kitoy/iloth_ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add mastodon service

Browse Source
This commit is contained in:
kitoy 2021-01-01 23:39:04 +01:00
parent 43afec97ae
commit f246a2a47d
19 changed files with 418 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CTbase.yml
View File

@ -6,6 +6,7 @@
# déclaration de la variables globales
vars:
email: contact@iloth.net
cthostname: web1
domain: web1.iloth.net
email: your_email@your_domain.com
cthostname: machine_hostname
domain: domain_name
create_user: false

3
CTweb.yml
View File

@ -11,7 +11,8 @@
http_port: 80
domain: web1.iloth.net
cthostname: web1
create_user: false
# ici, on demande directement à l'exécution de renseigner une variable
vars_prompt:
- name: "mysqlRootPassword"

5
bim!chat.yml
View File

@ -5,9 +5,10 @@
- common
- postgresql
- nginx
- ssl-cert
- mattermost
# déclaration de la variables globales
# Déclaration des variables globales
vars:
email: contact@iloth.net
domain: chat.bim.land

15
bimorganise.yml Normal file
View File

@ -0,0 +1,15 @@
---
- hosts: bim
roles:
- common
- nginx
- postgresql
# Déclaration des variables globales
vars:
email: contact@bim.land
domain: organise.bim.land
cthostname: organise
create_user: false
installCertbot: true

18
bimsocial.yml Normal file
View File

@ -0,0 +1,18 @@
---
- hosts: bim
roles:
#- common
#- rbenv
#- nginx
#- postgresql
- mastodon
# Déclaration des variables globales
vars:
email: contact@bim.land
domain: social.bim.land
cthostname: social
create_user: true
username: mastodon
installCertbot: true
ruby_version: 2.6.6

24
roles/common/tasks/main.yml
View File

@ -1,4 +1,18 @@
---
- name: Disable ssh password authentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^.*PasswordAuthentication yes"
line: "PasswordAuthentication no"
backrefs: yes
- name: Reload sshd service
service:
name: sshd
state: reloaded
- name: Update & upgrade system
apt:
update_cache: yes
@ -35,12 +49,22 @@
line: "{{ ansible_default_ipv4.address }} {{ cthostname }} {{ domain }}"
regexp: "^{{ ansible_default_ipv4.address }}"
# On créé un utilisateur si il le faut.
- name: create user {{ username }}
user:
name: "{{ username }}"
system: yes
createhome: yes
when: create_user
# Régles de parefeu.
- name: Allow SSH connexions
ufw:
rule: limit
port: ssh
proto: tcp
- name: Set logging off
ufw:
logging: 'off'

3
roles/mastodon/README.md Normal file
View File

@ -0,0 +1,3 @@
# Mastodon pour social.bim.land.
Rbenv est installé dans le home de l'utilisateur mastodon

30
roles/mastodon/defaults/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
requiredPackages:
- imagemagick
- ffmpeg
- libpq-dev
- libxml2-dev
- libxslt1-dev
- file
- git-core
- g++
- libprotobuf-dev
- protobuf-compiler
- pkg-config
- gcc
- autoconf
- bison
- build-essential
- libssl-dev
- libyaml-dev
- libreadline-dev
- zlib1g-dev
- libncurses5-dev
- libffi-dev
- libgdbm-dev
- libidn11-dev
- libicu-dev
- libjemalloc-dev
- redis-tools
- redis-server

