From 04edbf561c44e28753cbbaa3870b23b220cc644c Mon Sep 17 00:00:00 2001 From: Luke Hoersten Date: Sun, 4 Feb 2024 20:27:19 -0600 Subject: Tons of updates to fix migration to new server. --- certbot-dns-cloudflare/tasks/main.yaml | 10 ++++++++-- dendrite/build/defaults/main.yaml | 2 +- dendrite/server/tasks/main.yaml | 2 ++ dendrite/server/templates/dendrite.yaml.j2 | 15 +++++++++++++++ dendrite/server/templates/setup_db.psql.j2 | 3 ++- mercurial/web/tasks/main.yaml | 6 ++++++ miniflux/templates/setup_db.psql.j2 | 3 ++- nostr/relayer/templates/setup_db.psql.j2 | 3 ++- pleroma/otp/tasks/main.yaml | 4 ++++ pleroma/otp/templates/setup_db.psql.j2 | 3 ++- postgresql/defaults/main.yaml | 1 + postgresql/tasks/main.yaml | 11 +++++++++++ prosody/templates/setup_db.psql.j2 | 3 ++- rpi-base/defaults/main.yaml | 1 + unifi/tasks/main.yaml | 2 +- 15 files changed, 60 insertions(+), 9 deletions(-) diff --git a/certbot-dns-cloudflare/tasks/main.yaml b/certbot-dns-cloudflare/tasks/main.yaml index 1ded6c9..99b18cc 100644 --- a/certbot-dns-cloudflare/tasks/main.yaml +++ b/certbot-dns-cloudflare/tasks/main.yaml @@ -13,6 +13,12 @@ owner: "root" group: "root" +- name: make renewal dir + become: yes + file: + path: "/etc/letsencrypt/renewal/" + state: "directory" + - name: configure renewal become: yes template: @@ -24,11 +30,11 @@ - name: check if cert exists become: yes - stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem" + stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}-0001/cert.pem" register: cert - name: run certbot become: yes - command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}" + command: "certbot certonly -n --agree-tos --email {{certbot_dns_cloudflare_email}} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}} -d \"*.{{certbot_dns_cloudflare_domain}}\"" when: not cert.stat.exists changed_when: false diff --git a/dendrite/build/defaults/main.yaml b/dendrite/build/defaults/main.yaml index 1819d6c..751b342 100644 --- a/dendrite/build/defaults/main.yaml +++ b/dendrite/build/defaults/main.yaml @@ -1,6 +1,6 @@ --- -dendrite_version: "0.13.5" +dendrite_version: "0.13.6" # https://github.com/matrix-org/dendrite/releases dendrite_tar: "https://github.com/matrix-org/dendrite/archive/refs/tags/v{{dendrite_version}}.tar.gz" dendrite_build_dir: "/tmp/dendrite-{{dendrite_version}}" diff --git a/dendrite/server/tasks/main.yaml b/dendrite/server/tasks/main.yaml index 258404f..fa352c5 100644 --- a/dendrite/server/tasks/main.yaml +++ b/dendrite/server/tasks/main.yaml @@ -17,6 +17,7 @@ remote_src: yes src: "{{dendrite_tar}}" dest: "/tmp/dendrite/" + notify: restart service - name: install dendrite binary become: yes @@ -34,6 +35,7 @@ - {"src": "generate-config" , "dest": "dendrite-generate-config"} - {"src": "generate-keys" , "dest": "dendrite-generate-keys"} - {"src": "resolve-state" , "dest": "dendrite-resolve-state"} + notify: restart service - name: create instance dir become: yes diff --git a/dendrite/server/templates/dendrite.yaml.j2 b/dendrite/server/templates/dendrite.yaml.j2 index 7c0ff34..3dcf474 100644 --- a/dendrite/server/templates/dendrite.yaml.j2 +++ b/dendrite/server/templates/dendrite.yaml.j2 @@ -68,6 +68,10 @@ global: # The base URL to delegate client-server communications to e.g. https://localhost well_known_client_name: "" + # The server name