added: configuration for Pleroma
This merge request adds the template file and default variables for configuring Pleroma. Also included in this merge request are: - added: Makefile to produce the secret key base, signing salt and the public and private keys for web encryption. - fixed: Pleroma OTP builds are now downloaded from the stable branch. - changed: removed data from the pleroma task and added them in the variable directory.
This commit is contained in:
parent
f293d06c78
commit
b0ddbc30ad
4 changed files with 137 additions and 28 deletions
24
Makefile
Normal file
24
Makefile
Normal file
|
@ -0,0 +1,24 @@
|
|||
VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
||||
|
||||
PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key
|
||||
|
||||
all: secret_key_base signing_salt vapid_private_key vapid_public_key
|
||||
|
||||
secret_key_base:
|
||||
@echo "Secret key base:"
|
||||
@openssl rand -base64 48
|
||||
|
||||
signing_salt:
|
||||
@echo -e "\nSigning salt:"
|
||||
@openssl rand -hex 4
|
||||
|
||||
$(VAPID_PRIVATE_KEY_FILE):
|
||||
@openssl ecparam -genkey -name prime256v1 -out $(VAPID_PRIVATE_KEY_FILE)
|
||||
|
||||
vapid_private_key: $(VAPID_PRIVATE_KEY_FILE)
|
||||
@echo -e "\nVapid private key:"
|
||||
@openssl ec -in $(VAPID_PRIVATE_KEY_FILE) -outform DER 2> /dev/null | tail -c +8 | head -c 32 | base64 | tr '/+' '_-' | tr -d '=' | tr -d '\n'
|
||||
|
||||
vapid_public_key: $(VAPID_PRIVATE_KEY_FILE)
|
||||
@echo -e "\n\nVapid public key:"
|
||||
@openssl ec -in $(VAPID_PRIVATE_KEY_FILE) -pubout -outform DER 2> /dev/null | tail -c 65 | base64 | tr '/+' '_-' | tr -d '=' | tr -d '\n'
|
|
@ -1,43 +1,43 @@
|
|||
---
|
||||
# TODO: Do we need ncurses?
|
||||
- name: Ensure Pleroma dependencies are installed.
|
||||
apk:
|
||||
name: unzip, ncurses
|
||||
state: present
|
||||
|
||||
- name: Ensure group 'pleroma' exists.
|
||||
- name: Ensure group '{{ pleroma_user.group }}' exists.
|
||||
group:
|
||||
gid: 1200
|
||||
name: pleroma
|
||||
gid: "{{ pleroma_user.id }}"
|
||||
name: "{{ pleroma_user.group }}"
|
||||
state: present
|
||||
system: yes
|
||||
|
||||
- name: Ensure user 'pleroma' exists.
|
||||
- name: Ensure user '{{ pleroma_user.name }}' exists.
|
||||
user:
|
||||
group: pleroma
|
||||
home: /opt/pleroma
|
||||
name: pleroma
|
||||
shell: /bin/false
|
||||
group: "{{ pleroma_user.group }}"
|
||||
home: "{{ pleroma_user.home }}"
|
||||
name: "{{ pleroma_user.name }}"
|
||||
shell: "{{ pleroma_user.shell }}"
|
||||
state: present
|
||||
system: yes
|
||||
uid: 1200
|
||||
uid: "{{ pleroma_user.id }}"
|
||||
|
||||
# Directories
|
||||
- name: Ensure the Pleroma data and config directories exists.
|
||||
file:
|
||||
name: "{{ item }}"
|
||||
state: directory
|
||||
mode: '0700'
|
||||
owner: pleroma
|
||||
group: pleroma
|
||||
owner: "{{ pleroma_user.name }}"
|
||||
group: "{{ pleroma_user.group }}"
|
||||
loop:
|
||||
- /etc/pleroma
|
||||
- /var/lib/pleroma
|
||||
- /var/lib/pleroma/uploads
|
||||
- /var/lib/pleroma/static
|
||||
- "{{ pleroma_config_dir }}"
|
||||
- "{{ pleroma_base_data_dir }}"
|
||||
- "{{ pleroma_uploads_dir }}"
|
||||
- "{{ pleroma_static_dir }}"
|
||||
|
||||
- name: Ensuring that the release build of pleroma is downloaded.
|
||||
get_url:
|
||||
url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/master/download?job=amd64-musl
|
||||
url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl
|
||||
dest: /tmp/pleroma.zip
|
||||
|
||||
- name: Unzipping the release build of pleroma.
|
||||
|
@ -45,21 +45,21 @@
|
|||
remote_src: yes
|
||||
src: /tmp/pleroma.zip
|
||||
dest: /tmp
|
||||
owner: pleroma
|
||||
group: pleroma
|
||||
owner: "{{ pleroma_user.name }}"
|
||||
group: "{{ pleroma_user.group }}"
|
||||
|
||||
- name: Ensuring that Pleroma is installed.
|
||||
shell: |
|
||||
find /tmp/release/ -mindepth 1 -maxdepth 1 | xargs -I dir mv dir /opt/pleroma/
|
||||
find /tmp/release/ -mindepth 1 -maxdepth 1 | xargs -I dir mv dir {{ pleroma_user.home }}
|
||||
args:
|
||||
creates: /opt/pleroma/bin/pleroma
|
||||
creates: "{{ pleroma_user.home }}/bin/pleroma"
|
||||
|
||||
- name: Ensuring the configuration file is set.
|
||||
template:
|
||||
src: etc_pleroma_config.exs.j2
|
||||
dest: /etc/pleroma/config.exs
|
||||
owner: pleroma
|
||||
group: pleroma
|
||||
dest: "{{ pleroma_config_dir }}/config.exs"
|
||||
owner: "{{ pleroma_user.name }}"
|
||||
group: "{{ pleroma_user.group }}"
|
||||
mode: '0400'
|
||||
|
||||
- name: Running database migrations.
