Moved roles to top level dir.
authorLuke Hoersten <luke@hoersten.org>
Sun, 09 Feb 2020 12:08:03 -0600
changeset 93 976670b2ca63
parent 92 d4924111ce28
child 94 7082ab4828c5
Moved roles to top level dir.
Vagrantfile
nginx/defaults/main.yaml
nginx/handlers/main.yaml
nginx/tasks/main.yaml
pleroma-otp/defaults/main.yaml
pleroma-otp/files/pleroma-s3-backup.sh
pleroma-otp/files/[email protected]
pleroma-otp/files/[email protected]
pleroma-otp/handlers/main.yaml
pleroma-otp/tasks/main.yaml
pleroma-otp/tasks/s3-backup.yaml
pleroma-otp/templates/config.exs.j2
pleroma-otp/templates/pleroma.cloudflare.nginx.conf.j2
pleroma-otp/templates/pleroma.nginx.conf.j2
pleroma-otp/templates/setup_db.psql.j2
postgresql/defaults/main.yaml
postgresql/handlers/main.yaml
postgresql/tasks/main.yaml
roles/nginx/defaults/main.yaml
roles/nginx/handlers/main.yaml
roles/nginx/tasks/main.yaml
roles/pleroma-otp/defaults/main.yaml
roles/pleroma-otp/files/pleroma-s3-backup.sh
roles/pleroma-otp/files/[email protected]
roles/pleroma-otp/files/[email protected]
roles/pleroma-otp/handlers/main.yaml
roles/pleroma-otp/tasks/main.yaml
roles/pleroma-otp/tasks/s3-backup.yaml
roles/pleroma-otp/templates/config.exs.j2
roles/pleroma-otp/templates/pleroma.cloudflare.nginx.conf.j2
roles/pleroma-otp/templates/pleroma.nginx.conf.j2
roles/pleroma-otp/templates/setup_db.psql.j2
roles/postgresql/defaults/main.yaml
roles/postgresql/handlers/main.yaml
roles/postgresql/tasks/main.yaml
--- a/Vagrantfile	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "ubuntu/bionic64"
-
-  config.vm.network "forwarded_port", guest: 4000, host: 4000
-  config.vm.network "forwarded_port", guest: 80, host: 8080
-  # config.vm.synced_folder "../data", "/vagrant_data"
-
-  # config.vm.provider "virtualbox" do |vb|
-  #   # Display the VirtualBox GUI when booting the machine
-  #   vb.gui = true
-  #
-  #   # Customize the amount of memory on the VM:
-  #   vb.memory = "1024"
-  # end
-
-  config.vm.provision "ansible" do |ansible|
-    ansible.limit = "all,localhost"
-    # ansible.verbose = "vvv"
-    ansible.playbook = "main.yaml"
-    ansible.compatibility_mode = "2.0"
-  end
-end
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nginx/defaults/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,10 @@
+---
+
+nginx_port: 80
+nginx_ssl_port: 443
+nginx_ssl_cert: "/etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem"
+nginx_ssl_privkey: "/etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem"
+nginx_enable_certbot: No
+nginx_server_name: "{{ansible_host}}"
+nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
+nginx_admin_email: "[email protected]{{nginx_server_name}}"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nginx/handlers/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+  become: yes
+  systemd: name="nginx" state="restarted" daemon_reload="yes"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nginx/tasks/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,39 @@
+---
+
+- name: install nginx packages
+  become: yes
+  apt: name="nginx"
+
+- name: install site
+  become: yes
+  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
+  notify: restart nginx
+
+- name: install nginx packages
+  become: yes
+  apt: name="python-certbot-nginx"
+  notify: restart nginx
+  when: nginx_enable_certbot
+
+- name: install certbot in nginx
+  become: yes
+  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
+  changed_when: false
+  when: nginx_enable_certbot
+
+- name: disable default site
+  become: yes
+  file: path="/etc/nginx/sites-enabled/default" state="absent"
+  notify: restart nginx
+
+- name: enable site
+  become: yes
+  file:
+    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
+    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+    state: "link"
+  notify: restart nginx
+
+- name: enable nginx service
+  become: yes
+  systemd: name="nginx" enabled="yes" state="started"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/defaults/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,28 @@
+---
+
+pleroma_host: "localhost"
+pleroma_port: 4000
+pleroma_scheme: "http"
+
+pleroma_proxy_pass: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
+
+pleroma_link_host: "localhost"
+pleroma_link_port: "443"
+pleroma_link_scheme: "https"
+
+pleroma_instance_name: "{{pleroma_link_host}}"
+pleroma_desc: "A Pleroma fediverse instance."
