Disroot-Ansible/lemmy
10
0
Fork 0
Code Pull requests Projects Releases Packages Activity

Create lemmy role

Browse source
This commit is contained in:
meaz 2022-11-23 06:43:28 +01:00
commit 493efdce09
Signed by: meaz
GPG key ID: CD7A47B2F1ED43B4
21 changed files with 666 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.vagrant
*.log

19
LICENSE Normal file
View file

@ -0,0 +1,19 @@
MIT License Copyright (c) 2021 "Stichting Disroot.org"
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice (including the next
paragraph) shall be included in all copies or substantial portions of the
Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

10
Playbooks/lemmy.yml Normal file
View file

@ -0,0 +1,10 @@
---
- hosts: lemmy
roles:
- postgresql
- nginx
- lemmy
vars_files:
- ../defaults/main.yml

17
README.MD Normal file
View file

@ -0,0 +1,17 @@
# Lemmy - Ansible role
This role covers deployment, configuration and software updates of Lemmy. This role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.
You can deploy test instance using `Vagrantfile` attached to the role.
`vagrant up`
`ansible-playbook -b Playbooks/lemmy.yml`
Then you can access lemmy from your computer on http://192.168.33.25
## Playbook
The playbook includes postgresql role and deploys entire stack needed to run lemmy. Additional role is also available in the Ansible roles repos in git.
## CHANGELOG
- **12.11.2022** - Role creation

21
Vagrantfile vendored Normal file
View file

@ -0,0 +1,21 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
#config.ssh.insert_key = false
config.vm.define "lemmy" do |lemmy|
lemmy.vm.box = "generic/debian11"
lemmy.vm.provider :libvirt do |libvirt|
libvirt.memory = 256
end
lemmy.vm.network "forwarded_port", guest: 80, host: 8884, host_ip: "192.168.33.25"
lemmy.vm.network "forwarded_port", guest: 443, host: 4444, host_ip: "192.168.33.25"
lemmy.vm.network "forwarded_port", guest: 8080, host: 8081, host_ip: "192.168.33.25"
lemmy.vm.network "private_network", ip: "192.168.33.25"
config.vm.provision "shell", inline: "apt install acl"
end
end

