Compare commits
6 commits
master
...
docs/confi
Author | SHA1 | Date | |
---|---|---|---|
6d1657ea0a | |||
ad3f4fa0bb | |||
7547551d3b | |||
6060a7f31d | |||
ffc758840d | |||
5402dd9cb6 |
28 changed files with 228 additions and 361 deletions
|
@ -1,5 +0,0 @@
|
|||
*
|
||||
!roles
|
||||
!library
|
||||
!Makefile
|
||||
!playbook.yml
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,5 +1,6 @@
|
|||
inventories/*
|
||||
!inventories/.gitkeep
|
||||
site.yml
|
||||
vapid-private-key.pem
|
||||
|
||||
library/__pycache__/
|
||||
|
|
|
@ -1,15 +1,13 @@
|
|||
---
|
||||
workflow:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
image: python:3.7.6-slim-buster
|
||||
|
||||
stages:
|
||||
- test
|
||||
- publish
|
||||
|
||||
include:
|
||||
- local: '/.gitlab/ci/templates/docker.gitlab-ci.yml'
|
||||
- local: '/.gitlab/ci/test-env.gitlab-ci.yml'
|
||||
- local: '/.gitlab/ci/playbook.gitlab-ci.yml'
|
||||
test:
|
||||
stage: test
|
||||
before_script:
|
||||
- apt-get update && apt-get install make
|
||||
- pip install ansible==2.9.6
|
||||
script:
|
||||
- make test_modules_unit
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
---
|
||||
.use-python:
|
||||
image: python:3.7.6-slim-buster
|
||||
|
||||
.playbook-docker-vars:
|
||||
variables:
|
||||
DOCKERFILE: "Dockerfile"
|
||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook
|
||||
IMAGE_TAG: ${CI_COMMIT_REF_NAME}
|
||||
|
||||
.playbook-docker-test-rules:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||
changes:
|
||||
- "Dockerfile"
|
||||
when: always
|
||||
|
||||
test:playbook:dockerfile-lint:
|
||||
extends:
|
||||
- .dockerfile-lint
|
||||
- .playbook-docker-vars
|
||||
- .playbook-docker-test-rules
|
||||
|
||||
test:playbook:docker-build:
|
||||
extends:
|
||||
- .dockerbuild-test
|
||||
- .playbook-docker-vars
|
||||
- .playbook-docker-test-rules
|
||||
script:
|
||||
- export IMAGE_DATE=$(date -Iseconds)
|
||||
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
||||
- make image
|
||||
|
||||
test:playbook:custom-modules:
|
||||
stage: test
|
||||
extends: .use-python
|
||||
before_script:
|
||||
- apt-get update && apt-get install make
|
||||
- pip install ansible==2.9.7
|
||||
script:
|
||||
- make test_modules_unit
|
||||
only:
|
||||
refs:
|
||||
- merge_requests
|
||||
changes:
|
||||
- library/*
|
||||
except:
|
||||
refs:
|
||||
- master
|
||||
|
||||
publish:playbook:docker-image:
|
||||
extends:
|
||||
- .docker-publish
|
||||
- .playbook-docker-vars
|
||||
script:
|
||||
- export IMAGE_DATE=$(date -Iseconds)
|
||||
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
||||
- make publish
|
||||
only:
|
||||
- /^v[0-9]+(.[0-9]+){2}$/
|
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
.install-make: &install-make
|
||||
- apk add --no-cache make
|
||||
|
||||
.docker-build-setup:
|
||||
image: docker:19.03.8
|
||||
services:
|
||||
- docker:19.03.8-dind
|
||||
|
||||
.dockerfile-lint:
|
||||
stage: test
|
||||
image: hadolint/hadolint:v1.18.0-alpine
|
||||
script:
|
||||
- hadolint ${DOCKERFILE}
|
||||
|
||||
.dockerbuild-test:
|
||||
stage: test
|
||||
extends: .docker-build-setup
|
||||
before_script:
|
||||
- *install-make
|
||||
|
||||
.docker-publish:
|
||||
stage: publish
|
||||
extends: .docker-build-setup
|
||||
before_script:
|
||||
