kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

EOL htz-cloud.pleroma

Browse source
This commit is contained in:
Franzi 2023-09-30 17:38:20 +02:00
parent d88645c7bd
commit 497ecb5279
Signed by: kunsi
GPG key ID: 12E3D2136B818350
7 changed files with 0 additions and 295 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
PORT_MAP.md
View file

@ -34,7 +34,6 @@ Rule of thumb: keep ports below 10000 free for stuff that reserves ports.
| 20081 | matrix-synapse | prometheus metrics | | 20081 | matrix-synapse | prometheus metrics |
| 20090 | matrix-media-repo | media_repo | | 20090 | matrix-media-repo | media_repo |
| 20090 | matrix-media-repo | prometheus metrics | | 20090 | matrix-media-repo | prometheus metrics |
| 21000 | pleroma | pleroma |
| 21010 | grafana | grafana | | 21010 | grafana | grafana |
| 22000 | forgejo | forgejo | | 22000 | forgejo | forgejo |
| 22010 | jenkins-ci | Jenkins CI | | 22010 | jenkins-ci | Jenkins CI |

35
bundles/pleroma/files/pleroma.config.exs
View file

@ -1,35 +0,0 @@
import Config
config :pleroma,
configurable_from_database: true
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "${node.metadata['pleroma']['url']}", scheme: "https", port: 443],
http: [port: 21000, ip: {127, 0, 0, 1}],
secret_key_base: "${node.metadata['pleroma']['secret_key']}",
secure_cookie_flag: true
config :pleroma, :instance,
static_dir: "/var/pleroma/static/"
config :pleroma, Pleroma.Upload,
uploader: Pleroma.Uploaders.Local,
filters: [Pleroma.Upload.Filter.Dedupe]
config :pleroma, Pleroma.Uploaders.Local,
uploads: "/var/pleroma/uploads/"
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
#base_url: "https://cache.pleroma.social"
# Configure your database
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "${node.metadata['postgresql']['roles']['pleroma']['password']}",
database: "pleroma",
hostname: "localhost",
pool_size: 10,
timeout: 60000

22
bundles/pleroma/files/pleroma.service
View file

@ -1,22 +0,0 @@
[Unit]
Description=Pleroma social network
After=network.target
Requires=postgresql.service
[Service]
User=pleroma
WorkingDirectory=/opt/pleroma
Environment="HOME=/opt/pleroma"
Environment="PLEROMA_CONFIG_PATH=/opt/pleroma/pleroma.config.exs"
Environment="PLUG_TMPDIR=/tmp/pleroma"
ExecStart=/opt/pleroma/release/bin/pleroma start
ExecStop=/opt/pleroma/release/bin/pleroma stop
Restart=always
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
CapabilityBoundingSet=~CAP_SYS_ADMIN
[Install]
WantedBy=multi-user.target

88
bundles/pleroma/items.py
View file

@ -1,88 +0,0 @@
version = node.metadata['pleroma']['version']
users = {
'pleroma': {
'home': '/opt/pleroma',
},
}
directories = {
'/opt/pleroma': {},
'/var/pleroma': {
'owner': 'pleroma',
},
'/var/pleroma/uploads': {
'owner': 'pleroma',
},
'/var/pleroma/static': {
'owner': 'pleroma',
},
'/var/pleroma/static/emoji': {
'owner': 'pleroma',
},
}
if node.has_bundle('zfs'):
directories['/var/pleroma']['needs'] = {
'zfs_dataset:tank/pleroma-data',
}
actions = {
'pleroma_download_release': {
'command': \
'cd /opt/pleroma/ && '\
f'wget -O/opt/pleroma/pleroma.zip https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/release/{version}/download?job=amd64 && '\
'rm -rf release && '\
'unzip /opt/pleroma/pleroma.zip && '\
'chown -R pleroma:pleroma /opt/pleroma/release && '\
f'echo -n "{version}" > /opt/pleroma/.bundlewrap_installed_version',
'unless': f'[ "$(cat /opt/pleroma/.bundlewrap_installed_version)" = "{version}" ]',
'needs': {
'directory:/opt/pleroma',
},
'preceded_by': {
'svc_systemd:pleroma:stop',
},
'triggers': {
'action:pleroma_migrate_database',
'svc_systemd:pleroma:restart',
},
},
'pleroma_migrate_database': {
'triggered': True,
'command': \
'echo "CREATE EXTENSION IF NOT EXISTS citext;" | psql pleroma && '\
'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm;" | psql pleroma && '\
'echo "CREATE EXTENSION IF NOT EXISTS \\\"uuid-ossp\\\";" | psql pleroma && '\
'sudo -u pleroma PLEROMA_CONFIG_PATH=/opt/pleroma/pleroma.config.exs /opt/pleroma/release/bin/pleroma_ctl create',
'needs': {
'postgres_db:pleroma',
},
},
}
files = {
'/etc/systemd/system/pleroma.service': {
'triggers': {
'action:systemd-reload',
'svc_systemd:pleroma:restart',
},
},
'/opt/pleroma/pleroma.config.exs': {
'content_type': 'mako',
'triggers': {
'svc_systemd:pleroma:restart',
},
},
}
svc_systemd = {
'pleroma': {
'needs': {
'action:pleroma_download_release',
'action:pleroma_migrate_database',
'file:/etc/systemd/system/pleroma.service',
'file:/opt/pleroma/pleroma.config.exs',
},
},
}