127
defaults/main.yml Normal file
View file

@ -0,0 +1,127 @@
---
# Server
lemmy_apt:
- pkg-config
- libssl-dev
- libpq-dev
#- cargo # version to old
lemmy_username: 'lemmy'
lemmy_group: 'lemmy'
lemmy_settings_dir: '/etc/lemmy'
lemmy_logfile: '/var/log/lemmy.log'
lemmy_logfile_error: '/var/log/lemmy_err.log'
lemmy_app_dir: '/usr/local'
# Server config: lemmy.hson
# see https://raw.githubusercontent.com/LemmyNet/lemmy/main/config/defaults.hjson
lemmy_hostname: 'example.lan'
lemmy_host: 'postgres'
lemmy_db_host: '127.0.0.1'
lemmy_db_user: 'lemmy'
lemmy_db_passwd: 'changeme'
lemmy_db_name: 'lemmy'
lemmy_db_port: '5432'
lemmy_pool_size: '5'
lemmy_admin_username: 'admin'
lemmy_admin_password: 'changemeasap'
lemmy_site_name: 'My Lemmy Instance'
lemmy_admin_email: 'user@example.com'
lemmy_bind: '0.0.0.0'
lemmy_port: '8536'
lemmy_tls_enabled: 'true'
lemmy_smtp_server: 'localhost:25'
lemmy_smtp_login: 'username'
lemmy_smtp_password: 'changeme'
lemmy_smtp_from_address: 'noreply@example.com'
lemmy_tls_type: 'none'
lemmy_activitypub_enabled: 'false'
lemmy_worker_count: '64'
lemmy_captcha_enabled: 'false'
lemmy_captcha_difficulty: 'medium'
# UI
lemmy_ui_pkg:
- nodejs
- yarn
lemmy_nodejs_version: '16'
lemmy_ui_version: '0.16.7'
lemmy_ui_dir: '/var/lib/lemmy-ui'
lemmy_ui_port: '1234'
lemmy_ui_logfile: '/var/log/lemmy-ui.log'
lemmy_ui_logfile_error: '/var/log/lemmy-ui_err.log'
# Pict-rs
lemmy_pictrs_deploy: 'true' # set it to true if you want to deploy pict-rs
lemmy_pictrs_apt:
- ffmpeg
- exiftool
- libgexiv2-dev
- imagemagick
lemmy_pictrs_username: 'pictrs'
lemmy_pictrs_group: 'pictrs'
lemmy_pictrs_source_dir: '/var/lib/pictrs-source'
lemmy_pictrs_dir: '/var/lib/pictrs'
# check docker-compose.yml for pict-rs version used by lemmy
# https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/docker-compose.yml#L40
lemmy_pictrs_version: 'v0.3.x'
lemmy_pictrs_logfile: '/var/log/lemmy-pictrs.log'
lemmy__pictrs_logfile_error: '/var/log/lemmy-pictrs_err.log'
#Postgres
postgresql_version: 13
postgresql_listen_addresses:
- "127.0.0.1"
postgresql_pg_hba_default:
- { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }
- { type: local, database: all, user: all, address: '', method: '{{ postgresql_default_auth_method }}', comment: '"local" is for Unix domain socket connections only' }
- { type: host, database: all, user: all, address: '127.0.0.1/32', method: '{{ postgresql_default_auth_method_hosts }}', comment: 'IPv4 local connections:' }
postgresql_databases:
- name: '{{ lemmy_db_name }}'
owner: '{{ lemmy_db_user }}' # optional; specify the owner of the database
uuid_ossp: yes
postgresql_database_extensions:
- db: '{{ lemmy_db_name }}'
extensions:
- citext
- pg_trgm
# hstore: no # flag to install the hstore extension on this database (yes/no)
#uuid_ossp: yes # flag to install the uuid-ossp extension on this database (yes/no)
#citext: yes # flag to install the citext extension on this database (yes/no)
postgresql_users:
- name: '{{ lemmy_db_user }}'
pass: '{{ lemmy_db_passwd }}'
encrypted: yes # denotes if the password is already encrypted.
postgresql_user_privileges:
- name: '{{ lemmy_db_user }}' # user name
db: '{{ lemmy_db_name }}' # database
priv: "ALL" # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
role_attr_flags: "" # role attribute flags
#NGINX SETUP
nginx_default_vhost_ssl: 'lemmy'
nginx_default_vhost: 'lemmy'
#NGINX VHOST
nginx_vhosts:
- name: 'lemmy'
template: 'lemmy'
proto: 'http'
listen: '80'
use_error_log: 'true'
nginx_error_log_level: 'warn'
redirect_https: 'true'
letsencrypt: 'false'
secure_site: 'false'
nginx_HSTS_policy: 'false'
state: 'enable'

16
handlers/main.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: restart lemmy backend
systemd:
name: lemmy
state: restarted
- name: restart lemmy ui
systemd:
name: lemmy-ui
state: restarted
- name: restart pictrs
systemd:
name: pictrs
state: restarted

11
tasks/configure.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: '[CONFIGURE] - Deploy lenny config'
template:
src: etc/lemmy/lemmy.hjson.j2
dest: "{{ lemmy_settings_dir }}/lemmy.hjson"
owner: "{{ lemmy_username }}"
group: "{{ lemmy_group }}"
mode: 0644
notify:
restart lemmy backend

6
tasks/install_server.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: '[INSTALLAPP] - Source profile and install Lemmy server'
shell: '. /etc/profile && /home/{{ lemmy_username }}/.cargo/bin/cargo install lemmy_server --root /usr/local --locked'
notify:
restart lemmy backend

35
tasks/install_ui.yml Normal file
View file

@ -0,0 +1,35 @@
---
- name: '[UI] - Create {{ lemmy_ui_dir }}'
file:
path: '{{ lemmy_ui_dir }}'
owner: '{{ lemmy_username }}'
group: '{{ lemmy_group }}'
state: directory
recurse: yes
- name: '[UI] - Deploy source'
git:
repo: https://github.com/LemmyNet/lemmy-ui.git
dest: "{{ lemmy_ui_dir }}"
force: yes
update: yes
version: "{{ lemmy_ui_version }}"
become: 'yes'
become_user: "{{ lemmy_username }}"
- name: '[Install] - Install Lemmy UI'
shell: yarn install --pure-lockfile
args:
chdir: '{{ lemmy_ui_dir }}'
become: true
become_user: "{{ lemmy_username }}"
- name: '[Install] - Build Lemmy UI'
shell: yarn build:prod
args:
chdir: '{{ lemmy_ui_dir }}'
become: true
become_user: "{{ lemmy_username }}"
notify:
restart lemmy ui

