added: configuration for Pleroma
This merge request adds the template file and default variables for configuring Pleroma. Also included in this merge request are: - added: Makefile to produce the secret key base, signing salt and the public and private keys for web encryption. - fixed: Pleroma OTP builds are now downloaded from the stable branch. - changed: removed data from the pleroma task and added them in the variable directory.
This commit is contained in:
parent
f293d06c78
commit
b0ddbc30ad
4 changed files with 137 additions and 28 deletions
24
Makefile
Normal file
24
Makefile
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
||||||
|
|
||||||
|
PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key
|
||||||
|
|
||||||
|
all: secret_key_base signing_salt vapid_private_key vapid_public_key
|
||||||
|
|
||||||
|
secret_key_base:
|
||||||
|
@echo "Secret key base:"
|
||||||
|
@openssl rand -base64 48
|
||||||
|
|
||||||
|
signing_salt:
|
||||||
|
@echo -e "\nSigning salt:"
|
||||||
|
@openssl rand -hex 4
|
||||||
|
|
||||||
|
$(VAPID_PRIVATE_KEY_FILE):
|
||||||
|
@openssl ecparam -genkey -name prime256v1 -out $(VAPID_PRIVATE_KEY_FILE)
|
||||||
|
|
||||||
|
vapid_private_key: $(VAPID_PRIVATE_KEY_FILE)
|
||||||
|
@echo -e "\nVapid private key:"
|
||||||
|
@openssl ec -in $(VAPID_PRIVATE_KEY_FILE) -outform DER 2> /dev/null | tail -c +8 | head -c 32 | base64 | tr '/+' '_-' | tr -d '=' | tr -d '\n'
|
||||||
|
|
||||||
|
vapid_public_key: $(VAPID_PRIVATE_KEY_FILE)
|
||||||
|
@echo -e "\n\nVapid public key:"
|
||||||
|
@openssl ec -in $(VAPID_PRIVATE_KEY_FILE) -pubout -outform DER 2> /dev/null | tail -c 65 | base64 | tr '/+' '_-' | tr -d '=' | tr -d '\n'
|
|
@ -1,43 +1,43 @@
|
||||||
---
|
---
|
||||||
|
# TODO: Do we need ncurses?
|
||||||
- name: Ensure Pleroma dependencies are installed.
|
- name: Ensure Pleroma dependencies are installed.
|
||||||
apk:
|
apk:
|
||||||
name: unzip, ncurses
|
name: unzip, ncurses
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Ensure group 'pleroma' exists.
|
- name: Ensure group '{{ pleroma_user.group }}' exists.
|
||||||
group:
|
group:
|
||||||
gid: 1200
|
gid: "{{ pleroma_user.id }}"
|
||||||
name: pleroma
|
name: "{{ pleroma_user.group }}"
|
||||||
state: present
|
state: present
|
||||||
system: yes
|
system: yes
|
||||||
|
|
||||||
- name: Ensure user 'pleroma' exists.
|
- name: Ensure user '{{ pleroma_user.name }}' exists.
|
||||||
user:
|
user:
|
||||||
group: pleroma
|
group: "{{ pleroma_user.group }}"
|
||||||
home: /opt/pleroma
|
home: "{{ pleroma_user.home }}"
|
||||||
name: pleroma
|
name: "{{ pleroma_user.name }}"
|
||||||
shell: /bin/false
|
shell: "{{ pleroma_user.shell }}"
|
||||||
state: present
|
state: present
|
||||||
system: yes
|
system: yes
|
||||||
uid: 1200
|
uid: "{{ pleroma_user.id }}"
|
||||||
|
|
||||||
# Directories
|
|
||||||
- name: Ensure the Pleroma data and config directories exists.
|
- name: Ensure the Pleroma data and config directories exists.
|
||||||
file:
|
file:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
owner: pleroma
|
owner: "{{ pleroma_user.name }}"
|
||||||
group: pleroma
|
group: "{{ pleroma_user.group }}"
|
||||||
loop:
|
loop:
|
||||||
- /etc/pleroma
|
- "{{ pleroma_config_dir }}"
|
||||||
- /var/lib/pleroma
|
- "{{ pleroma_base_data_dir }}"
|
||||||
- /var/lib/pleroma/uploads
|
- "{{ pleroma_uploads_dir }}"
|
||||||
- /var/lib/pleroma/static
|
- "{{ pleroma_static_dir }}"
|
||||||
|
|
||||||
- name: Ensuring that the release build of pleroma is downloaded.
|
- name: Ensuring that the release build of pleroma is downloaded.
