FIxes to pleroma ready for production deployments (#4)

Co-authored-by: muppeth <muppeth@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #4
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@no-reply@disroot.org>
Co-committed-by: muppeth <muppeth@no-reply@disroot.org>

README.md

@@ -1,10 +1,12 @@
 # Pleroma role
 Pleroma role is was initially based on role by (Luke Hoersten)[https://src.nth.io/ansible-roles/file/2d705e63f6cb/pleroma/otp] with heavy modifications (basically re-written).
-This role deploys and updates OTP pleroma instance with soapbox ui. Currently supported distributions are debian based. Role requires disroot's (nginx)[https://git.disroot.org/Disroot-Ansible/nginx] role and (postgresql)[https://github.com/ANXS/postgresql.git]. Other nginx / postgres roles could be used but may require changes in variables. 
+This role deploys and updates OTP pleroma instance with soapbox ui. Currently supported distributions are debian based. Role requires disroot's (nginx)[https://git.disroot.org/Disroot-Ansible/nginx] role and (postgresql)[https://github.com/ANXS/postgresql.git]. Other nginx / postgres roles could be used but may require changes in variables.
 
+You can deploy test instance using `Vagrantfile` attached to the role.
+`vagrant up`
 
-Role is deployable with vagrant for test purposes (See Vagrantfile). 
+`ansible-playbook -b Playbooks/pleroma.yml`
+
+Then you can then access gitea from your computer on `http://192.168.33.15`
 
 To update pleroma include `upgrade` **tag**.
-
-

Vagrantfile

@@ -8,7 +8,7 @@
 Vagrant.configure("2") do |config|
   #config.ssh.insert_key = false
   config.vm.define "pleroma" do |pleroma|
-    pleroma.vm.box = "generic/debian10"
+    pleroma.vm.box = "generic/debian11"
     pleroma.vm.provider :libvirt do |libvirt|
       libvirt.memory = 256
     end

defaults/main.yml

@@ -1,5 +1,6 @@
 ---
-
+ansible_python_interpreter: 'python3'
+pleroma_extra_files_path: '../files'
 pleroma_user: 'pleroma'
 pleroma_group: 'pleroma'
 pleroma_tmp_dir: '/tmp/pleroma/'
@@ -25,20 +26,21 @@ pleroma_host: "192.168.33.15"
 pleroma_port: 4000
 pleroma_scheme: "http"
 
-pleroma_proxy_pass: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
+pleroma_proxy_pass: "{{ pleroma_scheme }}://{{ pleroma_host }}:{{ pleroma_port }}"
 
 pleroma_link_host: "192.168.33.15"
 pleroma_link_port: "80"
 pleroma_link_scheme: "http"
 pleroma_https: 'false'
 pleroma_config_dir: '/etc/pleroma'
-pleroma_instance_name: "{{pleroma_link_host}}"
+pleroma_instance_name: "{{ pleroma_link_host }}"
 pleroma_secret_key: 'CDPbJ/+rD8hd27Hcw8igvGwyIDoS/J1isK4noJOybqfCuNuW9GDm0QNiW7syrGsHQQkTTSkzSZkAlKTqdnUahQ==' #openssl rand -base64 64 | paste --delimiters '' --serial
 pleroma_invites_enabled: 'false'
 pleroma_desc: "A Pleroma fediverse instance."
 pleroma_char_limit: 5000
 pleroma_signup_open: "true"
 pleroma_loglevel: ":debug"
+pleroma_conf_from_db: 'true'
 pleroma_allow_relay: 'true'
 pleroma_remote_post_retention: '90'
 pleroma_db_host: "localhost"
@@ -55,12 +57,16 @@ pleroma_admin_email: 'admin@example.lan'
 pleroma_admin_password: 'changeme'
 pleroma_download_url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{pleroma_arch}}"
 pleroma_arch: 'amd64'
+pleroma_nofile: '500000'
+pleroma_instance_favicons: 'true'
+pleroma_remoteip: 'true'
+pleroma_proxies: '["192.168.33.15"]'
 pleroma_soapbox: false
-pleroma_soapbox_version: "v1.3.0"
-pleroma_soapbox_download_url: "https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/{{pleroma_soapbox_version}}/download?job=build-production"
+pleroma_soapbox_version: "develop"
+pleroma_soapbox_download_url: "https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/{{ pleroma_soapbox_version }}/download?job=build-production"
 
 #soapbox
-pleroma_soapbox_logo: '/instance/images/soapbox-logo.svg'
+pleroma_soapbox_logo: '/images/logo.png'
 pleroma_soapbox_brandcolor: '#0482d8'
 pleroma_soapbox_promopanel:
   - text: 'Our Site stats'
@@ -88,7 +94,7 @@ pleroma_soapbox_redirects: 'false' #set to true if you want to redirect footer p
 #pleroma_soap_pp: 'https://example/pp'
 
 #Postgres
-postgresql_version: 12
+postgresql_version: 13
 postgresql_listen_addresses:
     - "127.0.0.1"
 