17
tasks/installdeps_server.yml Normal file
View file

@ -0,0 +1,17 @@
---
- name: '[INSTALLDEPS-SERVER] - Install dependencies'
apt:
name: "{{ lemmy_apt }}"
update_cache: yes
- name: '[INSTALLDEPS-SERVER] - Install Cargo'
shell: "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | env RUSTUP_HOME=/home/{{ lemmy_username }}/.cargo CARGO_HOME=/home/{{ lemmy_username }}/.cargo sh -s -- -y --default-toolchain stable --profile default --no-modify-path"
become: 'yes'
become_user: "{{ lemmy_username }}"
- name: "[INSTALLDEPS-SERVER] - add sh file"
template:
src: etc/profile.d/rust.sh.j2
dest: "/etc/profile.d/rust.sh"
mode: '0644'

30
tasks/installdeps_ui.yml Normal file
View file

@ -0,0 +1,30 @@
---
- name: '[INSTALLDEPS-UI] - Add Nodesource apt key'
apt_key:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id: "68576280"
state: present
- name: '[INSTALLDEPS-UI] - Add repository for nodejs'
apt_repository:
repo: 'deb https://deb.nodesource.com/node_{{ lemmy_nodejs_version }}.x {{ ansible_distribution_release }} main'
state: present
filename: 'nodesource'
- name: '[INSTALLDEPS-UI] - Add Yarn apt key'
apt_key:
url: https://dl.yarnpkg.com/debian/pubkey.gpg
id: "72ECF46A56B4AD39C907BBB71646B01B86E50310"
state: present
- name: '[INSTALLDEPS-UI] - Add repository for Yarn'
apt_repository:
repo: 'deb https://dl.yarnpkg.com/debian/ stable main'
state: present
filename: 'yarnsource'
- name: '[INSTALLDEPS-UI] - Install dependencies'
apt:
name: "{{ lemmy_ui_pkg }}"
update_cache: yes

38
tasks/main.yml Normal file
View file

@ -0,0 +1,38 @@
---
# Lemmy Backend
- name: Add user
include: user.yml
- name: Install dependencies
include: installdeps_server.yml
- name: Install Lemmy Backend
include: install_server.yml
- name: Deploy configuration
include: configure.yml
notify:
restart lemmy
# Lemmy-ui (web frontend)
- name: Install dependencies
include: installdeps_ui.yml
- name: Install Lemmy UI
include: install_ui.yml
notify:
restart lemmy ui
# Other
- name: Systemd
include: systemd.yml
- name: Install Pict-rs (for image hosting)
include: pict-rs.yml
when: lemmy_pictrs_deploy == 'true'
notify:
restart pictrs
tags: pictrs

76
tasks/pict-rs.yml Normal file
View file

@ -0,0 +1,76 @@
---
#- name: '[PICT-RS] - Source profile and update rustup'
# shell: '. /etc/profile && /home/{{ lemmy_username }}/.cargo/bin/rustup update'
# become: 'yes'
# become_user: "{{ lemmy_username }}"
# notify:
# restart pictrs
- name: '[PICT-RS] - Install pict-rs'
apt:
name: "{{ lemmy_pictrs_apt }}"
update_cache: yes
- name: '[PICT-RS] - Add group'
group:
name: '{{ lemmy_pictrs_group }}'
state: present
- name: '[PICT-RS] - Add user'
user:
name: '{{ lemmy_pictrs_username }}'
group: '{{ lemmy_pictrs_group }}'
create_home: 'no'
system: 'yes'
state: present
- name: '[PICT-RS] - Create {{ lemmy_pictrs_source_dir }}'
file:
path: '{{ lemmy_pictrs_source_dir }}'
state: directory
recurse: yes
- name: '[PICT-RS] - Deploy source'
git:
repo: https://git.asonix.dog/asonix/pict-rs.git
dest: "{{ lemmy_pictrs_source_dir }}"
force: yes
update: yes
version: "{{ lemmy_pictrs_version }}"
- name: '[PICT-RS] - Source profile and build pict-rs'
shell: '. /etc/profile && /home/{{ lemmy_username }}/.cargo/bin/cargo build --release'
args:
chdir: '{{ lemmy_pictrs_source_dir }}'
- name: '[PICT-RS] - Copy pict-rs to /usr/bin/'
copy:
src: '{{ lemmy_pictrs_source_dir }}/target/release/pict-rs'
dest: /usr/bin/
remote_src: yes
- name: '[PICT-RS] - Create {{ lemmy_pictrs_dir }}'
file:
path: '{{ lemmy_pictrs_dir }}'
owner: '{{ lemmy_pictrs_username }}'
group: '{{ lemmy_pictrs_group }}'
state: directory
recurse: yes
- name: '[PICT-RS] - Deploy Pict-rs Systemd config'
template:
src: etc/systemd/system/pictrs.service.j2
dest: /etc/systemd/system/pictrs.service
owner: root
group: root
mode: 0644
- name: '[PICT-RS] - Enable Pict-rs systemd'
systemd:
name: pictrs
enabled: yes
state: started
daemon_reload: yes
notify:
restart pictrs