+pleroma_admin_email: "[email protected]{{pleroma_link_host}}"
+pleroma_char_limit: 5000
+pleroma_signup_open: "true"
+pleroma_db_host: "localhost"
+pleroma_db_superuser: "postgres"
+
+pleroma_download_url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{pleroma_flavor}}"
+
+pleroma_db: "pleroma_{{pleroma_instance}}"
+pleroma_db_user: "pleroma_{{pleroma_instance}}"
+pleroma_data_dir: "/var/lib/pleroma/instance_data"
+
+pleroma_s3_backup_enabled: true
+pleroma_cleanup_tmp: false
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/files/pleroma-s3-backup.sh	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+INSTANCE=$1
+DATE=`date --iso-8601`
+
+BUCKET="pleroma-${INSTANCE//_/-}-backup"
+BACKUP_DIR="/tmp/s3-backup/$BUCKET"
+BACKUP_TAR="/tmp/s3-backup/$BUCKET-$DATE.tgz"
+
+DB_NAME="pleroma_$INSTANCE"
+CONFIG="/etc/pleroma/$INSTANCE.config.exs"
+
+UPLOADS_DIR=`grep uploads $CONFIG | cut -d '"' -f 2`
+STATIC_DIR=`grep static $CONFIG | cut -d '"' -f 2`
+
+mkdir -m 775 -p "$BACKUP_DIR/"
+chown root:postgres "$BACKUP_DIR/"
+
+su postgres -c "pg_dump -d $DB_NAME --format=custom -f $BACKUP_DIR/$DB_NAME.pgdump"
+cp $CONFIG "$BACKUP_DIR/"
+cp -r $UPLOADS_DIR "$BACKUP_DIR/"
+cp -r $STATIC_DIR "$BACKUP_DIR/"
+
+tar -zc -f $BACKUP_TAR $BACKUP_DIR
+aws s3 mb "s3://$BUCKET/"
+aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/files/[email protected]	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,9 @@
+[Unit]
+Description=Pleroma s3 backup for instance "%I"
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/pleroma-s3-backup.sh %i
+
+[Install]
+WantedBy=aws-s3-backup.target
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/files/[email protected]	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,35 @@
+[Unit]
+Description=Pleroma social network instance "%I"
+After=network.target postgresql.service nginx.service
+
+[Service]
+User=pleroma
+WorkingDirectory=/opt/pleroma
+
+Environment="HOME=/opt/pleroma"
+Environment="PLEROMA_CONFIG_PATH=/etc/pleroma/%i.config.exs"
+Environment="PLUG_TMPDIR=/tmp/%i"
+Environment="RELEASE_NODE=%[email protected]"
+
+ExecStart=/opt/pleroma/bin/pleroma start
+ExecReload=/opt/pleroma/bin/pleroma stop
+
+KillMode=process
+Restart=on-failure
+
+; Some security directives.
+; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
+PrivateTmp=true
+; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
+ProtectHome=true
+; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
+ProtectSystem=full
+; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
+PrivateDevices=false
+; Ensures that the service process and all its children can never gain new privileges through execve().
+NoNewPrivileges=true
+; Drops the sysadmin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/handlers/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,9 @@
+---
+
+- name: restart pleroma instance
+  become: yes
+  systemd: name="[email protected]{{pleroma_instance}}.service" state="restarted" daemon_reload="yes"
+
+- name: restart pleroma instance s3 backup
+  become: yes
+  systemd: name="[email protected]{{pleroma_instance}}.service" enabled="yes" daemon_reload="yes"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/tasks/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,102 @@
+---
+
+- name: add users
+  become: yes
+  user: name="pleroma" shell="/bin/false" home="/opt/pleroma" system="yes"
+
+- name: create config and data directory
+  become: yes
+  file:
+    path: "{{item}}"
+    state: "directory"
+    mode: "0755"
+  with_items:
+    - "{{pleroma_data_dir}}"
+    - "/etc/pleroma"
+    - "/opt/pleroma"
+
+- name: install pleroma config
+  template:
+    src: "config.exs.j2"
+    dest: "/etc/pleroma/{{pleroma_instance}}.config.exs"
+    owner: "pleroma"
+    group: "pleroma"
+    mode: "0600"
+  become: yes
+  notify: restart pleroma instance
+
+- name: create instance data directory
+  become: yes
+  file:
+    path: "{{item}}"
+    state: "directory"
+    owner: "pleroma"
+    group: "pleroma"
+    mode: "0755"
+  with_items:
+    - "{{pleroma_data_dir}}/{{pleroma_instance}}"
+    - "{{pleroma_data_dir}}/{{pleroma_instance}}/uploads"
+    - "{{pleroma_data_dir}}/{{pleroma_instance}}/static"
+    - "{{pleroma_data_dir}}/{{pleroma_instance}}/static/emoji"