- *install-make
|
||||
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
|
||||
after_script:
|
||||
- docker logout ${CI_REGISTRY}
|
|
@ -1,39 +0,0 @@
|
|||
---
|
||||
.test-env-docker-vars:
|
||||
variables:
|
||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/test-environment
|
||||
IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
|
||||
DOCKERFILE: "test/pleroma_test_env/Dockerfile"
|
||||
DOCKER_CONTEXT: "test/pleroma_test_env"
|
||||
BUILD_ARGS: "--build-arg TEST_ENV_PASSWORD=${TEST_ENV_PASSWORD}"
|
||||
|
||||
.test-env-test-rules:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||
changes:
|
||||
- "test/pleroma_test_env/Dockerfile"
|
||||
when: always
|
||||
|
||||
test:test-env:dockerfile-lint:
|
||||
extends:
|
||||
- .dockerfile-lint
|
||||
- .test-env-docker-vars
|
||||
- .test-env-test-rules
|
||||
|
||||
test:test-env:docker-build:
|
||||
extends:
|
||||
- .dockerbuild-test
|
||||
- .test-env-docker-vars
|
||||
- .test-env-test-rules
|
||||
script:
|
||||
- make image
|
||||
|
||||
publish:test-env:docker-image:
|
||||
extends:
|
||||
- .docker-publish
|
||||
- .test-env-docker-vars
|
||||
script:
|
||||
- make publish
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "web"'
|
||||
when: always
|
67
Dockerfile
67
Dockerfile
|
@ -1,67 +0,0 @@
|
|||
FROM alpine:3.11
|
||||
|
||||
ARG ANSIBLE_UID=1200
|
||||
ARG ANSIBLE_USER=ansible
|
||||
ARG ANSIBLE_VERSION=2.9.7
|
||||
ARG PLEROMA_PLAYBOOK_DIRECTORY=/ansible/pleroma-playbook
|
||||
ARG BUILD_TIME
|
||||
ARG BUILD_TAG
|
||||
|
||||
# Annotation (label) schema based on the OCI image specification.
|
||||
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
|
||||
LABEL org.opencontainers.image.authors="Dan Anglin <d.n.i.anglin@gmail.com>" \
|
||||
org.opencontainers.image.created=${BUILD_TIME} \
|
||||
org.opencontainers.image.documentation="https://gitlab.com/dananglin/pleroma-ansible-playbook/-/blob/master/README.md" \
|
||||
org.opencontainers.image.source="https://gitlab.com/dananglin/pleroma-ansible-playbook.git" \
|
||||
org.opencontainers.image.version=${BUILD_TAG} \
|
||||
org.opencontainers.image.vendor="Dan Anglin" \
|
||||
org.opencontainers.image.licenses="MIT" \
|
||||
org.opencontainers.image.title="Pleroma Ansible Playbook" \
|
||||
org.opencontainers.image.description="Ansible playbook that installs, configures and customizes Pleroma on a Alpine host."
|
||||
|
||||
# TODO: Remove sshpass when it is possible to do so.
|
||||
RUN \
|
||||
apk add --no-cache \
|
||||
ca-certificates=20191127-r2 \
|
||||
make=4.2.1-r2 \
|
||||
openssh-client=8.1_p1-r0 \
|
||||
openssl=1.1.1g-r0 \
|
||||
python3=3.8.2-r0 \
|
||||
bash=5.0.11-r1 \
|
||||
sshpass=1.06-r0 \
|
||||
&& \
|
||||
apk add --no-cache --virtual .build-deps \
|
||||
python3-dev=3.8.2-r0 \
|
||||
libffi-dev=3.2.1-r6 \
|
||||
openssl-dev=1.1.1g-r0 \
|
||||
build-base=0.5-r1 \
|
||||
&& \
|
||||
pip3 install --upgrade \
|
||||
pip==20.0.2 \
|
||||
cffi==1.14.0 \
|
||||
&& \
|
||||
pip install \
|
||||
ansible==${ANSIBLE_VERSION} \
|
||||
hvac==0.10.3 \
|
||||
&& \
|
||||
apk del \
|
||||
.build-deps \
|
||||
&& \
|
||||
adduser -u ${ANSIBLE_UID} -s /bin/sh -D ${ANSIBLE_USER}
|
||||
|
||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} library ${PLEROMA_PLAYBOOK_DIRECTORY}/library/
|
