Lots of updates.
--- a/adguard-home/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/adguard-home/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -44,7 +44,8 @@
template: src="AdGuardHome.yaml.j2" dest="/etc/AdGuardHome/AdGuardHome.yaml"
notify: restart adguard home
-- stat: "path=/etc/resolv.conf"
+- name: check if resolv.conf exists
+ stat: path="/etc/resolv.conf"
register: sym
- name: replace systemd-resolved conf stub
--- a/certbot-dns-cloudflare/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/certbot-dns-cloudflare/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -21,3 +21,14 @@
mode: "0644"
owner: "root"
group: "root"
+
+- name: check if cert exists
+ become: yes
+ stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem"
+ register: cert
+
+- name: run certbot
+ become: yes
+ command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}"
+ when: not cert.stat.exists
+ changed_when: false
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/aws-s3-backup/files/pleroma-lifecycle.json Sun Jul 25 10:30:51 2021 -0500
@@ -0,0 +1,12 @@
+{
+ "Rules": [
+ {
+ "ID": "expiration",
+ "Filter": {},
+ "Status": "Enabled",
+ "NoncurrentVersionExpiration": {
+ "NoncurrentDays": 30
+ }
+ }
+ ]
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup-lifecycle.json Sun Jul 25 10:30:51 2021 -0500
@@ -0,0 +1,12 @@
+{
+ "Rules": [
+ {
+ "ID": "pleroma-expiration",
+ "Filter": {},
+ "Status": "Enabled",
+ "NoncurrentVersionExpiration": {
+ "NoncurrentDays": 30
+ }
+ }
+ ]
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup.sh Sun Jul 25 10:30:51 2021 -0500
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+INSTANCE=$1
+
+BUCKET="pleroma-${INSTANCE//_/-}-backup"
+BACKUP_DIR="/tmp/s3-backup/$BUCKET"
+BACKUP_TAR="/tmp/s3-backup/$BUCKET.tgz"
+
+DB_NAME="pleroma_$INSTANCE"
+CONFIG="/etc/pleroma/$INSTANCE.config.exs"
+
+UPLOADS_DIR=`grep uploads $CONFIG | cut -d '"' -f 2`
+STATIC_DIR=`grep static $CONFIG | cut -d '"' -f 2`
+
+mkdir -m 775 -p "$BACKUP_DIR/"
+chown root:postgres "$BACKUP_DIR/"
+
+su postgres -c "pg_dump -d $DB_NAME --format=custom -f $BACKUP_DIR/$DB_NAME.pgdump"
+cp $CONFIG "$BACKUP_DIR/"
+cp -r $UPLOADS_DIR "$BACKUP_DIR/"
+cp -r $STATIC_DIR "$BACKUP_DIR/"
+
+tar -zc -f $BACKUP_TAR $BACKUP_DIR
+aws s3 mb "s3://$BUCKET/"
+aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled
+aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/pleroma-s3-backup-lifecycle.json"
+aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
+
+rm $BACKUP_TAR
+rm -r $BACKUP_DIR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dendrite/aws-s3-backup/files/[email protected] Sun Jul 25 10:30:51 2021 -0500
@@ -0,0 +1,9 @@
+[Unit]
+Description=Dendrite s3 backup for instance "%I"
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/dendrite-s3-backup.sh %i
+
+[Install]
+WantedBy=aws-s3-backup.target
--- a/dendrite/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json Sat Jul 24 22:12:04 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-{
- "Rules": [
- {
- "ID": "expiration",
- "Filter": {},
- "Status": "Enabled",
- "NoncurrentVersionExpiration": {
- "NoncurrentDays": 30
- }
- }
- ]
-}
--- a/dendrite/aws-s3-backup/files/writefreely-s3-backup.sh Sat Jul 24 22:12:04 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-BUCKET=$1
-BACKUP_DIR=$2
-BACKUP_TAR="/tmp/$BUCKET.tgz"
-
-tar -zc -f $BACKUP_TAR $BACKUP_DIR
-aws s3 mb "s3://$BUCKET/"
-aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled
-aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/writefreely-s3-backup-lifecycle.json"
-aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
-
-rm $BACKUP_TAR
--- a/dendrite/aws-s3-backup/handlers/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/dendrite/aws-s3-backup/handlers/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -1,5 +1,5 @@
---
-- name: reload s3 backup service
- systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes"
+- name: restart dendrite instance s3 backup
become: yes
+ systemd: name="dendrite-s3-backup@{{dendrite_instance}}.service" enabled="yes" daemon_reload="yes"
--- a/dendrite/aws-s3-backup/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/dendrite/aws-s3-backup/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -1,26 +1,27 @@
---
-- name: create writefreely s3 backup shell script
+- name: create s3 backup shell script
become: yes
copy:
- src: "writefreely-s3-backup.sh"
- dest: "/usr/local/bin/writefreely-s3-backup.sh"