+
+- name: install pleroma db schema file
+  become: yes
+  template:
+    src: "setup_db.psql.j2"
+    dest: "/tmp/setup_db_{{pleroma_instance}}.psql"
+    owner: "{{pleroma_db_superuser}}"
+    group: "{{pleroma_db_superuser}}"
+    mode: "0600"
+  changed_when: false
+
+- name: install pleroma psql
+  become: yes
+  become_user: "{{pleroma_db_superuser}}"
+  command: "psql -f /tmp/setup_db_{{pleroma_instance}}.psql"
+  changed_when: false
+
+- name: download and unarchive pleroma release
+  become: yes
+  unarchive:
+    src: "{{pleroma_download_url}}"
+    dest: "/tmp/"
+    remote_src: yes
+    creates: "/tmp/release"
+  notify: restart pleroma instance
+
+- name: install pleroma release
+  become: yes
+  copy: remote_src="True" src="/tmp/release/" dest="/opt/pleroma/" owner="pleroma" group="pleroma"
+  notify: restart pleroma instance
+
+- name: remove tmp release folder
+  become: yes
+  file: path="{{item}}" state="absent"
+  with_items:
+    - "/tmp/setup_db.psql"
+    - "/tmp/release/"
+  when: pleroma_cleanup_tmp
+
+- import_tasks: s3-backup.yaml
+  when: pleroma_s3_backup_enabled
+
+- name: configure pleroma systemd service
+  become: yes
+  copy:
+    src: "[email protected]"
+    dest: "/lib/systemd/system/[email protected]"
+  notify: restart pleroma instance
+
+- name: ensure pleroma instance is enabled and started
+  become: yes
+  systemd: name="[email protected]{{pleroma_instance}}.service" enabled="yes" state="started"
+
+- name: migrate db
+  become: yes
+  become_user: "pleroma"
+  command: "/opt/pleroma/bin/pleroma_ctl migrate"
+  args:
+    chdir: "/opt/pleroma/"
+  environment:
+    PLEROMA_CONFIG_PATH: "/etc/pleroma/{{pleroma_instance}}.config.exs"
+  changed_when: false
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/tasks/s3-backup.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,20 @@
+---
+
+- name: create s3 backup shell script
+  become: yes
+  copy:
+    src: "pleroma-s3-backup.sh"
+    dest: "/usr/local/bin/pleroma-s3-backup.sh"
+    mode: "0755"
+
+- name: configure s3 backup systemd service
+  become: yes
+  copy:
+    src: "[email protected]"
+    dest: "/lib/systemd/system/[email protected]"
+    mode: "0644"
+  notify: restart pleroma instance s3 backup
+
+- name: ensure s3 backup is enabled
+  become: yes
+  systemd: name="[email protected]{{pleroma_instance}}.service" enabled="yes"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/templates/config.exs.j2	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,44 @@
+import Config
+
+config :pleroma, Pleroma.Web.Endpoint,
+  url: [host: "{{pleroma_link_host}}", scheme: "{{pleroma_link_scheme}}", port: {{pleroma_link_port}}],
+  http: [port: {{pleroma_port}}, ip: {127, 0, 0, 1}],
+  secret_key_base: "{{pleroma_secret_key}}",
+  secure_cookie_flag: true
+
+config :pleroma, :http_security,
+  enabled: true,
+  sts: true,
+  referrer_policy: "same-origin"
+
+config :pleroma, :instance,
+  name: "{{pleroma_instance_name}}",
+  description: "{{pleroma_desc}}",
+  email: "{{pleroma_admin_email}}",
+  limit: {{pleroma_char_limit}},
+  registrations_open: {{pleroma_signup_open}},
+  invites_enabled: {{pleroma_invites_enabled}},
+  static_dir: "{{pleroma_data_dir}}/{{pleroma_instance}}/static/"
+
+config :pleroma, Pleroma.Upload,
+  uploader: Pleroma.Uploaders.Local,
+  filters: [Pleroma.Upload.Filter.Dedupe]
+
+config :pleroma, Pleroma.Uploaders.Local,
+  uploads: "{{pleroma_data_dir}}/{{pleroma_instance}}/uploads/"
+
+config :pleroma, :media_proxy,
+  enabled: false,
+  redirect_on_failure: true
+  #base_url: "https://cache.pleroma.social"
+
+# Configure your database
+config :pleroma, Pleroma.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: "{{pleroma_db_user}}",
+  password: "{{pleroma_db_passwd}}",
+  database: "{{pleroma_db}}",
+  hostname: "{{pleroma_db_host}}",
+  pool_size: 10,
+  timeout: 60000,
+  pool_timeout: 60000
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/templates/pleroma.cloudflare.nginx.conf.j2	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,74 @@
+# default nginx site config for Pleroma
+#
+# Simple installation instructions:
+# 1. Install your TLS certificate, possibly using Let's Encrypt.
