# local ansible configuration
ansible/inventory
-ansible/inventory_dev
ansible/passwords/
# docker build files
tasks:
- name: install dependencies
apt:
+ update_cache: yes
pkg:
- 'nginx'
- 'docker-compose'
lemmy_docker_ui_image: "dessalines/lemmy-ui:{{ lookup('file', 'VERSION') }}"
lemmy_port: "8536"
lemmy_ui_port: "1235"
- pictshare_port: "8537"
- - name: add config file (only during initial setup)
+ - name: add minimal config file (only during initial setup)
template:
src: 'templates/config.hjson'
dest: '{{lemmy_base_dir}}/lemmy.hjson'
+++ /dev/null
----
-- hosts: all
- vars:
- lemmy_docker_image: 'lemmy:dev'
-
- # Install python if required
- # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/
- gather_facts: False
- pre_tasks:
- - name: check lemmy_base_dir
- fail:
- msg: "`lemmy_base_dir` is unset. if you are upgrading from an older version, add `lemmy_base_dir=/lemmy` to your inventory file."
- when: lemmy_base_dir is not defined
-
- - name: install python for Ansible
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools)
- args:
- executable: /bin/bash
- register: output
- changed_when: output.stdout != ''
- - setup: # gather facts
-
- tasks:
- - name: install dependencies
- apt:
- pkg:
- - 'nginx'
- - 'docker-compose'
- - 'docker.io'
- - 'certbot'
- - 'python-certbot-nginx'
-
- - name: request initial letsencrypt certificate
- command: certbot certonly --nginx --agree-tos --cert-name '{{ domain }}' -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
- args:
- creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem'
-
- - name: create lemmy folder
- file:
- path: '{{item.path}}'
- owner: '{{item.owner}}'
- state: directory
- with_items:
- - path: '{{lemmy_base_dir}}/lemmy/'
- owner: 'root'
- - path: '{{lemmy_base_dir}}/volumes/'
- owner: 'root'
- - path: '{{lemmy_base_dir}}/volumes/pictrs/'
- owner: '991'
-
- - block:
- - name: add template files
- template:
- src: '{{item.src}}'
- dest: '{{item.dest}}'
- mode: '{{item.mode}}'
- with_items:
- - src: 'templates/docker-compose.yml'
- dest: '{{lemmy_base_dir}}/docker-compose.yml'
- mode: '0600'
- - src: 'templates/nginx.conf'
- dest: '/etc/nginx/sites-enabled/lemmy.conf'
- mode: '0644'
- vars:
- lemmy_docker_image: "dessalines/lemmy:dev"
- lemmy_docker_ui_image: "dessalines/lemmy-ui:{{ lookup('file', 'VERSION') }}"
- lemmy_port: "8536"
- lemmy_ui_port: "1235"
- pictshare_port: "8537"
- postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
-
- - name: add config file (only during initial setup)
- template:
- src: 'templates/config.hjson'
- dest: '{{lemmy_base_dir}}/lemmy.hjson'
- mode: '0600'
- force: false
- owner: '1000'
- group: '1000'
- vars:
- postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
- jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}"
-
- - name: build the dev docker image
- local_action: shell cd .. && sudo docker build . -f docker/dev/Dockerfile -t lemmy:dev
- register: image_build
-
- - name: find hash of the new docker image
- set_fact:
- image_hash: "{{ image_build.stdout | regex_search('(?<=Successfully built )[0-9a-f]{12}') }}"
-
- # this does not use become so that the output file is written as non-root user and is easy to delete later
- - name: save dev docker image to file
- local_action: shell sudo docker save lemmy:dev > lemmy-dev.tar
-
- - name: copy dev docker image to server
- copy:
- src: lemmy-dev.tar
- dest: '{{lemmy_base_dir}}/lemmy-dev.tar'
-
- - name: import docker image
- docker_image:
- name: lemmy
- tag: dev
- load_path: '{{lemmy_base_dir}}/lemmy-dev.tar'
- source: load
- force_source: yes
- register: image_import
-
- - name: delete remote image file
- file:
- path: '{{lemmy_base_dir}}/lemmy-dev.tar'
- state: absent
-
- - name: delete local image file
- local_action:
- module: file
- path: lemmy-dev.tar
- state: absent
-
- - name: enable and start docker service
- systemd:
- name: docker
- enabled: yes
- state: started
-
- # cant pull here because that fails due to lemmy:dev (without dessalines/) not being on docker hub, but that shouldnt
- # be a problem for testing
- - name: start docker-compose
- docker_compose:
- project_src: '{{lemmy_base_dir}}'
- state: present
- recreate: always
- remove_orphans: yes
- ignore_errors: yes
-
- - name: reload nginx with new config
- shell: nginx -s reload
-
- - name: certbot renewal cronjob
- cron:
- special_time: daily
- name: certbot-renew-lemmy
- user: root
- job: "certbot certonly --nginx --cert-name '{{ domain }}' -d '{{ domain }}' --deploy-hook 'nginx -s reload'"
# for more info about the config, check out the documentation
# https://join-lemmy.org/docs/en/administration/configuration.html
- # settings related to the postgresql database
database: {
- database: lemmy
- user: lemmy
- host: postgres
- port: 5432
- pool_size: 5
- # password to connect to postgres
password: "{{ postgres_password }}"
}
- # the domain name of your instance (eg "lemmy.ml")
hostname: "{{ domain }}"
- # the port where lemmy should listen for incoming requests
- port: 8536
- # whether tls is required for activitypub. only disable this for debugging, never for producion.
