From fab2e2e568e77eafbd4e71627475688bbcf83a9e Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Tue, 8 Nov 2022 21:20:43 -0800 Subject: [PATCH] move ramble-hard provisioning to boxen --- meta/playbooks/pleroma/01.yml | 119 ---------------------- meta/playbooks/pleroma/02.yml | 31 ------ meta/playbooks/pleroma/03.yml | 62 ----------- meta/playbooks/pleroma/README.md | 32 ------ meta/playbooks/pleroma/renew-pleroma-cert | 2 - meta/ramble-hard.yml | 12 --- 6 files changed, 258 deletions(-) delete mode 100644 meta/playbooks/pleroma/01.yml delete mode 100644 meta/playbooks/pleroma/02.yml delete mode 100644 meta/playbooks/pleroma/03.yml delete mode 100644 meta/playbooks/pleroma/README.md delete mode 100644 meta/playbooks/pleroma/renew-pleroma-cert delete mode 100644 meta/ramble-hard.yml diff --git a/meta/playbooks/pleroma/01.yml b/meta/playbooks/pleroma/01.yml deleted file mode 100644 index 0d16043..0000000 --- a/meta/playbooks/pleroma/01.yml +++ /dev/null @@ -1,119 +0,0 @@ -# https://docs.pleroma.social/backend/installation/otp_en/ ---- -- hosts: pleroma - become: yes - tasks: - - # arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix" - - shell: | - arch="$(uname -m)" - if [ "$arch" = "x86_64" ]; then - arch="amd64"; - elif [ "$arch" = "armv7l" ]; then - arch="arm"; - elif [ "$arch" = "aarch64" ]; then - arch="arm64"; - else - echo "Unsupported arch: $arch">&2; - fi; - if getconf GNU_LIBC_VERSION>/dev/null; then - libc_postfix=""; - elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ]; then - libc_postfix="-musl"; - elif [ "$(find /lib/libc.musl*|wc -l)" ]; then - libc_postfix="-musl"; - else - echo "Unsupported libc">&2; - fi; - echo "$arch$libc_postfix" - register: arch_result - - set_fact: - pleroma_flavour: "{{ arch_result.stdout | trim }}" - - - apt: - update_cache: yes - - # apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot libmagic-dev - # apt install imagemagick ffmpeg libimage-exiftool-perl - # apt install postgresql-11-rum - - package: - name: - - curl - - unzip - - libncurses5 - - postgresql - - postgresql-contrib - - nginx - - certbot - - libmagic-dev - - imagemagick - - ffmpeg - - libimage-exiftool-perl - - postgresql-11-rum - notify: - - Restart postgres - - # Create a Pleroma user - # adduser --system --shell /bin/false --home /opt/pleroma pleroma - - user: - name: pleroma - home: /opt/pleroma - shell: /bin/false - system: yes - - # Clone the release build into a temporary directory and unpack it - # su pleroma -s $SHELL -lc " - # curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip - # unzip /tmp/pleroma.zip -d /tmp/ - # " - - get_url: - url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{ pleroma_flavour }} - dest: /tmp/pleroma.zip - - command: unzip /tmp/pleroma.zip -d /tmp/ - - # Move the release to the home directory and delete temporary files - # su pleroma -s $SHELL -lc " - # mv /tmp/release/* /opt/pleroma - # rmdir /tmp/release - # rm /tmp/pleroma.zip - # " - - copy: - src: /tmp/release/ - dest: /opt/pleroma/ - remote_src: yes - owner: pleroma - - file: - path: "{{ item }}" - state: absent - loop: - - /tmp/release - - /tmp/pleroma.zip - - # Create uploads directory and set proper permissions (skip if planning to use a remote uploader) - # Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later - # mkdir -p /var/lib/pleroma/uploads - # chown -R pleroma /var/lib/pleroma - - # Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.) - # Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later - # mkdir -p /var/lib/pleroma/static - # chown -R pleroma /var/lib/pleroma - - # Create a config directory - # mkdir -p /etc/pleroma - # chown -R pleroma /etc/pleroma - - file: - path: "{{ item }}" - state: directory - owner: pleroma - loop: - - /var/lib/pleroma/uploads - - /var/lib/pleroma/static - - /etc/pleroma - - handlers: - - name: Restart postgres - service: - name: postgresql - state: restarted - diff --git a/meta/playbooks/pleroma/02.yml b/meta/playbooks/pleroma/02.yml deleted file mode 100644 index bf81968..0000000 --- a/meta/playbooks/pleroma/02.yml +++ /dev/null @@ -1,31 +0,0 @@ -# https://docs.pleroma.social/backend/installation/otp_en/ ---- -- hosts: pleroma - become: yes - tasks: - - # Create the postgres database - # su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" - - command: psql -f /tmp/setup_db.psql - become_user: postgres - - # Create the database schema - # su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" - - command: ./bin/pleroma_ctl migrate - args: - chdir: /opt/pleroma - become_user: pleroma - - # If you have installed RUM indexes uncommend and run - # su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/" - - command: ./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/ - args: - chdir: /opt/pleroma - become_user: pleroma - - handlers: - - name: Restart postgres - service: - name: postgresql - state: restarted - diff --git a/meta/playbooks/pleroma/03.yml b/meta/playbooks/pleroma/03.yml deleted file mode 100644 index 693f0fa..0000000 --- a/meta/playbooks/pleroma/03.yml +++ /dev/null @@ -1,62 +0,0 @@ -# https://docs.pleroma.social/backend/installation/otp_en/ ---- -- hosts: pleroma - become: yes - tasks: - - # cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf - # ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf - - copy: - src: /opt/pleroma/installation/pleroma.nginx - dest: /etc/nginx/sites-available/pleroma.conf - remote_src: yes - notify: Restart nginx - - file: - src: /etc/nginx/sites-available/pleroma.conf - dest: /etc/nginx/sites-enabled/pleroma.conf - state: link - notify: Restart nginx - - - replace: - path: /etc/nginx/sites-available/pleroma.conf - regexp: 'example\.tld' - replace: "{{ pleroma_tld }}" - notify: Restart nginx - - # Copy the service into a proper directory - # cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service - - copy: - src: /opt/pleroma/installation/pleroma.service - dest: /etc/systemd/system/pleroma.service - remote_src: yes - # Start pleroma and enable it on boot - # systemctl start pleroma - # systemctl enable pleroma - notify: Restart pleroma - - # Create the directory for webroot challenges - # mkdir -p /var/lib/letsencrypt - - file: - path: /var/lib/letsencrypt - state: directory - - # Add it to the daily cron - # echo '#!/bin/sh - # certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" - # ' > /etc/cron.daily/renew-pleroma-cert - # chmod +x /etc/cron.daily/renew-pleroma-cert - - template: - src: renew-pleroma-cert - dest: /etc/cron.daily/renew-pleroma-cert - mode: +x - - handlers: - - name: Restart nginx - service: - name: nginx - state: restarted - - name: Restart pleroma - service: - name: pleroma - enabled: yes - state: restarted diff --git a/meta/playbooks/pleroma/README.md b/meta/playbooks/pleroma/README.md deleted file mode 100644 index 5baa884..0000000 --- a/meta/playbooks/pleroma/README.md +++ /dev/null @@ -1,32 +0,0 @@ -```sh -ansible-playbook -l pleroma playbooks/pleroma/01.yml - -su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql" - -ansible-playbook -l pleroma playbooks/pleroma/02.yml - -# Start the instance to verify that everything is working as expected -su pleroma -s $SHELL -lc "./bin/pleroma daemon" - -# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly -sleep 20 && curl http://localhost:4000/api/v1/instance - -# Stop the instance -su pleroma -s $SHELL -lc "./bin/pleroma stop" - -sudo systemctl stop nginx -certbot certonly --standalone --preferred-challenges http -d $PLEROMA_TLD - -ansible-playbook -l pleroma playbooks/pleroma/03.yml - -# Uncomment the webroot method -sudo vim /etc/nginx/sites-available/pleroma.conf - -sudo nginx -t - -# Restart nginx -systemctl restart nginx - -cd /opt/pleroma -su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new joeuser joeuser@sld.tld --admin" -``` diff --git a/meta/playbooks/pleroma/renew-pleroma-cert b/meta/playbooks/pleroma/renew-pleroma-cert deleted file mode 100644 index 08a21f5..0000000 --- a/meta/playbooks/pleroma/renew-pleroma-cert +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -certbot renew --cert-name {{ pleroma_tld }} --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" diff --git a/meta/ramble-hard.yml b/meta/ramble-hard.yml deleted file mode 100644 index b79a794..0000000 --- a/meta/ramble-hard.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: ramble-hard - tasks: - - - name: add ssh keys - authorized_key: - user: root - key: https://github.com/kejadlen.keys - -- import_playbook: playbooks/docker.yml -- import_playbook: playbooks/lets_encrypt/main.yml -- import_playbook: playbooks/pixelfed/install.yml