From: Nutomic Date: Tue, 28 Sep 2021 15:34:18 +0000 (+0000) Subject: Ansible changes (#1781) X-Git-Url: http://these/git/%22https:/nerdica.net/%7Biframely.url%7D?a=commitdiff_plain;h=aee48f3f5d62feb883f3c8608caad839e63460d6;p=lemmy.git Ansible changes (#1781) * Use env var for config location when saving (not default location) * Consistent variable formatting for easy replacement with sed * Remove unmaintained lemmy_dev and uninstall playbooks * Simplify lemmy.hjson for ansible * cleanup ansible playbook * add separate playbook for updating lemmy config * Revert "add separate playbook for updating lemmy config" This reverts commit 0a970ae1da984791958b01b01d35e64d6f6eb98a. --- diff --git a/.gitignore b/.gitignore index 2a7b3a1d..23e9c403 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ # local ansible configuration ansible/inventory -ansible/inventory_dev ansible/passwords/ # docker build files diff --git a/ansible/lemmy.yml b/ansible/lemmy.yml index 91bda571..831efaaf 100644 --- a/ansible/lemmy.yml +++ b/ansible/lemmy.yml @@ -23,6 +23,7 @@ tasks: - name: install dependencies apt: + update_cache: yes pkg: - 'nginx' - 'docker-compose' @@ -77,9 +78,8 @@ lemmy_docker_ui_image: "dessalines/lemmy-ui:{{ lookup('file', 'VERSION') }}" lemmy_port: "8536" lemmy_ui_port: "1235" - pictshare_port: "8537" - - name: add config file (only during initial setup) + - name: add minimal config file (only during initial setup) template: src: 'templates/config.hjson' dest: '{{lemmy_base_dir}}/lemmy.hjson' diff --git a/ansible/lemmy_dev.yml b/ansible/lemmy_dev.yml deleted file mode 100644 index a685cbe3..00000000 --- a/ansible/lemmy_dev.yml +++ /dev/null @@ -1,145 +0,0 @@ ---- -- hosts: all - vars: - lemmy_docker_image: 'lemmy:dev' - - # Install python if required - # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/ - gather_facts: False - pre_tasks: - - name: check lemmy_base_dir - fail: - msg: "`lemmy_base_dir` is unset. if you are upgrading from an older version, add `lemmy_base_dir=/lemmy` to your inventory file." - when: lemmy_base_dir is not defined - - - name: install python for Ansible - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools) - args: - executable: /bin/bash - register: output - changed_when: output.stdout != '' - - setup: # gather facts - - tasks: - - name: install dependencies - apt: - pkg: - - 'nginx' - - 'docker-compose' - - 'docker.io' - - 'certbot' - - 'python-certbot-nginx' - - - name: request initial letsencrypt certificate - command: certbot certonly --nginx --agree-tos --cert-name '{{ domain }}' -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}' - args: - creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem' - - - name: create lemmy folder - file: - path: '{{item.path}}' - owner: '{{item.owner}}' - state: directory - with_items: - - path: '{{lemmy_base_dir}}/lemmy/' - owner: 'root' - - path: '{{lemmy_base_dir}}/volumes/' - owner: 'root' - - path: '{{lemmy_base_dir}}/volumes/pictrs/' - owner: '991' - - - block: - - name: add template files - template: - src: '{{item.src}}' - dest: '{{item.dest}}' - mode: '{{item.mode}}' - with_items: - - src: 'templates/docker-compose.yml' - dest: '{{lemmy_base_dir}}/docker-compose.yml' - mode: '0600' - - src: 'templates/nginx.conf' - dest: '/etc/nginx/sites-enabled/lemmy.conf' - mode: '0644' - vars: - lemmy_docker_image: "dessalines/lemmy:dev" - lemmy_docker_ui_image: "dessalines/lemmy-ui:{{ lookup('file', 'VERSION') }}" - lemmy_port: "8536" - lemmy_ui_port: "1235" - pictshare_port: "8537" - postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" - - - name: add config file (only during initial setup) - template: - src: 'templates/config.hjson' - dest: '{{lemmy_base_dir}}/lemmy.hjson' - mode: '0600' - force: false - owner: '1000' - group: '1000' - vars: - postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" - jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}" - - - name: build the dev docker image - local_action: shell cd .. && sudo docker build . -f docker/dev/Dockerfile -t lemmy:dev - register: image_build - - - name: find hash of the new docker image - set_fact: - image_hash: "{{ image_build.stdout | regex_search('(?