# HG changeset patch # User Luke Hoersten # Date 1707100039 21600 # Node ID 2e0366f2dcbe72079f351e39da79b74962c6f117 # Parent ce33bf94045fca3fec25829debf0ebfc3ad33d60 Tons of updates to fix migration to new server. diff -r ce33bf94045f -r 2e0366f2dcbe certbot-dns-cloudflare/tasks/main.yaml --- a/certbot-dns-cloudflare/tasks/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/certbot-dns-cloudflare/tasks/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -13,6 +13,12 @@ owner: "root" group: "root" +- name: make renewal dir + become: yes + file: + path: "/etc/letsencrypt/renewal/" + state: "directory" + - name: configure renewal become: yes template: @@ -24,11 +30,11 @@ - name: check if cert exists become: yes - stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem" + stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}-0001/cert.pem" register: cert - name: run certbot become: yes - command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}" + command: "certbot certonly -n --agree-tos --email {{certbot_dns_cloudflare_email}} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}} -d \"*.{{certbot_dns_cloudflare_domain}}\"" when: not cert.stat.exists changed_when: false diff -r ce33bf94045f -r 2e0366f2dcbe dendrite/build/defaults/main.yaml --- a/dendrite/build/defaults/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/dendrite/build/defaults/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -1,6 +1,6 @@ --- -dendrite_version: "0.13.5" +dendrite_version: "0.13.6" # https://github.com/matrix-org/dendrite/releases dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz" dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}" diff -r ce33bf94045f -r 2e0366f2dcbe dendrite/server/tasks/main.yaml --- a/dendrite/server/tasks/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/dendrite/server/tasks/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -17,6 +17,7 @@ remote_src: yes src: "{{dendrite_tar}}" dest: "/tmp/dendrite/" + notify: restart service - name: install dendrite binary become: yes @@ -34,6 +35,7 @@ - {"src": "generate-config" , "dest": "dendrite-generate-config"} - {"src": "generate-keys" , "dest": "dendrite-generate-keys"} - {"src": "resolve-state" , "dest": "dendrite-resolve-state"} + notify: restart service - name: create instance dir become: yes diff -r ce33bf94045f -r 2e0366f2dcbe dendrite/server/templates/dendrite.yaml.j2 --- a/dendrite/server/templates/dendrite.yaml.j2 Sun Jan 21 15:58:58 2024 -0600 +++ b/dendrite/server/templates/dendrite.yaml.j2 Sun Feb 04 20:27:19 2024 -0600 @@ -68,6 +68,10 @@ # The base URL to delegate client-server communications to e.g. https://localhost well_known_client_name: "" + # The server name to delegate sliding sync communications to, with optional port. + # Requires `well_known_client_name` to also be configured. + well_known_sliding_sync_proxy: "" + # Lists of domains that the server will trust as identity servers to verify third # party identifiers such as phone numbers and email addresses. trusted_third_party_id_servers: @@ -146,6 +150,13 @@ # to be sent to an insecure endpoint. disable_tls_validation: false + # Send the access_token query parameter with appservice requests in addition + # to the Authorization header. This can cause hs_tokens to be saved to logs, + # so it should not be enabled unless absolutely necessary. + legacy_auth: false + # Use the legacy unprefixed paths for appservice requests. + legacy_paths: false + # Appservice configuration files to load into this homeserver. config_files: # - /path/to/appservice_registration.yaml @@ -312,6 +323,10 @@ auto_join_rooms: # - "#main:matrix.org" + # The number of workers to start for the DeviceListUpdater. Defaults to 8. + # This only needs updating if the "InputDeviceListUpdate" stream keeps growing indefinitely. + # worker_count: 8 + # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on # how this works and how to set it up. diff -r ce33bf94045f -r 2e0366f2dcbe dendrite/server/templates/setup_db.psql.j2 --- a/dendrite/server/templates/setup_db.psql.j2 Sun Jan 21 15:58:58 2024 -0600 +++ b/dendrite/server/templates/setup_db.psql.j2 Sun Feb 04 20:27:19 2024 -0600 @@ -1,2 +1,3 @@ -CREATE USER {{dendrite_db_user}} WITH ENCRYPTED PASSWORD '{{dendrite_db_pass}}'; +CREATE USER {{dendrite_db_user}}; +ALTER USER {{dendrite_db_user}} WITH PASSWORD '{{dendrite_db_pass}}' CREATE DATABASE {{dendrite_db}} WITH OWNER {{dendrite_db_user}}; diff -r ce33bf94045f -r 2e0366f2dcbe mercurial/web/tasks/main.yaml --- a/mercurial/web/tasks/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/mercurial/web/tasks/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -10,6 +10,12 @@ - "python3-pygments" notify: restart uwsgi +- name: make hgweb dir + become: yes + file: + path: "{{mercurial_uwsgi_root}}" + state: "directory" + - name: configure hgweb become: yes template: src="{{item}}.j2" dest="{{mercurial_uwsgi_root}}/{{item}}" diff -r ce33bf94045f -r 2e0366f2dcbe miniflux/templates/setup_db.psql.j2 --- a/miniflux/templates/setup_db.psql.j2 Sun Jan 21 15:58:58 2024 -0600 +++ b/miniflux/templates/setup_db.psql.j2 Sun Feb 04 20:27:19 2024 -0600 @@ -1,4 +1,5 @@ -CREATE USER miniflux WITH ENCRYPTED PASSWORD '{{miniflux_db_pass}}'; +CREATE USER miniflux; +ALTER USER miniflux WITH PASSWORD '{{miniflux_db_pass}}'; CREATE DATABASE miniflux WITH OWNER miniflux; \c miniflux; --Extensions made by miniflux that need superuser access diff -r ce33bf94045f -r 2e0366f2dcbe nostr/relayer/templates/setup_db.psql.j2 --- a/nostr/relayer/templates/setup_db.psql.j2 Sun Jan 21 15:58:58 2024 -0600 +++ b/nostr/relayer/templates/setup_db.psql.j2 Sun Feb 04 20:27:19 2024 -0600 @@ -1,2 +1,3 @@ -CREATE USER {{relayer_db_user}} WITH ENCRYPTED PASSWORD '{{relayer_db_pass}}'; +CREATE USER {{relayer_db_user}}; +ALTER USER {{relayer_db_user}} WITH PASSWORD '{{relayer_db_pass}}'; CREATE DATABASE {{relayer_db}} WITH OWNER {{relayer_db_user}}; diff -r ce33bf94045f -r 2e0366f2dcbe pleroma/otp/tasks/main.yaml --- a/pleroma/otp/tasks/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/pleroma/otp/tasks/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -11,6 +11,10 @@ - "libmagic-dev" - "libtinfo5" +- name: install libssl1.1 deb + become: yes + apt: deb="http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_{{arch}}.deb" + - name: create pleroma config and data directories become: yes file: diff -r ce33bf94045f -r 2e0366f2dcbe pleroma/otp/templates/setup_db.psql.j2 --- a/pleroma/otp/templates/setup_db.psql.j2 Sun Jan 21 15:58:58 2024 -0600 +++ b/pleroma/otp/templates/setup_db.psql.j2 Sun Feb 04 20:27:19 2024 -0600 @@ -1,4 +1,5 @@ -CREATE USER {{pleroma_db_user}} WITH ENCRYPTED PASSWORD '{{pleroma_db_passwd}}'; +CREATE USER {{pleroma_db_user}}; +ALTER USER {{pleroma_db_user}} WITH ENCRYPTED PASSWORD '{{pleroma_db_passwd}}'; CREATE DATABASE {{pleroma_db}} WITH OWNER {{pleroma_db_user}}; \c {{pleroma_db}}; --Extensions made by ecto.migrate that need superuser access diff -r ce33bf94045f -r 2e0366f2dcbe postgresql/defaults/main.yaml --- a/postgresql/defaults/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/postgresql/defaults/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -2,6 +2,7 @@ # migrate PG version with pg_upgradecluster (see manpage) postgresql_version: "14" +postgresql_initidb_path: "/usr/lib/postgresql/{{postgresql_version}}/bin/initdb" postgresql_config_path: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf" postgresql_data_dir: "/var/lib/postgresql/{{postgresql_version}}/main" postgresql_apt_packages: diff -r ce33bf94045f -r 2e0366f2dcbe postgresql/tasks/main.yaml --- a/postgresql/tasks/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/postgresql/tasks/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -22,6 +22,17 @@ group: "postgres" notify: restart postgres +- name: check if postgresql data dir is new + become: yes + find: path='{{postgresql_data_dir}}' + register: filesFound + +- name: initialize pg data dir + become: yes + become_user: "postgres" + command: "{{postgresql_initidb_path}} -D {{postgresql_data_dir}}" + when: filesFound == 0 + - name: ensure postgresql is started become: yes systemd: name="postgresql" enabled="yes" state="started" diff -r ce33bf94045f -r 2e0366f2dcbe prosody/templates/setup_db.psql.j2 --- a/prosody/templates/setup_db.psql.j2 Sun Jan 21 15:58:58 2024 -0600 +++ b/prosody/templates/setup_db.psql.j2 Sun Feb 04 20:27:19 2024 -0600 @@ -1,2 +1,3 @@ -CREATE USER {{prosody_db}} WITH ENCRYPTED PASSWORD '{{prosody_db_pass}}'; +CREATE USER {{prosody_db}}; +ALTER USER {{prosody_db}} WITH PASSWORD '{{prosody_db_pass}}'; CREATE DATABASE {{prosody_db}} ENCODING 'UTF8' LC_COLLATE='C.UTF-8' LC_CTYPE='C.UTF-8' template=template0 OWNER {{prosody_db}}; diff -r ce33bf94045f -r 2e0366f2dcbe rpi-base/defaults/main.yaml --- a/rpi-base/defaults/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/rpi-base/defaults/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -4,6 +4,7 @@ rpi_base_timezone: "America/Chicago" rpi_base_log_size: "100M" rpi_base_apt_packages: + - "mosh" - "avahi-daemon" - "log2ram" - "fail2ban" diff -r ce33bf94045f -r 2e0366f2dcbe unifi/tasks/main.yaml --- a/unifi/tasks/main.yaml Sun Jan 21 15:58:58 2024 -0600 +++ b/unifi/tasks/main.yaml Sun Feb 04 20:27:19 2024 -0600 @@ -13,7 +13,7 @@ - name: install libssl1.1 deb become: yes - apt: deb="http://ports.ubuntu.com/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5_arm64.deb" + apt: deb="http://ports.ubuntu.com/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5_{{arch}}.deb" # To accept codename change: # 1. sudo apt update