||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} roles ${PLEROMA_PLAYBOOK_DIRECTORY}/roles/
|
||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} playbook.yml ${PLEROMA_PLAYBOOK_DIRECTORY}/playbook.yml
|
||||
COPY --chown=${ANSIBLE_UID}:${ANSIBLE_UID} Makefile ${PLEROMA_PLAYBOOK_DIRECTORY}/Makefile
|
||||
|
||||
ENV ANSIBLE_HOST_KEY_CHECKING=False \
|
||||
ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3 \
|
||||
ANSIBLE_SSH_PIPELINING=False \
|
||||
ANSIBLE_GATHERING=smart \
|
||||
ANSIBLE_RETRY_FILES_ENABLED=False \
|
||||
ANSIBLE_PERSISTENT_CONNECT_TIMEOUT=30 \
|
||||
ANSIBLE_PERSISTENT_COMMAND_TIMEOUT=60
|
||||
|
||||
USER ${ANSIBLE_USER}
|
||||
WORKDIR ${PLEROMA_PLAYBOOK_DIRECTORY}
|
||||
CMD [ "make", "pleroma" ]
|
20
Makefile
20
Makefile
|
@ -1,15 +1,6 @@
|
|||
VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
||||
INVENTORY ?= "hosts.yml"
|
||||
PLAYBOOK_TAGS ?= "all"
|
||||
PLAYBOOK_FILE ?= "playbook.yml"
|
||||
DOCKERFILE ?= Dockerfile
|
||||
DOCKER_CONTEXT ?= .
|
||||
IMAGE_NAME ?= pleroma-ansible-playbook
|
||||
IMAGE_TAG ?= latest
|
||||
IMAGE_DATE ?= nil
|
||||
DOCKER_IMAGE = $(IMAGE_NAME):$(IMAGE_TAG)
|
||||
|
||||
PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key test_modules_unit image publish pleroma
|
||||
PHONY: secret_key_base signing_salt vapid_private_key vapid_public_key
|
||||
|
||||
all: secret_key_base signing_salt vapid_key_pair
|
||||
|
||||
|
@ -36,12 +27,3 @@ vapid_public_key: $(VAPID_PRIVATE_KEY_FILE)
|
|||
|
||||
test_modules_unit:
|
||||
@find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3
|
||||
|
||||
image:
|
||||
@docker build $(BUILD_ARGS) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) $(DOCKER_CONTEXT)
|
||||
|
||||
publish: image
|
||||
@docker push $(DOCKER_IMAGE)
|
||||
|
||||
pleroma:
|
||||
ansible-playbook --inventory $(INVENTORY) --tags $(PLAYBOOK_TAGS) $(EXTRA_ARGS) $(PLAYBOOK_FILE)
|
||||
|
|
12
README.md
12
README.md
|
@ -3,6 +3,8 @@
|
|||
## Table of content
|
||||
|
||||
- [Summary](#summary)
|
||||
- [Ansible roles](#ansible-roles)
|
||||
- [Additional features](#additional-features)
|
||||
- [Requirements](#requirements)
|
||||
- [Configuration](#configuration)
|
||||
- [Secrets](#secrets)
|
||||
|
@ -18,16 +20,14 @@ This project was inspired by the official [Pleroma OTP installation guide](https
|
|||
|
||||
This project is developed over at https://gitlab.com/dananglin/pleroma-ansible-playbook. The master branch is mirrored over at https://github.com/dananglin/pleroma-ansible-playbook.
|
||||
|
||||
The project's icon ([Books icon](https://icons8.com/icon/114010/books)) was downloaded from [Icons8](https://icons8.com).
|
||||
|
||||
### Ansible roles
|
||||
|
||||
There are four roles used to install and configure your Pleroma instance:
|
||||
There are four roles used to install and configure Pleroma including:
|
||||
|
||||
- **init:** merges the default configuration with your custom configuration.
|
||||
- **pleroma-database:** maintains the database layer by installing and configuring the PostgreSQL database server, creating the database user and creating and administrating the Pleroma database.
|
||||
- **pleroma-main:** maintains the main layer by handling the Pleroma installation, Pleroma upgrades and the configuration of the Pleroma frontend and backend.