62
bundles/pleroma/metadata.py
View file

@ -1,62 +0,0 @@
defaults = {
'apt': {
'packages': {
'imagemagick': {},
'ffmpeg': {},
'libimage-exiftool-perl': {},
},
},
'backups': {
'paths': {
'/var/pleroma',
},
},
'zfs': {
'datasets': {
'tank/pleroma-data': {
'mountpoint': '/var/pleroma',
'needed_by': {
'directory:/var/pleroma',
},
},
},
},
'postgresql': {
'roles': {
'pleroma': {
'password': repo.vault.password_for(f'{node.name} postgresql pleroma'),
},
},
'databases': {
'pleroma': {
'owner': 'pleroma',
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/pleroma',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'pleroma': {
'domain': metadata.get('pleroma/url'),
'locations': {
'/': {
'target': 'http://127.0.0.1:21000',
'websockets': True,
},
},
'website_check_path': '/main/all',
'website_check_string': 'use Pleroma',
},
},
},
}

2
data/nginx/files/extras/htz-cloud.pleroma/pleroma
View file

@ -1,2 +0,0 @@
access_log /var/log/nginx/pleroma.log gdpr;
error_log /var/log/nginx/error.log;

85
nodes/htz-cloud/pleroma.py
View file

@ -1,85 +0,0 @@
nodes['htz-cloud.pleroma'] = {
'bundles': {
'pleroma',
'postgresql',
'zfs',
},
'groups': {
'debian-buster',
'webserver',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'159.69.11.231',
'2a01:4f8:c2c:c410::1/64',
},
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1',
},
'ens10': {
'ips': {
'172.19.137.5/32',
},
'routes': {
# VPN
'172.19.136.0/22': {
'via': '172.19.137.1',
},
},
},
},
'icinga_options': {
'period': 'daytime',
'pretty_name': 'cybert-media.net',
},
'cron': {
'jobs': {
'auto-authorize-sm-users': '* * * * * root echo "UPDATE users SET approval_pending=false WHERE email LIKE \'\\%@seibert-media.net\' AND approval_pending=true;" | psql pleroma >/dev/null',
},
},
'nginx': {
'vhosts': {
'pleroma': {
'max_body_size': '16M',
'extras': True,
},
'pleroma-www-redir': {
'domain': 'www.cybert-media.net',
'locations': {
'/': {
'redirect': 'https://cybert-media.net$request_uri',
},
},
},
},
},
'pleroma': {
'version': '2.2.2',
'url': 'cybert-media.net',
'secret_key': vault.decrypt('encrypt$gAAAAABgMVXXclfxVY022fM0Fdf94Oh3sxVlK0lYyBO_CsQFEbZcMua3w1oJY8_9d1JcrCJSSeBRTDnt-ZkRCQ6xKoALo8Rl7s9DPxa7J0vHdkggeZ3IHaOyXBcBPdx8vILyKDLHRXacaynOUBOjy6RIl6Qf2wH1ASbphCcjD-Njricg4PG6Rcixm87fF60rLBjAAkRoz5ZQnXlut1rhjLj-z-7UpA68fkeyPVJXbroWBJdmvCUt92dwjuGARsku2XI22mVvjtJJ'),
},
'postfix': {
'myhostname': 'cybert-media.net',
},
'postgresql': {
'version': '11',
},
'vm': {
'cpu': 1,
'ram': 2,
},
'zfs': {
'pools': {
'tank': {
'when_creating': {
'config': [{
'devices': {'/dev/sdb'},
}],
},
},
},
},
},
}