|
||||
|
@ -72,12 +72,12 @@
|
|||
|
||||
- name: Ensuring that folder permissions are set properly in /opt/pleroma.
|
||||
shell: |
|
||||
find /opt/pleroma -mindepth 1 -maxdepth 1 -type d | xargs -I dir chmod 0700 dir
|
||||
find /opt/pleroma -mindepth 1 -maxdepth 1 -type d | xargs -I dir chown -R pleroma:pleroma dir
|
||||
find {{ pleroma_user.home }} -mindepth 1 -maxdepth 1 -type d | xargs -I dir chmod 0700 dir
|
||||
find {{ pleroma_user.home }} -mindepth 1 -maxdepth 1 -type d | xargs -I dir chown -R {{ pleroma_user.name }}:{{ pleroma_user.group }} dir
|
||||
|
||||
- name: Setting up the Pleroma service.
|
||||
copy:
|
||||
src: /opt/pleroma/installation/init.d/pleroma
|
||||
src: "{{ pleroma_user.home }}/installation/init.d/pleroma"
|
||||
dest: /etc/init.d/pleroma
|
||||
remote_src: yes
|
||||
owner: root
|
||||
|
@ -88,7 +88,7 @@
|
|||
service:
|
||||
name: pleroma
|
||||
enabled: yes
|
||||
state: started
|
||||
state: restarted
|
||||
|
||||
- name: Cleaning up
|
||||
file:
|
||||
|
|
73
templates/etc_pleroma_config.exs.j2
Normal file
73
templates/etc_pleroma_config.exs.j2
Normal file
|
@ -0,0 +1,73 @@
|
|||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [
|
||||
host: "{{ pleroma.config.host }}",
|
||||
scheme: "https",
|
||||
port: 443
|
||||
],
|
||||
http: [
|
||||
ip: {127, 0, 0, 1},
|
||||
port: {{ pleroma.config.listeningPort }}
|
||||
],
|
||||
secret_key_base: "{{ pleroma.config.secretKeyBase }}",
|
||||
secure_cookie_flag: true,
|
||||
signing_salt: "{{ pleroma.config.signingSalt }}"
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "{{ pleroma.config.instanceName }}",
|
||||
email: "{{ pleroma.config.email }}",
|
||||
notify_email: "{{ pleroma.config.notifyEmail }}",
|
||||
description: "{{ pleroma.config.instanceDescription }}",
|
||||
limit: {{ pleroma.config.characterLimit }},
|
||||
registrations_open: {{ pleroma.config.registrationsOpen }},
|
||||
healthcheck: {{ pleroma.config.healthCheck }},
|
||||
dynamic_configuration: {{ pleroma.config.dynamicConfiguration }},
|
||||
federating: {{ pleroma.config.federating }}
|
||||
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: false,
|
||||
redirect_on_failure: true
|
||||
#base_url: "https://cache.pleroma.social"
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: "{{ pleroma.config.db.user }}",
|
||||
password: "{{ pleroma.config.db.password }}",
|
||||
database: "{{ pleroma.config.db.name }}",
|
||||
hostname: "localhost",
|
||||
pool_size: 10
|
||||
|
||||
config :pleroma, :database, rum_enabled: false
|
||||
config :pleroma, :instance, static_dir: "{{ pleroma_static_dir }}"
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "{{ pleroma_uploads_dir }}"
|
||||
|
||||
# Enable Strict-Transport-Security once SSL is working:
|
||||
config :pleroma, :http_security,
|
||||
sts: true
|
||||
|
||||
# I probably would like to set this up at some point
|
||||
# https://docs-develop.pleroma.social/backend/configuration/cheatsheet/#pleromaemailsmailer
|
||||
config :pleroma, Pleroma.Emails.Mailer,
|
||||
adapter: Swoosh.Adapters.Local,
|
||||
enabled: false
|
||||
|
||||
# Ensure logs are sent to syslog
|
||||
config :logger,
|
||||
backends: [
|
||||
{ExSyslogger, :ex_syslogger}
|
||||
],
|
||||
level: :{{ pleroma.config.logLevel }}
|
||||
|
||||
config :logger, :ex_syslogger,
|
||||
level: :{{ pleroma.config.logLevel }},
|
||||
format: "$date $time [$level] $message",
|
||||
facility: :local1,
|
||||
option: [:pid, :ndelay],
|
||||
ident: "pleroma"
|
||||
|
||||
# Configure web push notifications
|
||||
config :web_push_encryption, :vapid_details,
|
||||
subject: "mailto:{{ pleroma.config.webPushEncryption.email }}",
|
||||
private_key: "{{ pleroma.config.webPushEncryption.privateKey }}",
|
||||
public_key: "{{ pleroma.config.webPushEncryption.publicKey }}"
|
|
@ -1,4 +1,16 @@
|
|||
---
|
||||
pleroma_user:
|
||||
group: pleroma
|
||||
home: /opt/pleroma
|
||||
id: 1200
|
||||
name: pleroma
|
||||
shell: /bin/false
|
||||
|
||||
pleroma_config_dir: /etc/pleroma
|
||||
pleroma_base_data_dir: /var/lib/pleroma
|
||||
pleroma_static_dir: "{{ pleroma_base_data_dir }}/static"
|
||||
pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads"
|
||||
|
||||
pleroma_ssl_folder: /etc/ssl/pleroma
|
||||
pleroma_ssl_privateKeyPath: "{{ pleroma_ssl_folder }}/pleroma.key"
|
||||
pleroma_ssl_csrPath: "{{ pleroma_ssl_folder }}/pleroma.csr"
|
||||
|
|
Reference in a new issue