+# 2. Replace 'example.tld' with your instance's domain wherever it appears.
+# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
+#    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
+
+proxy_cache_path /tmp/{{pleroma_instance}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_instance}}-pleroma_media_cache:10m max_size=10g
+                 inactive=720m use_temp_path=off;
+
+server {
+    listen {{nginx_port}};
+    # listen [::]:{{nginx_port}};
+    server_name {{nginx_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+# Enable SSL session caching for improved performance
+ssl_session_cache shared:ssl_session_cache:10m;
+
+server {
+    listen {{nginx_ssl_port}} ssl http2;
+    # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
+
+    # the nginx default is 1m, not enough for large media uploads
+    client_max_body_size 16m;
+
+    location / {
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy same-origin;
+        add_header X-Download-Options noopen;
+
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+
+        proxy_pass {{pleroma_proxy_pass}};
+
+        client_max_body_size 16m;
+    }
+
+    location /proxy {
+        proxy_cache {{pleroma_instance}}-pleroma_media_cache;
+        proxy_cache_lock on;
+        proxy_ignore_client_abort on;
+        proxy_pass {{pleroma_proxy_pass}};
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/templates/pleroma.nginx.conf.j2	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,74 @@
+# default nginx site config for Pleroma
+#
+# Simple installation instructions:
+# 1. Install your TLS certificate, possibly using Let's Encrypt.
+# 2. Replace 'example.tld' with your instance's domain wherever it appears.
+# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
+#    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
+
+proxy_cache_path /tmp/{{pleroma_instance}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_instance}}-pleroma_media_cache:10m max_size=10g
+                 inactive=720m use_temp_path=off;
+
+server {
+    listen {{nginx_port}};
+    # listen [::]:{{nginx_port}};
+    server_name {{nginx_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+# Enable SSL session caching for improved performance
+ssl_session_cache shared:ssl_session_cache:10m;
+
+server {
+    listen {{nginx_ssl_port}} ssl http2;
+    # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
+
+    # the nginx default is 1m, not enough for large media uploads
+    client_max_body_size 16m;
+
+    location / {
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy same-origin;
+        add_header X-Download-Options noopen;
+
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+
+        proxy_pass {{pleroma_proxy_pass}};
+
+        client_max_body_size 16m;
+    }
+
+    location /proxy {
+        proxy_cache {{pleroma_instance}}-pleroma_media_cache;
+        proxy_cache_lock on;
+        proxy_ignore_client_abort on;
+        proxy_pass {{pleroma_proxy_pass}};
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pleroma-otp/templates/setup_db.psql.j2	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,7 @@
+CREATE USER {{pleroma_db_user}} WITH ENCRYPTED PASSWORD '{{pleroma_db_passwd}}';
+CREATE DATABASE {{pleroma_db}} WITH OWNER {{pleroma_db_user}};
+\c {{pleroma_db}};
+--Extensions made by ecto.migrate that need superuser access
+CREATE EXTENSION IF NOT EXISTS citext;
+CREATE EXTENSION IF NOT EXISTS pg_trgm;
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postgresql/defaults/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,10 @@
+---
+
+postgresql_version: "11"
+postgresql_config_path: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf"
+postgresql_data_dir: "/var/lib/postgresql/{{postgresql_version}}/main"
+postgresql_apt_packages:
+  - "postgresql-{{postgresql_version}}"
+  - "pgcli"
+  - "postgresql-client"
+  - "postgresql-common"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postgresql/handlers/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart postgres
+  become: yes
+  systemd: name="postgresql" state="restarted" daemon_reload="yes"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postgresql/tasks/main.yaml	Sun Feb 09 12:08:03 2020 -0600
@@ -0,0 +1,27 @@
+---
+
+- name: install postgresql
+  become: yes
+  apt: name="{{postgresql_apt_packages}}"
+
+- name: configure postgresql data dir
+  become: yes
+  lineinfile:
+    path: "{{postgresql_config_path}}"
+    regexp: "^data_directory = "
+    line: "data_directory = '{{postgresql_data_dir}}'"
+  notify: restart postgres
+
+- name: create postgresql data dir
