parent
bd555bb954
commit
849c769a65
@ -0,0 +1,119 @@
|
||||
# https://docs.pleroma.social/backend/installation/otp_en/
|
||||
---
|
||||
- hosts: pleroma
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"
|
||||
- shell: |
|
||||
arch="$(uname -m)"
|
||||
if [ "$arch" = "x86_64" ]; then
|
||||
arch="amd64";
|
||||
elif [ "$arch" = "armv7l" ]; then
|
||||
arch="arm";
|
||||
elif [ "$arch" = "aarch64" ]; then
|
||||
arch="arm64";
|
||||
else
|
||||
echo "Unsupported arch: $arch">&2;
|
||||
fi;
|
||||
if getconf GNU_LIBC_VERSION>/dev/null; then
|
||||
libc_postfix="";
|
||||
elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ]; then
|
||||
libc_postfix="-musl";
|
||||
elif [ "$(find /lib/libc.musl*|wc -l)" ]; then
|
||||
libc_postfix="-musl";
|
||||
else
|
||||
echo "Unsupported libc">&2;
|
||||
fi;
|
||||
echo "$arch$libc_postfix"
|
||||
register: arch_result
|
||||
- set_fact:
|
||||
pleroma_flavour: "{{ arch_result.stdout | trim }}"
|
||||
|
||||
- apt:
|
||||
update_cache: yes
|
||||
|
||||
# apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot libmagic-dev
|
||||
# apt install imagemagick ffmpeg libimage-exiftool-perl
|
||||
# apt install postgresql-11-rum
|
||||
- package:
|
||||
name:
|
||||
- curl
|
||||
- unzip
|
||||
- libncurses5
|
||||
- postgresql
|
||||
- postgresql-contrib
|
||||
- nginx
|
||||
- certbot
|
||||
- libmagic-dev
|
||||
- imagemagick
|
||||
- ffmpeg
|
||||
- libimage-exiftool-perl
|
||||
- postgresql-11-rum
|
||||
notify:
|
||||
- Restart postgres
|
||||
|
||||
# Create a Pleroma user
|
||||
# adduser --system --shell /bin/false --home /opt/pleroma pleroma
|
||||
- user:
|
||||
name: pleroma
|
||||
home: /opt/pleroma
|
||||
shell: /bin/false
|
||||
system: yes
|
||||
|
||||
# Clone the release build into a temporary directory and unpack it
|
||||
# su pleroma -s $SHELL -lc "
|
||||
# curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
|
||||
# unzip /tmp/pleroma.zip -d /tmp/
|
||||
# "
|
||||
- get_url:
|
||||
url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{ pleroma_flavour }}
|
||||
dest: /tmp/pleroma.zip
|
||||
- command: unzip /tmp/pleroma.zip -d /tmp/
|
||||
|
||||
# Move the release to the home directory and delete temporary files
|
||||
# su pleroma -s $SHELL -lc "
|
||||
# mv /tmp/release/* /opt/pleroma
|
||||
# rmdir /tmp/release
|
||||
# rm /tmp/pleroma.zip
|
||||
# "
|
||||
- copy:
|
||||
src: /tmp/release/
|
||||
dest: /opt/pleroma/
|
||||
remote_src: yes
|
||||
owner: pleroma
|
||||
- file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /tmp/release
|
||||
- /tmp/pleroma.zip
|
||||
|
||||
# Create uploads directory and set proper permissions (skip if planning to use a remote uploader)
|
||||
# Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later
|
||||
# mkdir -p /var/lib/pleroma/uploads
|
||||
# chown -R pleroma /var/lib/pleroma
|
||||
|
||||
# Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.)
