Compare commits
6 commits
master
...
docs/confi
Author | SHA1 | Date | |
---|---|---|---|
6d1657ea0a | |||
ad3f4fa0bb | |||
7547551d3b | |||
6060a7f31d | |||
ffc758840d | |||
5402dd9cb6 |
28 changed files with 228 additions and 361 deletions
|
@ -1,5 +0,0 @@
|
||||||
*
|
|
||||||
!roles
|
|
||||||
!library
|
|
||||||
!Makefile
|
|
||||||
!playbook.yml
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,5 +1,6 @@
|
||||||
inventories/*
|
inventories/*
|
||||||
!inventories/.gitkeep
|
!inventories/.gitkeep
|
||||||
|
site.yml
|
||||||
vapid-private-key.pem
|
vapid-private-key.pem
|
||||||
|
|
||||||
library/__pycache__/
|
library/__pycache__/
|
||||||
|
|
|
@ -1,15 +1,13 @@
|
||||||
---
|
---
|
||||||
workflow:
|
image: python:3.7.6-slim-buster
|
||||||
rules:
|
|
||||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
|
||||||
- if: '$CI_COMMIT_TAG'
|
|
||||||
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
- publish
|
|
||||||
|
|
||||||
include:
|
test:
|
||||||
- local: '/.gitlab/ci/templates/docker.gitlab-ci.yml'
|
stage: test
|
||||||
- local: '/.gitlab/ci/test-env.gitlab-ci.yml'
|
before_script:
|
||||||
- local: '/.gitlab/ci/playbook.gitlab-ci.yml'
|
- apt-get update && apt-get install make
|
||||||
|
- pip install ansible==2.9.6
|
||||||
|
script:
|
||||||
|
- make test_modules_unit
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
---
|
|
||||||
.use-python:
|
|
||||||
image: python:3.7.6-slim-buster
|
|
||||||
|
|
||||||
.playbook-docker-vars:
|
|
||||||
variables:
|
|
||||||
DOCKERFILE: "Dockerfile"
|
|
||||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook
|
|
||||||
IMAGE_TAG: ${CI_COMMIT_REF_NAME}
|
|
||||||
|
|
||||||
.playbook-docker-test-rules:
|
|
||||||
rules:
|
|
||||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
|
||||||
changes:
|
|
||||||
- "Dockerfile"
|
|
||||||
when: always
|
|
||||||
|
|
||||||
test:playbook:dockerfile-lint:
|
|
||||||
extends:
|
|
||||||
- .dockerfile-lint
|
|
||||||
- .playbook-docker-vars
|
|
||||||
- .playbook-docker-test-rules
|
|
||||||
|
|
||||||
test:playbook:docker-build:
|
|
||||||
extends:
|
|
||||||
- .dockerbuild-test
|
|
||||||
- .playbook-docker-vars
|
|
||||||
- .playbook-docker-test-rules
|
|
||||||
script:
|
|
||||||
- export IMAGE_DATE=$(date -Iseconds)
|
|
||||||
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
|
||||||
- make image
|
|
||||||
|
|
||||||
test:playbook:custom-modules:
|
|
||||||
stage: test
|
|
||||||
extends: .use-python
|
|
||||||
before_script:
|
|
||||||
- apt-get update && apt-get install make
|
|
||||||
- pip install ansible==2.9.7
|
|
||||||
script:
|
|
||||||
- make test_modules_unit
|
|
||||||
only:
|
|
||||||
refs:
|
|
||||||
- merge_requests
|
|
||||||
changes:
|
|
||||||
- library/*
|
|
||||||
except:
|
|
||||||
refs:
|
|
||||||
- master
|
|
||||||
|
|
||||||
publish:playbook:docker-image:
|
|
||||||
extends:
|
|
||||||
- .docker-publish
|
|
||||||
- .playbook-docker-vars
|
|
||||||
script:
|
|
||||||
- export IMAGE_DATE=$(date -Iseconds)
|
|
||||||
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
|
||||||
- make publish
|
|
||||||
only:
|
|
||||||
- /^v[0-9]+(.[0-9]+){2}$/
|
|
|
@ -1,29 +0,0 @@
|
||||||
---
|
|
||||||
.install-make: &install-make
|
|
||||||
- apk add --no-cache make