35
tasks/systemd.yml Normal file
View file

@ -0,0 +1,35 @@
---
- name: '[SYSTEMD] - Deploy Backend Systemd config'
template:
src: etc/systemd/system/lemmy.service.j2
dest: /etc/systemd/system/lemmy.service
owner: root
group: root
mode: 0644
- name: '[SYSTEMD] - Enable Backend systemd'
systemd:
name: lemmy
enabled: yes
state: started
daemon_reload: yes
notify:
restart lemmy backend
- name: '[SYSTEMD] - Deploy UI Systemd config'
template:
src: etc/systemd/system/lemmy-ui.service.j2
dest: /etc/systemd/system/lemmy-ui.service
owner: root
group: root
mode: 0644
- name: '[SYSTEMD] - Enable UI systemd'
systemd:
name: lemmy-ui
enabled: yes
state: started
daemon_reload: yes
notify:
restart lemmy ui

22
tasks/user.yml Normal file
View file

@ -0,0 +1,22 @@
---
- name: '[USER] - Add group'
group:
name: '{{ lemmy_group }}'
state: present
- name: '[USER] - Add user'
user:
name: '{{ lemmy_username }}'
shell: /bin/bash
group: '{{ lemmy_group }}'
system: 'yes'
state: present
- name: '[USER] - Change ownership to lemmy user'
file:
path: '{{ lemmy_settings_dir }}'
owner: '{{ lemmy_username }}'
group: '{{ lemmy_group }}'
state: directory
recurse: yes

121
templates/etc/lemmy/lemmy.hjson.j2 Normal file
View file

@ -0,0 +1,121 @@
{
# settings related to the postgresql database
database: {
# Username to connect to postgres
user: "{{ lemmy_db_user }}"
# Password to connect to postgres
password: "{{ lemmy_db_passwd }}"
# Host where postgres is running
host: "{{ lemmy_db_host }}"
# Port where postgres can be accessed
port: {{ lemmy_db_port }}
# Name of the postgres database for lemmy
database: "{{ lemmy_db_name }}"
# Maximum number of active sql connections
pool_size: {{ lemmy_pool_size }}
}
# rate limits for various user actions, by user ip
rate_limit: {
# Maximum number of messages created in interval
message: 180
# Interval length for message limit, in seconds
message_per_second: 60
# Maximum number of posts created in interval
post: 6
# Interval length for post limit, in seconds
post_per_second: 600
# Maximum number of registrations in interval
register: 3
# Interval length for registration limit, in seconds
register_per_second: 3600
# Maximum number of image uploads in interval
image: 6
# Interval length for image uploads, in seconds
image_per_second: 3600
# Maximum number of comments created in interval
comment: 6
# Interval length for comment limit, in seconds
comment_per_second: 600
search: 60
# Interval length for search limit, in seconds
search_per_second: 600
}
# Settings related to activitypub federation
federation: {
# Whether to enable activitypub federation.
enabled: {{ lemmy_activitypub_enabled }}
# Allows and blocks are described here:
# https://join-lemmy.org/docs/en/administration/federation_getting_started.html
#
# list of instances with which federation is allowed
#allowed_instances: [
# instance1.tld
# instance2.tld
# /* ... */
#]
# Instances which we never federate anything with (but previously federated objects are unaffected)
#blocked_instances: [
# string
# /* ... */
#]
# If true, only federate with instances on the allowlist and block everything else. If false
# use allowlist only for remote communities, and posts/comments in local communities
# (meaning remote communities will show content from arbitrary instances).
#strict_allowlist: true
# Number of workers for sending outgoing activities. Search logs for Activity queue stats to
# see information. If running number is consistently close to the worker_count, you should
# increase it.
worker_count: {{ lemmy_worker_count }}
}
captcha: {
# Whether captcha is required for signup
enabled: {{ lemmy_captcha_enabled }}
# Can be easy, medium, or hard
difficulty: "{{ lemmy_captcha_difficulty }}"
}
# Email sending configuration. All options except login/password are mandatory
email: {
# Hostname and port of the smtp server
smtp_server: "{{ lemmy_smtp_server }}"
# Login name for smtp server
smtp_login: "{{ lemmy_smtp_login }}"
# Password to login to the smtp server
smtp_password: "{{ lemmy_smtp_password }}"
# Address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "{{ lemmy_smtp_from_address }}"
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
tls_type: "{{ lemmy_tls_type }}"
}
# Parameters for automatic configuration of new instance (only used at first start)
setup: {
# Username for the admin user
admin_username: "{{ lemmy_admin_username }}"
# Password for the admin user. It must be at least 10 characters.
admin_password: "{{ lemmy_admin_password }}"
# Name of the site (can be changed later)
site_name: "{{ lemmy_site_name }}"
# Email for the admin user (optional, can be omitted and set later through the website)
admin_email: "{{ lemmy_admin_email }}"
open_registration: true
enable_nsfw: true
community_creation_admin_only: true
require_email_verification: true
}
# the domain name of your instance (mandatory)
hostname: "{{ lemmy_hostname }}"
# Address where lemmy should listen for incoming requests
bind: "{{ lemmy_bind }}"
# Port where lemmy should listen for incoming requests
port: {{ lemmy_port }}
# Whether the site is available over TLS. Needs to be true for federation to work.
tls_enabled: {{ lemmy_tls_enabled }}
{% if lemmy_pictrs_deploy == 'true' %}
# Address where pictrs is available (for image hosting)
pictrs_url: "http://pictrs:8080"
{% endif %}
slur_filter: "(\bThis\b)|(\bis\b)|(\bsample\b)"
# Maximum length of local community and user names
actor_name_max_length: 20
# Maximum number of HTTP requests allowed to handle a single incoming activity (or a single object fetch through the search).
http_fetch_retry_limit: 25
}

