From 436adfbc4f63932aa0c924fabc9406632ffa90e5 Mon Sep 17 00:00:00 2001 From: B4D_US3R Date: Wed, 27 Nov 2024 22:20:15 +0500 Subject: [PATCH] Add files --- group_vars.yml | 9 +++ playbook.yml | 131 ++++++++++++++++++++++++++++++++++++++++++++ templates/config.j2 | 74 +++++++++++++++++++++++++ 3 files changed, 214 insertions(+) create mode 100644 group_vars.yml create mode 100644 playbook.yml create mode 100644 templates/config.j2 diff --git a/group_vars.yml b/group_vars.yml new file mode 100644 index 0000000..e05bda1 --- /dev/null +++ b/group_vars.yml @@ -0,0 +1,9 @@ +--- +pleroma_domain: localhost +instance_name: Pleroma +admin_email: admin@mail.example +notify_email: notify@mail.example +db_user: pleroma +db_name: pleroma +db_host: 127.0.0.1 +db_password: pleroma diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..6710b67 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,131 @@ +--- +- name: Install pleroma + hosts: all + vars_files: + - ./group_vars.yml + + tasks: + - name: Get indexes + become: true + ansible.builtin.apt: + update-cache: true + + - name: Upgrade OS + become: true + ansible.builtin.apt: + upgrade: full + + - name: Install deps for building + become: true + ansible.builtin.apt: + name: + - acl + - git + - build-essential + - postgresql + - postgresql-contrib + - cmake + - libmagic-dev + - elixir + - erlang-dev + - erlang-nox + - imagemagick + - ffmpeg + - libimage-exiftool-perl + - python3-psycopg2 + + - name: Create pleroma database user + become: true + become_user: postgres + community.postgresql.postgresql_user: + name: '{{ db_user }}' + password: '{{ db_password }}' + + - name: Create pleroma database + become: true + become_user: postgres + community.postgresql.postgresql_db: + name: '{{ db_name }}' + owner: '{{ db_user }}' + + - name: Create pleroma user + become: true + ansible.builtin.user: + name: pleroma + system: true + home: /var/lib/pleroma + shell: /bin/false + + - name: Create pleroma directory + become: true + ansible.builtin.file: + path: /opt/pleroma + state: directory + recurse: true + owner: pleroma + group: pleroma + + - name: Get pleroma source + become: true + become_user: pleroma + ansible.builtin.git: + repo: https://git.pleroma.social/pleroma/pleroma + dest: /opt/pleroma + version: stable + + - name: Create pleroma config + become: true + become_user: pleroma + ansible.builtin.template: + src: ./templates/config.j2 + dest: /opt/pleroma/config/prod.secret.exs + owner: pleroma + group: pleroma + mode: '0644' + + - name: Install Hex + become: true + become_user: pleroma + ansible.builtin.shell: + chdir: /opt/pleroma + cmd: mix local.hex --force + + - name: Install pleroma deps + become: true + become_user: pleroma + ansible.builtin.shell: + chdir: /opt/pleroma + cmd: mix deps.get + + - name: Install rebar3 + become: true + become_user: pleroma + ansible.builtin.shell: + chdir: /opt/pleroma + cmd: mix local.rebar --force + + - name: Building pleroma and database migration + become: true + become_user: pleroma + ansible.builtin.shell: + chdir: /opt/pleroma + cmd: MIX_ENV=prod mix ecto.migrate + + - name: Copy SystemD unit + become: true + ansible.builtin.copy: + src: /opt/pleroma/installation/pleroma.service + dest: /etc/systemd/system/pleroma.service + mode: '0644' + + - name: Daemons reload + become: true + ansible.builtin.systemd_service: + daemon_reload: true + + - name: Enable and start pleroma service + become: true + ansible.builtin.systemd_service: + name: pleroma + enabled: true + state: started diff --git a/templates/config.j2 b/templates/config.j2 new file mode 100644 index 0000000..78e798e --- /dev/null +++ b/templates/config.j2 @@ -0,0 +1,74 @@ +import Config + +config :pleroma, Pleroma.Web.Endpoint, + url: [host: "{{ pleroma_domain }}", scheme: "http", port: 80], + http: [ip: {0, 0, 0, 0}, port: 4000] + +config :pleroma, :instance, + name: "{{ instance_name }}", + email: "{{ admin_email }}", + notify_email: "{{ notify_email }}", + limit: 5000, + registrations_open: true, + federating: true, + healthcheck: true + +config :pleroma, :media_proxy, + enabled: false, + redirect_on_failure: true, + base_url: "https://cache.domain.tld" + +config :pleroma, Pleroma.Repo, + adapter: Ecto.Adapters.Postgres, + username: "{{ db_user }}", + password: "{{ db_password }}", + database: "{{ db_name }}", + hostname: "{{ db_host }}", + pool_size: 10 + +# Configure web push notifications +config :web_push_encryption, :vapid_details, subject: "mailto:#{{ notify_email }}" + +config :pleroma, :database, rum_enabled: false +config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" +config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" + +# We can't store the secrets in this file, since this is baked into the docker image +if not File.exists?("/var/lib/pleroma/secret.exs") do + secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64) + signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8) + {web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1) + + secret_file = + EEx.eval_string( + """ + import Config + + config :pleroma, Pleroma.Web.Endpoint, + secret_key_base: "<%= secret %>", + signing_salt: "<%= signing_salt %>" + + config :web_push_encryption, :vapid_details, + public_key: "<%= web_push_public_key %>", + private_key: "<%= web_push_private_key %>" + """, + secret: secret, + signing_salt: signing_salt, + web_push_public_key: Base.url_encode64(web_push_public_key, padding: false), + web_push_private_key: Base.url_encode64(web_push_private_key, padding: false) + ) + + File.write("/var/lib/pleroma/secret.exs", secret_file) +end + +import_config("/var/lib/pleroma/secret.exs") + +# For additional user config +if File.exists?("/var/lib/pleroma/config.exs"), + do: import_config("/var/lib/pleroma/config.exs"), + else: + File.write("/var/lib/pleroma/config.exs", """ + import Config + + # For additional configuration outside of environmental variables + """) \ No newline at end of file