FIxes to pleroma ready for production deployments (#4)

Co-authored-by: muppeth <muppeth@disroot.org> Co-authored-by: meaz <meaz@disroot.org> Reviewed-on: #4 Reviewed-by: meaz <meaz@no-reply@disroot.org> Reviewed-by: antilopa <antilopa@no-reply@disroot.org> Co-authored-by: muppeth <muppeth@no-reply@disroot.org> Co-committed-by: muppeth <muppeth@no-reply@disroot.org>
2022-03-01 20:03:01 +00:00 · 2022-03-01 20:03:01 +00:00 · 491d350065
commit 491d350065
parent 73cd9fcc56
7 changed files with 69 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -2,9 +2,11 @@
 Pleroma role is was initially based on role by (Luke Hoersten)[https://src.nth.io/ansible-roles/file/2d705e63f6cb/pleroma/otp] with heavy modifications (basically re-written).
 This role deploys and updates OTP pleroma instance with soapbox ui. Currently supported distributions are debian based. Role requires disroot's (nginx)[https://git.disroot.org/Disroot-Ansible/nginx] role and (postgresql)[https://github.com/ANXS/postgresql.git]. Other nginx / postgres roles could be used but may require changes in variables.

+You can deploy test instance using `Vagrantfile` attached to the role.
+`vagrant up`

-Role is deployable with vagrant for test purposes (See Vagrantfile). 
+`ansible-playbook -b Playbooks/pleroma.yml`
+
+Then you can then access gitea from your computer on `http://192.168.33.15`

 To update pleroma include `upgrade` **tag**.
-
-
--- a/2
+++ b/2
@ -8,7 +8,7 @@
 Vagrant.configure("2") do |config|
  #config.ssh.insert_key = false
  config.vm.define "pleroma" do |pleroma|
-    pleroma.vm.box = "generic/debian10"
+    pleroma.vm.box = "generic/debian11"
    pleroma.vm.provider :libvirt do |libvirt|
      libvirt.memory = 256
    end
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,5 +1,6 @@
 ---
-
+ansible_python_interpreter: 'python3'
+pleroma_extra_files_path: '../files'
 pleroma_user: 'pleroma'
 pleroma_group: 'pleroma'
 pleroma_tmp_dir: '/tmp/pleroma/'
@ -39,6 +40,7 @@ pleroma_desc: "A Pleroma fediverse instance."
 pleroma_char_limit: 5000
 pleroma_signup_open: "true"
 pleroma_loglevel: ":debug"
+pleroma_conf_from_db: 'true'
 pleroma_allow_relay: 'true'
 pleroma_remote_post_retention: '90'
 pleroma_db_host: "localhost"
@ -55,12 +57,16 @@ pleroma_admin_email: 'admin@example.lan'
 pleroma_admin_password: 'changeme'
 pleroma_download_url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{pleroma_arch}}"
 pleroma_arch: 'amd64'
+pleroma_nofile: '500000'
+pleroma_instance_favicons: 'true'
+pleroma_remoteip: 'true'
+pleroma_proxies: '["192.168.33.15"]'
 pleroma_soapbox: false
-pleroma_soapbox_version: "v1.3.0"
+pleroma_soapbox_version: "develop"
 pleroma_soapbox_download_url: "https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/{{ pleroma_soapbox_version }}/download?job=build-production"

 #soapbox
-pleroma_soapbox_logo: '/instance/images/soapbox-logo.svg'
+pleroma_soapbox_logo: '/images/logo.png'
 pleroma_soapbox_brandcolor: '#0482d8'
 pleroma_soapbox_promopanel:
  - text: 'Our Site stats'
@ -88,7 +94,7 @@ pleroma_soapbox_redirects: 'false' #set to true if you want to redirect footer p
 #pleroma_soap_pp: 'https://example/pp'

 #Postgres
-postgresql_version: 12
+postgresql_version: 13
 postgresql_listen_addresses:
    - "127.0.0.1"

@ -132,8 +138,14 @@ nginx_vhosts:
  - name: 'pleroma.example.lan'
    template: 'pleroma'
    upstream_proto: 'http'
-    upstream_port: '80'
+    upstream_port: '4000'
    upstream_name: 'localhost'
+    upstream_maxfail: '5'
+    upstream_failtimeout: '60s'
+    proxycache_path: '/tmp/pleroma-media-cache'
+    proxycache_level: '1:2'
+    proxycache_keyzone: 'pleroma_media_cache:10m'
+    proxycache_maxsize: '10g'
    proto: 'http'
    listen: '80'
    use_error_log: 'true'
--- a/files/logo.png
+++ b/files/logo.png
--- a/tasks/frontends.yml
+++ b/tasks/frontends.yml
@ -1,4 +1,11 @@
 ---
+- name: '[Soapbox] - delete tmp pleroma dir'
+  file:
+    path: "{{ pleroma_tmp_dir }}"
+    state: '{{ item }}'
+  with_items:
+    - absent
+    - directory