|
|
||||||
|
|
||||||
.docker-build-setup:
|
|
||||||
image: docker:19.03.8
|
|
||||||
services:
|
|
||||||
- docker:19.03.8-dind
|
|
||||||
|
|
||||||
.dockerfile-lint:
|
|
||||||
stage: test
|
|
||||||
image: hadolint/hadolint:v1.18.0-alpine
|
|
||||||
script:
|
|
||||||
- hadolint ${DOCKERFILE}
|
|
||||||
|
|
||||||
.dockerbuild-test:
|
|
||||||
stage: test
|
|
||||||
extends: .docker-build-setup
|
|
||||||
before_script:
|
|
||||||
- *install-make
|
|
||||||
|
|
||||||
.docker-publish:
|
|
||||||
stage: publish
|
|
||||||
extends: .docker-build-setup
|
|
||||||
before_script:
|
|
||||||
- *install-make
|
|
||||||
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
|
|
||||||
after_script:
|
|
||||||
- docker logout ${CI_REGISTRY}
|
|
|
@ -1,39 +0,0 @@
|
||||||
---
|
|
||||||
.test-env-docker-vars:
|
|
||||||
variables:
|
|
||||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/test-environment
|
|
||||||
IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
|
|
||||||
DOCKERFILE: "test/pleroma_test_env/Dockerfile"
|
|
||||||
DOCKER_CONTEXT: "test/pleroma_test_env"
|
|
||||||
BUILD_ARGS: "--build-arg TEST_ENV_PASSWORD=${TEST_ENV_PASSWORD}"
|
|
||||||
|
|
||||||
.test-env-test-rules:
|
|
||||||
rules:
|
|
||||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
|
||||||
changes:
|
|
||||||
- "test/pleroma_test_env/Dockerfile"
|
|
||||||
when: always
|
|
||||||
|
|
||||||
test:test-env:dockerfile-lint:
|
|
||||||
extends:
|
|
||||||
- .dockerfile-lint
|
|
||||||
- .test-env-docker-vars
|
|
||||||
- .test-env-test-rules
|
|
||||||
|
|
||||||
test:test-env:docker-build:
|
|
||||||
extends:
|
|
||||||
- .dockerbuild-test
|
|
||||||
- .test-env-docker-vars
|
|
||||||
- .test-env-test-rules
|
|
||||||
script:
|
|
||||||
- make image
|
|
||||||
|
|
||||||
publish:test-env:docker-image:
|
|
||||||
extends:
|
|
||||||
- .docker-publish
|
|
||||||
- .test-env-docker-vars
|
|
||||||
script:
|
|
||||||
- make publish
|
|
||||||
rules:
|
|
||||||
- if: '$CI_PIPELINE_SOURCE == "web"'
|
|
||||||
when: always
|
|
67
Dockerfile
67
Dockerfile
|
@ -1,67 +0,0 @@
|
||||||
FROM alpine:3.11
|
|
||||||
|
|
||||||
ARG ANSIBLE_UID=1200
|
|
||||||
ARG ANSIBLE_USER=ansible
|
|
||||||
ARG ANSIBLE_VERSION=2.9.7
|
|
||||||
ARG PLEROMA_PLAYBOOK_DIRECTORY=/ansible/pleroma-playbook
|
|
||||||
ARG BUILD_TIME
|
|
||||||
ARG BUILD_TAG
|
|
||||||
|
|
||||||
# Annotation (label) schema based on the OCI image specification.
|
|
||||||
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
|
|
||||||
LABEL org.opencontainers.image.authors="Dan Anglin <d.n.i.anglin@gmail.com>" \
|
|
||||||
org.opencontainers.image.created=${BUILD_TIME} \
|
|
||||||
org.opencontainers.image.documentation="https://gitlab.com/dananglin/pleroma-ansible-playbook/-/blob/master/README.md" \
|
|
||||||
org.opencontainers.image.source="https://gitlab.com/dananglin/pleroma-ansible-playbook.git" \
|
|
||||||
org.opencontainers.image.version=${BUILD_TAG} \
|
|
||||||
org.opencontainers.image.vendor="Dan Anglin" \
|
|
||||||
org.opencontainers.image.licenses="MIT" \
|
|
||||||
org.opencontainers.image.title="Pleroma Ansible Playbook" \
|
|
||||||
org.opencontainers.image.description="Ansible playbook that installs, configures and customizes Pleroma on a Alpine host."
