# HG changeset patch # User Luke Hoersten # Date 1627227051 18000 # Node ID 431c6d5e5dd4b0e7c48ce516c31b9272a34e9114 # Parent 82f2bcbc5aca349e5a60123c1676269cece631c3 Lots of updates. diff -r 82f2bcbc5aca -r 431c6d5e5dd4 adguard-home/tasks/main.yaml --- a/adguard-home/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/adguard-home/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -44,7 +44,8 @@ template: src="AdGuardHome.yaml.j2" dest="/etc/AdGuardHome/AdGuardHome.yaml" notify: restart adguard home -- stat: "path=/etc/resolv.conf" +- name: check if resolv.conf exists + stat: path="/etc/resolv.conf" register: sym - name: replace systemd-resolved conf stub diff -r 82f2bcbc5aca -r 431c6d5e5dd4 certbot-dns-cloudflare/tasks/main.yaml --- a/certbot-dns-cloudflare/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/certbot-dns-cloudflare/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -21,3 +21,14 @@ mode: "0644" owner: "root" group: "root" + +- name: check if cert exists + become: yes + stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem" + register: cert + +- name: run certbot + become: yes + command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}" + when: not cert.stat.exists + changed_when: false diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/files/pleroma-lifecycle.json --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dendrite/aws-s3-backup/files/pleroma-lifecycle.json Sun Jul 25 10:30:51 2021 -0500 @@ -0,0 +1,12 @@ +{ + "Rules": [ + { + "ID": "expiration", + "Filter": {}, + "Status": "Enabled", + "NoncurrentVersionExpiration": { + "NoncurrentDays": 30 + } + } + ] +} diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/files/pleroma-s3-backup-lifecycle.json --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup-lifecycle.json Sun Jul 25 10:30:51 2021 -0500 @@ -0,0 +1,12 @@ +{ + "Rules": [ + { + "ID": "pleroma-expiration", + "Filter": {}, + "Status": "Enabled", + "NoncurrentVersionExpiration": { + "NoncurrentDays": 30 + } + } + ] +} diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/files/pleroma-s3-backup.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup.sh Sun Jul 25 10:30:51 2021 -0500 @@ -0,0 +1,30 @@ +#!/bin/bash + +INSTANCE=$1 + +BUCKET="pleroma-${INSTANCE//_/-}-backup" +BACKUP_DIR="/tmp/s3-backup/$BUCKET" +BACKUP_TAR="/tmp/s3-backup/$BUCKET.tgz" + +DB_NAME="pleroma_$INSTANCE" +CONFIG="/etc/pleroma/$INSTANCE.config.exs" + +UPLOADS_DIR=`grep uploads $CONFIG | cut -d '"' -f 2` +STATIC_DIR=`grep static $CONFIG | cut -d '"' -f 2` + +mkdir -m 775 -p "$BACKUP_DIR/" +chown root:postgres "$BACKUP_DIR/" + +su postgres -c "pg_dump -d $DB_NAME --format=custom -f $BACKUP_DIR/$DB_NAME.pgdump" +cp $CONFIG "$BACKUP_DIR/" +cp -r $UPLOADS_DIR "$BACKUP_DIR/" +cp -r $STATIC_DIR "$BACKUP_DIR/" + +tar -zc -f $BACKUP_TAR $BACKUP_DIR +aws s3 mb "s3://$BUCKET/" +aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled +aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/pleroma-s3-backup-lifecycle.json" +aws s3 cp $BACKUP_TAR "s3://$BUCKET/" + +rm $BACKUP_TAR +rm -r $BACKUP_DIR diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/files/pleroma-s3-backup@.service --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup@.service Sun Jul 25 10:30:51 2021 -0500 @@ -0,0 +1,9 @@ +[Unit] +Description=Dendrite s3 backup for instance "%I" + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/dendrite-s3-backup.sh %i + +[Install] +WantedBy=aws-s3-backup.target diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json --- a/dendrite/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json Sat Jul 24 22:12:04 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -{ - "Rules": [ - { - "ID": "expiration", - "Filter": {}, - "Status": "Enabled", - "NoncurrentVersionExpiration": { - "NoncurrentDays": 30 - } - } - ] -} diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/files/writefreely-s3-backup.sh --- a/dendrite/aws-s3-backup/files/writefreely-s3-backup.sh Sat Jul 24 22:12:04 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,13 +0,0 @@ -#!/bin/bash - -BUCKET=$1 -BACKUP_DIR=$2 -BACKUP_TAR="/tmp/$BUCKET.tgz" - -tar -zc -f $BACKUP_TAR $BACKUP_DIR -aws s3 mb "s3://$BUCKET/" -aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled -aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/writefreely-s3-backup-lifecycle.json" -aws s3 cp $BACKUP_TAR "s3://$BUCKET/" - -rm $BACKUP_TAR diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/handlers/main.yaml --- a/dendrite/aws-s3-backup/handlers/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/dendrite/aws-s3-backup/handlers/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -1,5 +1,5 @@ --- -- name: reload s3 backup service - systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes" +- name: restart dendrite instance s3 backup become: yes + systemd: name="dendrite-s3-backup@{{dendrite_instance}}.service" enabled="yes" daemon_reload="yes" diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/meta/main.yaml diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/tasks/main.yaml --- a/dendrite/aws-s3-backup/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/dendrite/aws-s3-backup/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -1,26 +1,27 @@ --- -- name: create writefreely s3 