106
roles/mastodon/tasks/main.yml Normal file
View File

@ -0,0 +1,106 @@
---
- name: Add Yarn apt key
apt_key:
url: https://dl.yarnpkg.com/debian/pubkey.gpg
state: present
- name: Add Yarn Repository
apt_repository:
repo: deb https://dl.yarnpkg.com/debian/ stable main
state: present
- name: Install Yarn
apt:
name: yarn
state: present
- name: Add Nodejs apt key
apt_key:
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
state: present
- name: Add Nodes 12 repository
apt_repository:
repo: deb https://deb.nodesource.com/node_12.x buster main
state: present
- name: Install NodeJs
apt:
name: nodejs
state: present
- name: Install required by mastodon
apt:
name: "{{ requiredPackages }}"
state: present
- name: Install Mastodon from git
become: yes
become_user: "{{ username }}"
shell: |
cd
export PATH="$HOME/.rbenv/bin:$PATH"
eval "$(rbenv init -)"
git clone https://github.com/tootsuite/mastodon.git live
cd live
git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)
gem install bundler --no-document
bundle config set deployment 'true'
bundle config set without 'development test'
bundle install
yarn install --pure-lockfile --non-interactive
args:
executable: /bin/bash
- name: ensure postgresql is running
service:
name: postgresql
state: restarted
- name: Create postgresql Database
become: yes
become_user: postgres
shell: psql -c "CREATE USER mastodon CREATEDB;"
- name: Copy nginx configuration
copy:
src: /home/{{ username }}/live/dist/nginx.conf
dest: /etc/nginx/sites-available/mastodon.conf
owner: root
group: root
remote_src: yes
- name: Set server name in nginx configuration
replace:
path: /etc/nginx/sites-available/mastodon.conf
regexp: "^.*server_name example.com;"
replace: " server_name {{ domain }};"
- name: Set root directory in nginx configuration
replace:
dest: /etc/nginx/sites-available/mastodon.conf
regexp: "^.*root /home/mastodon/live/public;"
replace: "root /home/{{ username}}/live/public;"
- name: Create a symbolic link
file:
src: /etc/nginx/sites-available/mastodon.conf
dest: /etc/nginx/sites-enabled/mastodon.conf
owner: root
group: root
state: link
- name: Copy systemd services
shell: |
cp /home/"{{ username }}"/live/dist/mastodon-web.service /etc/systemd/system/
cp /home/"{{ username }}"/live/dist/mastodon-sidekiq.service /etc/systemd/system/
cp /home/"{{ username }}"/live/dist/mastodon-streaming.service /etc/systemd/system/
- name: Enable systemd service
shell: |
systemctl enable mastodon-web
systemctl enable mastodon-sidekiq
systemctl enable mastodon-streaming

8
roles/mattermost/tasks/main.yml
View File

@ -26,12 +26,6 @@
line: '"DataSource": "postgres://{{ db_user }}:{{ db_pass }}@127.0.0.1:5432/{{ db_name }}?sslmode=disable&connect_timeout=10",'
backrefs: yes
- name: Create mattermost user
user:
name: "{{ mattermost_user }}"
system: yes
createhome: yes
- name: Change mattermost directory permissions
file:
path: /opt/mattermost
@ -75,7 +69,7 @@
- name: ensure user does not have unnecessary privilege
become: yes
become_user: "{{ mattermost_user }}"
become_user: "{{ username }}"
postgresql_user:
name: "{{ db_user }}"
role_attr_flags: NOSUPERUSER,NOCREATEDB

6
roles/nginx/tasks/main.yml
View File

@ -5,8 +5,10 @@
- name: install Certbot Nginx plugin
apt:
name: python3-certbot-nginx
when: installCertbot == True
name:
- certbot
- python3-certbot-nginx
when: installCertbot == true
- name: Allow http and https connexions
ufw:

2
roles/postgresql/handlers/main.yml
View File

@ -1,5 +1,5 @@
---
- name: restart apache
- name: restart postgresql
service:
name: postgresql
state: restarted

0
roles/rbenv/README.md Normal file
View File

19
roles/rbenv/defaults/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
requiredPackages:
- git
- curl
- libssl-dev
- libreadline-dev
- zlib1g-dev
- autoconf
- bison
- build-essential
- libyaml-dev
- libreadline-dev
- libncurses5-dev
- libffi-dev
- libgdbm-dev
- libjemalloc-dev
ruby_version: 2.7.0

BIN
roles/rbenv/emacs-27.1.core Normal file
View File

Binary file not shown.