+  become: yes
+  file:
+    path: "{{postgresql_data_dir}}"
+    state: "directory"
+    mode: "0700"
+    owner: "postgres"
+    group: "postgres"
+  notify: restart postgres
+
+- name: ensure postgresql is started
+  become: yes
+  systemd: name="postgresql" enabled="yes" state="started"
--- a/roles/nginx/defaults/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
----
-
-nginx_port: 80
-nginx_ssl_port: 443
-nginx_ssl_cert: "/etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem"
-nginx_ssl_privkey: "/etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem"
-nginx_enable_certbot: No
-nginx_server_name: "{{ansible_host}}"
-nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
-nginx_admin_email: "[email protected]{{nginx_server_name}}"
--- a/roles/nginx/handlers/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
----
-
-- name: restart nginx
-  become: yes
-  systemd: name="nginx" state="restarted" daemon_reload="yes"
--- a/roles/nginx/tasks/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
----
-
-- name: install nginx packages
-  become: yes
-  apt: name="nginx"
-
-- name: install site
-  become: yes
-  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
-  notify: restart nginx
-
-- name: install nginx packages
-  become: yes
-  apt: name="python-certbot-nginx"
-  notify: restart nginx
-  when: nginx_enable_certbot
-
-- name: install certbot in nginx
-  become: yes
-  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
-  changed_when: false
-  when: nginx_enable_certbot
-
-- name: disable default site
-  become: yes
-  file: path="/etc/nginx/sites-enabled/default" state="absent"
-  notify: restart nginx
-
-- name: enable site
-  become: yes
-  file:
-    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
-    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
-    state: "link"
-  notify: restart nginx
-
-- name: enable nginx service
-  become: yes
-  systemd: name="nginx" enabled="yes" state="started"
--- a/roles/pleroma-otp/defaults/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
----
-
-pleroma_host: "localhost"
-pleroma_port: 4000
-pleroma_scheme: "http"
-
-pleroma_proxy_pass: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
-
-pleroma_link_host: "localhost"
-pleroma_link_port: "443"
-pleroma_link_scheme: "https"
-
-pleroma_instance_name: "{{pleroma_link_host}}"
-pleroma_desc: "A Pleroma fediverse instance."
-pleroma_admin_email: "[email protected]{{pleroma_link_host}}"
-pleroma_char_limit: 5000
-pleroma_signup_open: "true"
-pleroma_db_host: "localhost"
-pleroma_db_superuser: "postgres"
-
-pleroma_download_url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{pleroma_flavor}}"
-
-pleroma_db: "pleroma_{{pleroma_instance}}"
-pleroma_db_user: "pleroma_{{pleroma_instance}}"
-pleroma_data_dir: "/var/lib/pleroma/instance_data"
-
-pleroma_s3_backup_enabled: true
-pleroma_cleanup_tmp: false
--- a/roles/pleroma-otp/files/pleroma-s3-backup.sh	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-INSTANCE=$1
-DATE=`date --iso-8601`
-
-BUCKET="pleroma-${INSTANCE//_/-}-backup"
-BACKUP_DIR="/tmp/s3-backup/$BUCKET"
-BACKUP_TAR="/tmp/s3-backup/$BUCKET-$DATE.tgz"
-
-DB_NAME="pleroma_$INSTANCE"
-CONFIG="/etc/pleroma/$INSTANCE.config.exs"
-
-UPLOADS_DIR=`grep uploads $CONFIG | cut -d '"' -f 2`
-STATIC_DIR=`grep static $CONFIG | cut -d '"' -f 2`
-
-mkdir -m 775 -p "$BACKUP_DIR/"
-chown root:postgres "$BACKUP_DIR/"
-
-su postgres -c "pg_dump -d $DB_NAME --format=custom -f $BACKUP_DIR/$DB_NAME.pgdump"
-cp $CONFIG "$BACKUP_DIR/"
-cp -r $UPLOADS_DIR "$BACKUP_DIR/"
-cp -r $STATIC_DIR "$BACKUP_DIR/"
-
-tar -zc -f $BACKUP_TAR $BACKUP_DIR
-aws s3 mb "s3://$BUCKET/"
-aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
--- a/roles/pleroma-otp/files/[email protected]	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-[Unit]
-Description=Pleroma s3 backup for instance "%I"
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/pleroma-s3-backup.sh %i
-
-[Install]
-WantedBy=aws-s3-backup.target
--- a/roles/pleroma-otp/files/[email protected]	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-[Unit]
-Description=Pleroma social network instance "%I"
-After=network.target postgresql.service nginx.service
-
-[Service]
-User=pleroma
-WorkingDirectory=/opt/pleroma
-
-Environment="HOME=/opt/pleroma"
-Environment="PLEROMA_CONFIG_PATH=/etc/pleroma/%i.config.exs"
-Environment="PLUG_TMPDIR=/tmp/%i"
-Environment="RELEASE_NODE=%[email protected]"
-
-ExecStart=/opt/pleroma/bin/pleroma start
-ExecReload=/opt/pleroma/bin/pleroma stop
-
-KillMode=process
-Restart=on-failure
-
-; Some security directives.
-; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
-PrivateTmp=true
-; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
-ProtectHome=true
-; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
-ProtectSystem=full
-; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
-PrivateDevices=false
-; Ensures that the service process and all its children can never gain new privileges through execve().
-NoNewPrivileges=true
-; Drops the sysadmin capability from the daemon.
-CapabilityBoundingSet=~CAP_SYS_ADMIN
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/pleroma-otp/handlers/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
----
-
-- name: restart pleroma instance
-  become: yes
-  systemd: name="[email protected]{{pleroma_instance}}.service" state="restarted" daemon_reload="yes"
-
-- name: restart pleroma instance s3 backup
-  become: yes
-  systemd: name="[email protected]{{pleroma_instance}}.service" enabled="yes" daemon_reload="yes"
--- a/roles/pleroma-otp/tasks/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,102 +0,0 @@
----
-
-- name: add users
-  become: yes
-  user: name="pleroma" shell="/bin/false" home="/opt/pleroma" system="yes"
-
-- name: create config and data directory
-  become: yes
-  file:
-    path: "{{item}}"
-    state: "directory"
-    mode: "0755"
-  with_items:
-    - "{{pleroma_data_dir}}"
-    - "/etc/pleroma"
-    - "/opt/pleroma"
-
-- name: install pleroma config
-  template:
-    src: "config.exs.j2"
-    dest: "/etc/pleroma/{{pleroma_instance}}.config.exs"
-    owner: "pleroma"
-    group: "pleroma"
-    mode: "0600"
-  become: yes
-  notify: restart pleroma instance
-
-- name: create instance data directory
-  become: yes
-  file:
-    path: "{{item}}"
-    state: "directory"
-    owner: "pleroma"
-    group: "pleroma"
-    mode: "0755"
-  with_items:
-    - "{{pleroma_data_dir}}/{{pleroma_instance}}"
-    - "{{pleroma_data_dir}}/{{pleroma_instance}}/uploads"
-    - "{{pleroma_data_dir}}/{{pleroma_instance}}/static"
-    - "{{pleroma_data_dir}}/{{pleroma_instance}}/static/emoji"
-
-- name: install pleroma db schema file
-  become: yes
-  template:
-    src: "setup_db.psql.j2"
-    dest: "/tmp/setup_db_{{pleroma_instance}}.psql"
-    owner: "{{pleroma_db_superuser}}"
-    group: "{{pleroma_db_superuser}}"
-    mode: "0600"
-  changed_when: false
-
-- name: install pleroma psql
-  become: yes
-  become_user: "{{pleroma_db_superuser}}"
-  command: "psql -f /tmp/setup_db_{{pleroma_instance}}.psql"
-  changed_when: false
-
-- name: download and unarchive pleroma release
-  become: yes
-  unarchive:
-    src: "{{pleroma_download_url}}"
-    dest: "/tmp/"
-    remote_src: yes
-    creates: "/tmp/release"
-  notify: restart pleroma instance
-
-- name: install pleroma release
-  become: yes
-  copy: remote_src="True" src="/tmp/release/" dest="/opt/pleroma/" owner="pleroma" group="pleroma"
-  notify: restart pleroma instance
-
-- name: remove tmp release folder
-  become: yes
-  file: path="{{item}}" state="absent"
-  with_items:
-    - "/tmp/setup_db.psql"
-    - "/tmp/release/"
-  when: pleroma_cleanup_tmp
-
-- import_tasks: s3-backup.yaml
-  when: pleroma_s3_backup_enabled
-
-- name: configure pleroma systemd service
-  become: yes
-  copy:
-    src: "[email protected]"
-    dest: "/lib/systemd/system/[email protected]"
-  notify: restart pleroma instance
-
-- name: ensure pleroma instance is enabled and started
-  become: yes
-  systemd: name="[email protected]{{pleroma_instance}}.service" enabled="yes" state="started"
-
-- name: migrate db
-  become: yes
-  become_user: "pleroma"
-  command: "/opt/pleroma/bin/pleroma_ctl migrate"
-  args:
-    chdir: "/opt/pleroma/"
-  environment:
-    PLEROMA_CONFIG_PATH: "/etc/pleroma/{{pleroma_instance}}.config.exs"
-  changed_when: false
--- a/roles/pleroma-otp/tasks/s3-backup.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
----
-
-- name: create s3 backup shell script
-  become: yes
-  copy:
-    src: "pleroma-s3-backup.sh"
-    dest: "/usr/local/bin/pleroma-s3-backup.sh"
-    mode: "0755"
-
-- name: configure s3 backup systemd service
-  become: yes
-  copy:
-    src: "[email protected]"