|
|
||||||
|
|
||||||
# TODO: Remove sshpass when it is possible to do so.
|
|
||||||
RUN \
|
|
||||||
apk add --no-cache \
|
|
||||||
ca-certificates=20191127-r2 \
|
|
||||||
make=4.2.1-r2 \
|
|
||||||
openssh-client=8.1_p1-r0 \
|
|
||||||
openssl=1.1.1g-r0 \
|
|
||||||
python3=3.8.2-r0 \
|
|
||||||
bash=5.0.11-r1 \
|
|
||||||
sshpass=1.06-r0 \
|
|
||||||
&& \
|
|
||||||
apk add --no-cache --virtual .build-deps \
|
|
||||||
python3-dev=3.8.2-r0 \
|
|
||||||
libffi-dev=3.2.1-r6 \
|
|
||||||
openssl-dev=1.1.1g-r0 \
|
|
||||||
build-base=0.5-r1 \
|
|
||||||
&& \
|
|
||||||
pip3 install --upgrade \
|
|
||||||
pip==20.0.2 \
|
|
||||||
cffi==1.14.0 \
|
|
||||||
&& \
|
|
||||||
pip install \
|
|
||||||
ansible==${ANSIBLE_VERSION} \
|
|
||||||
hvac==0.10.3 \
|
|
||||||
&& \
|
|
||||||
apk del \
|
|
||||||
.build-deps \
|
|
||||||
&& \
|
|
||||||
adduser -u ${ANSIBLE_UID} -s /bin/sh -D ${ANSIBLE_USER}
|
|
||||||
|
|
||||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} library ${PLEROMA_PLAYBOOK_DIRECTORY}/library/
|
|
||||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} roles ${PLEROMA_PLAYBOOK_DIRECTORY}/roles/
|
|
||||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} playbook.yml ${PLEROMA_PLAYBOOK_DIRECTORY}/playbook.yml
|
|
||||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} Makefile ${PLEROMA_PLAYBOOK_DIRECTORY}/Makefile
|
|
||||||
|
|
||||||
ENV ANSIBLE_HOST_KEY_CHECKING=False \
|
|
||||||
ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \
|
|
||||||
ANSIBLE_SSH_PIPELINING=False \
|
|
||||||
ANSIBLE_GATHERING=smart \
|
|
||||||
ANSIBLE_RETRY_FILES_ENABLED=False \
|
|
||||||
ANSIBLE_PERSISTENT_CONNECT_TIMEOUT=30 \
|
|
||||||
ANSIBLE_PERSISTENT_COMMAND_TIMEOUT=60
|
|
||||||
|
|
||||||
USER ${ANSIBLE_USER}
|
|
||||||
WORKDIR ${PLEROMA_PLAYBOOK_DIRECTORY}
|
|
||||||
CMD [ "make", "pleroma" ]
|
|
20
Makefile
20
Makefile
|
@ -1,15 +1,6 @@
|
||||||
VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
||||||
INVENTORY ?= "hosts.yml"
|
|
||||||
PLAYBOOK_TAGS ?= "all"
|
|
||||||
PLAYBOOK_FILE ?= "playbook.yml"
|
|
||||||
DOCKERFILE ?= Dockerfile
|
|
||||||
DOCKER_CONTEXT ?= .
|
|
||||||
IMAGE_NAME ?= pleroma-ansible-playbook
|
|
||||||
IMAGE_TAG ?= latest
|
|
||||||
IMAGE_DATE ?= nil
|
|
||||||
DOCKER_IMAGE = $(IMAGE_NAME):$(IMAGE_TAG)
|
|
||||||
|
|
||||||
PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key test_modules_unit image publish pleroma
|
PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key
|
||||||
|
|
||||||
all: secret_key_base signing_salt vapid_key_pair
|
all: secret_key_base signing_salt vapid_key_pair
|
||||||
|
|
||||||
|
@ -36,12 +27,3 @@ vapid_public_key: $(VAPID_PRIVATE_KEY_FILE)
|
||||||
|
|
||||||
test_modules_unit:
|
test_modules_unit:
|
||||||
@find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3
|
@find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3
|
||||||
|
|
||||||
image:
|
|
||||||
@docker build $(BUILD_ARGS) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) $(DOCKER_CONTEXT)
|
|
||||||
|
|
||||||
publish: image
|
|
||||||
@docker push $(DOCKER_IMAGE)
|
|
||||||
|
|
||||||
pleroma:
|
|
||||||
ansible-playbook --inventory $(INVENTORY) --tags $(PLAYBOOK_TAGS) $(EXTRA_ARGS) $(PLAYBOOK_FILE)
|
|
||||||
|
|
12
README.md
12
README.md
|
@ -3,6 +3,8 @@
|
||||||
## Table of content
|
## Table of content
|
||||||
|
|
||||||
- [Summary](#summary)
|
- [Summary](#summary)
|
||||||
|
- [Ansible roles](#ansible-roles)
|
||||||
|
- [Additional features](#additional-features)
|
||||||
- [Requirements](#requirements)
|
- [Requirements](#requirements)
|
||||||
- [Configuration](#configuration)
|
- [Configuration](#configuration)
|
||||||
- [Secrets](#secrets)
|
- [Secrets](#secrets)
|
||||||
|
@ -18,16 +20,14 @@ This project was inspired by the official [Pleroma OTP installation guide](https
|
||||||
|
|
||||||
This project is developed over at https://gitlab.com/dananglin/pleroma-ansible-playbook. The master branch is mirrored over at https://github.com/dananglin/pleroma-ansible-playbook.