<=Successfully built )[0-9a-f]{12}') }}" - - # this does not use become so that the output file is written as non-root user and is easy to delete later - - name: save dev docker image to file - local_action: shell sudo docker save lemmy:dev > lemmy-dev.tar - - - name: copy dev docker image to server - copy: - src: lemmy-dev.tar - dest: '{{lemmy_base_dir}}/lemmy-dev.tar' - - - name: import docker image - docker_image: - name: lemmy - tag: dev - load_path: '{{lemmy_base_dir}}/lemmy-dev.tar' - source: load - force_source: yes - register: image_import - - - name: delete remote image file - file: - path: '{{lemmy_base_dir}}/lemmy-dev.tar' - state: absent - - - name: delete local image file - local_action: - module: file - path: lemmy-dev.tar - state: absent - - - name: enable and start docker service - systemd: - name: docker - enabled: yes - state: started - - # cant pull here because that fails due to lemmy:dev (without dessalines/) not being on docker hub, but that shouldnt - # be a problem for testing - - name: start docker-compose - docker_compose: - project_src: '{{lemmy_base_dir}}' - state: present - recreate: always - remove_orphans: yes - ignore_errors: yes - - - name: reload nginx with new config - shell: nginx -s reload - - - name: certbot renewal cronjob - cron: - special_time: daily - name: certbot-renew-lemmy - user: root - job: "certbot certonly --nginx --cert-name '{{ domain }}' -d '{{ domain }}' --deploy-hook 'nginx -s reload'" diff --git a/ansible/templates/config.hjson b/ansible/templates/config.hjson index fd7c3176..b71cb3fa 100644 --- a/ansible/templates/config.hjson +++ b/ansible/templates/config.hjson @@ -2,43 +2,14 @@ # for more info about the config, check out the documentation # https://join-lemmy.org/docs/en/administration/configuration.html - # settings related to the postgresql database database: { - database: lemmy - user: lemmy - host: postgres - port: 5432 - pool_size: 5 - # password to connect to postgres password: "{{ postgres_password }}" } - # the domain name of your instance (eg "lemmy.ml") hostname: "{{ domain }}" - # the port where lemmy should listen for incoming requests - port: 8536 - # whether tls is required for activitypub. only disable this for debugging, never for producion. - tls_enabled: true - # address where pictrs is available pictrs_url: "http://pictrs:8080" - # email sending configuration email: { - # hostname of the smtp server smtp_server: "postfix:25" - # address to send emails from, eg "noreply@your-instance.com" smtp_from_address: "noreply@{{ domain }}" use_tls: false } - # settings related to activitypub federation - federation: { - # whether to enable activitypub federation. - enabled: false - # Allows and blocks are described here: - # https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist - # - # comma separated list of instances with which federation is allowed - # Only one of these blocks should be uncommented - # allowed_instances: ["instance1.tld","instance2.tld"] - # comma separated list of instances which are blocked from federating - # blocked_instances: [] - } } diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf index 132821c7..64cf4afe 100644 --- a/ansible/templates/nginx.conf +++ b/ansible/templates/nginx.conf @@ -3,7 +3,7 @@ limit_req_zone $binary_remote_addr zone=lemmy_ratelimit:10m rate=1r/s; server { listen 80; listen [::]:80; - server_name {{ domain }}; + server_name {{domain}}; location /.well-known/acme-challenge/ { root /var/www/certbot; } @@ -15,7 +15,7 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ domain }}; + server_name {{domain}}; ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; @@ -59,15 +59,15 @@ server { # lemmy_ui_port: 1235 # lemmy_port: 8536 - set $proxpass "http://0.0.0.0:{{ lemmy_ui_port }}"; + set $proxpass "http://0.0.0.0:{{lemmy_ui_port}}"; if ($http_accept = "application/activity+json") { - set $proxpass "http://0.0.0.0:{{ lemmy_port }}"; + set $proxpass "http://0.0.0.0:{{lemmy_port}}"; } if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { - set $proxpass "http://0.0.0.0:{{ lemmy_port }}"; + set $proxpass "http://0.0.0.0:{{lemmy_port}}"; } if ($request_method = POST) { - set $proxpass "http://0.0.0.0:{{ lemmy_port }}"; + set $proxpass "http://0.0.0.0:{{lemmy_port}}"; } proxy_pass $proxpass; @@ -81,7 +81,7 @@ server { # backend location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { - proxy_pass http://0.0.0.0:{{ lemmy_port }}; + proxy_pass http://0.0.0.0:{{lemmy_port}}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/ansible/uninstall.yml b/ansible/uninstall.yml deleted file mode 100644 index 34c24d2e..00000000 --- a/ansible/uninstall.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- hosts: all - - vars_prompt: - - - name: confirm_uninstall - prompt: "Do you really want to uninstall Lemmy? This will delete all data and can not be reverted [yes/no]" - private: no - - - name: delete_certs - prompt: "Delete certificates? Select 'no' if you want to reinstall Lemmy [yes/no]" - private: no - - tasks: - - name: end play if no confirmation was given - debug: - msg: "Uninstall cancelled, doing nothing" - when: not confirm_uninstall|bool - - - meta: end_play - when: not confirm_uninstall|bool - - - name: stop docker-compose - docker_compose: - project_src: '{{lemmy_base_dir}}' - state: absent - - - name: delete data - file: - path: '{{item.path}}' - state: absent - with_items: - - path: '{{lemmy_base_dir}}' - - path: '/etc/nginx/sites-enabled/lemmy.conf' - - - name: Remove a volume - docker_volume: - name: '{{item.name}}' - state: absent - with_items: - - name: 'lemmy_lemmy_db' - - name: 'lemmy_lemmy_pictshare' - - - name: delete entire ecloud folder - file: - path: '/mnt/repo-base/' - state: absent - when: delete_certs|bool - - - name: remove certbot cronjob - cron: - name: certbot-renew-lemmy - state: absent - diff --git a/crates/utils/src/settings/mod.rs b/crates/utils/src/settings/mod.rs index d47cc5b4..7e320701 100644 --- a/crates/utils/src/settings/mod.rs +++ b/crates/utils/src/settings/mod.rs @@ -6,7 +6,7 @@ use std::{env, fs, io::Error, sync::RwLock}; pub mod structs; -static CONFIG_FILE: &str = "config/config.hjson"; +static DEFAULT_CONFIG_FILE: &str = "config/config.hjson"; lazy_static! { static ref SETTINGS: RwLock = @@ -54,7 +54,7 @@ impl Settings { } pub fn get_config_location() -> String { - env::var("LEMMY_CONFIG_LOCATION").unwrap_or_else(|_| CONFIG_FILE.to_string()) + env::var("LEMMY_CONFIG_LOCATION").unwrap_or_else(|_| DEFAULT_CONFIG_FILE.to_string()) } pub fn read_config_file() -> Result { @@ -92,7 +92,7 @@ impl Settings { } pub fn save_config_file(data: &str) -> Result { - fs::write(CONFIG_FILE, data)?; + fs::write(Settings::get_config_location(), data)?; // Reload the new settings // From https://stackoverflow.com/questions/29654927/how-do-i-assign-a-string-to-a-mutable-static-variable/47181804#47181804