From: Christian Heller <c.heller@plomlompom.de>
Date: Fri, 7 Feb 2020 17:39:06 +0000 (+0100)
Subject: Prepare introduction of PeerTube setup script.
X-Git-Url: https://plomlompom.com/repos/%7B%7Bprefix%7D%7D/%7B%7B%20web_path%20%7D%7D/%7B%7Bdb.prefix%7D%7D/static/ledger?a=commitdiff_plain;h=3fdac7e14c99aa61c089f73fa11a1b1cb2a5febf;p=config

Prepare introduction of PeerTube setup script.
---

diff --git a/buster/apt-mark/peertube b/buster/apt-mark/peertube
new file mode 100644
index 0000000..4e4c19a
--- /dev/null
+++ b/buster/apt-mark/peertube
@@ -0,0 +1,15 @@
+nginx-light
+ffmpeg
+postgresql
+postgresql-contrib
+openssl
+redis-server
+python-dev
+# only needed for setup
+g++
+make
+git
+curl
+unzip
+libncurses5
+pwgen
diff --git a/buster/apt-mark/pleroma b/buster/apt-mark/pleroma
index 643aee2..eadc572 100644
--- a/buster/apt-mark/pleroma
+++ b/buster/apt-mark/pleroma
@@ -1,4 +1,3 @@
-# might need nginx-standard instead
 nginx-light
 # for SSL
 certbot
diff --git a/buster/etc_files/pleroma/etc/nftables.conf b/buster/etc_files/pleroma/etc/nftables.conf
deleted file mode 100755
index ec6732a..0000000
--- a/buster/etc_files/pleroma/etc/nftables.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
-	chain input {
-		type filter hook input priority 0; policy drop;
-		iif lo accept comment "accept localhost traffic"
-		ct state invalid drop comment "drop invalid connections"
-		ct state established, related accept comment "accept traffic originated from us"
-		tcp dport 22 accept comment "accept SSH on default port"
-		tcp dport 80 accept comment "accept HTTP on default port"
-		tcp dport 443 accept comment "accept HTTPS on default port"
-		ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
-	}
-	chain forward {
-		type filter hook forward priority 0; policy drop;
-	}
-	chain output {
-		type filter hook output priority 0; policy accept;
-	}
-}
diff --git a/buster/etc_files/web/etc/nftables.conf b/buster/etc_files/web/etc/nftables.conf
new file mode 100755
index 0000000..ec6732a
--- /dev/null
+++ b/buster/etc_files/web/etc/nftables.conf
@@ -0,0 +1,22 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority 0; policy drop;
+		iif lo accept comment "accept localhost traffic"
+		ct state invalid drop comment "drop invalid connections"
+		ct state established, related accept comment "accept traffic originated from us"
+		tcp dport 22 accept comment "accept SSH on default port"
+		tcp dport 80 accept comment "accept HTTP on default port"
+		tcp dport 443 accept comment "accept HTTPS on default port"
+		ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+	}
+	chain forward {
+		type filter hook forward priority 0; policy drop;
+	}
+	chain output {
+		type filter hook output priority 0; policy accept;
+	}
+}
diff --git a/buster/setup_scripts/setup_pleroma.sh b/buster/setup_scripts/setup_pleroma.sh
index f4d0d43..9fb937a 100755
--- a/buster/setup_scripts/setup_pleroma.sh
+++ b/buster/setup_scripts/setup_pleroma.sh
@@ -12,7 +12,7 @@ mail="$2"
 # Install dependencies, set up firewall.
 config_tree_prefix="${HOME}/config/buster"
 ./install_for_target.sh pleroma
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" pleroma
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
 nft -f /etc/nftables.conf
 
 # Set up letsencrypt certificate. TODO: Is it auto-renewed?