# HG changeset patch # User Luke Hoersten # Date 1625418324 18000 # Node ID 05d0cf32e0772b4544d3f45dd15264d69fb6c9fe # Parent 1b7ccb72916469a5b5b598711e403af87e77581c Added writefreely backup. diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,12 @@ +{ + "Rules": [ + { + "ID": "expiration", + "Filter": {}, + "Status": "Enabled", + "NoncurrentVersionExpiration": { + "NoncurrentDays": 30 + } + } + ] +} diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/aws-s3-backup/files/writefreely-s3-backup.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/aws-s3-backup/files/writefreely-s3-backup.sh Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,13 @@ +#!/bin/bash + +BUCKET=$1 +BACKUP_DIR=$2 +BACKUP_TAR="/tmp/$BUCKET.tgz" + +tar -zc -f $BACKUP_TAR $BACKUP_DIR +aws s3 mb "s3://$BUCKET/" +aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled +aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/writefreely-s3-backup-lifecycle.json" +aws s3 cp $BACKUP_TAR "s3://$BUCKET/" + +rm $BACKUP_TAR diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/aws-s3-backup/handlers/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/aws-s3-backup/handlers/main.yaml Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,5 @@ +--- + +- name: reload s3 backup service + systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes" + become: yes diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/aws-s3-backup/meta/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/aws-s3-backup/meta/main.yaml Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,4 @@ +--- + +dependencies: + - aws-s3-backup diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/aws-s3-backup/tasks/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/aws-s3-backup/tasks/main.yaml Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,26 @@ +--- + +- name: create writefreely s3 backup shell script + become: yes + copy: + src: "writefreely-s3-backup.sh" + dest: "/usr/local/bin/writefreely-s3-backup.sh" + mode: "0755" + +- name: create s3 backup lifesycle json file + become: yes + copy: + src: "writefreely-s3-backup-lifecycle.json" + dest: "/usr/local/share/writefreely-s3-backup-lifecycle.json" + mode: "0755" + +- name: configure writefreely s3 backup systemd service + become: yes + template: + src: "writefreely-s3-backup@.service.j2" + dest: "/lib/systemd/system/writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" + notify: reload s3 backup service + +- name: ensure writefreely s3 backup service is started + become: yes + systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/aws-s3-backup/templates/writefreely-s3-backup@.service.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/aws-s3-backup/templates/writefreely-s3-backup@.service.j2 Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,9 @@ +[Unit] +Description=Writefreely s3 backup for "%I" + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/writefreely-s3-backup.sh %i "{{writefreely_s3_backup_dir}}" + +[Install] +WantedBy=aws-s3-backup.target diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/defaults/main.yaml --- a/writefreely/defaults/main.yaml Sat Jul 03 13:38:02 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,11 +0,0 @@ ---- - -writefreely_user: "writefreely" -writefreely_arch: "arm64" -writefreely_version: "0.12.0" -writefreely_tar: "https://github.com/writeas/writefreely/releases/download/v{{writefreely_version}}/writefreely_{{writefreely_version}}_linux_{{writefreely_arch}}.tar.gz" - -writefreely_dir: "/var/writefreely" -writefreely_port: "8080" -writefreely_url: "https://{{writefreely_instance}}" -writefreely_site_name: "{{writefreely_instance}}" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/handlers/main.yaml --- a/writefreely/handlers/main.yaml Sat Jul 03 13:38:02 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ ---- - -- name: reload service - become: yes - systemd: name="writefreely@{{writefreely_instance}}.service" enabled="yes" daemon_reload="yes" - -- name: migrate db - become: yes - become_user: "{{writefreely_user}}" - command: "writefreely db migrate" - args: - chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/defaults/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/defaults/main.yaml Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,11 @@ +--- + +writefreely_user: "writefreely" +writefreely_arch: "arm64" +writefreely_version: "0.12.0" +writefreely_tar: "https://github.com/writeas/writefreely/releases/download/v{{writefreely_version}}/writefreely_{{writefreely_version}}_linux_{{writefreely_arch}}.tar.gz" + +writefreely_dir: "/var/writefreely" +writefreely_port: "8080" +writefreely_url: "https://{{writefreely_instance}}" +writefreely_site_name: "{{writefreely_instance}}" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/handlers/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/handlers/main.yaml Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,12 @@ +--- + +- name: reload service + become: yes + systemd: name="writefreely@{{writefreely_instance}}.service" enabled="yes" daemon_reload="yes" + +- name: migrate db + become: yes + become_user: "{{writefreely_user}}" + command: "writefreely db migrate" + args: + chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/tasks/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/tasks/main.yaml Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,103 @@ +--- + +- name: add writefreely user + become: yes + user: name="{{writefreely_user}}" + +- name: unarchive writefreely + become: yes + unarchive: + remote_src: yes + src: "{{writefreely_tar}}" + dest: "/tmp/" + creates: "/tmp/writefreely/" + owner: "root" + group: "root" + +- name: install writefreely binary + become: yes + copy: + src: "/tmp/writefreely/writefreely" + dest: "/usr/local/bin/" + remote_src: yes + owner: "{{writefreely_user}}" + group: "{{writefreely_user}}" + mode: "0755" + notify: migrate db + +- name: create instance dir + become: yes + file: + path: "{{item}}" + state: "directory" + owner: "{{writefreely_user}}" + group: "{{writefreely_user}}" + mode: "0755" + notify: reload service + loop: + - "{{writefreely_dir}}" + - "{{writefreely_dir}}/{{writefreely_instance}}" + +- name: install static content + become: yes + copy: + src: "/tmp/writefreely/" + remote_src: yes + dest: "{{writefreely_dir}}/{{writefreely_instance}}/" + owner: "{{writefreely_user}}" + group: "{{writefreely_user}}" + mode: "0755" + +- name: configure + become: yes + template: + src: "config.ini.j2" + dest: "{{writefreely_dir}}/{{writefreely_instance}}/config.ini" + mode: "0644" + owner: "{{writefreely_user}}" + group: "{{writefreely_user}}" + notify: reload service + +- name: check if keys exists + stat: + path: "{{writefreely_dir}}/{{writefreely_instance}}/keys/cookies_auth.aes256" + register: keys_file + +- name: generate keys + become: yes + become_user: "{{writefreely_user}}" + command: "writefreely keys gen" + args: + chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" + when: not keys_file.stat.exists + +- name: check if db exists + stat: + path: "{{writefreely_dir}}/{{writefreely_instance}}/writefreely.db" + register: db_file + +- name: create db + become: yes + become_user: "{{writefreely_user}}" + command: "writefreely db init" + args: + chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" + when: not db_file.stat.exists + +- name: create admin + become: yes + become_user: "{{writefreely_user}}" + command: "writefreely --create-admin admin:admin" + args: + chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" + when: not db_file.stat.exists + +- name: install systemd service + become: yes + template: + src: "writefreely@.service.j2" + dest: "/lib/systemd/system/writefreely@.service" + +- name: ensure service is started + become: yes + systemd: name="writefreely@{{writefreely_instance}}.service" enabled="yes" state="started" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/templates/config.ini.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/templates/config.ini.j2 Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,71 @@ +[server] +hidden_host = +port = {{writefreely_port}} +bind = localhost +tls_cert_path = +tls_key_path = +autocert = false +templates_parent_dir = +static_parent_dir = +pages_parent_dir = +keys_parent_dir = +hash_seed = + +[database] +type = sqlite3 +filename = writefreely.db +username = +password = +database = writefreely +host = localhost +port = 3306 + +[app] +site_name = {{writefreely_site_name}} +site_description = +host = {{writefreely_url}} +theme = write +editor = +disable_js = false +webfonts = true +landing = /read +simple_nav = false +wf_modesty = false +chorus = false +forest = false +disable_drafts = false +single_user = false +open_registration = false +min_username_len = 3 +max_blogs = 1 +federation = true +public_stats = true +private = false +local_timeline = true +user_invites = admin +default_visibility = public +update_checks = false + +[oauth.slack] +client_id = +client_secret = +team_id = +callback_proxy = +callback_proxy_api = + +[oauth.writeas] +client_id = +client_secret = +auth_location = +token_location = +inspect_location = +callback_proxy = +callback_proxy_api = + +[oauth.gitlab] +client_id = +client_secret = +host = +display_name = +callback_proxy = +callback_proxy_api = diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/templates/nginx.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/templates/nginx.conf.j2 Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,54 @@ +server { + listen 80; + server_name {{nginx_server_name}}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + server_name {{nginx_server_name}}; + + ssl_certificate {{nginx_ssl_cert}}; + ssl_certificate_key {{nginx_ssl_privkey}}; + ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; + + gzip on; + gzip_types + application/javascript + application/x-javascript + application/json + application/rss+xml + application/xml + image/svg+xml + image/x-icon + application/vnd.ms-fontobject + application/font-sfnt + text/css + text/plain; + gzip_min_length 256; + gzip_comp_level 5; + gzip_http_version 1.1; + gzip_vary on; + + location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; + proxy_redirect off; + } + + location ~ ^/(css|img|js|fonts)/ { + root {{nginx_static_content}}; + # Optionally cache these files in the browser: + # expires 12M; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; + proxy_redirect off; + } +} diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/templates/writefreely@.service.