From: Christian Heller Date: Sat, 7 Mar 2020 21:24:31 +0000 (+0100) Subject: Refactor Pleroma/PeerTupe setups. X-Git-Url: https://plomlompom.com/repos/%7B%7Bdb.prefix%7D%7D/%7B%7B%20web_path%20%7D%7D/decks/blog?a=commitdiff_plain;h=ff30fa3f21a8c11a735527f4abeb77f1b052afb3;p=config Refactor Pleroma/PeerTupe setups. --- diff --git a/buster/apt-mark/peertube b/buster/apt-mark/peertube index 9a08c8d..5b73bac 100644 --- a/buster/apt-mark/peertube +++ b/buster/apt-mark/peertube @@ -1,12 +1,9 @@ -nginx-light ffmpeg postgresql postgresql-contrib openssl redis-server python-dev -certbot -python3-certbot-nginx # only needed for setup g++ make diff --git a/buster/apt-mark/pleroma b/buster/apt-mark/pleroma index eadc572..ec7a134 100644 --- a/buster/apt-mark/pleroma +++ b/buster/apt-mark/pleroma @@ -1,12 +1,5 @@ -nginx-light -# for SSL -certbot -python3-certbot-nginx # Pleroma DB postgresql postgresql-contrib # only needed for setup -curl -unzip -libncurses5 pwgen diff --git a/buster/apt-mark/pleroma_otp b/buster/apt-mark/pleroma_otp new file mode 100644 index 0000000..4805a43 --- /dev/null +++ b/buster/apt-mark/pleroma_otp @@ -0,0 +1,4 @@ +# only needed for setup +curl +unzip +libncurses5 diff --git a/buster/apt-mark/pleroma_source b/buster/apt-mark/pleroma_source new file mode 100644 index 0000000..2b1cd35 --- /dev/null +++ b/buster/apt-mark/pleroma_source @@ -0,0 +1,4 @@ +# only needed for setup +build-essential +wget +gnupg diff --git a/buster/apt-mark/web b/buster/apt-mark/web new file mode 100644 index 0000000..4912b8a --- /dev/null +++ b/buster/apt-mark/web @@ -0,0 +1,4 @@ +nginx-light +# for SSL +certbot +python3-certbot-nginx diff --git a/buster/setup_scripts/setup_peertube.sh b/buster/setup_scripts/setup_peertube.sh index c92be5c..3ff8e48 100755 --- a/buster/setup_scripts/setup_peertube.sh +++ b/buster/setup_scripts/setup_peertube.sh @@ -15,15 +15,10 @@ mail="$2" # Install dependencies, set up firewall. config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh peertube +./install_for_target.sh web peertube ./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web nft -f /etc/nftables.conf -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - # Get NodeJS. See # curl -sL https://deb.nodesource.com/setup_10.x | bash - @@ -60,6 +55,11 @@ sed -i "s/admin\@example\.com/${mail}/g" config/production.yaml sed -i "s/example\.com/${domain}/g" config/production.yaml sed -i "s/password: 'peertube'/password: '${db_pw}'/g" config/production.yaml +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + # Configure NGINX. cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube sed -i "s/peertube.example.com/${domain}/g" /etc/nginx/sites-available/peertube diff --git a/buster/setup_scripts/setup_pleroma.sh b/buster/setup_scripts/setup_pleroma.sh deleted file mode 100755 index fc30e1d..0000000 --- a/buster/setup_scripts/setup_pleroma.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh -set -e -# Heavily inspired by - -if [ "$#" -ne 2 ]; then - echo 'Need domain name, mail_address as arguments.' - false -fi -domain="$1" -mail="$2" - -# Install dependencies, set up firewall. -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh pleroma -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web -nft -f /etc/nftables.conf - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Prepare user. -adduser --system --shell /bin/false --home /opt/pleroma pleroma - -# Download and unzip latest stable release, set up Pleroma dirs. -export FLAVOUR='amd64' -su pleroma -s $SHELL -lc " -curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip -unzip /tmp/pleroma.zip -d /tmp/ -" -su pleroma -s $SHELL -lc " -mv /tmp/release/* /opt/pleroma -rmdir /tmp/release -rm /tmp/pleroma.zip -" -mkdir -p /var/lib/pleroma/uploads -chown -R pleroma /var/lib/pleroma -mkdir -p /etc/pleroma -chown -R pleroma /etc/pleroma - -# Configure and set up DB. -su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \ ---output /etc/pleroma/config.exs \ ---output-psql /tmp/setup_db.psql \ ---domain ${domain} \ ---instance-name plom-roma \ ---admin-email ${mail} \ ---notify-email ${mail} \ ---dbhost localhost \ ---dbname pleroma \ ---dbuser pleroma \ ---rum N \ ---indexable N \ ---uploads-dir /var/lib/pleroma/uploads \ ---static-dir /var/lib/pleroma/static \ ---listen-ip 127.0.0.1 \ ---listen-port 4000 \ ---dbpass $(pwgen -s 100 1)" -su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" -su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" - -# Since the OTP release does not support .secret.exs configuration -# files, we hack our own alternative by simply appending custom -# configurations to /etc/config.exs. -cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs - -# Single-pixel picture hack for removing Pleroma FE