-    dest: "/lib/systemd/system/[email protected]"
-    mode: "0644"
-  notify: restart pleroma instance s3 backup
-
-- name: ensure s3 backup is enabled
-  become: yes
-  systemd: name="[email protected]{{pleroma_instance}}.service" enabled="yes"
--- a/roles/pleroma-otp/templates/config.exs.j2	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-import Config
-
-config :pleroma, Pleroma.Web.Endpoint,
-  url: [host: "{{pleroma_link_host}}", scheme: "{{pleroma_link_scheme}}", port: {{pleroma_link_port}}],
-  http: [port: {{pleroma_port}}, ip: {127, 0, 0, 1}],
-  secret_key_base: "{{pleroma_secret_key}}",
-  secure_cookie_flag: true
-
-config :pleroma, :http_security,
-  enabled: true,
-  sts: true,
-  referrer_policy: "same-origin"
-
-config :pleroma, :instance,
-  name: "{{pleroma_instance_name}}",
-  description: "{{pleroma_desc}}",
-  email: "{{pleroma_admin_email}}",
-  limit: {{pleroma_char_limit}},
-  registrations_open: {{pleroma_signup_open}},
-  invites_enabled: {{pleroma_invites_enabled}},
-  static_dir: "{{pleroma_data_dir}}/{{pleroma_instance}}/static/"
-
-config :pleroma, Pleroma.Upload,
-  uploader: Pleroma.Uploaders.Local,
-  filters: [Pleroma.Upload.Filter.Dedupe]
-
-config :pleroma, Pleroma.Uploaders.Local,
-  uploads: "{{pleroma_data_dir}}/{{pleroma_instance}}/uploads/"
-
-config :pleroma, :media_proxy,
-  enabled: false,
-  redirect_on_failure: true
-  #base_url: "https://cache.pleroma.social"
-
-# Configure your database
-config :pleroma, Pleroma.Repo,
-  adapter: Ecto.Adapters.Postgres,
-  username: "{{pleroma_db_user}}",
-  password: "{{pleroma_db_passwd}}",
-  database: "{{pleroma_db}}",
-  hostname: "{{pleroma_db_host}}",
-  pool_size: 10,
-  timeout: 60000,
-  pool_timeout: 60000
--- a/roles/pleroma-otp/templates/pleroma.cloudflare.nginx.conf.j2	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-# default nginx site config for Pleroma
-#
-# Simple installation instructions:
-# 1. Install your TLS certificate, possibly using Let's Encrypt.
-# 2. Replace 'example.tld' with your instance's domain wherever it appears.
-# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
-#    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
-
-proxy_cache_path /tmp/{{pleroma_instance}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_instance}}-pleroma_media_cache:10m max_size=10g
-                 inactive=720m use_temp_path=off;
-
-server {
-    listen {{nginx_port}};
-    # listen [::]:{{nginx_port}};
-    server_name {{nginx_server_name}};
-    return 301 https://$host$request_uri;
-}
-
-# Enable SSL session caching for improved performance
-ssl_session_cache shared:ssl_session_cache:10m;
-
-server {
-    listen {{nginx_ssl_port}} ssl http2;
-    # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
-    server_name {{nginx_server_name}};
-
-    ssl_certificate {{nginx_ssl_cert}};
-    ssl_certificate_key {{nginx_ssl_privkey}};
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
-    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    add_header Strict-Transport-Security "max-age=31536000" always;
-
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
-
-    # the nginx default is 1m, not enough for large media uploads
-    client_max_body_size 16m;
-
-    location / {
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Permitted-Cross-Domain-Policies none;
-        add_header X-Frame-Options DENY;
-        add_header X-Content-Type-Options nosniff;
-        add_header Referrer-Policy same-origin;
-        add_header X-Download-Options noopen;
-
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $http_host;
-
-        proxy_pass {{pleroma_proxy_pass}};
-
-        client_max_body_size 16m;
-    }
-
-    location /proxy {
-        proxy_cache {{pleroma_instance}}-pleroma_media_cache;
-        proxy_cache_lock on;
-        proxy_ignore_client_abort on;
-        proxy_pass {{pleroma_proxy_pass}};
-    }
-}
--- a/roles/pleroma-otp/templates/pleroma.nginx.conf.j2	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-# default nginx site config for Pleroma
-#
-# Simple installation instructions:
-# 1. Install your TLS certificate, possibly using Let's Encrypt.
