Prepare introduction of PeerTube setup script.

diff --git a/buster/apt-mark/peertube b/buster/apt-mark/peertube
new file mode 100644 (file)
index 0000000..4e4c19a
--- /dev/null
+++ b/buster/apt-mark/peertube
@@ -0,0 +1,15 @@
+nginx-light
+ffmpeg
+postgresql
+postgresql-contrib
+openssl
+redis-server
+python-dev
+# only needed for setup
+g++
+make
+git
+curl
+unzip
+libncurses5
+pwgen

diff --git a/buster/apt-mark/pleroma b/buster/apt-mark/pleroma
index 643aee20e1976522dfccdc1ea321db1b3b6e9b87..eadc57204475fc44153abf2f2f426a8645056c62 100644 (file)
--- a/buster/apt-mark/pleroma
+++ b/buster/apt-mark/pleroma
@@ -1,4 +1,3 @@
-# might need nginx-standard instead
 nginx-light
 # for SSL
 certbot

diff --git a/buster/etc_files/pleroma/etc/nftables.conf b/buster/etc_files/pleroma/etc/nftables.conf
deleted file mode 100755 (executable)
index ec6732a..0000000
--- a/buster/etc_files/pleroma/etc/nftables.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
-       chain input {
-               type filter hook input priority 0; policy drop;
-               iif lo accept comment "accept localhost traffic"
-               ct state invalid drop comment "drop invalid connections"
-               ct state established, related accept comment "accept traffic originated from us"
-               tcp dport 22 accept comment "accept SSH on default port"
-               tcp dport 80 accept comment "accept HTTP on default port"
-               tcp dport 443 accept comment "accept HTTPS on default port"
-               ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
-       }
-       chain forward {
-               type filter hook forward priority 0; policy drop;
-       }
-       chain output {
-               type filter hook output priority 0; policy accept;
-       }
-}

diff --git a/buster/etc_files/web/etc/nftables.conf b/buster/etc_files/web/etc/nftables.conf
new file mode 100755 (executable)
index 0000000..ec6732a
--- /dev/null
+++ b/buster/etc_files/web/etc/nftables.conf
@@ -0,0 +1,22 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+       chain input {
+               type filter hook input priority 0; policy drop;
+               iif lo accept comment "accept localhost traffic"
+               ct state invalid drop comment "drop invalid connections"
+               ct state established, related accept comment "accept traffic originated from us"
+               tcp dport 22 accept comment "accept SSH on default port"
+               tcp dport 80 accept comment "accept HTTP on default port"
+               tcp dport 443 accept comment "accept HTTPS on default port"
+               ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+       }
+       chain forward {
+               type filter hook forward priority 0; policy drop;
+       }
+       chain output {
+               type filter hook output priority 0; policy accept;
+       }
+}

diff --git a/buster/setup_scripts/setup_pleroma.sh b/buster/setup_scripts/setup_pleroma.sh
index f4d0d43e1e75b64a81f8ae55ce746f28c572a4c4..9fb937a85a373bfa3f3a21902d907bd73dbe5e2b 100755 (executable)
--- a/buster/setup_scripts/setup_pleroma.sh
+++ b/buster/setup_scripts/setup_pleroma.sh
@@ -12,7 +12,7 @@ mail="$2"
 # Install dependencies, set up firewall.
 config_tree_prefix="${HOME}/config/buster"
 ./install_for_target.sh pleroma
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" pleroma
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
 nft -f /etc/nftables.conf
 
 # Set up letsencrypt certificate. TODO: Is it auto-renewed?