Переписал всё, сейчас вроде как отрабатывает без ошибок

2025-08-02 09:57:37 +05:00 · 2025-08-02 09:57:37 +05:00 · 26f2ea374d
commit 26f2ea374d
parent 436adfbc4f
49 changed files with 1404 additions and 169 deletions
--- a/roles/pleroma_building/tasks/main.yml
+++ b/roles/pleroma_building/tasks/main.yml
@ -0,0 +1,90 @@
+- name: Install Hex
+  become: true
+  become_user: pleroma
+  ansible.builtin.command:
+    chdir: /opt/pleroma
+    cmd: mix local.hex --force
+
+- name: Install rebar3
+  become: true
+  become_user: pleroma
+  ansible.builtin.command:
+    chdir: /opt/pleroma
+    cmd: mix local.rebar --force
+
+- name: Install Pleroma deps
+  become: true
+  become_user: pleroma
+  ansible.builtin.command:
+    chdir: /opt/pleroma
+    cmd: mix deps.get --force
+
+- name: Get Pleroma Domain
+  ansible.builtin.pause:
+    prompt: Input Pleroma domain
+  register: result
+
+- name: Set Pleroma Domain
+  ansible.builtin.set_fact:
+    pleroma_building_domain: "{{ result.user_input }}"
+
+- name: Get Pleroma instance name
+  ansible.builtin.pause:
+    prompt: Input Pleroma instance name
+  register: result
+
+- name: Set Pleroma instance name
+  ansible.builtin.set_fact:
+    pleroma_building_instance_name: "{{ result.user_input }}"
+
+- name: Get admin email
+  ansible.builtin.pause:
+    prompt: Input admin email
+  register: result
+
+- name: Set admin email
+  ansible.builtin.set_fact:
+    pleroma_building_admin_email: "{{ result.user_input }}"
+
+- name: Get notify email
+  ansible.builtin.pause:
+    prompt: Input notify email
+  register: result
+
+- name: Set notify email
+  ansible.builtin.set_fact:
+    pleroma_building_notify_email: "{{ result.user_input }}"
+
+- name: Generate random postgres password
+  ansible.builtin.set_fact:
+    pleroma_building_db_pass: "{{ lookup('community.general.random_string', length=32, special=false) }}"
+
+- name: Create PostgreSQL user for pleroma
+  become: true
+  become_user: postgres
+  community.postgresql.postgresql_user:
+    name: pleroma
+    password: "{{ pleroma_building_db_pass }}"
+
+- name: Create PostgreSQL database for pleroma
+  become: true
+  become_user: postgres
+  community.postgresql.postgresql_db:
+    name: pleroma
+    owner: pleroma
+
+- name: Copy Pleroma config
+  ansible.builtin.template:
+    src: config.exs.j2
+    dest: /opt/pleroma/config/prod.secret.exs
+    owner: pleroma
+    mode: '0640'
+
+- name: Build Pleroma
+  become: true
+  become_user: pleroma
+  environment:
+    MIX_ENV: prod
+  ansible.builtin.command:
+    cmd: mix ecto.migrate
+    chdir: /opt/pleroma
--- a/roles/pleroma_building/templates/config.exs.j2
+++ b/roles/pleroma_building/templates/config.exs.j2
@ -0,0 +1,72 @@
+import Config
+
+config :pleroma, Pleroma.Web.Endpoint,
+   url: [host: "{{ pleroma_building_domain }}", scheme: "https", port: 443],
+   http: [ip: {127, 0, 0, 1}, port: 4000]
+   
+config :pleroma, :instance,
+  name: "{{ pleroma_building_instance_name }}",
+  email: "{{ pleroma_building_admin_email }}",
+  notify_email: "{{ pleroma_building_notify_email }}",
+  limit: 5000,
+  registrations_open: false,
+  federating: true,
+  healthcheck: true
+
+config :pleroma, :media_proxy,
+  enabled: false,
+  redirect_on_failure: true
+  #base_url: "https://cache.pleroma.social"
+
+config :pleroma, Pleroma.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: "pleroma",
+  password: "{{ pleroma_building_db_pass }}",
+  database: "pleroma",
+  hostname: "localhost"
+
+config :web_push_encryption, :vapid_details, subject: "mailto:#{{ pleroma_building_notify_email }}"
+
+config :pleroma, :database, rum_enabled: false
+config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
+config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
+config :pleroma, configurable_from_database: true
+
+if not File.exists?("/var/lib/pleroma/secret.exs") do
+  secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
+  signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
+  {web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
+
+  secret_file =
+    EEx.eval_string(
+      """
+      import Config
+
+      config :pleroma, Pleroma.Web.Endpoint,
+        secret_key_base: "<%= secret %>",
+        signing_salt: "<%= signing_salt %>"
+
+      config :web_push_encryption, :vapid_details,
+        public_key: "<%= web_push_public_key %>",
+        private_key: "<%= web_push_private_key %>"
+      """,
+      secret: secret,
+      signing_salt: signing_salt,
+      web_push_public_key: Base.url_encode64(web_push_public_key, padding: false),
+      web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
+    )
+
+  File.write("/var/lib/pleroma/secret.exs", secret_file)
+end
+
+import_config("/var/lib/pleroma/secret.exs")
+
+# For additional user config
+if File.exists?("/var/lib/pleroma/config.exs"),
+  do: import_config("/var/lib/pleroma/config.exs"),
+  else:
+    File.write("/var/lib/pleroma/config.exs", """
+    import Config
+
+    # For additional configuration outside of environmental variables
+    """)