4
templates/etc/profile.d/rust.sh.j2 Normal file
View file

@ -0,0 +1,4 @@
#!/bin/bash
export RUSTUP_HOME=/home/{{ lemmy_username }}/.cargo/
export PATH=${PATH}:/home/{{ lemmy_username }}/.cargo/bin/

23
templates/etc/systemd/system/lemmy-ui.service.j2 Normal file
View file

@ -0,0 +1,23 @@
[Unit]
Description=Lemmy UI - Web frontend for Lemmy
After=lemmy.service
Before=nginx.service
[Service]
User={{ lemmy_username }}
WorkingDirectory={{ lemmy_ui_dir }}
ExecStart=/usr/bin/node dist/js/server.js
Environment=LEMMY_INTERNAL_HOST=localhost:8536
Environment=LEMMY_EXTERNAL_HOST={{ lemmy_hostname }}
Environment=LEMMY_HTTPS=true
Restart=on-failure
StandardOutput=append:{{ lemmy_ui_logfile }}
StandardError=append:{{ lemmy_ui_logfile_error }}
# Hardening
ProtectSystem=full
PrivateTmp=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

20
templates/etc/systemd/system/lemmy.service.j2 Normal file
View file

@ -0,0 +1,20 @@
[Unit]
Description=Lemmy - A link aggregator for the fediverse
After=network.target
[Service]
User={{ lemmy_username }}
ExecStart={{ lemmy_app_dir }}/bin/lemmy_server
Environment=LEMMY_CONFIG_LOCATION={{ lemmy_settings_dir }}/lemmy.hjson
Restart=on-failure
StandardOutput=append:{{ lemmy_logfile }}
StandardError=append:{{ lemmy_logfile_error }}
# Hardening
ProtectSystem=yes
PrivateTmp=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

16
templates/etc/systemd/system/pictrs.service.j2 Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=pict-rs - A simple image host
After=network.target
[Service]
User=pictrs
ExecStart=/usr/bin/pict-rs
Environment=PICTRS__PATH={{ lemmy_pictrs_dir }}
Environment=PICTRS__ADDR=127.0.0.1:8080
Restart=on-failure
StandardOutput=append:{{ lemmy_pictrs_logfile }}
StandardError=append:{{ lemmy__pictrs_logfile_error }}
[Install]
WantedBy=multi-user.target