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/templates/writefreely@.service.j2 Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,12 @@ +[Unit] +Description=WriteFreely %I Instance +After=syslog.target network.target + +[Service] +WorkingDirectory={{writefreely_dir}}/%i/ +ExecStart=/usr/local/bin/writefreely +Restart=always +User={{writefreely_user}} + +[Install] +WantedBy=multi-user.target diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/tasks/main.yaml --- a/writefreely/tasks/main.yaml Sat Jul 03 13:38:02 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,103 +0,0 @@ ---- - -- name: add writefreely user - become: yes - user: name="{{writefreely_user}}" - -- name: unarchive writefreely - become: yes - unarchive: - remote_src: yes - src: "{{writefreely_tar}}" - dest: "/tmp/" - creates: "/tmp/writefreely/" - owner: "root" - group: "root" - -- name: install writefreely binary - become: yes - copy: - src: "/tmp/writefreely/writefreely" - dest: "/usr/local/bin/" - remote_src: yes - owner: "{{writefreely_user}}" - group: "{{writefreely_user}}" - mode: "0755" - notify: migrate db - -- name: create instance dir - become: yes - file: - path: "{{item}}" - state: "directory" - owner: "{{writefreely_user}}" - group: "{{writefreely_user}}" - mode: "0755" - notify: reload service - loop: - - "{{writefreely_dir}}" - - "{{writefreely_dir}}/{{writefreely_instance}}" - -- name: install static content - become: yes - copy: - src: "/tmp/writefreely/" - remote_src: yes - dest: "{{writefreely_dir}}/{{writefreely_instance}}/" - owner: "{{writefreely_user}}" - group: "{{writefreely_user}}" - mode: "0755" - -- name: configure - become: yes - template: - src: "config.ini.j2" - dest: "{{writefreely_dir}}/{{writefreely_instance}}/config.ini" - mode: "0644" - owner: "{{writefreely_user}}" - group: "{{writefreely_user}}" - notify: reload service - -- name: check if keys exists - stat: - path: "{{writefreely_dir}}/{{writefreely_instance}}/keys/cookies_auth.aes256" - register: keys_file - -- name: generate keys - become: yes - become_user: "{{writefreely_user}}" - command: "writefreely keys gen" - args: - chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" - when: not keys_file.stat.exists - -- name: check if db exists - stat: - path: "{{writefreely_dir}}/{{writefreely_instance}}/writefreely.db" - register: db_file - -- name: create db - become: yes - become_user: "{{writefreely_user}}" - command: "writefreely db init" - args: - chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" - when: not db_file.stat.exists - -- name: create admin - become: yes - become_user: "{{writefreely_user}}" - command: "writefreely --create-admin admin:admin" - args: - chdir: "{{writefreely_dir}}/{{writefreely_instance}}/" - when: not db_file.stat.exists - -- name: install systemd service - become: yes - template: - src: "writefreely@.service.j2" - dest: "/lib/systemd/system/writefreely@.service" - -- name: ensure service is started - become: yes - systemd: name="writefreely@{{writefreely_instance}}.service" enabled="yes" state="started" diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/templates/config.ini.j2 --- a/writefreely/templates/config.ini.j2 Sat Jul 03 13:38:02 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,71 +0,0 @@ -[server] -hidden_host = -port = {{writefreely_port}} -bind = localhost -tls_cert_path = -tls_key_path = -autocert = false -templates_parent_dir = -static_parent_dir = -pages_parent_dir = -keys_parent_dir = -hash_seed = - -[database] -type = sqlite3 -filename = writefreely.db -username = -password = -database = writefreely -host = localhost -port = 3306 - -[app] -site_name = {{writefreely_site_name}} -site_description = -host = {{writefreely_url}} -theme = write -editor = -disable_js = false -webfonts = true -landing = /read -simple_nav = false -wf_modesty = false -chorus = false -forest = false -disable_drafts = false -single_user = false -open_registration = false -min_username_len = 3 -max_blogs = 1 -federation = true -public_stats = true -private = false -local_timeline = true -user_invites = admin -default_visibility = public -update_checks = false - -[oauth.slack] -client_id = -client_secret = -team_id = -callback_proxy = -callback_proxy_api = - -[oauth.writeas] -client_id = -client_secret = -auth_location = -token_location = -inspect_location = -callback_proxy = -callback_proxy_api = - -[oauth.gitlab] -client_id = -client_secret = -host = -display_name = -callback_proxy = -callback_proxy_api = diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/templates/nginx.conf.j2 --- a/writefreely/templates/nginx.conf.j2 Sat Jul 03 13:38:02 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,54 +0,0 @@ -server { - listen 80; - server_name {{nginx_server_name}}; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl http2; - server_name {{nginx_server_name}}; - - ssl_certificate {{nginx_ssl_cert}}; - ssl_certificate_key {{nginx_ssl_privkey}}; - ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; - - gzip on; - gzip_types - application/javascript - application/x-javascript - application/json - application/rss+xml - application/xml - image/svg+xml - image/x-icon - application/vnd.ms-fontobject - application/font-sfnt - text/css - text/plain; - gzip_min_length 256; - gzip_comp_level 5; - gzip_http_version 1.1; - gzip_vary on; - - location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; - proxy_redirect off; - } - - location ~ ^/(css|img|js|fonts)/ { - root {{nginx_static_content}}; - # Optionally cache these files in the browser: - # expires 12M; - } - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; - proxy_redirect off; - } -} diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/templates/writefreely@.service.j2 --- a/writefreely/templates/writefreely@.service.j2 Sat Jul 03 13:38:02 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -[Unit] -Description=WriteFreely %I Instance -After=syslog.target network.target - -[Service] -WorkingDirectory={{writefreely_dir}}/%i/ -ExecStart=/usr/local/bin/writefreely -Restart=always -User={{writefreely_user}} - -[Install] -WantedBy=multi-user.target