Lots of updates.
authorLuke Hoersten <luke@hoersten.org>
Thu, 03 Jan 2019 20:46:13 -0600
changeset 69 be979818d483
parent 68 6024861525db
child 70 2cfe2fb975a8
Lots of updates.
main.yaml
roles/nginx/base/defaults/main.yaml
roles/nginx/base/handlers/main.yaml
roles/nginx/base/tasks/certbot.yaml
roles/nginx/base/tasks/main.yaml
roles/nginx/defaults/main.yaml
roles/nginx/handlers/main.yaml
roles/nginx/site/defaults/main.yaml
roles/nginx/site/handlers/main.yaml
roles/nginx/site/meta/main.yaml
roles/nginx/site/tasks/main.yaml
roles/nginx/tasks/main.yaml
roles/pleroma/defaults/main.yaml
roles/pleroma/meta/main.yaml
roles/pleroma/tasks/main.yaml
roles/pleroma/templates/pleroma.nginx.conf.j2
roles/pleroma/templates/pleroma.service.j2
roles/pleroma/templates/prod.secret.exs.j2
--- a/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ b/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -16,25 +16,22 @@
       become: yes
       timezone: name="UTC"
 
+    - name: authorize ssh keys
+      authorized_key:
+        user: "ubuntu"
+        key: "https://github.com/LukeHoersten.keys"
+
 - hosts: pleroma
   roles:
     - role: pleroma
-      pleroma_host: "haskell.social"
       pleroma_user: "pleroma_haskell_social"
+      pleroma_link_host: "haskell.social"
       pleroma_port: 4001
 
+- hosts: pleroma
+  roles:
     - role: pleroma
-      pleroma_host: "nth.io"
       pleroma_user: "pleroma_nth_io"
+      pleroma_link_host: "nth.io"
       pleroma_port: 4000
-
-
-# - hosts: haskell.social
-#   roles:
-#     - nginx
-#     - pleroma
-
-# - hosts: nth.io
-#   roles:
-#     - nginx
-#     - pleroma
+      pleroma_signup_open: "false"
--- a/roles/nginx/base/defaults/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
----
-
-nginx_enable_ssl: No
--- a/roles/nginx/base/handlers/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
----
-
-- name: restart nginx
-  become: yes
-  systemd: name="nginx" state="restarted" daemon_reload="yes"
--- a/roles/nginx/base/tasks/certbot.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
----
-
-# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
-
-- name: add certbot (letsencrypt) repo
-  become: yes
-  apt_repository: repo="ppa:certbot/certbot"
-
-- name: install nginx packages
-  become: yes
-  apt: name="python-certbot-nginx"
-  notify: restart nginx
--- a/roles/nginx/base/tasks/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
----
-
-- name: install nginx packages
-  become: yes
-  apt: name="nginx"
-
-- name: disable default site
-  become: yes
-  file: path="/etc/nginx/sites-enabled/default" state="absent"
-  notify: restart nginx
-
-- import_tasks: certbot.yaml
-  when: nginx_enable_ssl
-
-- name: enable nginx service
-  become: yes
-  systemd: name="nginx" enabled="yes" state="started"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/defaults/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -0,0 +1,8 @@
+---
+
+nginx_port: 80
+nginx_ssl_port: 443
+nginx_enable_ssl: No
+nginx_server_name: "{{ansible_host}}"
+nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
+nginx_admin_email: "admin@{{nginx_server_name}}"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/handlers/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+  become: yes
+  systemd: name="nginx" state="restarted" daemon_reload="yes"
--- a/roles/nginx/site/defaults/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
----
-
-nginx_port: 80
-nginx_ssl_port: 443
-nginx_server_name: "{{ansible_host}}"
-nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
-nginx_admin_email: "admin@{{nginx_server_name}}"
--- a/roles/nginx/site/handlers/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
----
-
-- name: restart nginx
-  become: yes
-  systemd: name="nginx" state="restarted" daemon_reload="yes"
--- a/roles/nginx/site/meta/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
----
-
-dependencies:
-  - nginx/base
--- a/roles/nginx/site/tasks/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
----
-
-- name: install site
-  become: yes
-  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
-  notify: restart nginx
-
-- name: install certbot in nginx
-  become: yes
-  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
-  notify: restart nginx
-  when: nginx_enable_ssl
-
-- name: enable site
-  become: yes
-  file:
-    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
-    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
-    state: "link"
-  notify: restart nginx
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/tasks/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -0,0 +1,45 @@
+---
+
+- name: install nginx packages
+  become: yes
+  apt: name="nginx"
+
+- name: install site
+  become: yes
+  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
+  notify: restart nginx
+
+# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
+- name: add certbot (letsencrypt) repo
+  become: yes
+  apt_repository: repo="ppa:certbot/certbot"
+  when: nginx_enable_ssl
+
+- name: install nginx packages
+  become: yes
+  apt: name="python-certbot-nginx"
+  notify: restart nginx
+  when: nginx_enable_ssl
+
+- name: install certbot in nginx
+  become: yes
+  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
+  notify: restart nginx
+  when: nginx_enable_ssl
+
+- name: disable default site
+  become: yes
+  file: path="/etc/nginx/sites-enabled/default" state="absent"
+  notify: restart nginx
+
+- name: enable site
+  become: yes
+  file:
+    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
+    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+    state: "link"
+  notify: restart nginx
+
+- name: enable nginx service
+  become: yes
+  systemd: name="nginx" enabled="yes" state="started"
--- a/roles/pleroma/defaults/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ b/roles/pleroma/defaults/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -1,12 +1,19 @@
 ---
 