|
||||
- **pleroma-proxy:** maintains the proxy layer by installing and configuring Nginx, creating the TLS certificates using Let's Encrypt, adding support for proving your Pleroma site with Keybase, etc.
|
||||
- **pleroma-postgres:** installs and configures the Pleroma PostgreSQL database.
|
||||
- **pleroma-main:** installs/upgrades Pleroma and configures both the backend and frontend.
|
||||
- **pleroma-nginx:** installs and configures Nginx, creates SSL certificates using Let's Encrypt and adds support for proving your Pleroma site with Keybase.
|
||||
|
||||
### Additional features
|
||||
|
||||
|
|
|
@ -1,26 +1,194 @@
|
|||
---
|
||||
# TODO: In init role fail playbook if secrets are empty
|
||||
pleroma:
|
||||
config:
|
||||
email: &email admin@localhost.private
|
||||
host: example.com
|
||||
listeningPort: 4000
|
||||
instanceName: "My Instance Name"
|
||||
instanceDescription: "My Instance Description"
|
||||
registrationsOpen: "false"
|
||||
logLevel: warn
|
||||
#secretKeyBase:
|
||||
#signingSalt:
|
||||
# field name - pleroma.config.email
|
||||
# description -
|
||||
# The email address of the instance administrator (you).
|
||||
# This should be your personal or organisational email.
|
||||
# default value - admin@localhost
|
||||
email: &email admin@localhost
|
||||
|
||||
# field name - pleroma.config.host
|
||||
# description - The sub(domain) of your Pleroma instance.
|
||||
# default value - pleroma.localhost
|
||||
host: pleroma.example.com
|
||||
|
||||
# field name - pleroma.config.notifyEmail
|
||||
# description - The email used for notifications.
|
||||
# default value - no_reply@pleroma.localhost
|
||||
#notifyEmail: no_reply@pleroma.example.com
|
||||
|
||||
# field name - pleroma.config.listeningPort
|
||||
# description - The port number that Pleroma will bind to.
|
||||
# default value - 4000
|
||||
#listeningPort: 4000
|
||||
|
||||
# field name - pleroma.config.instanceName
|
||||
# description - The name of your Pleroma instance.
|
||||
# default value - "Ansible Pleroma"
|
||||
instanceName: "My Instance's Name"
|
||||
|
||||
# field name - pleroma.config.instanceDescription
|
||||
# description - The description of your Pleroma instance.
|
||||
# default value - "A new single instance of Pleroma"
|
||||
instanceDescription: "My Instance's Description"
|
||||
|
||||
# field name - pleroma.config.characterLimit
|
||||
# description - The character limit for each post.
|
||||
# default value - 5000
|
||||
#characterLimit: 5000
|
||||
|
||||
# field name - pleroma.config.registrationsOpen
|
||||
# description - If set to "true" this allows anyone to register on your instance.
|
||||
# default value - "false"
|
||||
#registrationsOpen: "false"
|
||||
|
||||
# TODO: This needs to be updated
|
||||
# field name - pleroma.config.
|
||||
# description -
|
||||
# default value -
|
||||
#dynamicConfiguration: "false"
|
||||
|
||||
# field name - pleroma.config.healthCheck
|
||||
# description - Show system data at /api/pleroma/healthcheck if set to "true".
|
||||
# default value - "false"
|
||||
#healthCheck: "false"
|
||||
|
||||
# field name - pleroma.config.remotePostRetentionDays
|
||||
# description - The default amount of days to retain remote posts when pruning the database.
|
||||
# default value - 90
|
||||
#remotePostRetentionDays: 90
|
||||
|
||||
# field name - pleroma.config.logLevel
|
||||
# description - Sets the log level of the Pleroma application.
|
||||
# default value - info
|
||||
#logLevel: info
|
||||
|
||||
# field name - pleroma.config.federating
|
||||
# description - Enable federation with other instances if set to "true".
|
||||
# default value - "true"
|
||||
#federating: "true"
|
||||
|
||||
# field name - pleroma.config.chatEnabled
|
||||
# description - Enable the chat window if set to "true".
|
||||
# default value - "true"
|
||||
#chatEnabled: "true"
