# HG changeset patch # User Luke Hoersten # Date 1546569973 21600 # Node ID be979818d4834ad25172ff057cef1512e7727006 # Parent 6024861525dbef426a55941a07ed36dcf7ef246e Lots of updates. diff -r 6024861525db -r be979818d483 main.yaml --- a/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ b/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -16,25 +16,22 @@ become: yes timezone: name="UTC" + - name: authorize ssh keys + authorized_key: + user: "ubuntu" + key: "https://github.com/LukeHoersten.keys" + - hosts: pleroma roles: - role: pleroma - pleroma_host: "haskell.social" pleroma_user: "pleroma_haskell_social" + pleroma_link_host: "haskell.social" pleroma_port: 4001 +- hosts: pleroma + roles: - role: pleroma - pleroma_host: "nth.io" pleroma_user: "pleroma_nth_io" + pleroma_link_host: "nth.io" pleroma_port: 4000 - - -# - hosts: haskell.social -# roles: -# - nginx -# - pleroma - -# - hosts: nth.io -# roles: -# - nginx -# - pleroma + pleroma_signup_open: "false" diff -r 6024861525db -r be979818d483 roles/nginx/base/defaults/main.yaml --- a/roles/nginx/base/defaults/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ ---- - -nginx_enable_ssl: No diff -r 6024861525db -r be979818d483 roles/nginx/base/handlers/main.yaml --- a/roles/nginx/base/handlers/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ ---- - -- name: restart nginx - become: yes - systemd: name="nginx" state="restarted" daemon_reload="yes" diff -r 6024861525db -r be979818d483 roles/nginx/base/tasks/certbot.yaml --- a/roles/nginx/base/tasks/certbot.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ ---- - -# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx - -- name: add certbot (letsencrypt) repo - become: yes - apt_repository: repo="ppa:certbot/certbot" - -- name: install nginx packages - become: yes - apt: name="python-certbot-nginx" - notify: restart nginx diff -r 6024861525db -r be979818d483 roles/nginx/base/tasks/main.yaml --- a/roles/nginx/base/tasks/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,17 +0,0 @@ ---- - -- name: install nginx packages - become: yes - apt: name="nginx" - -- name: disable default site - become: yes - file: path="/etc/nginx/sites-enabled/default" state="absent" - notify: restart nginx - -- import_tasks: certbot.yaml - when: nginx_enable_ssl - -- name: enable nginx service - become: yes - systemd: name="nginx" enabled="yes" state="started" diff -r 6024861525db -r be979818d483 roles/nginx/defaults/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/defaults/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -0,0 +1,8 @@ +--- + +nginx_port: 80 +nginx_ssl_port: 443 +nginx_enable_ssl: No +nginx_server_name: "{{ansible_host}}" +nginx_conf_dst: "{{nginx_server_name}}.nginx.conf" +nginx_admin_email: "admin@{{nginx_server_name}}" diff -r 6024861525db -r be979818d483 roles/nginx/handlers/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/handlers/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -0,0 +1,5 @@ +--- + +- name: restart nginx + become: yes + systemd: name="nginx" state="restarted" daemon_reload="yes" diff -r 6024861525db -r be979818d483 roles/nginx/site/defaults/main.yaml --- a/roles/nginx/site/defaults/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,7 +0,0 @@ ---- - -nginx_port: 80 -nginx_ssl_port: 443 -nginx_server_name: "{{ansible_host}}" -nginx_conf_dst: "{{nginx_server_name}}.nginx.conf" -nginx_admin_email: "admin@{{nginx_server_name}}" diff -r 6024861525db -r be979818d483 roles/nginx/site/handlers/main.yaml --- a/roles/nginx/site/handlers/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ ---- - -- name: restart nginx - become: yes - systemd: name="nginx" state="restarted" daemon_reload="yes" diff -r 6024861525db -r be979818d483 roles/nginx/site/meta/main.yaml --- a/roles/nginx/site/meta/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4 +0,0 @@ ---- - -dependencies: - - nginx/base diff -r 6024861525db -r be979818d483 roles/nginx/site/tasks/main.yaml --- a/roles/nginx/site/tasks/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,20 +0,0 @@ ---- - -- name: install site - become: yes - template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}" - notify: restart nginx - -- name: install certbot in nginx - become: yes - command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}" - notify: restart nginx - when: nginx_enable_ssl - -- name: enable site - become: yes - file: - src: "/etc/nginx/sites-available/{{nginx_conf_dst}}" - dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}" - state: "link" - notify: restart nginx diff -r 6024861525db -r be979818d483 roles/nginx/tasks/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/tasks/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -0,0 +1,45 @@ +--- + +- name: install nginx packages + become: yes + apt: name="nginx" + +- name: install site + become: yes + template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}" + notify: restart nginx + +# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx +- name: add certbot (letsencrypt) repo + become: yes + apt_repository: repo="ppa:certbot/certbot" + when: nginx_enable_ssl + +- name: install nginx