|
This project is developed over at https://gitlab.com/dananglin/pleroma-ansible-playbook. The master branch is mirrored over at https://github.com/dananglin/pleroma-ansible-playbook.
|
||||||
|
|
||||||
The project's icon ([Books icon](https://icons8.com/icon/114010/books)) was downloaded from [Icons8](https://icons8.com).
|
|
||||||
|
|
||||||
### Ansible roles
|
### Ansible roles
|
||||||
|
|
||||||
There are four roles used to install and configure your Pleroma instance:
|
There are four roles used to install and configure Pleroma including:
|
||||||
|
|
||||||
- **init:** merges the default configuration with your custom configuration.
|
- **init:** merges the default configuration with your custom configuration.
|
||||||
- **pleroma-database:** maintains the database layer by installing and configuring the PostgreSQL database server, creating the database user and creating and administrating the Pleroma database.
|
- **pleroma-postgres:** installs and configures the Pleroma PostgreSQL database.
|
||||||
- **pleroma-main:** maintains the main layer by handling the Pleroma installation, Pleroma upgrades and the configuration of the Pleroma frontend and backend.
|
- **pleroma-main:** installs/upgrades Pleroma and configures both the backend and frontend.
|
||||||
- **pleroma-proxy:** maintains the proxy layer by installing and configuring Nginx, creating the TLS certificates using Let's Encrypt, adding support for proving your Pleroma site with Keybase, etc.
|
- **pleroma-nginx:** installs and configures Nginx, creates SSL certificates using Let's Encrypt and adds support for proving your Pleroma site with Keybase.
|
||||||
|
|
||||||
### Additional features
|
### Additional features
|
||||||
|
|
||||||
|
|
|
@ -1,26 +1,194 @@
|
||||||
---
|
---
|
||||||
|
# TODO: In init role fail playbook if secrets are empty
|
||||||
pleroma:
|
pleroma:
|
||||||
config:
|
config:
|
||||||
email: &email admin@localhost.private
|
# field name - pleroma.config.email
|
||||||
host: example.com
|
# description -
|
||||||
listeningPort: 4000
|
# The email address of the instance administrator (you).
|
||||||
instanceName: "My Instance Name"
|
# This should be your personal or organisational email.
|
||||||
instanceDescription: "My Instance Description"
|
# default value - admin@localhost
|
||||||
registrationsOpen: "false"
|
email: &email admin@localhost
|
||||||
logLevel: warn
|
|
||||||
#secretKeyBase:
|
# field name - pleroma.config.host
|
||||||
#signingSalt:
|
# description - The sub(domain) of your Pleroma instance.
|
||||||
|
# default value - pleroma.localhost
|
||||||
|
host: pleroma.example.com
|
||||||
|
|
||||||
|
# field name - pleroma.config.notifyEmail
|
||||||
|
# description - The email used for notifications.
|
||||||
|
# default value - no_reply@pleroma.localhost
|
||||||
|
#notifyEmail: no_reply@pleroma.example.com
|
||||||
|
|
||||||
|
# field name - pleroma.config.listeningPort
|
||||||
|
# description - The port number that Pleroma will bind to.
|
||||||
|
# default value - 4000
|
||||||
|
#listeningPort: 4000
|
||||||
|
|
||||||
|
# field name - pleroma.config.instanceName
|
||||||
|
# description - The name of your Pleroma instance.
|
||||||
|
# default value - "Ansible Pleroma"
|
||||||
|
instanceName: "My Instance's Name"
|
||||||
|
|
||||||
|
# field name - pleroma.config.instanceDescription
|
||||||
|
# description - The description of your Pleroma instance.
|
||||||
|
# default value - "A new single instance of Pleroma"
|
||||||
|
instanceDescription: "My Instance's Description"
|
||||||
|
|
||||||
|
# field name - pleroma.config.characterLimit
|
||||||
|
# description - The character limit for each post.
|
||||||
|
# default value - 5000
|
||||||
|
#characterLimit: 5000
|
||||||
|
|
||||||
|
# field name - pleroma.config.registrationsOpen
|
||||||
|
# description - If set to "true" this allows anyone to register on your instance.
|
||||||
|
# default value - "false"
|
||||||
|
#registrationsOpen: "false"
|
||||||
|
|
||||||
|
# TODO: This needs to be updated
|
||||||
|
# field name - pleroma.config.
|
||||||
|
# description -
|
||||||
|
# default value -
|
||||||
|
#dynamicConfiguration: "false"
|
||||||
|
|
||||||
|
# field name - pleroma.config.healthCheck
|
||||||
|
# description - Show system data at /api/pleroma/healthcheck if set to "true".
|
||||||
|
# default value - "false"
|
||||||
|
#healthCheck: "false"