|
||||||
get_url:
|
get_url:
|
||||||
url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/master/download?job=amd64-musl
|
url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl
|
||||||
dest: /tmp/pleroma.zip
|
dest: /tmp/pleroma.zip
|
||||||
|
|
||||||
- name: Unzipping the release build of pleroma.
|
- name: Unzipping the release build of pleroma.
|
||||||
|
@ -45,21 +45,21 @@
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
src: /tmp/pleroma.zip
|
src: /tmp/pleroma.zip
|
||||||
dest: /tmp
|
dest: /tmp
|
||||||
owner: pleroma
|
owner: "{{ pleroma_user.name }}"
|
||||||
group: pleroma
|
group: "{{ pleroma_user.group }}"
|
||||||
|
|
||||||
- name: Ensuring that Pleroma is installed.
|
- name: Ensuring that Pleroma is installed.
|
||||||
shell: |
|
shell: |
|
||||||
find /tmp/release/ -mindepth 1 -maxdepth 1 | xargs -I dir mv dir /opt/pleroma/
|
find /tmp/release/ -mindepth 1 -maxdepth 1 | xargs -I dir mv dir {{ pleroma_user.home }}
|
||||||
args:
|
args:
|
||||||
creates: /opt/pleroma/bin/pleroma
|
creates: "{{ pleroma_user.home }}/bin/pleroma"
|
||||||
|
|
||||||
- name: Ensuring the configuration file is set.
|
- name: Ensuring the configuration file is set.
|
||||||
template:
|
template:
|
||||||
src: etc_pleroma_config.exs.j2
|
src: etc_pleroma_config.exs.j2
|
||||||
dest: /etc/pleroma/config.exs
|
dest: "{{ pleroma_config_dir }}/config.exs"
|
||||||
owner: pleroma
|
owner: "{{ pleroma_user.name }}"
|
||||||
group: pleroma
|
group: "{{ pleroma_user.group }}"
|
||||||
mode: '0400'
|
mode: '0400'
|
||||||
|
|
||||||
- name: Running database migrations.
|
- name: Running database migrations.
|
||||||
|
@ -72,12 +72,12 @@
|
||||||
|
|
||||||
- name: Ensuring that folder permissions are set properly in /opt/pleroma.
|
- name: Ensuring that folder permissions are set properly in /opt/pleroma.
|
||||||
shell: |
|
shell: |
|
||||||
find /opt/pleroma -mindepth 1 -maxdepth 1 -type d | xargs -I dir chmod 0700 dir
|
find {{ pleroma_user.home }} -mindepth 1 -maxdepth 1 -type d | xargs -I dir chmod 0700 dir
|
||||||
find /opt/pleroma -mindepth 1 -maxdepth 1 -type d | xargs -I dir chown -R pleroma:pleroma dir
|
find {{ pleroma_user.home }} -mindepth 1 -maxdepth 1 -type d | xargs -I dir chown -R {{ pleroma_user.name }}:{{ pleroma_user.group }} dir
|
||||||
|
|
||||||
- name: Setting up the Pleroma service.
|
- name: Setting up the Pleroma service.
|
||||||
copy:
|
copy:
|
||||||
src: /opt/pleroma/installation/init.d/pleroma
|
src: "{{ pleroma_user.home }}/installation/init.d/pleroma"
|
||||||
dest: /etc/init.d/pleroma
|
dest: /etc/init.d/pleroma
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -88,7 +88,7 @@
|
||||||
service:
|
service:
|
||||||
name: pleroma
|
name: pleroma
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: restarted
|
||||||
|
|
||||||
- name: Cleaning up
|
- name: Cleaning up
|
||||||
file:
|
file:
|
||||||
|
|
73
templates/etc_pleroma_config.exs.j2
Normal file
73
templates/etc_pleroma_config.exs.j2
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
import Config
|
||||||
|
|
||||||
|
config :pleroma, Pleroma.Web.Endpoint,
|
||||||
|
url: [
|
||||||
|
host: "{{ pleroma.config.host }}",
|
||||||
|
scheme: "https",
|
||||||
|
port: 443
|
||||||
|
],
|
||||||
|
http: [
|
||||||
|
ip: {127, 0, 0, 1},
|
||||||
|
port: {{ pleroma.config.listeningPort }}
|
||||||
|
],
|
||||||
|
secret_key_base: "{{ pleroma.config.secretKeyBase }}",
|
||||||
|
secure_cookie_flag: true,