packages + become: yes + apt: name="python-certbot-nginx" + notify: restart nginx + when: nginx_enable_ssl + +- name: install certbot in nginx + become: yes + command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}" + notify: restart nginx + when: nginx_enable_ssl + +- name: disable default site + become: yes + file: path="/etc/nginx/sites-enabled/default" state="absent" + notify: restart nginx + +- name: enable site + become: yes + file: + src: "/etc/nginx/sites-available/{{nginx_conf_dst}}" + dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}" + state: "link" + notify: restart nginx + +- name: enable nginx service + become: yes + systemd: name="nginx" enabled="yes" state="started" diff -r 6024861525db -r be979818d483 roles/pleroma/defaults/main.yaml --- a/roles/pleroma/defaults/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ b/roles/pleroma/defaults/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -1,12 +1,19 @@ --- pleroma_user: "pleroma" -pleroma_instance_name: "{{pleroma_host}}" -pleroma_desc: "A Pleroma fediverse instance." + pleroma_host: "localhost" +pleroma_port: 4000 pleroma_scheme: "http" -pleroma_port: 4000 -pleroma_url: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}" + +pleroma_proxy_pass: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}" + +pleroma_link_host: "localhost" +pleroma_link_port: "443" +pleroma_link_scheme: "https" + +pleroma_instance_name: "{{pleroma_link_host}}" +pleroma_desc: "A Pleroma fediverse instance." pleroma_admin_email: "admin@{{pleroma_host}}" pleroma_char_limit: 5000 pleroma_signup_open: "true" diff -r 6024861525db -r be979818d483 roles/pleroma/meta/main.yaml --- a/roles/pleroma/meta/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ b/roles/pleroma/meta/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -1,4 +1,4 @@ --- dependencies: - - nginx/site + - nginx diff -r 6024861525db -r be979818d483 roles/pleroma/tasks/main.yaml --- a/roles/pleroma/tasks/main.yaml Wed Jan 02 23:24:27 2019 -0600 +++ b/roles/pleroma/tasks/main.yaml Thu Jan 03 20:46:13 2019 -0600 @@ -67,7 +67,7 @@ - "mix local.hex --force" - "mix local.rebar --force" - "mix deps.get" - - "mix ecto.migrate" + # - "mix ecto.migrate" notify: restart pleroma environment: MIX_ENV: "prod" diff -r 6024861525db -r be979818d483 roles/pleroma/templates/pleroma.nginx.conf.j2 --- a/roles/pleroma/templates/pleroma.nginx.conf.j2 Wed Jan 02 23:24:27 2019 -0600 +++ b/roles/pleroma/templates/pleroma.nginx.conf.j2 Thu Jan 03 20:46:13 2019 -0600 @@ -6,12 +6,12 @@ # 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it # in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx. -proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g +proxy_cache_path /tmp/{{pleroma_user}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_user}}-pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off; server { listen {{nginx_port}}; - listen [::]:{{nginx_port}}; + # listen [::]:{{nginx_port}}; server_name {{nginx_server_name}}; return 301 https://$server_name$request_uri; @@ -30,7 +30,7 @@ server { listen {{nginx_ssl_port}} ssl http2; - listen [::]:{{nginx_ssl_port}} ssl ipv6only=on; + # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on; server_name {{nginx_server_name}}; ssl_certificate /etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem; @@ -81,15 +81,15 @@ proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; - proxy_pass {{pleroma_url}}; + proxy_pass {{pleroma_proxy_pass}}; client_max_body_size 16m; } location /proxy { - proxy_cache pleroma_media_cache; + proxy_cache {{pleroma_user}}-pleroma_media_cache; proxy_cache_lock on; proxy_ignore_client_abort on; - proxy_pass {{pleroma_url}}; + proxy_pass {{pleroma_proxy_pass}}; } } diff -r 6024861525db -r be979818d483 roles/pleroma/templates/pleroma.service.j2 --- a/roles/pleroma/templates/pleroma.service.j2 Wed Jan 02 23:24:27 2019 -0600 +++ b/roles/pleroma/templates/pleroma.service.j2 Thu Jan 03 20:46:13 2019 -0600 @@ -9,6 +9,7 @@ WorkingDirectory=/home/{{pleroma_user}}/pleroma Environment="HOME=/home/{{pleroma_user}}" Environment="MIX_ENV=prod" +Environment="PLUG_TMPDIR=/tmp/{{pleroma_user}}" ExecStart=/usr/local/bin/mix phx.server ExecReload=/bin/kill $MAINPID KillMode=process diff -r 6024861525db -r be979818d483 roles/pleroma/templates/prod.secret.exs.j2 --- a/roles/pleroma/templates/prod.secret.exs.j2 Wed Jan 02 23:24:27 2019 -0600 +++ b/roles/pleroma/templates/prod.secret.exs.j2 Thu Jan 03 20:46:13 2019 -0600 @@ -1,7 +1,7 @@ use Mix.Config config :pleroma, Pleroma.Web.Endpoint, - url: [host: "{{pleroma_host}}", scheme: "{{pleroma_scheme}}", port: 443], + url: [host: "{{pleroma_link_host}}", scheme: "{{pleroma_link_scheme}}", port: {{pleroma_link_port}}], http: [port: {{pleroma_port}}], secret_key_base: "{{pleroma_secret_key}}" @@ -10,8 +10,10 @@ description: "{{pleroma_desc}}", email: "{{pleroma_admin_email}}", limit: {{pleroma_char_limit}}, - registrations_open: {{pleroma_signup_open}}, - dedupe_media: true + registrations_open: {{pleroma_signup_open}} + +config :pleroma, Pleroma.Upload, + filters: [Pleroma.Upload.Filter.Dedupe] config :pleroma, :media_proxy, enabled: false,