121
roles/rbenv/files/rbenv_installer.sh Normal file
View File

@ -0,0 +1,121 @@
#!/bin/bash
set -e
homebrew=
type -p brew >/dev/null && homebrew=1
try_bash_extension() {
if [ -x src/configure ]; then
src/configure && make -C src || {
echo "Optional bash extension failed to build, but things will still work normally."
}
fi
}
if ! type -p git >/dev/null; then
git() {
echo "Error: git is required to proceed. Please install git and try again." >&2
exit 1
}
fi
http() {
local url="$1"
if type -p curl >/dev/null; then
curl -fsSL "$url"
elif type -p wget >/dev/null; then
wget -q "$url" -O-
else
echo "Error: couldn't download file. No \`curl' or \`wget' found." >&2
return 1
fi
}
rbenv="$(command -v rbenv ~/.rbenv/bin/rbenv | head -1)"
if [ -n "$rbenv" ]; then
echo "rbenv already seems installed in \`$rbenv'."
cd "${rbenv%/*}"
if [ -x ./brew ]; then
echo "Trying to update with Homebrew..."
brew update >/dev/null
if [ "$(./rbenv --version)" < "1.0.0" ] && brew list rbenv | grep -q rbenv/HEAD; then
brew uninstall rbenv
brew install rbenv --without-ruby-build
else
brew upgrade rbenv
fi
elif git remote -v 2>/dev/null | grep -q rbenv; then
echo "Trying to update with git..."
git pull --tags origin master
cd ..
try_bash_extension
fi
else
if [ -n "$homebrew" ]; then
echo "Installing rbenv with Homebrew..."
brew update
brew install rbenv --without-ruby-build
rbenv="$(brew --prefix)/bin/rbenv"
else
echo "Installing rbenv with git..."
mkdir -p ~/.rbenv
cd ~/.rbenv
git init
git remote add -f -t master origin https://github.com/rbenv/rbenv.git
git checkout -b master origin/master
try_bash_extension
rbenv=~/.rbenv/bin/rbenv
if [ ! -e versions ] && [ -w /opt/rubies ]; then
ln -s /opt/rubies versions
fi
fi
fi
rbenv_root="$("$rbenv" root)"
ruby_build="$(command -v "$rbenv_root"/plugins/*/bin/rbenv-install rbenv-install | head -1)"
echo
if [ -n "$ruby_build" ]; then
echo "\`rbenv install' command already available in \`$ruby_build'."
cd "${ruby_build%/*}"
if [ -x ./brew ]; then
echo "Trying to update with Homebrew..."
brew update >/dev/null
brew upgrade ruby-build
elif git remote -v 2>/dev/null | grep -q ruby-build; then
echo "Trying to update with git..."
git pull origin master
fi
else
if [ -n "$homebrew" ]; then
echo "Installing ruby-build with Homebrew..."
brew update
brew install ruby-build
else
echo "Installing ruby-build with git..."
mkdir -p "${rbenv_root}/plugins"
git clone https://github.com/rbenv/ruby-build.git "${rbenv_root}/plugins/ruby-build"
fi
fi
# Enable caching of rbenv-install downloads
mkdir -p "${rbenv_root}/cache"
echo
echo "Running doctor script to verify installation..."
http https://github.com/rbenv/rbenv-installer/raw/master/bin/rbenv-doctor | "$BASH"
echo
echo "All done!"
echo "Note that this installer doesn't yet configure your shell startup files:"
i=0
if [ -x ~/.rbenv/bin ]; then
echo "$((++i)). You'll want to ensure that \`~/.rbenv/bin' is added to PATH."
fi
echo "$((++i)). Run \`rbenv init' to see instructions how to configure rbenv for your shell."
echo "$((++i)). Launch a new terminal window to verify that the configuration is correct."
echo

40
roles/rbenv/tasks/main.yml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Install Package Required by rbenv
apt:
name: "{{ requiredPackages }}"
state: present
- name: Copy rbenv installer
become: yes
become_user: "{{ username }}"
copy:
src: rbenv_installer.sh
dest: rbenv_installer.sh
owner: "{{ username }}"
group: "{{ username }}"
mode: 0755
when: create_user
- name: Install rbenv
become: yes
become_user: "{{ username }}"
shell: |
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
cd ~/.rbenv && src/configure && make -C src
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
when: create_user
- name: Install ruby "{{ ruby_version }}"
become: yes
become_user: "{{ username }}"
shell: |
cd ~
export PATH="$HOME/.rbenv/bin:$PATH"
eval "$(rbenv init -)"
RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install "{{ ruby_version }}"
rbenv global "{{ ruby_version }}"
args:
executable: /bin/bash
when: create_user

2
roles/ssl-cert/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
installcertbot: false

25
roles/ssl-cert/tasks/main.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Install openssl
apt:
name: openssl
state: present
- name: install Certbot Nginx plugin
apt:
name: python3-certbot
when: installCertbot == True
- name: Create Directory for Domain self-signed
file:
path: /etc/ssl/{{ domain }}
state: directory
mode: '0755'
when: installCertbot == False
- name: Create self-signed certificate, if configured.
shell: "openssl req -x509 -nodes -subj '/CN={{ domain }}' -days 365 -newkey rsa:4096 -sha256 -keyout /etc/server/{{ domain }}/server.key -out /etc/server/{{ domain }}/server.crt"
when: installCertbot == False
- name: Create self-signed certificate, if configured.
shell: "certbot -certonly -d {{ domain }} --nginx -m contact@bim.land --agree-tos"
when: installCertbot == True