_url }}"
|
||||
dest: "{{ pleroma_download_dest }}"
|
||||
|
||||
- name: Unzipping the release build of pleroma.
|
||||
unarchive:
|
||||
remote_src: yes
|
||||
src: /tmp/pleroma.zip
|
||||
src: "{{ pleroma_download_dest }}"
|
||||
dest: /tmp
|
||||
owner: "{{ pleroma_user.name }}"
|
||||
group: "{{ pleroma_user.group }}"
|
||||
|
@ -95,5 +95,5 @@
|
|||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /tmp/pleroma.zip
|
||||
- "{{ pleroma_download_dest }}"
|
||||
- /tmp/release
|
16
roles/pleroma-backend/vars/main.yml
Normal file
16
roles/pleroma-backend/vars/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
pleroma_user:
|
||||
group: pleroma
|
||||
home: /opt/pleroma
|
||||
id: 1200
|
||||
name: pleroma
|
||||
shell: /bin/false
|
||||
|
||||
pleroma_config_dir: /etc/pleroma
|
||||
|
||||
pleroma_base_data_dir: /var/lib/pleroma
|
||||
pleroma_static_dir: "{{ pleroma_base_data_dir }}/static"
|
||||
pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads"
|
||||
|
||||
pleroma_download_url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl
|
||||
pleroma_download_dest: /tmp/pleroma.zip
|
|
@ -140,6 +140,7 @@
|
|||
remaining_days: "{{ pleroma.ssl.letsEncrypt.remainingDays }}"
|
||||
select_crypto_backend: cryptography
|
||||
terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}"
|
||||
validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}"
|
||||
register: acme_challenge
|
||||
when: pleroma.ssl.letsEncrypt.enable
|
||||
|
||||
|
@ -162,6 +163,8 @@
|
|||
select_crypto_backend: cryptography
|
||||
terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}"
|
||||
data: "{{ acme_challenge }}"
|
||||
validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}"
|
||||
register: acme_challenge
|
||||
when: pleroma.ssl.letsEncrypt.enable
|
||||
|
||||
- name: Nginx -- Updating file permissions of the SSL certificate.
|
|
@ -1,21 +1,9 @@
|
|||
---
|
||||
pleroma_user:
|
||||
group: pleroma
|
||||
home: /opt/pleroma
|
||||
id: 1200
|
||||
name: pleroma
|
||||
shell: /bin/false
|
||||
|
||||
pleroma_deps_nginx: nginx, py-cryptography
|
||||
|
||||
pleroma_config_dir: /etc/pleroma
|
||||
pleroma_nginx_conf_dir: /etc/nginx/conf.d
|
||||
pleroma_nginx_conf_file: "{{ pleroma_nginx_conf_dir }}/pleroma.conf"
|
||||
|
||||
pleroma_base_data_dir: /var/lib/pleroma
|
||||
pleroma_static_dir: "{{ pleroma_base_data_dir }}/static"
|
||||
pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads"
|
||||
|
||||
pleroma_ssl_folder: /etc/ssl/pleroma
|
||||
pleroma_ssl_privateKeyPath: "{{ pleroma_ssl_folder }}/pleroma.key"
|
||||
pleroma_ssl_privateAcmeAccountKeyPath: "{{ pleroma_ssl_folder}}/acme_account.key"
|
||||
|
@ -24,9 +12,3 @@ pleroma_ssl_selfSignedCertPath: "{{ pleroma_ssl_folder }}/pleroma-self-signed.cr
|
|||
pleroma_ssl_fullChainCert: "{{ pleroma_ssl_folder }}/{{ pleroma.config.host }}-fullchain.pem"
|
||||
|
||||
pleroma_letsEncrypt_baseDir: /var/lib/letsencrypt
|
||||
|
||||
pleroma_postgres_log_dir: /var/log/postgresql
|
||||
pleroma_postgres_base_conf: /etc/postgresql
|
||||
pleroma_postgres_confd: "{{ pleroma_postgres_base_conf }}/conf.d"
|
||||
pleroma_postgres_confd_symlink: /var/lib/postgresql/11/data/pg_conf.d
|
||||
pleroma_postgres_unix_socket_dir: /var/run/postgresql
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Postgres -- Ensure that PostgreSQL is installed.
|
||||
apk:
|
||||
name: postgresql, postgresql-contrib, py-psycopg2
|
||||
name: "{{ pleroma_postgres_packages }}"
|
||||
state: present
|
||||
|
||||
- name: Postgres -- Ensure that the database is initialised.
|
7
roles/pleroma-postgres/vars/main.yml
Normal file
7
roles/pleroma-postgres/vars/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
pleroma_postgres_packages: postgresql, postgresql-contrib, py-psycopg2
|
||||
pleroma_postgres_log_dir: /var/log/postgresql
|
||||
pleroma_postgres_base_conf: /etc/postgresql
|
||||
pleroma_postgres_confd: "{{ pleroma_postgres_base_conf }}/conf.d"
|
||||
pleroma_postgres_confd_symlink: /var/lib/postgresql/11/data/pg_conf.d
|
||||
pleroma_postgres_unix_socket_dir: /var/run/postgresql
|
34
site.yml
Normal file
34
site.yml
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
- name: Initialising the site playbook.
|
||||
hosts: all
|
||||
roles:
|
||||
- init
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Installing and configuring PostgreSQL for Pleroma.
|
||||
hosts: pleroma_database
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-postgres
|
||||
tags:
|
||||
- pleroma-postgres
|
||||
|
||||
- name: Installing and configuring the Pleroma backend.
|
||||
hosts: pleroma_backend
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-backend
|
||||
tags:
|
||||
- pleroma-be
|
||||
|
||||
- name: Installing and configuring Nginx for Pleroma.
|
||||
hosts: pleroma_webserver
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-nginx
|
||||
tags:
|
||||
- pleroma-nginx
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
- name: Combining Pleroma config details
|
||||
set_fact: pleroma="{{ pleroma_defaults | combine(pleroma, recursive=true) }}"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Installing and configuring PostgreSQL.
|
||||
include_tasks:
|
||||
file: postgres.yml
|
||||
apply:
|
||||
tags:
|
||||
- postgres
|
||||
tags:
|
||||
- postgres
|
||||
|
||||
- name: Installing and configuring Pleroma.
|
||||
include_tasks:
|
||||
file: pleroma.yml
|
||||
apply:
|
||||
tags:
|
||||
- pleroma
|
||||
tags:
|
||||
- pleroma
|
||||
|
||||
- name: Installing and configuring Nginx.
|
||||
include_tasks:
|
||||
file: nginx.yml
|
||||
apply:
|
||||
tags:
|
||||
- nginx
|
||||
tags:
|
||||
- nginx
|
Reference in a new issue