to delegate sliding sync communications to, with optional port. + # Requires `well_known_client_name` to also be configured. + well_known_sliding_sync_proxy: "" + # Lists of domains that the server will trust as identity servers to verify third # party identifiers such as phone numbers and email addresses. trusted_third_party_id_servers: @@ -146,6 +150,13 @@ app_service_api: # to be sent to an insecure endpoint. disable_tls_validation: false + # Send the access_token query parameter with appservice requests in addition + # to the Authorization header. This can cause hs_tokens to be saved to logs, + # so it should not be enabled unless absolutely necessary. + legacy_auth: false + # Use the legacy unprefixed paths for appservice requests. + legacy_paths: false + # Appservice configuration files to load into this homeserver. config_files: # - /path/to/appservice_registration.yaml @@ -312,6 +323,10 @@ user_api: auto_join_rooms: # - "#main:matrix.org" + # The number of workers to start for the DeviceListUpdater. Defaults to 8. + # This only needs updating if the "InputDeviceListUpdate" stream keeps growing indefinitely. + # worker_count: 8 + # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on # how this works and how to set it up. diff --git a/dendrite/server/templates/setup_db.psql.j2 b/dendrite/server/templates/setup_db.psql.j2 index 02b3e2f..29c6974 100644 --- a/dendrite/server/templates/setup_db.psql.j2 +++ b/dendrite/server/templates/setup_db.psql.j2 @@ -1,2 +1,3 @@ -CREATE USER {{dendrite_db_user}} WITH ENCRYPTED PASSWORD '{{dendrite_db_pass}}'; +CREATE USER {{dendrite_db_user}}; +ALTER USER {{dendrite_db_user}} WITH PASSWORD '{{dendrite_db_pass}}' CREATE DATABASE {{dendrite_db}} WITH OWNER {{dendrite_db_user}}; diff --git a/mercurial/web/tasks/main.yaml b/mercurial/web/tasks/main.yaml index 963b86f..4ba6b41 100644 --- a/mercurial/web/tasks/main.yaml +++ b/mercurial/web/tasks/main.yaml @@ -10,6 +10,12 @@ - "python3-pygments" notify: restart uwsgi +- name: make hgweb dir + become: yes + file: + path: "{{mercurial_uwsgi_root}}" + state: "directory" + - name: configure hgweb become: yes template: src="{{item}}.j2" dest="{{mercurial_uwsgi_root}}/{{item}}" diff --git a/miniflux/templates/setup_db.psql.j2 b/miniflux/templates/setup_db.psql.j2 index f1867e7..33e42a2 100644 --- a/miniflux/templates/setup_db.psql.j2 +++ b/miniflux/templates/setup_db.psql.j2 @@ -1,4 +1,5 @@ -CREATE USER miniflux WITH ENCRYPTED PASSWORD '{{miniflux_db_pass}}'; +CREATE USER miniflux; +ALTER USER miniflux WITH PASSWORD '{{miniflux_db_pass}}'; CREATE DATABASE miniflux WITH OWNER miniflux; \c miniflux; --Extensions made by miniflux that need superuser access diff --git a/nostr/relayer/templates/setup_db.psql.j2 b/nostr/relayer/templates/setup_db.psql.j2 index 5284529..06adfdd 100644 --- a/nostr/relayer/templates/setup_db.psql.j2 +++ b/nostr/relayer/templates/setup_db.psql.j2 @@ -1,2 +1,3 @@ -CREATE USER {{relayer_db_user}} WITH ENCRYPTED PASSWORD '{{relayer_db_pass}}'; +CREATE USER {{relayer_db_user}}; +ALTER USER {{relayer_db_user}} WITH PASSWORD '{{relayer_db_pass}}'; CREATE DATABASE {{relayer_db}} WITH OWNER {{relayer_db_user}}; diff --git a/pleroma/otp/tasks/main.yaml b/pleroma/otp/tasks/main.yaml index 4aeec9e..de6b8ed 100644 --- a/pleroma/otp/tasks/main.yaml +++ b/pleroma/otp/tasks/main.yaml @@ -11,6 +11,10 @@ - "libmagic-dev" - "libtinfo5" +- name: install libssl1.1 deb + become: yes + apt: deb="http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_{{arch}}.deb" + - name: create pleroma config and data directories become: yes file: diff --git a/pleroma/otp/templates/setup_db.psql.j2 b/pleroma/otp/templates/setup_db.psql.j2 index 1b27174..8fc10cf 100644 --- a/pleroma/otp/templates/setup_db.psql.j2 +++ b/pleroma/otp/templates/setup_db.psql.j2 @@ -1,4 +1,5 @@ -CREATE USER {{pleroma_db_user}} WITH ENCRYPTED PASSWORD '{{pleroma_db_passwd}}'; +CREATE USER {{pleroma_db_user}}; +ALTER USER {{pleroma_db_user}} WITH ENCRYPTED PASSWORD '{{pleroma_db_passwd}}'; CREATE DATABASE {{pleroma_db}} WITH OWNER {{pleroma_db_user}}; \c {{pleroma_db}}; --Extensions made by ecto.migrate that need superuser access diff --git a/postgresql/defaults/main.yaml b/postgresql/defaults/main.yaml index 8a208b7..de97031 100644 --- a/postgresql/defaults/main.yaml +++ b/postgresql/defaults/main.yaml @@ -2,6 +2,7 @@ # migrate PG version with pg_upgradecluster (see manpage) postgresql_version: "14" +postgresql_initidb_path: "/usr/lib/postgresql/{{postgresql_version}}/bin/initdb" postgresql_config_path: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf" postgresql_data_dir: "/var/lib/postgresql/{{postgresql_version}}/main" postgresql_apt_packages: diff --git a/postgresql/tasks/main.yaml b/postgresql/tasks/main.yaml index 6195840..6efa491 100644 --- a/postgresql/tasks/main.yaml +++ b/postgresql/tasks/main.yaml @@ -22,6 +22,17 @@ group: "postgres" notify: restart postgres +- name: check if postgresql data dir is new + become: yes + find: path='{{postgresql_data_dir}}' + register: filesFound + +- name: initialize pg data dir + become: yes + become_user: "postgres" + command: "{{postgresql_initidb_path}} -D {{postgresql_data_dir}}" + when: filesFound == 0 + - name: ensure postgresql is started become: yes systemd: name="postgresql" enabled="yes" state="started" diff --git a/prosody/templates/setup_db.psql.j2 b/prosody/templates/setup_db.psql.j2 index 25e9ec0..fd4f430 100644 --- a/prosody/templates/setup_db.psql.j2 +++ b/prosody/templates/setup_db.psql.j2 @@ -1,2 +1,3 @@ -CREATE USER {{prosody_db}} WITH ENCRYPTED PASSWORD '{{prosody_db_pass}}'; +CREATE USER {{prosody_db}}; +ALTER USER {{prosody_db}} WITH PASSWORD '{{prosody_db_pass}}'; CREATE DATABASE {{prosody_db}} ENCODING 'UTF8' LC_COLLATE='C.UTF-8' LC_CTYPE='C.UTF-8' template=template0 OWNER {{prosody_db}}; diff --git a/rpi-base/defaults/main.yaml b/rpi-base/defaults/main.yaml index bbadb4a..16c3e5d 100644 --- a/rpi-base/defaults/main.yaml +++ b/rpi-base/defaults/main.yaml @@ -4,6 +4,7 @@ rpi_base_enable_wifi: True rpi_base_timezone: "America/Chicago" rpi_base_log_size: "100M" rpi_base_apt_packages: + - "mosh" - "avahi-daemon" - "log2ram" - "fail2ban" diff --git a/unifi/tasks/main.yaml b/unifi/tasks/main.yaml index 800cc8e..9479f03 100644 --- a/unifi/tasks/main.yaml +++ b/unifi/tasks/main.yaml @@ -13,7 +13,7 @@ - name: install libssl1.1 deb become: yes - apt: deb="http://ports.ubuntu.com/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5_arm64.deb" + apt: deb="http://ports.ubuntu.com/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5_{{arch}}.deb" # To accept codename change: # 1. sudo apt update -- cgit v1.2.3