|
||||||
|
signing_salt: "{{ pleroma.config.signingSalt }}"
|
||||||
|
|
||||||
|
config :pleroma, :instance,
|
||||||
|
name: "{{ pleroma.config.instanceName }}",
|
||||||
|
email: "{{ pleroma.config.email }}",
|
||||||
|
notify_email: "{{ pleroma.config.notifyEmail }}",
|
||||||
|
description: "{{ pleroma.config.instanceDescription }}",
|
||||||
|
limit: {{ pleroma.config.characterLimit }},
|
||||||
|
registrations_open: {{ pleroma.config.registrationsOpen }},
|
||||||
|
healthcheck: {{ pleroma.config.healthCheck }},
|
||||||
|
dynamic_configuration: {{ pleroma.config.dynamicConfiguration }},
|
||||||
|
federating: {{ pleroma.config.federating }}
|
||||||
|
|
||||||
|
config :pleroma, :media_proxy,
|
||||||
|
enabled: false,
|
||||||
|
redirect_on_failure: true
|
||||||
|
#base_url: "https://cache.pleroma.social"
|
||||||
|
|
||||||
|
config :pleroma, Pleroma.Repo,
|
||||||
|
adapter: Ecto.Adapters.Postgres,
|
||||||
|
username: "{{ pleroma.config.db.user }}",
|
||||||
|
password: "{{ pleroma.config.db.password }}",
|
||||||
|
database: "{{ pleroma.config.db.name }}",
|
||||||
|
hostname: "localhost",
|
||||||
|
pool_size: 10
|
||||||
|
|
||||||
|
config :pleroma, :database, rum_enabled: false
|
||||||
|
config :pleroma, :instance, static_dir: "{{ pleroma_static_dir }}"
|
||||||
|
config :pleroma, Pleroma.Uploaders.Local, uploads: "{{ pleroma_uploads_dir }}"
|
||||||
|
|
||||||
|
# Enable Strict-Transport-Security once SSL is working:
|
||||||
|
config :pleroma, :http_security,
|
||||||
|
sts: true
|
||||||
|
|
||||||
|
# I probably would like to set this up at some point
|
||||||
|
# https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromaemailsmailer
|
||||||
|
config :pleroma, Pleroma.Emails.Mailer,
|
||||||
|
adapter: Swoosh.Adapters.Local,
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Ensure logs are sent to syslog
|
||||||
|
config :logger,
|
||||||
|
backends: [
|
||||||
|
{ExSyslogger, :ex_syslogger}
|
||||||
|
],
|
||||||
|
level: :{{ pleroma.config.logLevel }}
|
||||||
|
|
||||||
|
config :logger, :ex_syslogger,
|
||||||
|
level: :{{ pleroma.config.logLevel }},
|
||||||
|
format: "$date $time [$level] $message",
|
||||||
|
facility: :local1,
|
||||||
|
option: [:pid, :ndelay],
|
||||||
|
ident: "pleroma"
|
||||||
|
|
||||||
|
# Configure web push notifications
|
||||||
|
config :web_push_encryption, :vapid_details,
|
||||||
|
subject: "mailto:{{ pleroma.config.webPushEncryption.email }}",
|
||||||
|
private_key: "{{ pleroma.config.webPushEncryption.privateKey }}",
|
||||||
|
public_key: "{{ pleroma.config.webPushEncryption.publicKey }}"
|
|
@ -1,4 +1,16 @@
|
||||||
---
|
---
|
||||||
|
pleroma_user:
|
||||||
|
group: pleroma
|
||||||
|
home: /opt/pleroma
|
||||||
|
id: 1200
|
||||||
|
name: pleroma
|
||||||
|
shell: /bin/false
|
||||||
|
|
||||||
|
pleroma_config_dir: /etc/pleroma
|
||||||
|
pleroma_base_data_dir: /var/lib/pleroma
|
||||||
|
pleroma_static_dir: "{{ pleroma_base_data_dir }}/static"
|
||||||
|
pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads"
|
||||||
|
|
||||||
pleroma_ssl_folder: /etc/ssl/pleroma
|
pleroma_ssl_folder: /etc/ssl/pleroma
|
||||||
pleroma_ssl_privateKeyPath: "{{ pleroma_ssl_folder }}/pleroma.key"
|
pleroma_ssl_privateKeyPath: "{{ pleroma_ssl_folder }}/pleroma.key"
|
||||||
pleroma_ssl_csrPath: "{{ pleroma_ssl_folder }}/pleroma.csr"
|
pleroma_ssl_csrPath: "{{ pleroma_ssl_folder }}/pleroma.csr"
|
||||||
|
|
Reference in a new issue