11 files changed, 72 insertions, 39 deletions

diff --git a/dendrite/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json b/dendrite/aws-s3-backup/files/pleroma-lifecycle.json
index 44036c0..44036c0 100644
--- a/dendrite/aws-s3-backup/files/writefreely-s3-backup-lifecycle.json
+++ b/dendrite/aws-s3-backup/files/pleroma-lifecycle.json
diff --git a/dendrite/aws-s3-backup/files/pleroma-s3-backup-lifecycle.json b/dendrite/aws-s3-backup/files/pleroma-s3-backup-lifecycle.json
new file mode 100644
index 0000000..fa75f06
--- /dev/null
+++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup-lifecycle.json
@@ -0,0 +1,12 @@
+{
+	 "Rules": [
+		  {
+				"ID": "pleroma-expiration",
+				"Filter": {},
+				"Status": "Enabled",
+				"NoncurrentVersionExpiration": {
+					 "NoncurrentDays": 30
+				}
+		  }
+	 ]
+}
diff --git a/dendrite/aws-s3-backup/files/pleroma-s3-backup.sh b/dendrite/aws-s3-backup/files/pleroma-s3-backup.sh
new file mode 100644
index 0000000..273b814
--- /dev/null
+++ b/dendrite/aws-s3-backup/files/pleroma-s3-backup.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+INSTANCE=$1
+
+BUCKET="pleroma-${INSTANCE//_/-}-backup"
+BACKUP_DIR="/tmp/s3-backup/$BUCKET"
+BACKUP_TAR="/tmp/s3-backup/$BUCKET.tgz"
+
+DB_NAME="pleroma_$INSTANCE"
+CONFIG="/etc/pleroma/$INSTANCE.config.exs"
+
+UPLOADS_DIR=`grep uploads $CONFIG | cut -d '"' -f 2`
+STATIC_DIR=`grep static $CONFIG | cut -d '"' -f 2`
+
+mkdir -m 775 -p "$BACKUP_DIR/"
+chown root:postgres "$BACKUP_DIR/"
+
+su postgres -c "pg_dump -d $DB_NAME --format=custom -f $BACKUP_DIR/$DB_NAME.pgdump"
+cp $CONFIG "$BACKUP_DIR/"
+cp -r $UPLOADS_DIR "$BACKUP_DIR/"
+cp -r $STATIC_DIR "$BACKUP_DIR/"
+
+tar -zc -f $BACKUP_TAR $BACKUP_DIR
+aws s3 mb "s3://$BUCKET/"
+aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled
+aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/pleroma-s3-backup-lifecycle.json"
+aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
+
+rm $BACKUP_TAR
+rm -r $BACKUP_DIR
diff --git a/dendrite/aws-s3-backup/files/[email protected] b/dendrite/aws-s3-backup/files/[email protected]
new file mode 100644
index 0000000..9b1ae47
--- /dev/null
+++ b/dendrite/aws-s3-backup/files/[email protected]
@@ -0,0 +1,9 @@
+[Unit]
+Description=Dendrite s3 backup for instance "%I"
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/dendrite-s3-backup.sh %i
+
+[Install]
+WantedBy=aws-s3-backup.target
diff --git a/dendrite/aws-s3-backup/files/writefreely-s3-backup.sh b/dendrite/aws-s3-backup/files/writefreely-s3-backup.sh
deleted file mode 100644
index 402d6fe..0000000
--- a/dendrite/aws-s3-backup/files/writefreely-s3-backup.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-BUCKET=$1
-BACKUP_DIR=$2
-BACKUP_TAR="/tmp/$BUCKET.tgz"
-
-tar -zc -f $BACKUP_TAR $BACKUP_DIR
-aws s3 mb "s3://$BUCKET/"
-aws s3api put-bucket-versioning --bucket "$BUCKET" --versioning-configuration Status=Enabled
-aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" --lifecycle-configuration "file:///usr/local/share/writefreely-s3-backup-lifecycle.json"
-aws s3 cp $BACKUP_TAR "s3://$BUCKET/"
-
-rm $BACKUP_TAR
diff --git a/dendrite/aws-s3-backup/handlers/main.yaml b/dendrite/aws-s3-backup/handlers/main.yaml
index 0e39754..7e383ca 100644
--- a/dendrite/aws-s3-backup/handlers/main.yaml
+++ b/dendrite/aws-s3-backup/handlers/main.yaml
@@ -1,5 +1,5 @@
 ---
 
