home · contact · privacy
Refactor Pleroma/PeerTupe setups.
authorChristian Heller <c.heller@plomlompom.de>
Sat, 7 Mar 2020 21:24:31 +0000 (22:24 +0100)
committerChristian Heller <c.heller@plomlompom.de>
Sat, 7 Mar 2020 21:24:31 +0000 (22:24 +0100)
buster/apt-mark/peertube
buster/apt-mark/pleroma
buster/apt-mark/pleroma_otp [new file with mode: 0644]
buster/apt-mark/pleroma_source [new file with mode: 0644]
buster/apt-mark/web [new file with mode: 0644]
buster/setup_scripts/setup_peertube.sh
buster/setup_scripts/setup_pleroma.sh [deleted file]
buster/setup_scripts/setup_pleroma_otp.sh [new file with mode: 0755]
buster/setup_scripts/setup_pleroma_source.sh

index 9a08c8d5022021f2c6f44a86c005e610b6aa44db..5b73bac889e8bf066532c79fb388f282573077c7 100644 (file)
@@ -1,12 +1,9 @@
-nginx-light
 ffmpeg
 postgresql
 postgresql-contrib
 openssl
 redis-server
 python-dev
-certbot
-python3-certbot-nginx
 # only needed for setup
 g++
 make
index eadc57204475fc44153abf2f2f426a8645056c62..ec7a1340e01f394fc92fd8e6946ce4587afad9c2 100644 (file)
@@ -1,12 +1,5 @@
-nginx-light
-# for SSL
-certbot
-python3-certbot-nginx
 # Pleroma DB
 postgresql
 postgresql-contrib
 # only needed for setup
-curl
-unzip
-libncurses5
 pwgen
diff --git a/buster/apt-mark/pleroma_otp b/buster/apt-mark/pleroma_otp
new file mode 100644 (file)
index 0000000..4805a43
--- /dev/null
@@ -0,0 +1,4 @@
+# only needed for setup
+curl
+unzip
+libncurses5
diff --git a/buster/apt-mark/pleroma_source b/buster/apt-mark/pleroma_source
new file mode 100644 (file)
index 0000000..2b1cd35
--- /dev/null
@@ -0,0 +1,4 @@
+# only needed for setup
+build-essential
+wget
+gnupg
diff --git a/buster/apt-mark/web b/buster/apt-mark/web
new file mode 100644 (file)
index 0000000..4912b8a
--- /dev/null
@@ -0,0 +1,4 @@
+nginx-light
+# for SSL
+certbot
+python3-certbot-nginx
index c92be5cc40f9cb405859bfcf0d2dd2e7bae9f184..3ff8e4829d26099fdd95663e85697c144c5550bb 100755 (executable)
@@ -15,15 +15,10 @@ mail="$2"
 
 # Install dependencies, set up firewall.
 config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh peertube
+./install_for_target.sh web peertube
 ./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
 nft -f /etc/nftables.conf
 
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
 # Get NodeJS. See
 # <https://github.com/nodesource/distributions/blob/master/README.md>
 curl -sL https://deb.nodesource.com/setup_10.x | bash -
@@ -60,6 +55,11 @@ sed -i "s/admin\@example\.com/${mail}/g" config/production.yaml
 sed -i "s/example\.com/${domain}/g" config/production.yaml
 sed -i "s/password: 'peertube'/password: '${db_pw}'/g" config/production.yaml
 
