Archived

Ansible playbook for Pleroma.

This repository has been archived on 2023-05-06. You can view files and clone it, but cannot push or open issues or pull requests.

Find a file

Dan Anglin 0cedf15ad9 feat: add Dockerfile to Dockerise the playbook - Add Dockerfile to install Ansible and the playbook. - Add Makefile target to build the image. - Add Makefile target to run the playbook. - Add the playbook that ansible will run. - Add .dockerignore to limit the files added to the context. - Added a pipeline job to test the image build. - Added a pipeline job to lint the Dockerfile. This closes dananglin/pleroma-ansible-playbook#13		2020-04-22 19:21:59 +01:00
.gitlab/issue_templates	chore: issue templates for tasks	2020-02-26 11:33:40 +00:00
examples	fix: update ansible role names	2020-03-21 17:22:59 +00:00
inventories	final cleanup before production deployment	2019-11-02 19:34:30 +00:00
library	fix: implement an upgrade procedure for Pleroma.	2020-03-06 12:04:48 +00:00
roles	feat: ensure playbook supports version 2.0.1	2020-04-03 05:22:34 +01:00
.dockerignore	feat: add Dockerfile to Dockerise the playbook	2020-04-22 19:21:59 +01:00
.gitignore	fix: implement an upgrade procedure for Pleroma.	2020-03-06 12:04:48 +00:00
.gitlab-ci.yml	feat: add Dockerfile to Dockerise the playbook	2020-04-22 19:21:59 +01:00
Dockerfile	feat: add Dockerfile to Dockerise the playbook	2020-04-22 19:21:59 +01:00
LICENSE	chore: added MIT License.	2019-10-02 00:39:57 +00:00
Makefile	feat: add Dockerfile to Dockerise the playbook	2020-04-22 19:21:59 +01:00
playbook.yml	feat: add Dockerfile to Dockerise the playbook	2020-04-22 19:21:59 +01:00
README.md	refactor: changed pleroma-backend to pleroma-main	2020-02-27 17:58:58 +00:00

README.md

Ansible Playbook for Pleroma

Summary

This project was inspired by the official Pleroma OTP installation guide and contains a playbook which installs and configures Pleroma on a single Alpine Linux host. It currently contains four roles, including:

init: merges the default configuration with the user's custom configuration.
pleroma-postgres: installs and configures the PostgreSQL database.
pleroma-main: installs/upgrades Pleroma and configures both the backend and frontend.
pleroma-nginx: installs and configures Nginx, creates SSL certificates using Let's Encrypt and adds support for proving your Pleroma site with Keybase.

This project is currently used to manage my personal instance at https://fedi.dananglin.me.uk.

Additional Features

Let's Encrypt support: This playbook creates a SSL certificate using Let's Encrypt.
Keybase support: Pleroma does not support Keybase out of the box but you can still prove that your ownership of your Pleroma site.
Custom default background: Specify an image to use as the default background of your Pleroma site.

Requirements

A controller host running Ansible version 2.8+.
make and openssl on the controller host which are used to generate secret values.
A target host running Alpine Linux version 3.10.
A (sub)domain which resolves to the IP address of the target host.

Configuration

Here's an example configuration file that you can use as a starting point to configure your Pleroma instance. This typically goes in your host_vars directory but you can place it in your group_vars directory or even inside your playbook instead. The default configuration is located here which the init role will merge with your configuration. Any fields you configured will overwrite the default.

More documentation on the configuration will be available soon.

Secrets

Following secrets are not included in the default configuration and must be generated before running the playbook:

secretKeyBase: This is used to configure the secret_key_base in Pleroma. This is used to sign and verify cookies.
signingSalt: This is used to configure the signing_salt in Pleroma. This is used with the secret_key_base to generate a key for signing and verifying cookies.
vapid key pair for web push encryption: This is a private and public key pair so that Pleroma can used VAPID to identify itself to the web push service (for notifications in the browser).
database password: This is used to authenticate access to the Pleroma database.

Insstructions on generating these can be found in the guide below. It is recommended to encrypt these secrets using Ansible Vault.

Guide to setting up and running the playbook

Copy the example inventory file to the root of this project.
```
$ cp examples/inventory.yml ./
```
In the inventory file you've just copied change <ANSIBLE_HOSTS> to the IP address of the target host and change <ANSIBLE_USER> to the user on the target host with sudo priviledges.
Copy the example playbook file to the root of the project.
```
$ cp examples/site.yml ./
```
Copy the example host_vars directory to the root of this project. This directory contains the file used to configure your Pleroma instance. You should review and edit the configuration before running the playbook.
```
$ cp -a examples/host_vars ./
```
Generate the secret key base and add this to the to the secretKeyBase field (don't forget to uncomment this).
```
$ make secret_key_base
```
Generate the signing salt and add this to the signingSalt field.
```
$ make signing_salt
```
Generate the key pair for web push encryption and add these to privateKey and publicKey fields.
```
$ make vapid_key_pair
```
Create a password for your database and add this to the password field under db.
Optional (but recommended): Use Ansible Vault to encrypt the generated secret values above.

Run the playbook using one of the following commands:

# If you're not using Ansible vault
$ ansible-playbook -i inventory.yml site.yml

# If you're using Ansible vault and want to be prompted for the password
$ ansible-playbook -i inventory.yml site.yml --ask-vault-pass

# If you're using Ansible vault and a password file
$ ansible-playbook -i inventory.yml site.yml --vault-id /path/to/your/password-file