@@ -132,8 +138,14 @@ nginx_vhosts:
   - name: 'pleroma.example.lan'
     template: 'pleroma'
     upstream_proto: 'http'
-    upstream_port: '80'
+    upstream_port: '4000'
     upstream_name: 'localhost'
+    upstream_maxfail: '5'
+    upstream_failtimeout: '60s'
+    proxycache_path: '/tmp/pleroma-media-cache'
+    proxycache_level: '1:2'
+    proxycache_keyzone: 'pleroma_media_cache:10m'
+    proxycache_maxsize: '10g'
     proto: 'http'
     listen: '80'
     use_error_log: 'true'

tasks/frontends.yml

@@ -1,4 +1,11 @@
 ---
+- name: '[Soapbox] - delete tmp pleroma dir'
+  file:
+    path: "{{ pleroma_tmp_dir }}"
+    state: '{{ item }}'
+  with_items:
+    - absent
+    - directory
 
 - name: '[Soapbox] - download and unarchive soapbox'
   unarchive:
@@ -11,7 +18,6 @@
   file:
     path: "{{ pleroma_data_dir }}/static/"
     state: "absent"
-  changed_when: false
 
 - name: '[Soapbox] - install soapbox'
   copy:
@@ -21,7 +27,6 @@
     owner: '{{ pleroma_user }}'
     group: '{{ pleroma_group }}'
     mode: "0755"
-  changed_when: false
 
 - name: '[Soapbox] - install soapbox config'
   template:
@@ -30,7 +35,6 @@
     owner: '{{ pleroma_user }}'    
     group: '{{ pleroma_group }}'
     mode: "0755"
-  changed_when: false
 
 - name: '[Soapbox] - Create about dir'
   file:
@@ -46,3 +50,24 @@
     - privacy
     - tos
   when: pleroma_soapbox_redirects is defined and pleroma_soapbox_redirects == 'true'
+
+- name: '[Soapbox] - Create images dir'
+  file:
+    path: '{{ pleroma_data_dir }}/static/images'
+    state: directory
+
+- name: '[Soapbox] - Add instance logo'
+  copy:
+    src: '{{ pleroma_extra_files_path }}/logo.png'
+    dest: '{{ pleroma_data_dir }}/static/images/logo.png'
+    owner: '{{ pleroma_user }}'
+    group: '{{ pleroma_group }}'
+    mode: 0775
+
+- name: '[Soapbox] - Add instance favicon'
+  copy:
+    src: '{{ pleroma_extra_files_path }}/logo.png'
+    dest: '{{ pleroma_data_dir }}/static/favicon.png'
+    owner: '{{ pleroma_user }}'
+    group: '{{ pleroma_group }}'
+    mode: 0775

templates/config.exs.j2

@@ -49,7 +49,7 @@ config :logger,
 config :logger, :ex_syslogger,
   level: {{ pleroma_loglevel }}
 
-config :pleroma, configurable_from_database: false
+config :pleroma, configurable_from_database: {{ pleroma_conf_from_db }}
 
 config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.AnonymizeFilename, Pleroma.Upload.Filter.Dedupe]
 
@@ -66,17 +66,22 @@ config :pleroma, Pleroma.Emails.Mailer,
 {% endif %}
 
 config :pleroma, Pleroma.Web.Plugs.RemoteIp,
-  enabled: true
+  enabled: {{ pleroma_remoteip }},
+{% if pleroma_remoteip == 'true' %}
+  proxies: {{ pleroma_proxies }}
+{% endif %}
 
 config :pleroma, :rate_limit,
   authentication: {60_000, 15},
   search: [{1000, 10}, {1000, 30}]
 
-  {% if pleroma_ldap == 'true' %}
-config :pleroma, Pleroma.Web.Auth.LDAPAuthenticator,
+{% if pleroma_ldap == 'true' %}
+config :pleroma, Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator
+
+config :pleroma, :ldap,
   enabled: true,
   host: "{{ pleroma_ldap_host }}",
-  port: "{{ pleroma_ldap_port }}",
+  port: {{ pleroma_ldap_port }},
   ssl: "{{ pleroma_ldap_ssl }}",
 {% if pleroma_ldap_sslotps is defined %}
   sslopts: "{{ pleroma_ldap_sslopts }}",
@@ -88,3 +93,6 @@ config :pleroma, Pleroma.Web.Auth.LDAPAuthenticator,
   base: "{{ pleroma_ldap_base }}",
   uid: "{{ pleroma_ldap_uid }}"
 {% endif %}
+
+config :pleroma, :instances_favicons, enabled: {{ pleroma_instance_favicons }}
+

templates/pleroma.service.j2

@@ -5,6 +5,7 @@ After=network.target postgresql.service nginx.service
 [Service]
 KillMode=process
 Restart=on-failure
+LimitNOFILE={{ pleroma_nofile }}
 
 ; Name of the user that runs the Pleroma service.
 User={{ pleroma_user }}