 - name: '[Soapbox] - download and unarchive soapbox'
  unarchive:
@ -11,7 +18,6 @@
  file:
    path: "{{ pleroma_data_dir }}/static/"
    state: "absent"
-  changed_when: false

 - name: '[Soapbox] - install soapbox'
  copy:
@ -21,7 +27,6 @@
    owner: '{{ pleroma_user }}'
    group: '{{ pleroma_group }}'
    mode: "0755"
-  changed_when: false

 - name: '[Soapbox] - install soapbox config'
  template:
@ -30,7 +35,6 @@
    owner: '{{ pleroma_user }}'    
    group: '{{ pleroma_group }}'
    mode: "0755"
-  changed_when: false

 - name: '[Soapbox] - Create about dir'
  file:
@ -46,3 +50,24 @@
    - privacy
    - tos
  when: pleroma_soapbox_redirects is defined and pleroma_soapbox_redirects == 'true'
+
+- name: '[Soapbox] - Create images dir'
+  file:
+    path: '{{ pleroma_data_dir }}/static/images'
+    state: directory
+
+- name: '[Soapbox] - Add instance logo'
+  copy:
+    src: '{{ pleroma_extra_files_path }}/logo.png'
+    dest: '{{ pleroma_data_dir }}/static/images/logo.png'
+    owner: '{{ pleroma_user }}'
+    group: '{{ pleroma_group }}'
+    mode: 0775
+
+- name: '[Soapbox] - Add instance favicon'
+  copy:
+    src: '{{ pleroma_extra_files_path }}/logo.png'
+    dest: '{{ pleroma_data_dir }}/static/favicon.png'
+    owner: '{{ pleroma_user }}'
+    group: '{{ pleroma_group }}'
+    mode: 0775
--- a/templates/config.exs.j2
+++ b/templates/config.exs.j2
@ -49,7 +49,7 @@ config :logger,
 config :logger, :ex_syslogger,
  level: {{ pleroma_loglevel }}

-config :pleroma, configurable_from_database: false
+config :pleroma, configurable_from_database: {{ pleroma_conf_from_db }}

 config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.AnonymizeFilename, Pleroma.Upload.Filter.Dedupe]

@ -66,17 +66,22 @@ config :pleroma, Pleroma.Emails.Mailer,
 {% endif %}

 config :pleroma, Pleroma.Web.Plugs.RemoteIp,
-  enabled: true
+  enabled: {{ pleroma_remoteip }},
+{% if pleroma_remoteip == 'true' %}
+  proxies: {{ pleroma_proxies }}
+{% endif %}

 config :pleroma, :rate_limit,
  authentication: {60_000, 15},
  search: [{1000, 10}, {1000, 30}]

 {% if pleroma_ldap == 'true' %}
-config :pleroma, Pleroma.Web.Auth.LDAPAuthenticator,
+config :pleroma, Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator
+
+config :pleroma, :ldap,
  enabled: true,
  host: "{{ pleroma_ldap_host }}",
-  port: "{{ pleroma_ldap_port }}",
+  port: {{ pleroma_ldap_port }},
  ssl: "{{ pleroma_ldap_ssl }}",
 {% if pleroma_ldap_sslotps is defined %}
  sslopts: "{{ pleroma_ldap_sslopts }}",
@ -88,3 +93,6 @@ config :pleroma, Pleroma.Web.Auth.LDAPAuthenticator,
  base: "{{ pleroma_ldap_base }}",
  uid: "{{ pleroma_ldap_uid }}"
 {% endif %}
+
+config :pleroma, :instances_favicons, enabled: {{ pleroma_instance_favicons }}
+
--- a/templates/pleroma.service.j2
+++ b/templates/pleroma.service.j2
@ -5,6 +5,7 @@ After=network.target postgresql.service nginx.service
 [Service]
 KillMode=process
 Restart=on-failure
+LimitNOFILE={{ pleroma_nofile }}

 ; Name of the user that runs the Pleroma service.
 User={{ pleroma_user }}