|
||||||
|
|
||||||
|
# field name - pleroma.config.remotePostRetentionDays
|
||||||
|
# description - The default amount of days to retain remote posts when pruning the database.
|
||||||
|
# default value - 90
|
||||||
|
#remotePostRetentionDays: 90
|
||||||
|
|
||||||
|
# field name - pleroma.config.logLevel
|
||||||
|
# description - Sets the log level of the Pleroma application.
|
||||||
|
# default value - info
|
||||||
|
#logLevel: info
|
||||||
|
|
||||||
|
# field name - pleroma.config.federating
|
||||||
|
# description - Enable federation with other instances if set to "true".
|
||||||
|
# default value - "true"
|
||||||
|
#federating: "true"
|
||||||
|
|
||||||
|
# field name - pleroma.config.chatEnabled
|
||||||
|
# description - Enable the chat window if set to "true".
|
||||||
|
# default value - "true"
|
||||||
|
#chatEnabled: "true"
|
||||||
|
|
||||||
|
# field name - pleroma.config.secretKeyBase
|
||||||
|
# description -
|
||||||
|
# This is used to configure the secret_key_base in Pleroma.
|
||||||
|
# It is used to sign and verify cookies.
|
||||||
|
# To generate this run 'make secret_key_base'
|
||||||
|
# The playbook will fail if this field is empty.
|
||||||
|
secretKeyBase:
|
||||||
|
|
||||||
|
# field name - pleroma.config.signingSalt
|
||||||
|
# description -
|
||||||
|
# This is used to configure the signing_salt in Pleroma.
|
||||||
|
# It is used with the secret_key_base to generate a key for signing and verifying cookies.
|
||||||
|
# To generate this run 'make signing_salt'
|
||||||
|
# The playbook will fail if this field is empty.
|
||||||
|
signingSalt:
|
||||||
|
|
||||||
|
# This section configures the... TODO
|
||||||
|
mrf:
|
||||||
|
simplePolicy:
|
||||||
|
#reject: []
|
||||||
|
#federatedTimelineRemoval: []
|
||||||
|
#mediaRemoval: []
|
||||||
|
#mediaNsfw: []
|
||||||
|
#reportRemoval: []
|
||||||
|
|
||||||
|
# This section configures the Pleroma frontend.
|
||||||
|
frontend:
|
||||||
|
# field name - pleroma.config.frontend.background
|
||||||
|
# default value - This field is empty by default
|
||||||
|
# description -
|
||||||
|
# The path on the Ansible controller to the image
|
||||||
|
# that will be uploaded to your Pleroma instance and
|
||||||
|
# used as the default background image.
|
||||||
|
#background: /path/to/your/background/image
|
||||||
|
|
||||||
|
themes:
|
||||||
|
# field name - pleroma.config.frontend.themes.custom
|
||||||
|
# default value - An empty list
|
||||||
|
# description - A list of names and corresponding paths of your custom themes
|
||||||
|
#custom:
|
||||||
|
#- name: custom-theme-1
|
||||||
|
# path: /file/path/to/custom/theme1
|
||||||
|
#- name: custom-theme-2
|
||||||
|
# path: /file/path/to/custom/theme2
|
||||||
|
|
||||||
|
# field name - pleroma.config.frontend.themes.default
|
||||||
|
# default value - pleroma-dark
|
||||||
|
# description -
|
||||||
|
# The default theme for your instance.
|
||||||
|
# You can specify one of the default themes or even
|
||||||
|
# one of your custom theme.
|
||||||
|
#default: custom-theme-1
|
||||||
|
|
||||||
webPushEncryption:
|
webPushEncryption:
|
||||||
|
# field name - pleroma.config.webPushEncryption.email
|
||||||
|
# description -
|
||||||
email: *email
|
email: *email
|
||||||
#privateKey:
|
|
||||||
#publicKey:
|
# field name - pleroma.config.webPushEncryption.privateKey
|
||||||
|
# description -
|
||||||
|
# This is the private key to enable browser notifications using VAPID.
|
||||||
|
# To generate this run 'make vapid_private_key'
|
||||||
|
# The playbook will fail if this field is empty.
|
||||||
|
privateKey:
|
||||||
|
|
||||||
|
# field name - pleroma.config.webPushEncryption.publicKey
|
||||||
|
# description -
|
||||||
|
# The playbook will fail if this field is empty.
|
||||||
|
publicKey:
|
||||||
db:
|
db:
|
||||||
name: pleroma
|
# field name - pleroma.config.db.password
|
||||||
user: pleroma
|
# description -
|
||||||
#password:
|
# The password to the Pleroma database.
|
||||||
|
# The playbook will fail if this field is empty.
|
||||||
|
password:
