diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..f51055f --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,61 @@ +--- +stages: +- deploy + +# TODO: research and add a suitable WorkFlow. + +variables: + ANSIBLE_FORCE_COLOR: "True" + INVENTORY: ${CI_PROJECT_DIR}/ansible/inventory/free-flow/hosts + PLEROMA_PLAYBOOK_DIRECTORY: /ansible/pleroma-playbook + PLEROMA_INFRASTRUCTURE_DIRECTORY: ${CI_PROJECT_DIR} + VAULT_AUTH_METHOD: approle + +image: registry.gitlab.com/dananglin/pleroma-ansible-playbook:v0.1.3 + +before_script: +- .gitlab/ci/bin/generate-inventory +- .gitlab/ci/bin/update-config-for-testing +- cd ${PLEROMA_PLAYBOOK_DIRECTORY} + +deploy:testing: + environment: + name: ${PLEROMA_ENVIRONMENT} + url: ${TESTING_PLEROMA_FQDN} + rules: + - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == "testing" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"' + when: always + script: + - "make pleroma" + stage: deploy + tags: + - pleroma-ansible-testing + variables: + EXTRA_ARGS: "--extra-vars enable_pleroma_upgrade=True" + PLEROMA_ENVIRONMENT: testing + PLEROMA_ANSIBLE_HOST: ${TESTING_PLEROMA_ANSIBLE_HOST} + PLEROMA_ANSIBLE_USER: ${TESTING_PLEROMA_ANSIBLE_USER} + PLEROMA_ANSIBLE_PASSWORD: ${TESTING_PLEROMA_ANSIBLE_PASSWORD} + VAULT_ROLE_ID: ${TESTING_VAULT_ROLE_ID} + VAULT_SECRET_ID: ${TESTING_VAULT_SECRET_ID} + +deploy:production: + environment: + name: ${PLEROMA_ENVIRONMENT} + url: https://fedi.dananglin.me.uk + rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_PATH == "dananglin/pleroma-free-flow"' + when: always + script: + - "make pleroma" + stage: deploy + tags: + - pleroma-ansible-production + variables: + ANSIBLE_PRIVATE_KEY_FILE: ${PRODUCTION_PLEROMA_ANSIBLE_PRIVATE_KEY_FILE} + EXTRA_ARGS: "--extra-vars enable_pleroma_upgrade=True" + PLEROMA_ENVIRONMENT: production + PLEROMA_ANSIBLE_HOST: ${PRODUCTION_PLEROMA_ANSIBLE_HOST} + PLEROMA_ANSIBLE_USER: ${PRODUCTION_PLEROMA_ANSIBLE_USER} + VAULT_ROLE_ID: ${PRODUCTION_PLEROMA_VAULT_ROLE_ID} + VAULT_SECRET_ID: ${PRODUCTION_PLEROMA_VAULT_SECRET_ID} diff --git a/.gitlab/ci/bin/generate-inventory b/.gitlab/ci/bin/generate-inventory new file mode 100755 index 0000000..e9ab35a --- /dev/null +++ b/.gitlab/ci/bin/generate-inventory @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -euo pipefail + +ANSIBLE_SSH_VARS="ansible_connection=ssh ansible_host=${PLEROMA_ANSIBLE_HOST} ansible_user=${PLEROMA_ANSIBLE_USER}" + +if [ "${PLEROMA_ENVIRONMENT:-nil}" == "testing" ]; then + ANSIBLE_SSH_VARS="${ANSIBLE_SSH_VARS} ansible_password=${PLEROMA_ANSIBLE_PASSWORD}" +fi + +sed -i -e "s/free-flow/free-flow $ANSIBLE_SSH_VARS/g" ${INVENTORY} diff --git a/.gitlab/ci/bin/update-config-for-testing b/.gitlab/ci/bin/update-config-for-testing new file mode 100755 index 0000000..1e84982 --- /dev/null +++ b/.gitlab/ci/bin/update-config-for-testing @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -euo pipefail + +CONFIGURATION_FILE=${PLEROMA_INFRASTRUCTURE_DIRECTORY}/ansible/inventory/free-flow/host_vars/free-flow/pleroma-configuration.yml + +if [ "${PLEROMA_ENVIRONMENT:-nil}" == "testing" ]; then + + # 1) Ensure vault secrets are retrieved from the development path. + # 2) Change instance name. + # 3) Change instance description. + # 4) Disable healthcheck. + # 5) Change the domain name. + # 6) Disable let's encrypt (until we get ngrok set up). + + sed -i \ + -e 's/secret=pleroma\/production/secret=pleroma\/development/g' \ + -e 's/^.*instanceName:.*$/ instanceName: "Free Flow (Test Instance)"/' \ + -e 's/^.*instanceDescription:.*$/ instanceDescription: "Pleroma test instance for Free Flow"/' \ + -e 's/^.*healthCheck:.*$/ healthCheck: "false"/' \ + -e "s/^.*host:.*$/ host: ${TESTING_PLEROMA_FQDN}/" \ + ${CONFIGURATION_FILE} + +fi diff --git a/ansible/inventory/free-flow/host_vars/free-flow/pleroma-configuration.yml b/ansible/inventory/free-flow/host_vars/free-flow/pleroma-configuration.yml new file mode 100644 index 0000000..3731f71 --- /dev/null +++ b/ansible/inventory/free-flow/host_vars/free-flow/pleroma-configuration.yml @@ -0,0 +1,65 @@ +--- +pleroma: + config: + email: &email daangling@gmail.com + host: fedi.dananglin.me.uk + listeningPort: 10000 + instanceName: "Free Flow" + instanceDescription: "Yet another single-user Pleroma instance in the Fediverse." + secretKeyBase: "{{ lookup('hashi_vault', 'secret=pleroma/production:secretKeyBase') }}" + signingSalt: "{{ lookup('hashi_vault', 'secret=pleroma/production:signingSalt') }}" + webPushEncryption: + email: *email + privateKey: "{{ lookup('hashi_vault', 'secret=pleroma/production:webPushEncryption.privateKey') }}" + publicKey: "{{ lookup('hashi_vault', 'secret=pleroma/production:webPushEncryption.publicKey') }}" + characterLimit: 5000 + registrationsOpen: "false" + configurableFromDatabase: "false" + healthCheck: "true" + remotePostRetentionDays: 30 + logLevel: info + federating: "true" + chatEnabled: "false" + mrf: + simplePolicy: + reject: + - baraag.net + - gab.com + - switter.at + - vipgirlfriend.xxx + - pawoo.net + federatedTimelineRemoval: + - freespeechextremist.com + - sinblr.com + mediaRemoval: [] + mediaNsfw: [] + frontend: + background: "{{ lookup('env', 'PLEROMA_INFRASTRUCTURE_DIRECTORY') }}/assets/background/photo-of-starry-night.jpg" + themes: + custom: + - name: night-owl + path: "{{ lookup('env', 'PLEROMA_INFRASTRUCTURE_DIRECTORY') }}/assets/themes/night-owl.json" + default: night-owl + db: + name: "{{ lookup('hashi_vault', 'secret=pleroma/production:database.name') }}" + user: "{{ lookup('hashi_vault', 'secret=pleroma/production:database.user') }}" + password: "{{ lookup('hashi_vault', 'secret=pleroma/production:database.password') }}" + connLimit: 15 + ssl: + csr: + countryName: "GB" + emailAddress: *email + organizationName: "Dan Anglin" + organizationUnitName: "DevOps" + stateOrProvinceName: "Hertfordshire" + letsEncrypt: + enable: true + acmeAccountEmail: *email + acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory" + remainingDays: 30 + termsAgreed: yes + validateCerts: true + keybase: + enable: true + proof: + filepath: "{{ lookup('env', 'PLEROMA_INFRASTRUCTURE_DIRECTORY') }}/assets/keybase/keybase.txt" diff --git a/ansible/inventory/free-flow/host_vars/free-flow/pleroma-installation-variables.yml b/ansible/inventory/free-flow/host_vars/free-flow/pleroma-installation-variables.yml new file mode 100644 index 0000000..18ac848 --- /dev/null +++ b/ansible/inventory/free-flow/host_vars/free-flow/pleroma-installation-variables.yml @@ -0,0 +1,2 @@ +pleroma_version: 2.0.7 +pleroma_download_url: file:///opt/pleroma-installation/pleroma-{{ pleroma_version }}.zip diff --git a/ansible/inventory/free-flow/hosts b/ansible/inventory/free-flow/hosts new file mode 100644 index 0000000..f3ff6e1 --- /dev/null +++ b/ansible/inventory/free-flow/hosts @@ -0,0 +1,11 @@ +[pleroma] +free-flow + +[pleroma_database:children] +pleroma + +[pleroma_main:children] +pleroma + +[pleroma_proxy:children] +pleroma diff --git a/assets/background/photo-of-starry-night.jpg b/assets/background/photo-of-starry-night.jpg new file mode 100644 index 0000000..6b7a174 Binary files /dev/null and b/assets/background/photo-of-starry-night.jpg differ diff --git a/assets/keybase/keybase.txt b/assets/keybase/keybase.txt new file mode 100644 index 0000000..0ffe3fb --- /dev/null +++ b/assets/keybase/keybase.txt @@ -0,0 +1,76 @@ +================================================================== +https://keybase.io/dananglin +-------------------------------------------------------------------- + +I hereby claim: + + * I am an admin of https://fedi.dananglin.me.uk + * I am dananglin (https://keybase.io/dananglin) on keybase. + * I have a public key with fingerprint 2DA0 1412 E54B 4D09 1EC7 832B 6881 FFE2 487C 411A + +To do so, I am signing this object: + +{ + "body": { + "key": { + "eldest_kid": "01209ab244758a00dbdaa62f22e39f0a01626be8eed46486fad7cf98d8960c5733100a", + "fingerprint": "2da01412e54b4d091ec7832b6881ffe2487c411a", + "host": "keybase.io", + "key_id": "6881ffe2487c411a", + "kid": "01017c0ec830219a1bc8b485cd8ffc2888e5c7d8867ea0700a7489d19fa2531d4d610a", + "uid": "cabbfca4014ba07a1b45acccf673ca19", + "username": "dananglin" + }, + "service": { + "hostname": "fedi.dananglin.me.uk", + "protocol": "https:" + }, + "type": "web_service_binding", + "version": 1 + }, + "ctime": 1573089617, + "expire_in": 157680000, + "prev": "0640a7700c3ed34aa9e0952b106d15173939196e781450fdb1439c3142c5c154", + "seqno": 31, + "tag": "signature" +} + +which yields the signature: + +-----BEGIN PGP MESSAGE----- +Version: Keybase OpenPGP v2.1.3 +Comment: https://keybase.io/crypto + +yMNzAnicbVJ/TFVVHOcBRjxnGCNquYDuNFa86J7781yM5Ec+7GUZYmtGgPeeey7c +4P1+j/cYoCRqgyih2GKOJJpClE8TGwkO42fTYI6MKMKU3nxzpoQbDBWWdB/T/ur8 +c3a++3w+5/P5nDO0JixEryt6b9m/pSL9Sd1If6s7JG/Qnl1OSFa5jEgpJ4rxyoZL +ZOx0FRSrMpFCkIAiBVGiGIZnoUiSsiSLIkcpFIVpQSFFEnAUJ2GIscxwDOQUUeaR +IkAZChyJWJ6mAUmKhIFQVEshdtgcqsWlyVKyxmQAhVlGYmRSABjxkKYkDkKgKJhi +II8YAILEIqszyNDMSaITJ6tWbaYdClbs/Q/+gW8S8IjECNIkBQQRSAhKDGSRDBUF +URBCzCJehpDjsUjymkeegYIMBEWkWBrIjMyBFd/uFTkkSpKCREYzLWlwTY5hRYSQ +wvE0EoEQBDqxwyKasYaWRYtoKSxRLUSlgdDGpSrCwWaDUe5DFCyryf/hks042V2s +idgcVpcVWUs0RJHLZXOmBBVcZbYgxYOlgvtiBZJqkbVCNUYpdjhVq4VIARoSudSg +OtB6J7UHALyBwF6b6sAFqmVlzEFSW8F7cGmwJY7RgmvpEY1lmhFFAZMCS0mA5GTA +Ap4WaAEIHOYhYFhSkSXA0AKiAUMhFgGWIYLx7BYrkUIDzadYqGk61UKL6HI7MFE5 +0P9OeIhOH/LQqtDgTwvRR6598P/yo6L+iTn4ocmWsK1y/vieH/PXfNt5PM1vMJUk +HLt+wPzGxOXV1Z5dxIaWY02BoX2DfW9X571yp/lCT29Y5vlevzsu9am9qGV73PDI +Z0lL7fHwXBod07HQW84v//3E3YaI8aVAeqZ3KjG+ZbLQ8XjDWO2Xv1ifMXrqXl2M +brwxPe6qCG/ZndVYON/dWfOdOW94bY1kqnjk5nyGbbN+XVdU3fLirth532R5/q8V +eUNX23M3vRgXnmHWrUtUPNn2kc6Yzm/80YHTjucPX93R39rF6aqic05srM1sa21U +28Obl/cZs+91+Wcnv/Lpm6qnbr020VGXu3M6dCKyJmF6dv7pF0IXmi/HJl8z6k7A +9MiNZxv69+/wdm+rrboQ0/MFumZQLL/1Fvl/CHRHLf48szqyrciwhfr4zoa2Uzb7 +w4J303hH9QJ80zQ9PONdNIRmhd/bPhNzcqfUWrnqSqbYxOpm+ktn6cTHzlzS28/e +aqj6fGyffvSQP6IqLGfrwO+HbkflfLr0bBqay0ry1b//7k9NX9+8aDWelkaN131K +7Z8N9R+8nPrW64+eG3jp+6wzJfX07QhPaoTdl550aW9fXJ/9wO6L66cnY8S7gWGo +2+pQm6fMn9yoGp3KkImTf5l6Th2OPXjk/EyZ8w/bnGtPeO5RT7x3MDdn/5Wqo0c+ +ygqsNz7nNw27x7LmMn0mg/Ffy+jIVA== +=AISr +-----END PGP MESSAGE----- + +And finally, I am proving ownership of this host by posting or +appending to this document. + +View my publicly-auditable identity here: https://keybase.io/dananglin + +================================================================== + diff --git a/assets/themes/night-owl.json b/assets/themes/night-owl.json new file mode 100644 index 0000000..f974bbf --- /dev/null +++ b/assets/themes/night-owl.json @@ -0,0 +1,103 @@ +{ + "_pleroma_theme_version": 2, + "name": "Free Flow - Night Owl", + "theme": { + "fonts": { + "interface": { + "family": "sans-serif" + }, + "input": { + "family": "sans-serif" + }, + "post": { + "family": "sans-serif" + }, + "postCode": { + "family": "monospace" + } + }, + "shadows": { + "buttonPressed": [ + { + "x": 0, + "y": 0, + "blur": "10", + "spread": "4", + "color": "#5d5fc8", + "alpha": 1 + }, + { + "x": 0, + "y": 1, + "blur": 0, + "spread": 0, + "color": "#000000", + "alpha": 0.2, + "inset": true + }, + { + "x": 0, + "y": -1, + "blur": 0, + "spread": 0, + "color": "#FFFFFF", + "alpha": 0.2, + "inset": true + } + ], + "button": [ + { + "x": 0, + "y": 0, + "blur": 2, + "spread": 0, + "color": "#3664f3", + "alpha": 1 + }, + { + "x": 0, + "y": 1, + "blur": 0, + "spread": 0, + "color": "#FFFFFF", + "alpha": 0.2, + "inset": true + }, + { + "x": 0, + "y": -1, + "blur": 0, + "spread": 0, + "color": "#000000", + "alpha": 0.2, + "inset": true + } + ] + }, + "opacity": { + "bg": "0.85" + }, + "colors": { + "bg": "#0d0e0f", + "text": "#c1c1e7", + "link": "#5198c6", + "fg": "#0d0e0f", + "btn": "#0f2740", + "btnText": "#cdcddd", + "alertError": "#c3292c", + "cRed": "#ff474a", + "cBlue": "#0095ff", + "cGreen": "#5edea2", + "cOrange": "#e1754f" + }, + "radii": { + "btn": "3", + "input": "0", + "checkbox": "0", + "panel": "5", + "avatar": "2", + "avatarAlt": "5", + "tooltip": "4" + } + } +}