-- name: reload s3 backup service
-  systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes"
+- name: restart dendrite instance s3 backup
   become: yes
+  systemd: name="dendrite-s3-backup@{{dendrite_instance}}.service" enabled="yes" daemon_reload="yes"
diff --git a/dendrite/aws-s3-backup/tasks/main.yaml b/dendrite/aws-s3-backup/tasks/main.yaml
index e9b005e..fdee853 100644
--- a/dendrite/aws-s3-backup/tasks/main.yaml
+++ b/dendrite/aws-s3-backup/tasks/main.yaml
@@ -1,26 +1,27 @@
 ---
 
-- name: create writefreely s3 backup shell script
+- name: create s3 backup shell script
   become: yes
   copy:
-    src: "writefreely-s3-backup.sh"
-    dest: "/usr/local/bin/writefreely-s3-backup.sh"
+    src: "dendrite-s3-backup.sh"
+    dest: "/usr/local/bin/dendrite-s3-backup.sh"
     mode: "0755"
 
 - name: create s3 backup lifesycle json file
   become: yes
   copy:
-    src: "writefreely-s3-backup-lifecycle.json"
-    dest: "/usr/local/share/writefreely-s3-backup-lifecycle.json"
+    src: "dendrite-s3-backup-lifecycle.json"
+    dest: "/usr/local/share/dendrite-s3-backup-lifecycle.json"
     mode: "0755"
 
-- name: configure writefreely s3 backup systemd service
+- name: configure s3 backup systemd service
   become: yes
-  template:
-    src: "[email protected]"
-    dest: "/lib/systemd/system/writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service"
-  notify: reload s3 backup service
+  copy:
+    src: "[email protected]"
+    dest: "/lib/systemd/system/[email protected]"
+    mode: "0644"
+  notify: restart dendrite instance s3 backup
 
-- name: ensure writefreely s3 backup service is started
+- name: ensure s3 backup is enabled
   become: yes
-  systemd: name="writefreely-s3-backup@{{writefreely_s3_backup_bucket}}.service" enabled="yes"
+  systemd: name="dendrite-s3-backup@{{dendrite_instance}}.service" enabled="yes"
diff --git a/dendrite/aws-s3-backup/templates/[email protected] b/dendrite/aws-s3-backup/templates/[email protected]
deleted file mode 100644
index 2f9d272..0000000
--- a/dendrite/aws-s3-backup/templates/[email protected]
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Writefreely s3 backup for "%I"
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/writefreely-s3-backup.sh %i "{{writefreely_s3_backup_dir}}"
-
-[Install]
-WantedBy=aws-s3-backup.target
diff --git a/dendrite/server/defaults/main.yaml b/dendrite/server/defaults/main.yaml
index 1c39fd7..898d563 100644
--- a/dendrite/server/defaults/main.yaml
+++ b/dendrite/server/defaults/main.yaml
@@ -4,9 +4,11 @@ dendrite_user: "dendrite"
 dendrite_version: "0.4.0"
 dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz"
 dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}"
+dendrite_old_key: false
+dendrite_registration_secret: ""
 
 dendrite_db_user: "dendrite_{{dendrite_instance}}"
 dendrite_db: "{{dendrite_db_user}}"
 
 dendrite_dir: "/var/dendrite"
-dendrite_port: "8008"
+dendrite_port: 8008
diff --git a/dendrite/server/tasks/main.yaml b/dendrite/server/tasks/main.yaml
index efa3ab8..22e291e 100644
--- a/dendrite/server/tasks/main.yaml
+++ b/dendrite/server/tasks/main.yaml
@@ -2,7 +2,7 @@
 
 - name: add dendrite user
   become: yes
-  user: name="{{dendrite_user}}"
+  user: name="{{dendrite_user}}" shell="/bin/false" system="yes"
 
 # build
 - name: snap install golang
diff --git a/dendrite/server/templates/dendrite.yaml.j2 b/dendrite/server/templates/dendrite.yaml.j2
index bd03718..d32c91b 100644
--- a/dendrite/server/templates/dendrite.yaml.j2
+++ b/dendrite/server/templates/dendrite.yaml.j2
@@ -44,9 +44,10 @@ global:
   # to old signing private keys that were formerly in use on this domain. These
   # keys will not be used for federation request or event signing, but will be
   # provided to any other homeserver that asks when trying to verify old events.
-  old_private_keys:
+  {% if dendrite_old_key %}old_private_keys:
   - private_key: old_matrix_key.pem
     expired_at: 1626538450
+{% endif %}
 
   # How long a remote server can cache our server signing key before requesting it
   # again. Increasing this number will reduce the number of requests made by other