+ src: "dendrite-s3-backup.sh"
+ dest: "/usr/local/bin/dendrite-s3-backup.sh"
mode: "0755"
- name: create s3 backup lifesycle json file
become: yes
copy:
- src: "writefreely-s3-backup-lifecycle.json"
- dest: "/usr/local/share/writefreely-s3-backup-lifecycle.json"
+ src: "dendrite-s3-backup-lifecycle.json"
+ dest: "/usr/local/share/dendrite-s3-backup-lifecycle.json"
mode: "0755"
-- name: configure writefreely s3 backup systemd service
+- name: configure s3 backup systemd service
become: yes
- template:
- src: "[email protected]"
- dest: "/lib/systemd/system/writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service"
- notify: reload s3 backup service
+ copy:
+ src: "[email protected]"
+ dest: "/lib/systemd/system/[email protected]"
+ mode: "0644"
+ notify: restart dendrite instance s3 backup
-- name: ensure writefreely s3 backup service is started
+- name: ensure s3 backup is enabled
become: yes
- systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes"
+ systemd: name="dendrite-s3-backup@{{dendrite_instance}}.service" enabled="yes"
--- a/dendrite/aws-s3-backup/templates/[email protected] Sat Jul 24 22:12:04 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-[Unit]
-Description=Writefreely s3 backup for "%I"
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/writefreely-s3-backup.sh %i "{{writefreely_s3_backup_dir}}"
-
-[Install]
-WantedBy=aws-s3-backup.target
--- a/dendrite/server/defaults/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/dendrite/server/defaults/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -4,9 +4,11 @@
dendrite_version: "0.4.0"
dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz"
dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}"
+dendrite_old_key: false
+dendrite_registration_secret: ""
dendrite_db_user: "dendrite_{{dendrite_instance}}"
dendrite_db: "{{dendrite_db_user}}"
dendrite_dir: "/var/dendrite"
-dendrite_port: "8008"
+dendrite_port: 8008
--- a/dendrite/server/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/dendrite/server/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -2,7 +2,7 @@
- name: add dendrite user
become: yes
- user: name="{{dendrite_user}}"
+ user: name="{{dendrite_user}}" shell="/bin/false" system="yes"
# build
- name: snap install golang
--- a/dendrite/server/templates/dendrite.yaml.j2 Sat Jul 24 22:12:04 2021 -0500
+++ b/dendrite/server/templates/dendrite.yaml.j2 Sun Jul 25 10:30:51 2021 -0500
@@ -44,9 +44,10 @@
# to old signing private keys that were formerly in use on this domain. These
# keys will not be used for federation request or event signing, but will be
# provided to any other homeserver that asks when trying to verify old events.
- old_private_keys:
+ {% if dendrite_old_key %}old_private_keys:
- private_key: old_matrix_key.pem
expired_at: 1626538450
+{% endif %}
# How long a remote server can cache our server signing key before requesting it
# again. Increasing this number will reduce the number of requests made by other
--- a/ergo/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/ergo/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -2,7 +2,7 @@
- name: add ergo user
become: yes
- user: name="ergo"
+ user: name="ergo" shell="/bin/false" system="yes" create_home="no"
- name: download ergo
become: yes
--- a/minecraft/server/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/minecraft/server/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -2,7 +2,7 @@
- name: add minecraft user
become: yes
- user: name="{{minecraft_user}}" home="{{minecraft_parent_dir}}/minecraft"
+ user: name="{{minecraft_user}}" home="{{minecraft_parent_dir}}/minecraft" shell="/bin/false" system="yes"
- name: install adoptopenjdk
include_tasks: adoptopenjdk.yaml
--- a/miniflux/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/miniflux/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -2,7 +2,7 @@
- name: add miniflux user
become: yes
- user: name="miniflux" system="yes" create_home="no"
+ user: name="miniflux" shell="/bin/false" system="yes" create_home="no"
- name: download miniflux
become: yes
--- a/writefreely/server/tasks/main.yaml Sat Jul 24 22:12:04 2021 -0500
+++ b/writefreely/server/tasks/main.yaml Sun Jul 25 10:30:51 2021 -0500
@@ -2,7 +2,7 @@
- name: add writefreely user
become: yes
- user: name="{{writefreely_user}}"
+ user: name="{{writefreely_user}}" shell="/bin/false" system="yes" create_home="no"
- name: unarchive writefreely
become: yes