 pleroma_user: "pleroma"
-pleroma_instance_name: "{{pleroma_host}}"
-pleroma_desc: "A Pleroma fediverse instance."
+
 pleroma_host: "localhost"
+pleroma_port: 4000
 pleroma_scheme: "http"
-pleroma_port: 4000
-pleroma_url: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
+
+pleroma_proxy_pass: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
+
+pleroma_link_host: "localhost"
+pleroma_link_port: "443"
+pleroma_link_scheme: "https"
+
+pleroma_instance_name: "{{pleroma_link_host}}"
+pleroma_desc: "A Pleroma fediverse instance."
 pleroma_admin_email: "admin@{{pleroma_host}}"
 pleroma_char_limit: 5000
 pleroma_signup_open: "true"
--- a/roles/pleroma/meta/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ b/roles/pleroma/meta/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -1,4 +1,4 @@
 ---
 
 dependencies:
-  - nginx/site
+  - nginx
--- a/roles/pleroma/tasks/main.yaml	Wed Jan 02 23:24:27 2019 -0600
+++ b/roles/pleroma/tasks/main.yaml	Thu Jan 03 20:46:13 2019 -0600
@@ -67,7 +67,7 @@
     - "mix local.hex --force"
     - "mix local.rebar --force"
     - "mix deps.get"
-    - "mix ecto.migrate"
+    # - "mix ecto.migrate"
   notify: restart pleroma
   environment:
     MIX_ENV: "prod"
--- a/roles/pleroma/templates/pleroma.nginx.conf.j2	Wed Jan 02 23:24:27 2019 -0600
+++ b/roles/pleroma/templates/pleroma.nginx.conf.j2	Thu Jan 03 20:46:13 2019 -0600
@@ -6,12 +6,12 @@
 # 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
 #    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
 
-proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
+proxy_cache_path /tmp/{{pleroma_user}}-pleroma-media-cache levels=1:2 keys_zone={{pleroma_user}}-pleroma_media_cache:10m max_size=10g
                  inactive=720m use_temp_path=off;
 
 server {
     listen {{nginx_port}};
-    listen [::]:{{nginx_port}};
+    # listen [::]:{{nginx_port}};
     server_name {{nginx_server_name}};
     return 301 https://$server_name$request_uri;
 
@@ -30,7 +30,7 @@
 
 server {
     listen {{nginx_ssl_port}} ssl http2;
-    listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
+    # listen [::]:{{nginx_ssl_port}} ssl ipv6only=on;
     server_name {{nginx_server_name}};
 
     ssl_certificate /etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem;
@@ -81,15 +81,15 @@
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $http_host;
 
-        proxy_pass {{pleroma_url}};
+        proxy_pass {{pleroma_proxy_pass}};
 
         client_max_body_size 16m;
     }
 
     location /proxy {
-        proxy_cache pleroma_media_cache;
+        proxy_cache {{pleroma_user}}-pleroma_media_cache;
         proxy_cache_lock on;
         proxy_ignore_client_abort on;
-        proxy_pass {{pleroma_url}};
+        proxy_pass {{pleroma_proxy_pass}};
     }
 }
--- a/roles/pleroma/templates/pleroma.service.j2	Wed Jan 02 23:24:27 2019 -0600
+++ b/roles/pleroma/templates/pleroma.service.j2	Thu Jan 03 20:46:13 2019 -0600
@@ -9,6 +9,7 @@
 WorkingDirectory=/home/{{pleroma_user}}/pleroma
 Environment="HOME=/home/{{pleroma_user}}"
 Environment="MIX_ENV=prod"
+Environment="PLUG_TMPDIR=/tmp/{{pleroma_user}}"
 ExecStart=/usr/local/bin/mix phx.server
 ExecReload=/bin/kill $MAINPID
 KillMode=process
--- a/roles/pleroma/templates/prod.secret.exs.j2	Wed Jan 02 23:24:27 2019 -0600
+++ b/roles/pleroma/templates/prod.secret.exs.j2	Thu Jan 03 20:46:13 2019 -0600
@@ -1,7 +1,7 @@
 use Mix.Config
 
 config :pleroma, Pleroma.Web.Endpoint,
-   url: [host: "{{pleroma_host}}", scheme: "{{pleroma_scheme}}", port: 443],
+   url: [host: "{{pleroma_link_host}}", scheme: "{{pleroma_link_scheme}}", port: {{pleroma_link_port}}],
    http: [port: {{pleroma_port}}],
    secret_key_base: "{{pleroma_secret_key}}"
 
@@ -10,8 +10,10 @@
   description: "{{pleroma_desc}}",
   email: "{{pleroma_admin_email}}",
   limit: {{pleroma_char_limit}},
-  registrations_open: {{pleroma_signup_open}},
-  dedupe_media: true
+  registrations_open: {{pleroma_signup_open}}
+
+config :pleroma, Pleroma.Upload,
+  filters: [Pleroma.Upload.Filter.Dedupe]
 
 config :pleroma, :media_proxy,
   enabled: false,