|
||||||
|
|
||||||
|
# field name - pleroma.config.db.name
|
||||||
|
# description - The name of the Pleroma database.
|
||||||
|
# default value - pleroma_db
|
||||||
|
#name: pleroma_db
|
||||||
|
|
||||||
|
# field name - pleroma.config.db.user
|
||||||
|
# description - The name of the database user.
|
||||||
|
# default value - pleroma
|
||||||
|
#user: pleroma
|
||||||
|
|
||||||
|
# field name - pleroma.config.db.connLimit
|
||||||
|
# description - The number of allowed concurrent connections to the database.
|
||||||
|
# default value - 15
|
||||||
|
#connLimit: 15
|
||||||
ssl:
|
ssl:
|
||||||
|
#csr:
|
||||||
|
# countryName: ""
|
||||||
|
# emailAddress: "{{ pleroma.config.email }}"
|
||||||
|
# localityName: ""
|
||||||
|
# organizationName: ""
|
||||||
|
# organizationUnitName: ""
|
||||||
|
# stateOrProvinceName: ""
|
||||||
letsEncrypt:
|
letsEncrypt:
|
||||||
enable: true
|
enable: false
|
||||||
acmeAccountEmail: *email
|
#acmeAccountEmail: *email
|
||||||
acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory"
|
#acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
termsAgreed: yes
|
#termsAgreed: yes
|
||||||
|
#validateCerts: true
|
||||||
|
keybase:
|
||||||
|
# field name - pleroma.keybase.enable
|
||||||
|
# default value - false
|
||||||
|
# description -
|
||||||
|
# If set to true the playbook will upload your keybase text file and
|
||||||
|
# configure Nginx in order to prove your Keybase identity against your
|
||||||
|
# Pleroma instance.
|
||||||
|
enable: false
|
||||||
|
proof:
|
||||||
|
# field name - pleroma.keybase.proof.filepath
|
||||||
|
# default value - ${HOME}/keybase.txt
|
||||||
|
# description - The file path to your keybase text file on your Ansible controller.
|
||||||
|
#filepath: "{{ lookup('env','HOME') }}/keybase.txt"
|
||||||
|
|
|
@ -11,9 +11,9 @@
|
||||||
become: yes
|
become: yes
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
roles:
|
roles:
|
||||||
- pleroma-database
|
- pleroma-postgres
|
||||||
tags:
|
tags:
|
||||||
- pleroma-database
|
- pleroma-postgres
|
||||||
|
|
||||||
- name: Installing and configuring the Pleroma backend.
|
- name: Installing and configuring the Pleroma backend.
|
||||||
hosts: pleroma_backend
|
hosts: pleroma_backend
|
||||||
|
@ -29,6 +29,6 @@
|
||||||
become: yes
|
become: yes
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
roles:
|
roles:
|
||||||
- pleroma-proxy
|
- pleroma-nginx
|
||||||
tags:
|
tags:
|
||||||
- pleroma-proxy
|
- pleroma-nginx
|
||||||
|
|
34
playbook.yml
34
playbook.yml
|
@ -1,34 +0,0 @@
|
||||||
---
|
|
||||||
- name: Initialising the playbook.
|
|
||||||
hosts: all
|
|
||||||
roles:
|
|
||||||
- init
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Setting up the Pleroma database.
|
|
||||||
hosts: pleroma_database
|
|
||||||
become: yes
|
|
||||||
become_method: sudo
|
|
||||||
roles:
|
|
||||||
- pleroma-database
|
|
||||||
tags:
|
|
||||||
- pleroma-database
|
|
||||||
|
|
||||||
- name: Setting up Pleroma.
|
|
||||||
hosts: pleroma_main
|
|
||||||
become: yes
|
|
||||||
become_method: sudo
|
|
||||||
roles:
|
|
||||||
- pleroma-main
|
|
||||||
tags:
|
|
||||||
- pleroma-main
|
|
||||||
|
|
||||||
- name: Setting up the Pleroma proxy layer.
|
|
||||||
hosts: pleroma_proxy
|
|
||||||
become: yes
|
|
||||||
become_method: sudo
|
|
||||||
roles:
|
|
||||||
- pleroma-proxy
|
|
||||||
tags:
|
|
||||||
- pleroma-proxy
|
|
|
@ -9,7 +9,7 @@ pleroma_defaults:
|
||||||
instanceDescription: "A new single instance of Pleroma"
|
instanceDescription: "A new single instance of Pleroma"
|
||||||
characterLimit: 5000
|
characterLimit: 5000
|
||||||
registrationsOpen: "false"
|
registrationsOpen: "false"
|
||||||
configurableFromDatabase: "false"
|
dynamicConfiguration: "false"
|
||||||
healthCheck: "false"
|
healthCheck: "false"
|
||||||
remotePostRetentionDays: 90
|
remotePostRetentionDays: 90
|
||||||
logLevel: info
|
logLevel: info
|
||||||
|
|
|
@ -79,7 +79,7 @@
|
||||||
when: enable_pleroma_download | default(False)
|
when: enable_pleroma_download | default(False)
|
||||||
|
|
||||||
- name: Registering the installed version of Pleroma.