backup shell script +- name: create s3 backup shell script become: yes copy: - src: "writefreely-s3-backup.sh" - dest: "/usr/local/bin/writefreely-s3-backup.sh" + src: "dendrite-s3-backup.sh" + dest: "/usr/local/bin/dendrite-s3-backup.sh" mode: "0755" - name: create s3 backup lifesycle json file become: yes copy: - src: "writefreely-s3-backup-lifecycle.json" - dest: "/usr/local/share/writefreely-s3-backup-lifecycle.json" + src: "dendrite-s3-backup-lifecycle.json" + dest: "/usr/local/share/dendrite-s3-backup-lifecycle.json" mode: "0755" -- name: configure writefreely s3 backup systemd service +- name: configure s3 backup systemd service become: yes - template: - src: "writefreely-s3-backup@.service.j2" - dest: "/lib/systemd/system/writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" - notify: reload s3 backup service + copy: + src: "dendrite-s3-backup@.service" + dest: "/lib/systemd/system/dendrite-s3-backup@.service" + mode: "0644" + notify: restart dendrite instance s3 backup -- name: ensure writefreely s3 backup service is started +- name: ensure s3 backup is enabled become: yes - systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes" + systemd: name="dendrite-s3-backup@{{dendrite_instance}}.service" enabled="yes" diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/aws-s3-backup/templates/writefreely-s3-backup@.service.j2 --- a/dendrite/aws-s3-backup/templates/writefreely-s3-backup@.service.j2 Sat Jul 24 22:12:04 2021 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ -[Unit] -Description=Writefreely s3 backup for "%I" - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/writefreely-s3-backup.sh %i "{{writefreely_s3_backup_dir}}" - -[Install] -WantedBy=aws-s3-backup.target diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/server/defaults/main.yaml --- a/dendrite/server/defaults/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/dendrite/server/defaults/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -4,9 +4,11 @@ dendrite_version: "0.4.0" dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz" dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}" +dendrite_old_key: false +dendrite_registration_secret: "" dendrite_db_user: "dendrite_{{dendrite_instance}}" dendrite_db: "{{dendrite_db_user}}" dendrite_dir: "/var/dendrite" -dendrite_port: "8008" +dendrite_port: 8008 diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/server/tasks/main.yaml --- a/dendrite/server/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/dendrite/server/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -2,7 +2,7 @@ - name: add dendrite user become: yes - user: name="{{dendrite_user}}" + user: name="{{dendrite_user}}" shell="/bin/false" system="yes" # build - name: snap install golang diff -r 82f2bcbc5aca -r 431c6d5e5dd4 dendrite/server/templates/dendrite.yaml.j2 --- a/dendrite/server/templates/dendrite.yaml.j2 Sat Jul 24 22:12:04 2021 -0500 +++ b/dendrite/server/templates/dendrite.yaml.j2 Sun Jul 25 10:30:51 2021 -0500 @@ -44,9 +44,10 @@ # to old signing private keys that were formerly in use on this domain. These # keys will not be used for federation request or event signing, but will be # provided to any other homeserver that asks when trying to verify old events. - old_private_keys: + {% if dendrite_old_key %}old_private_keys: - private_key: old_matrix_key.pem expired_at: 1626538450 +{% endif %} # How long a remote server can cache our server signing key before requesting it # again. Increasing this number will reduce the number of requests made by other diff -r 82f2bcbc5aca -r 431c6d5e5dd4 ergo/tasks/main.yaml --- a/ergo/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/ergo/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -2,7 +2,7 @@ - name: add ergo user become: yes - user: name="ergo" + user: name="ergo" shell="/bin/false" system="yes" create_home="no" - name: download ergo become: yes diff -r 82f2bcbc5aca -r 431c6d5e5dd4 minecraft/server/tasks/main.yaml --- a/minecraft/server/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/minecraft/server/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -2,7 +2,7 @@ - name: add minecraft user become: yes - user: name="{{minecraft_user}}" home="{{minecraft_parent_dir}}/minecraft" + user: name="{{minecraft_user}}" home="{{minecraft_parent_dir}}/minecraft" shell="/bin/false" system="yes" - name: install adoptopenjdk include_tasks: adoptopenjdk.yaml diff -r 82f2bcbc5aca -r 431c6d5e5dd4 miniflux/tasks/main.yaml --- a/miniflux/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/miniflux/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -2,7 +2,7 @@ - name: add miniflux user become: yes - user: name="miniflux" system="yes" create_home="no" + user: name="miniflux" shell="/bin/false" system="yes" create_home="no" - name: download miniflux become: yes diff -r 82f2bcbc5aca -r 431c6d5e5dd4 writefreely/server/tasks/main.yaml --- a/writefreely/server/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500 +++ b/writefreely/server/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500 @@ -2,7 +2,7 @@ - name: add writefreely user become: yes - user: name="{{writefreely_user}}" + user: name="{{writefreely_user}}" shell="/bin/false" system="yes" create_home="no" - name: unarchive writefreely become: yes