images. -cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/ -chown pleroma:nogroup /var/lib/pleroma/static/pixel.png - -# Info panel and TOS. -mkdir -p /var/lib/pleroma/static/instance -mkdir -p /var/lib/pleroma/static/static -cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html -cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html - -# Prepare NGINX config for Pleroma. -cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx -sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx -ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx - -# Systemd integration. -cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service -systemctl start pleroma -systemctl enable pleroma - -# Only restart NGINX with Pleroma running. -service nginx restart diff --git a/buster/setup_scripts/setup_pleroma_otp.sh b/buster/setup_scripts/setup_pleroma_otp.sh new file mode 100755 index 0000000..49d28b9 --- /dev/null +++ b/buster/setup_scripts/setup_pleroma_otp.sh @@ -0,0 +1,89 @@ +#!/bin/sh +set -e +# Heavily inspired by + +if [ "$#" -ne 2 ]; then + echo 'Need domain name, mail_address as arguments.' + false +fi +domain="$1" +mail="$2" + +# Install dependencies, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web pleroma pleroma_otp +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Prepare user. +adduser --system --shell /bin/false --home /opt/pleroma pleroma + +# Download and unzip latest stable release, set up Pleroma dirs. +export FLAVOUR='amd64' +su pleroma -s $SHELL -lc " +curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip +unzip /tmp/pleroma.zip -d /tmp/ +" +su pleroma -s $SHELL -lc " +mv /tmp/release/* /opt/pleroma +rmdir /tmp/release +rm /tmp/pleroma.zip +" +mkdir -p /var/lib/pleroma/uploads +chown -R pleroma /var/lib/pleroma +mkdir -p /etc/pleroma +chown -R pleroma /etc/pleroma + +# Configure and set up DB. +su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \ +--output /etc/pleroma/config.exs \ +--output-psql /tmp/setup_db.psql \ +--domain ${domain} \ +--instance-name plom-roma \ +--admin-email ${mail} \ +--notify-email ${mail} \ +--dbhost localhost \ +--dbname pleroma \ +--dbuser pleroma \ +--rum N \ +--indexable Y \ +--uploads-dir /var/lib/pleroma/uploads \ +--static-dir /var/lib/pleroma/static \ +--listen-ip 127.0.0.1 \ +--listen-port 4000 \ +--dbpass $(pwgen -s 100 1)" +su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" +su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" + +# Since the OTP release does not support .secret.exs configuration +# files, we hack our own alternative by simply appending custom +# configurations to /etc/config.exs. +cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs + +# Single-pixel picture hack for removing Pleroma FE images. +cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/ +chown pleroma:nogroup /var/lib/pleroma/static/pixel.png + +# Info panel and TOS. +mkdir -p /var/lib/pleroma/static/instance +mkdir -p /var/lib/pleroma/static/static +cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html +cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html + +# Prepare NGINX config for Pleroma. +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx +sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx +ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx + +# Systemd integration. +cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service +systemctl start pleroma +systemctl enable pleroma + +# Only restart NGINX with Pleroma running. +service nginx restart diff --git a/buster/setup_scripts/setup_pleroma_source.sh b/buster/setup_scripts/setup_pleroma_source.sh index c56006f..82b3203 100755 --- a/buster/setup_scripts/setup_pleroma_source.sh +++ b/buster/setup_scripts/setup_pleroma_source.sh @@ -10,20 +10,16 @@ fi domain="$1" mail="$2" -# Install dependencies, set up firewall. +# Install dependencies, configs, set up firewall. config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh pleroma +./install_for_target.sh web pleroma pleroma_source ./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web nft -f /etc/nftables.conf # Prepare user. adduser --system --group --shell /bin/false --home /var/lib/pleroma pleroma -# TODO: integrate this into apt-mark/pleroma -apt -y install build-essential #elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-ssh erlang-xmerl build-essential -# Not listed by doc. -apt -y install wget gnupg #erlang-inets erlnag-erlware-commons - +# Setup Erlang. wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb dpkg -i /tmp/erlang-solutions_1.0_all.deb apt update @@ -48,7 +44,7 @@ mix pleroma.instance gen \ --dbuser pleroma \ --db-configurable N \ --rum N \ ---indexable N \ +--indexable Y \ --uploads-dir /var/lib/pleroma/uploads \ --static-dir /var/lib/pleroma/static \ --listen-ip 127.0.0.1 \