|
- name: Registering the installed version of Pleroma.
|
||||||
shell: "{{ pleroma_user.home }}/bin/pleroma version | awk '{print $2}' | awk -F - '{print $1}'"
|
shell: "{{ pleroma_user.home }}/bin/pleroma version | awk '{print $2}'"
|
||||||
register: pleroma_installed_version
|
register: pleroma_installed_version
|
||||||
when: enable_pleroma_upgrade | default(False)
|
when: enable_pleroma_upgrade | default(False)
|
||||||
|
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
when: enable_pleroma_upgrade | default(False)
|
when: enable_pleroma_upgrade | default(False)
|
||||||
|
|
||||||
- name: Registering the downloaded version of Pleroma.
|
- name: Registering the downloaded version of Pleroma.
|
||||||
shell: "/tmp/release/bin/pleroma version | awk '{print $2}' | awk -F - '{print $1}'"
|
shell: /tmp/release/bin/pleroma version | awk '{print $2}'
|
||||||
register: pleroma_downloaded_version
|
register: pleroma_downloaded_version
|
||||||
when: enable_pleroma_upgrade | default(False)
|
when: enable_pleroma_upgrade | default(False)
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ config :pleroma, :instance,
|
||||||
registrations_open: {{ pleroma.config.registrationsOpen }},
|
registrations_open: {{ pleroma.config.registrationsOpen }},
|
||||||
healthcheck: {{ pleroma.config.healthCheck }},
|
healthcheck: {{ pleroma.config.healthCheck }},
|
||||||
remote_post_retention_days: {{ pleroma.config.remotePostRetentionDays }},
|
remote_post_retention_days: {{ pleroma.config.remotePostRetentionDays }},
|
||||||
configurable_from_database: {{ pleroma.config.configurableFromDatabase }},
|
dynamic_configuration: {{ pleroma.config.dynamicConfiguration }},
|
||||||
federating: {{ pleroma.config.federating }},
|
federating: {{ pleroma.config.federating }},
|
||||||
rewrite_policy: [Pleroma.Web.ActivityPub.MRF.SimplePolicy]
|
rewrite_policy: [Pleroma.Web.ActivityPub.MRF.SimplePolicy]
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
|
"pleroma-dark": [ "Pleroma Dark", "#121a24", "#182230", "#b9b9ba", "#d8a070", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
||||||
"pleroma-dark": "/static/themes/pleroma-dark.json",
|
"pleroma-light": [ "Pleroma Light", "#f2f4f6", "#dbe0e8", "#304055", "#f86f0f", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
||||||
"pleroma-light": "/static/themes/pleroma-light.json",
|
|
||||||
"pleroma-amoled": [ "Pleroma Dark AMOLED", "#000000", "#111111", "#b0b0b1", "#d8a070", "#aa0000", "#0fa00f", "#0095ff", "#d59500"],
|
"pleroma-amoled": [ "Pleroma Dark AMOLED", "#000000", "#111111", "#b0b0b1", "#d8a070", "#aa0000", "#0fa00f", "#0095ff", "#d59500"],
|
||||||
"classic-dark": [ "Classic Dark", "#161c20", "#282e32", "#b9b9b9", "#baaa9c", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
"classic-dark": [ "Classic Dark", "#161c20", "#282e32", "#b9b9b9", "#baaa9c", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
||||||
"bird": [ "Bird", "#f8fafd", "#e6ecf0", "#14171a", "#0084b8", "#e0245e", "#17bf63", "#1b95e0", "#fab81e"],
|
"bird": [ "Bird", "#f8fafd", "#e6ecf0", "#14171a", "#0084b8", "#e0245e", "#17bf63", "#1b95e0", "#fab81e"],
|
||||||
|
@ -13,8 +12,7 @@
|
||||||
"redmond-xxi": "/static/themes/redmond-xxi.json",
|
"redmond-xxi": "/static/themes/redmond-xxi.json",
|
||||||
"breezy-dark": "/static/themes/breezy-dark.json",
|
"breezy-dark": "/static/themes/breezy-dark.json",
|
||||||
"breezy-light": "/static/themes/breezy-light.json",
|
"breezy-light": "/static/themes/breezy-light.json",
|
||||||
"mammal": "/static/themes/mammal.json",
|
"mammal": "/static/themes/mammal.json"
|
||||||
"paper": "/static/themes/paper.json"
|
|
||||||
|
|
||||||
{% for i in pleroma.config.frontend.themes.custom %}
|
{% for i in pleroma.config.frontend.themes.custom %}
|
||||||
, "{{ i.name }}": "/static/themes/{{ i.name }}.json"