|
||||
|
||||
# field name - pleroma.config.secretKeyBase
|
||||
# description -
|
||||
# This is used to configure the secret_key_base in Pleroma.
|
||||
# It is used to sign and verify cookies.
|
||||
# To generate this run 'make secret_key_base'
|
||||
# The playbook will fail if this field is empty.
|
||||
secretKeyBase:
|
||||
|
||||
# field name - pleroma.config.signingSalt
|
||||
# description -
|
||||
# This is used to configure the signing_salt in Pleroma.
|
||||
# It is used with the secret_key_base to generate a key for signing and verifying cookies.
|
||||
# To generate this run 'make signing_salt'
|
||||
# The playbook will fail if this field is empty.
|
||||
signingSalt:
|
||||
|
||||
# This section configures the... TODO
|
||||
mrf:
|
||||
simplePolicy:
|
||||
#reject: []
|
||||
#federatedTimelineRemoval: []
|
||||
#mediaRemoval: []
|
||||
#mediaNsfw: []
|
||||
#reportRemoval: []
|
||||
|
||||
# This section configures the Pleroma frontend.
|
||||
frontend:
|
||||
# field name - pleroma.config.frontend.background
|
||||
# default value - This field is empty by default
|
||||
# description -
|
||||
# The path on the Ansible controller to the image
|
||||
# that will be uploaded to your Pleroma instance and
|
||||
# used as the default background image.
|
||||
#background: /path/to/your/background/image
|
||||
|
||||
themes:
|
||||
# field name - pleroma.config.frontend.themes.custom
|
||||
# default value - An empty list
|
||||
# description - A list of names and corresponding paths of your custom themes
|
||||
#custom:
|
||||
#- name: custom-theme-1
|
||||
# path: /file/path/to/custom/theme1
|
||||
#- name: custom-theme-2
|
||||
# path: /file/path/to/custom/theme2
|
||||
|
||||
# field name - pleroma.config.frontend.themes.default
|
||||
# default value - pleroma-dark
|
||||
# description -
|
||||
# The default theme for your instance.
|
||||
# You can specify one of the default themes or even
|
||||
# one of your custom theme.
|
||||
#default: custom-theme-1
|
||||
|
||||
webPushEncryption:
|
||||
# field name - pleroma.config.webPushEncryption.email
|
||||
# description -
|
||||
email: *email
|
||||
#privateKey:
|
||||
#publicKey:
|
||||
|
||||
# field name - pleroma.config.webPushEncryption.privateKey
|
||||
# description -
|
||||
# This is the private key to enable browser notifications using VAPID.
|
||||
# To generate this run 'make vapid_private_key'
|
||||
# The playbook will fail if this field is empty.
|
||||
privateKey:
|
||||
|
||||
# field name - pleroma.config.webPushEncryption.publicKey
|
||||
# description -
|
||||
# The playbook will fail if this field is empty.
|
||||
publicKey:
|
||||
db:
|
||||
name: pleroma
|
||||
user: pleroma
|
||||
#password:
|
||||
# field name - pleroma.config.db.password
|
||||
# description -
|
||||
# The password to the Pleroma database.
|
||||
# The playbook will fail if this field is empty.
|
||||
password:
|
||||
|
||||
# field name - pleroma.config.db.name
|
||||
# description - The name of the Pleroma database.
|
||||
# default value - pleroma_db
|
||||
#name: pleroma_db
|
||||
|
||||
# field name - pleroma.config.db.user
|
||||
# description - The name of the database user.
|
||||
# default value - pleroma
|
||||
#user: pleroma
|
||||
|
||||
# field name - pleroma.config.db.connLimit
|
||||
# description - The number of allowed concurrent connections to the database.
|
||||
# default value - 15
|
||||
#connLimit: 15
|
||||
ssl:
|
||||
#csr:
|
||||
# countryName: ""
|
||||
# emailAddress: "{{ pleroma.config.email }}"
|
||||
# localityName: ""
|
||||
# organizationName: ""
|
||||
# organizationUnitName: ""
|
||||
# stateOrProvinceName: ""
|
||||
letsEncrypt:
|
||||
enable: true
|
||||
acmeAccountEmail: *email
|
||||
acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
termsAgreed: yes
|
||||
enable: false
|
||||
#acmeAccountEmail: *email
|
||||
#acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
#termsAgreed: yes
|
||||
#validateCerts: true
|
||||
keybase:
|
||||
# field name - pleroma.keybase.enable
|
||||
# default value - false
|
||||
# description -
|
||||
# If set to true the playbook will upload your keybase text file and
|
||||
# configure Nginx in order to prove your Keybase identity against your
|
||||
# Pleroma instance.
|
||||
enable: false
|
||||
proof:
|
||||
# field name - pleroma.keybase.proof.filepath
|
||||
# default value - ${HOME}/keybase.txt
|
||||
# description - The file path to your keybase text file on your Ansible controller.
|
||||
#filepath: "{{ lookup('env','HOME') }}/keybase.txt"
|
||||
|
|
|
@ -11,9 +11,9 @@
|
|||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-database
|
||||
- pleroma-postgres
|
||||
tags:
|
||||
- pleroma-database
|
||||
- pleroma-postgres
|
||||
|
||||
- name: Installing and configuring the Pleroma backend.
|
||||
hosts: pleroma_backend
|
||||
|
@ -29,6 +29,6 @@
|
|||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-proxy
|
||||
- pleroma-nginx
|
||||
tags:
|
||||
- pleroma-proxy
|
||||
- pleroma-nginx
|
||||
|
|
34
playbook.yml
34
playbook.yml
|
@ -1,34 +0,0 @@
|
|||
---
|
||||
- name: Initialising the playbook.
|
||||
hosts: all
|
||||
roles:
|
||||
- init
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Setting up the Pleroma database.
|
||||
hosts: pleroma_database
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-database
|
||||
tags:
|
||||
- pleroma-database
|
||||
|
||||
- name: Setting up Pleroma.
|
||||
hosts: pleroma_main
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-main
|
||||
tags:
|
||||
- pleroma-main
|
||||
|
||||
- name: Setting up the Pleroma proxy layer.
|
||||
hosts: pleroma_proxy
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- pleroma-proxy
|
||||
tags:
|
||||
- pleroma-proxy
|
|
@ -9,7 +9,7 @@ pleroma_defaults:
|
|||
instanceDescription: "A new single instance of Pleroma"
|
||||
characterLimit: 5000
|
||||
registrationsOpen: "false"
|
||||
configurableFromDatabase: "false"
|
||||
dynamicConfiguration: "false"
|
||||
healthCheck: "false"
|
||||
remotePostRetentionDays: 90
|
||||
logLevel: info
|
||||
|
|
|
@ -79,7 +79,7 @@
|
|||
when: enable_pleroma_download | default(False)
|
||||
|
||||
- name: Registering the installed version of Pleroma.
|
||||
shell: "{{ pleroma_user.home }}/bin/pleroma version | awk '{print $2}' | awk -F - '{print $1}'"
|
||||
shell: "{{ pleroma_user.home }}/bin/pleroma version | awk '{print $2}'"
|
||||
register: pleroma_installed_version
|
||||
when: enable_pleroma_upgrade | default(False)
|
||||
|
||||
|
@ -89,7 +89,7 @@
|
|||
when: enable_pleroma_upgrade | default(False)
|
||||
|
||||
- name: Registering the downloaded version of Pleroma.