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
 # Configure NGINX.
 cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube
 sed -i "s/peertube.example.com/${domain}/g" /etc/nginx/sites-available/peertube
diff --git a/buster/setup_scripts/setup_pleroma.sh b/buster/setup_scripts/setup_pleroma.sh
deleted file mode 100755 (executable)
index fc30e1d..0000000
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/sh
-set -e
-# Heavily inspired by <https://docs.pleroma.social/otp_en.html>
-
-if [ "$#" -ne 2 ]; then
-    echo 'Need domain name, mail_address as arguments.'
-    false
-fi
-domain="$1"
-mail="$2"
-
-# Install dependencies, set up firewall.
-config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh pleroma
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Prepare user.
-adduser --system --shell  /bin/false --home /opt/pleroma pleroma
-
-# Download and unzip latest stable release, set up Pleroma dirs.
-export FLAVOUR='amd64'
-su pleroma -s $SHELL -lc "
-curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
-unzip /tmp/pleroma.zip -d /tmp/
-"
-su pleroma -s $SHELL -lc "
-mv /tmp/release/* /opt/pleroma
-rmdir /tmp/release
-rm /tmp/pleroma.zip
-"
-mkdir -p /var/lib/pleroma/uploads
-chown -R pleroma /var/lib/pleroma
-mkdir -p /etc/pleroma
-chown -R pleroma /etc/pleroma
-
-# Configure and set up DB.
-su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \
---output /etc/pleroma/config.exs \
---output-psql /tmp/setup_db.psql \
---domain ${domain} \
---instance-name plom-roma \
---admin-email ${mail} \
---notify-email ${mail} \
---dbhost localhost \
---dbname pleroma \
---dbuser pleroma \
---rum N \
---indexable N \
---uploads-dir /var/lib/pleroma/uploads \
---static-dir /var/lib/pleroma/static \
---listen-ip 127.0.0.1 \
---listen-port 4000 \
---dbpass $(pwgen -s 100 1)"
-su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
-su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
-
-# Since the OTP release does not support .secret.exs configuration
-# files, we hack our own alternative by simply appending custom
-# configurations to /etc/config.exs.
-cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs
-
-# Single-pixel picture hack for removing Pleroma FE images.
-cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/
-chown pleroma:nogroup /var/lib/pleroma/static/pixel.png
-
-# Info panel and TOS.
-mkdir -p /var/lib/pleroma/static/instance
-mkdir -p /var/lib/pleroma/static/static
-cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html
-cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html
-
-# Prepare NGINX config for Pleroma.
-cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
-sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx
-ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
-
-# Systemd integration.
-cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
-systemctl start pleroma
-systemctl enable pleroma
-
-# Only restart NGINX with Pleroma running.
-service nginx restart
diff --git a/buster/setup_scripts/setup_pleroma_otp.sh b/buster/setup_scripts/setup_pleroma_otp.sh
new file mode 100755 (executable)
index 0000000..49d28b9
--- /dev/null
@@ -0,0 +1,89 @@
+#!/bin/sh
+set -e
+# Heavily inspired by <https://docs.pleroma.social/otp_en.html>
+
+if [ "$#" -ne 2 ]; then
+    echo 'Need domain name, mail_address as arguments.'
+    false
+fi
+domain="$1"
+mail="$2"
+
+# Install dependencies, set up firewall.
+config_tree_prefix="${HOME}/config/buster"
+./install_for_target.sh web pleroma pleroma_otp
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Prepare user.
+adduser --system --shell  /bin/false --home /opt/pleroma pleroma
+
+# Download and unzip latest stable release, set up Pleroma dirs.
+export FLAVOUR='amd64'
+su pleroma -s $SHELL -lc "
+curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
+unzip /tmp/pleroma.zip -d /tmp/
+"
+su pleroma -s $SHELL -lc "
+mv /tmp/release/* /opt/pleroma
+rmdir /tmp/release
+rm /tmp/pleroma.zip
+"
+mkdir -p /var/lib/pleroma/uploads
+chown -R pleroma /var/lib/pleroma
+mkdir -p /etc/pleroma
+chown -R pleroma /etc/pleroma
+
+# Configure and set up DB.
+su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \
+--output /etc/pleroma/config.exs \
+--output-psql /tmp/setup_db.psql \
+--domain ${domain} \
+--instance-name plom-roma \
+--admin-email ${mail} \
+--notify-email ${mail} \
+--dbhost localhost \
+--dbname pleroma \
+--dbuser pleroma \
+--rum N \
+--indexable Y \
+--uploads-dir /var/lib/pleroma/uploads \
+--static-dir /var/lib/pleroma/static \
+--listen-ip 127.0.0.1 \
+--listen-port 4000 \
+--dbpass $(pwgen -s 100 1)"
+su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
+su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
+
+# Since the OTP release does not support .secret.exs configuration
+# files, we hack our own alternative by simply appending custom
+# configurations to /etc/config.exs.
+cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs
+
+# Single-pixel picture hack for removing Pleroma FE images.
+cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/
+chown pleroma:nogroup /var/lib/pleroma/static/pixel.png
+
+# Info panel and TOS.
+mkdir -p /var/lib/pleroma/static/instance
+mkdir -p /var/lib/pleroma/static/static
+cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html
+cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html
+
+# Prepare NGINX config for Pleroma.
+cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
+sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx
+ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
+
+# Systemd integration.
+cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
+systemctl start pleroma
+systemctl enable pleroma
+
+# Only restart NGINX with Pleroma running.
+service nginx restart
index c56006f10478662925cba6edc0a52df124b2af15..82b3203c1d2a65926dd7f618e72d16db06662804 100755 (executable)
@@ -10,20 +10,16 @@ fi
 domain="$1"
 mail="$2"
 
-# Install dependencies, set up firewall.
+# Install dependencies, configs, set up firewall.
 config_tree_prefix="${HOME}/config/buster"
-./install_for_target.sh pleroma
+./install_for_target.sh web pleroma pleroma_source
 ./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
 nft -f /etc/nftables.conf
 
 # Prepare user.
 adduser --system --group --shell /bin/false --home /var/lib/pleroma pleroma
 
-# TODO: integrate this into apt-mark/pleroma
-apt -y install build-essential #elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-ssh erlang-xmerl build-essential
-# Not listed by doc.
-apt -y install wget gnupg #erlang-inets erlnag-erlware-commons
-
+# Setup Erlang.
 wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
 dpkg -i /tmp/erlang-solutions_1.0_all.deb
 apt update
@@ -48,7 +44,7 @@ mix pleroma.instance gen \
 --dbuser pleroma \
 --db-configurable N \
 --rum N \
---indexable N \
+--indexable Y \
 --uploads-dir /var/lib/pleroma/uploads \
 --static-dir /var/lib/pleroma/static \
 --listen-ip 127.0.0.1 \