|
||||
# Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later
|
||||
# mkdir -p /var/lib/pleroma/static
|
||||
# chown -R pleroma /var/lib/pleroma
|
||||
|
||||
# Create a config directory
|
||||
# mkdir -p /etc/pleroma
|
||||
# chown -R pleroma /etc/pleroma
|
||||
- file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: pleroma
|
||||
loop:
|
||||
- /var/lib/pleroma/uploads
|
||||
- /var/lib/pleroma/static
|
||||
- /etc/pleroma
|
||||
|
||||
handlers:
|
||||
- name: Restart postgres
|
||||
service:
|
||||
name: postgresql
|
||||
state: restarted
|
||||
|
@ -0,0 +1,31 @@
|
||||
# https://docs.pleroma.social/backend/installation/otp_en/
|
||||
---
|
||||
- hosts: pleroma
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# Create the postgres database
|
||||
# su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
|
||||
- command: psql -f /tmp/setup_db.psql
|
||||
become_user: postgres
|
||||
|
||||
# Create the database schema
|
||||
# su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
|
||||
- command: ./bin/pleroma_ctl migrate
|
||||
args:
|
||||
chdir: /opt/pleroma
|
||||
become_user: pleroma
|
||||
|
||||
# If you have installed RUM indexes uncommend and run
|
||||
# su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
|
||||
- command: ./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/
|
||||
args:
|
||||
chdir: /opt/pleroma
|
||||
become_user: pleroma
|
||||
|
||||
handlers:
|
||||
- name: Restart postgres
|
||||
service:
|
||||
name: postgresql
|
||||
state: restarted
|
||||
|
@ -0,0 +1,62 @@
|
||||
# https://docs.pleroma.social/backend/installation/otp_en/
|
||||
---
|
||||
- hosts: pleroma
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
# cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf
|
||||
# ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
|
||||
- copy:
|
||||
src: /opt/pleroma/installation/pleroma.nginx
|
||||
dest: /etc/nginx/sites-available/pleroma.conf
|
||||
remote_src: yes
|
||||
notify: Restart nginx
|
||||
- file:
|
||||
src: /etc/nginx/sites-available/pleroma.conf
|
||||
dest: /etc/nginx/sites-enabled/pleroma.conf
|
||||
state: link
|
||||
notify: Restart nginx
|
||||
|
||||
- replace:
|
||||
path: /etc/nginx/sites-available/pleroma.conf
|
||||
regexp: 'example\.tld'
|
||||
replace: "{{ pleroma_tld }}"
|
||||
notify: Restart nginx
|
||||
|
||||
# Copy the service into a proper directory
|
||||
# cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
|
||||
- copy:
|
||||
src: /opt/pleroma/installation/pleroma.service
|
||||
dest: /etc/systemd/system/pleroma.service
|
||||
remote_src: yes
|
||||
# Start pleroma and enable it on boot
|
||||
# systemctl start pleroma
|
||||
# systemctl enable pleroma
|
||||
notify: Restart pleroma
|
||||
|
||||
# Create the directory for webroot challenges
|
||||
# mkdir -p /var/lib/letsencrypt
|
||||
- file:
|
||||
path: /var/lib/letsencrypt
|
||||
state: directory
|
||||
|
||||
# Add it to the daily cron
|
||||
# echo '#!/bin/sh
|
||||
# certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
|
||||
# ' > /etc/cron.daily/renew-pleroma-cert
|
||||
# chmod +x /etc/cron.daily/renew-pleroma-cert
|
||||
- template:
|
||||
src: renew-pleroma-cert
|
||||
dest: /etc/cron.daily/renew-pleroma-cert
|
||||
mode: +x
|
||||
|
||||
handlers:
|
||||
- name: Restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
- name: Restart pleroma
|
||||
service:
|
||||
name: pleroma
|
||||
enabled: yes
|
||||
state: restarted
|
@ -0,0 +1,32 @@
|
||||
```sh
|
||||
ansible-playbook -l pleroma playbooks/pleroma/01.yml
|
||||
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
|
||||
|
||||
ansible-playbook -l pleroma playbooks/pleroma/02.yml
|
||||
|
||||
# Start the instance to verify that everything is working as expected
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma daemon"
|
||||
|
||||
# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
|
||||
sleep 20 && curl http://localhost:4000/api/v1/instance
|
||||
|
||||
# Stop the instance
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma stop"
|
||||
|
||||
sudo systemctl stop nginx
|
||||
certbot certonly --standalone --preferred-challenges http -d $PLEROMA_TLD
|
||||
|
||||
ansible-playbook -l pleroma playbooks/pleroma/03.yml
|
||||
|
||||
# Uncomment the webroot method
|
||||
sudo vim /etc/nginx/sites-available/pleroma.conf
|
||||
|
||||
sudo nginx -t
|
||||
|
||||
# Restart nginx
|
||||
systemctl restart nginx
|
||||
|
||||
cd /opt/pleroma
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new joeuser joeuser@sld.tld --admin"
|
||||
```
|
@ -0,0 +1,2 @@
|
||||
#!/bin/sh
|
||||
certbot renew --cert-name {{ pleroma_tld }} --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
- hosts: server
|
||||
tasks:
|
||||
|
||||
- name: create user
|
||||
user:
|
||||
name: alpha
|
||||
# password: "{{ password | password_hash('sha512') }}"
|
||||
|
||||
- name: give user sudo access
|
||||
lineinfile:
|
||||
path: /etc/sudoers.d/alpha
|
||||
line: "alpha ALL=(ALL) NOPASSWD: ALL"
|
||||
create: yes
|
||||
validate: visudo -cf %s
|
||||
|
||||
- name: add ssh keys
|
||||
authorized_key:
|
||||
user: alpha
|
||||
key: https://github.com/kejadlen.keys
|
Loading…
Reference in new issue