|
||||
shell: "/tmp/release/bin/pleroma version | awk '{print $2}' | awk -F - '{print $1}'"
|
||||
shell: /tmp/release/bin/pleroma version | awk '{print $2}'
|
||||
register: pleroma_downloaded_version
|
||||
when: enable_pleroma_upgrade | default(False)
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ config :pleroma, :instance,
|
|||
registrations_open: {{ pleroma.config.registrationsOpen }},
|
||||
healthcheck: {{ pleroma.config.healthCheck }},
|
||||
remote_post_retention_days: {{ pleroma.config.remotePostRetentionDays }},
|
||||
configurable_from_database: {{ pleroma.config.configurableFromDatabase }},
|
||||
dynamic_configuration: {{ pleroma.config.dynamicConfiguration }},
|
||||
federating: {{ pleroma.config.federating }},
|
||||
rewrite_policy: [Pleroma.Web.ActivityPub.MRF.SimplePolicy]
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{
|
||||
|
||||
"pleroma-dark": "/static/themes/pleroma-dark.json",
|
||||
"pleroma-light": "/static/themes/pleroma-light.json",
|
||||
"pleroma-dark": [ "Pleroma Dark", "#121a24", "#182230", "#b9b9ba", "#d8a070", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
||||
"pleroma-light": [ "Pleroma Light", "#f2f4f6", "#dbe0e8", "#304055", "#f86f0f", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
||||
"pleroma-amoled": [ "Pleroma Dark AMOLED", "#000000", "#111111", "#b0b0b1", "#d8a070", "#aa0000", "#0fa00f", "#0095ff", "#d59500"],
|
||||
"classic-dark": [ "Classic Dark", "#161c20", "#282e32", "#b9b9b9", "#baaa9c", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
|
||||
"bird": [ "Bird", "#f8fafd", "#e6ecf0", "#14171a", "#0084b8", "#e0245e", "#17bf63", "#1b95e0", "#fab81e"],
|
||||
|
@ -13,8 +12,7 @@
|
|||
"redmond-xxi": "/static/themes/redmond-xxi.json",
|
||||
"breezy-dark": "/static/themes/breezy-dark.json",
|
||||
"breezy-light": "/static/themes/breezy-light.json",
|
||||
"mammal": "/static/themes/mammal.json",
|
||||
"paper": "/static/themes/paper.json"
|
||||
"mammal": "/static/themes/mammal.json"
|
||||
|
||||
{% for i in pleroma.config.frontend.themes.custom %}
|
||||
, "{{ i.name }}": "/static/themes/{{ i.name }}.json"
|
||||
|
|
|
@ -64,7 +64,6 @@ server {
|
|||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||
|
@ -84,7 +83,9 @@ server {
|
|||
proxy_ignore_client_abort on;
|
||||
proxy_buffering on;
|
||||
chunked_transfer_encoding on;
|
||||
proxy_pass http://127.0.0.1:{{ pleroma.config.listeningPort }};
|
||||
proxy_ignore_headers Cache-Control;
|
||||
proxy_hide_header Cache-Control;
|
||||
proxy_pass http://localhost:{{ pleroma.config.listeningPort }};
|
||||
}
|
||||
|
||||
{% if pleroma.keybase.enable == true -%}
|
|
@ -1,2 +0,0 @@
|
|||
*
|
||||
!files
|
|
@ -1,30 +0,0 @@
|
|||
FROM dockage/alpine:3.10-openrc
|
||||
|
||||
ARG TEST_ENV_UID=1100
|
||||
ARG TEST_ENV_USER=admin
|
||||
ARG TEST_ENV_PASSWORD
|
||||
ARG SSH_DIR=/home/admin/.ssh
|
||||
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
|
||||
|
||||
RUN apk add --no-cache \
|
||||
bash=5.0.0-r0 \
|
||||
openssh=8.1_p1-r0 \
|
||||
sudo=1.8.27-r2 \
|
||||
python3=3.7.7-r0 \
|
||||
&& \
|
||||
adduser -u ${TEST_ENV_UID} -s /bin/bash -D ${TEST_ENV_USER} && \
|
||||
echo ${TEST_ENV_USER}:${TEST_ENV_PASSWORD} | chpasswd && \
|
||||
mkdir ${SSH_DIR} && \
|
||||
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR} && chmod 0700 ${SSH_DIR} && \
|
||||
touch ${SSH_DIR}/authorized_keys && \
|
||||
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR}/authorized_keys && \
|
||||
chmod 0600 ${SSH_DIR}/authorized_keys && \
|
||||
rc-status && \
|
||||
touch /run/openrc/softlevel
|
||||
|
||||
COPY files/entrypoint /entrypoint
|
||||
COPY files/admin-sudoers /etc/sudoers.d/admin
|
||||
|
||||
EXPOSE 22 80 443
|
||||
|
||||
CMD ["/entrypoint"]
|
|
@ -1 +0,0 @@
|
|||
admin ALL=(ALL) NOPASSWD: ALL
|
|
@ -1,14 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set euo -pipefail
|
||||
|
||||
# Add authorized keys
|
||||
if ! [ -z "${AUTHORIZED_KEYS}" ]; then
|
||||
echo ${AUTHORIZED_KEYS} > /home/admin/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
# Start SSH service
|
||||
rc-service sshd start
|
||||
|
||||
# Sleep and wait
|
||||
sleep 30d
|
Reference in a new issue