-# 2. Replace 'example.tld' with your instance's domain wherever it appears.
-# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
-#    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
-
-proxy_cache_path /tmp/{{pleroma_instance}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_instance}}-pleroma_media_cache:10m max_size=10g
-                 inactive=720m use_temp_path=off;
-
-server {
-    listen {{nginx_port}};
-    # listen [::]:{{nginx_port}};
-    server_name {{nginx_server_name}};
-    return 301 https://$server_name$request_uri;
-
-    # Uncomment this if you need to use the 'webroot' method with certbot. Make sure
-    # that you also create the .well-known/acme-challenge directory structure in pleroma/priv/static and
-    # that is is accessible by the webserver. You may need to load this file with the ssl
-    # server block commented out, run certbot to get the certificate, and then uncomment it.
-    #
-    # location ~ /\.well-known/acme-challenge {
-    #     root <path to install>/pleroma/priv/static/;
-    # }
-}
-
-# Enable SSL session caching for improved performance
-ssl_session_cache shared:ssl_session_cache:10m;
-
-server {
-    listen {{nginx_ssl_port}} ssl http2;
-    # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
-    server_name {{nginx_server_name}};
-
-    ssl_certificate {{nginx_ssl_cert}};
-    ssl_certificate_key {{nginx_ssl_privkey}};
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
-    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    add_header Strict-Transport-Security "max-age=31536000" always;
-
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
-
-    # the nginx default is 1m, not enough for large media uploads
-    client_max_body_size 16m;
-
-    location / {
-        # if you do not want remote frontends to be able to access your Pleroma backend
-        # server, remove these lines.
-        # add_header 'Access-Control-Allow-Origin' '*' always;
-        # add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
-        # add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
-        # add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
-        # if ($request_method = OPTIONS) {
-        #     return 204;
-        # }
-        # stop removing lines here.
-
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Permitted-Cross-Domain-Policies none;
-        add_header X-Frame-Options DENY;
-        add_header X-Content-Type-Options nosniff;
-        add_header Referrer-Policy same-origin;
-        add_header X-Download-Options noopen;
-
-        # Uncomment this only after you get HTTPS working.
-        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $http_host;
-
-        proxy_pass {{pleroma_proxy_pass}};
-
-        client_max_body_size 16m;
-    }
-
-    location /proxy {
-        proxy_cache {{pleroma_instance}}-pleroma_media_cache;
-        proxy_cache_lock on;
-        proxy_ignore_client_abort on;
-        proxy_pass {{pleroma_proxy_pass}};
-    }
-}
--- a/roles/pleroma-otp/templates/setup_db.psql.j2	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-CREATE USER {{pleroma_db_user}} WITH ENCRYPTED PASSWORD '{{pleroma_db_passwd}}';
-CREATE DATABASE {{pleroma_db}} WITH OWNER {{pleroma_db_user}};
-\c {{pleroma_db}};
---Extensions made by ecto.migrate that need superuser access
-CREATE EXTENSION IF NOT EXISTS citext;
-CREATE EXTENSION IF NOT EXISTS pg_trgm;
-CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
--- a/roles/postgresql/defaults/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
----
-
-postgresql_version: "11"
-postgresql_config_path: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf"
-postgresql_data_dir: "/var/lib/postgresql/{{postgresql_version}}/main"
-postgresql_apt_packages:
-  - "postgresql-{{postgresql_version}}"
-  - "pgcli"
-  - "postgresql-client"
-  - "postgresql-common"
--- a/roles/postgresql/handlers/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
----
-
-- name: restart postgres
-  become: yes
-  systemd: name="postgresql" state="restarted" daemon_reload="yes"
--- a/roles/postgresql/tasks/main.yaml	Mon Jan 20 15:26:33 2020 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
----
-
-- name: install postgresql
-  become: yes
-  apt: name="{{postgresql_apt_packages}}"
-
-- name: configure postgresql data dir
-  become: yes
-  lineinfile:
-    path: "{{postgresql_config_path}}"
-    regexp: "^data_directory = "
-    line: "data_directory = '{{postgresql_data_dir}}'"
-  notify: restart postgres
-
-- name: create postgresql data dir
-  become: yes
-  file:
-    path: "{{postgresql_data_dir}}"
-    state: "directory"
-    mode: "0700"
-    owner: "postgres"
-    group: "postgres"
-  notify: restart postgres
-
-- name: ensure postgresql is started
-  become: yes
-  systemd: name="postgresql" enabled="yes" state="started"