- tls_enabled: true
- # address where pictrs is available
pictrs_url: "http://pictrs:8080"
- # email sending configuration
email: {
- # hostname of the smtp server
smtp_server: "postfix:25"
- # address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "noreply@{{ domain }}"
use_tls: false
}
- # settings related to activitypub federation
- federation: {
- # whether to enable activitypub federation.
- enabled: false
- # Allows and blocks are described here:
- # https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist
- #
- # comma separated list of instances with which federation is allowed
- # Only one of these blocks should be uncommented
- # allowed_instances: ["instance1.tld","instance2.tld"]
- # comma separated list of instances which are blocked from federating
- # blocked_instances: []
- }
}
server {
listen 80;
listen [::]:80;
- server_name {{ domain }};
+ server_name {{domain}};
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name {{ domain }};
+ server_name {{domain}};
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
# lemmy_ui_port: 1235
# lemmy_port: 8536
- set $proxpass "http://0.0.0.0:{{ lemmy_ui_port }}";
+ set $proxpass "http://0.0.0.0:{{lemmy_ui_port}}";
if ($http_accept = "application/activity+json") {
- set $proxpass "http://0.0.0.0:{{ lemmy_port }}";
+ set $proxpass "http://0.0.0.0:{{lemmy_port}}";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
- set $proxpass "http://0.0.0.0:{{ lemmy_port }}";
+ set $proxpass "http://0.0.0.0:{{lemmy_port}}";
}
if ($request_method = POST) {
- set $proxpass "http://0.0.0.0:{{ lemmy_port }}";
+ set $proxpass "http://0.0.0.0:{{lemmy_port}}";
}
proxy_pass $proxpass;
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
- proxy_pass http://0.0.0.0:{{ lemmy_port }};
+ proxy_pass http://0.0.0.0:{{lemmy_port}};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
+++ /dev/null
----
-- hosts: all
-
- vars_prompt:
-
- - name: confirm_uninstall
- prompt: "Do you really want to uninstall Lemmy? This will delete all data and can not be reverted [yes/no]"
- private: no
-
- - name: delete_certs
- prompt: "Delete certificates? Select 'no' if you want to reinstall Lemmy [yes/no]"
- private: no
-
- tasks:
- - name: end play if no confirmation was given
- debug:
- msg: "Uninstall cancelled, doing nothing"
- when: not confirm_uninstall|bool
-
- - meta: end_play
- when: not confirm_uninstall|bool
-
- - name: stop docker-compose
- docker_compose:
- project_src: '{{lemmy_base_dir}}'
- state: absent
-
- - name: delete data
- file:
- path: '{{item.path}}'
- state: absent
- with_items:
- - path: '{{lemmy_base_dir}}'
- - path: '/etc/nginx/sites-enabled/lemmy.conf'
-
- - name: Remove a volume
- docker_volume:
- name: '{{item.name}}'
- state: absent
- with_items:
- - name: 'lemmy_lemmy_db'
- - name: 'lemmy_lemmy_pictshare'
-
- - name: delete entire ecloud folder
- file:
- path: '/mnt/repo-base/'
- state: absent
- when: delete_certs|bool
-
- - name: remove certbot cronjob
- cron:
- name: certbot-renew-lemmy
- state: absent
-
pub mod structs;
-static CONFIG_FILE: &str = "config/config.hjson";
+static DEFAULT_CONFIG_FILE: &str = "config/config.hjson";
lazy_static! {
static ref SETTINGS: RwLock<Settings> =
}
pub fn get_config_location() -> String {
- env::var("LEMMY_CONFIG_LOCATION").unwrap_or_else(|_| CONFIG_FILE.to_string())
+ env::var("LEMMY_CONFIG_LOCATION").unwrap_or_else(|_| DEFAULT_CONFIG_FILE.to_string())
}
pub fn read_config_file() -> Result<String, Error> {
}
pub fn save_config_file(data: &str) -> Result<String, LemmyError> {
- fs::write(CONFIG_FILE, data)?;
+ fs::write(Settings::get_config_location(), data)?;
// Reload the new settings
// From https://stackoverflow.com/questions/29654927/how-do-i-assign-a-string-to-a-mutable-static-variable/47181804#47181804
projects / lemmy.git / commitdiff