|
, "{{ i.name }}": "/static/themes/{{ i.name }}.json"
|
||||||
|
|
|
@ -4,7 +4,7 @@ proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cac
|
||||||
server {
|
server {
|
||||||
server_name {{ pleroma.config.host }};
|
server_name {{ pleroma.config.host }};
|
||||||
|
|
||||||
root {{ pleroma_nginx_root_dir }};
|
root {{ pleroma_nginx_root_dir }};
|
||||||
|
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
@ -31,7 +31,7 @@ ssl_session_cache shared:ssl_session_cache:10m;
|
||||||
server {
|
server {
|
||||||
server_name {{ pleroma.config.host }};
|
server_name {{ pleroma.config.host }};
|
||||||
|
|
||||||
root {{ pleroma_nginx_root_dir }};
|
root {{ pleroma_nginx_root_dir }};
|
||||||
|
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
@ -64,27 +64,28 @@ server {
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||||
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
|
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
|
||||||
|
|
||||||
client_max_body_size 16m;
|
client_max_body_size 16m;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/(media|proxy) {
|
location ~ ^/(media|proxy) {
|
||||||
proxy_cache pleroma_media_cache;
|
proxy_cache pleroma_media_cache;
|
||||||
slice 1m;
|
slice 1m;
|
||||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||||
proxy_set_header Range $slice_range;
|
proxy_set_header Range $slice_range;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_cache_valid 200 206 301 304 1h;
|
proxy_cache_valid 200 206 301 304 1h;
|
||||||
proxy_cache_lock on;
|
proxy_cache_lock on;
|
||||||
proxy_ignore_client_abort on;
|
proxy_ignore_client_abort on;
|
||||||
proxy_buffering on;
|
proxy_buffering on;
|
||||||
chunked_transfer_encoding on;
|
chunked_transfer_encoding on;
|
||||||
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
|
proxy_ignore_headers Cache-Control;
|
||||||
|
proxy_hide_header Cache-Control;
|
||||||
|
proxy_pass http://localhost:{{ pleroma.config.listeningPort }};
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if pleroma.keybase.enable == true -%}
|
{% if pleroma.keybase.enable == true -%}
|
|
@ -1,2 +0,0 @@
|
||||||
*
|
|
||||||
!files
|
|
|
@ -1,30 +0,0 @@
|
||||||
FROM dockage/alpine:3.10-openrc
|
|
||||||
|
|
||||||
ARG TEST_ENV_UID=1100
|
|
||||||
ARG TEST_ENV_USER=admin
|
|
||||||
ARG TEST_ENV_PASSWORD
|
|
||||||
ARG SSH_DIR=/home/admin/.ssh
|
|
||||||
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
|
|
||||||
|
|
||||||
RUN apk add --no-cache \
|
|
||||||
bash=5.0.0-r0 \
|
|
||||||
openssh=8.1_p1-r0 \
|
|
||||||
sudo=1.8.27-r2 \
|
|
||||||
python3=3.7.7-r0 \
|
|
||||||
&& \
|
|
||||||
adduser -u ${TEST_ENV_UID} -s /bin/bash -D ${TEST_ENV_USER} && \
|
|
||||||
echo ${TEST_ENV_USER}:${TEST_ENV_PASSWORD} | chpasswd && \
|
|
||||||
mkdir ${SSH_DIR} && \
|
|
||||||
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR} && chmod 0700 ${SSH_DIR} && \
|
|
||||||
touch ${SSH_DIR}/authorized_keys && \
|
|
||||||
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR}/authorized_keys && \
|
|
||||||
chmod 0600 ${SSH_DIR}/authorized_keys && \
|
|
||||||
rc-status && \
|
|
||||||
touch /run/openrc/softlevel
|
|
||||||
|
|
||||||
COPY files/entrypoint /entrypoint
|
|
||||||
COPY files/admin-sudoers /etc/sudoers.d/admin
|
|
||||||
|
|
||||||
EXPOSE 22 80 443
|
|
||||||
|
|
||||||
CMD ["/entrypoint"]
|
|
|
@ -1 +0,0 @@
|
||||||
admin ALL=(ALL) NOPASSWD: ALL
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set euo -pipefail
|
|
||||||
|
|
||||||
# Add authorized keys
|
|
||||||
if ! [ -z "${AUTHORIZED_KEYS}" ]; then
|
|
||||||
echo ${AUTHORIZED_KEYS} > /home/admin/.ssh/authorized_keys
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Start SSH service
|
|
||||||
rc-service sshd start
|
|
||||||
|
|
||||||
# Sleep and wait
|
|
||||||
sleep 30d
|
|
Reference in a new issue