From f061bb6f644f9a3b57601bae866b1020ec33bafc Mon Sep 17 00:00:00 2001 From: Mathieu Gauthier-Pilote Date: Thu, 23 May 2024 16:41:11 -0400 Subject: [PATCH] mastodon_ prefix for role vars --- webapps/mastodon/LISEZMOI.md | 28 +++--- webapps/mastodon/README.md | 28 +++--- webapps/mastodon/defaults/main.yml | 42 ++++---- webapps/mastodon/tasks/main.yml | 99 +++++++++++-------- webapps/mastodon/templates/env.j2 | 36 +++---- .../templates/mastodon-sidekiq.service.j2 | 12 +-- .../templates/mastodon-streaming.service.j2 | 12 +-- .../templates/mastodon-web.service.j2 | 14 +-- webapps/mastodon/templates/mastodon.target.j2 | 2 +- webapps/mastodon/templates/vhost.j2 | 18 ++-- 10 files changed, 149 insertions(+), 142 deletions(-) diff --git a/webapps/mastodon/LISEZMOI.md b/webapps/mastodon/LISEZMOI.md index 4af11788..6002a203 100644 --- a/webapps/mastodon/LISEZMOI.md +++ b/webapps/mastodon/LISEZMOI.md @@ -20,13 +20,7 @@ Dépendances Ce rôle Ansible dépend des rôles suivants : -- nodejs -- postgresql -- redis -- elasticsearch - rbenv -- nginx -- certbot Exemple de playbook ------------------- @@ -37,17 +31,17 @@ Exemple de playbook - all vars: # Supplanter ici les variables du rôle - domains: ['votre-vrai-domaine.org'] - service: 'mon-mastodon' - db_host: 'localhost' - db_user: "{{ service }}" - db_name: "{{ service }}" - db_password: 'zKEh-CHANGEZ-MOI-qIKc' - app_secret_key_base: "" - app_otp_secret: "" - app_vapid_private_key: "" - app_vapid_public_key: "" - app_smtp_from_address: "mastodon@votre-vrai-domaine.org" + mastodon_domains: ['votre-vrai-domaine.org'] + mastodon_service: 'mon-mastodon' + mastodon_db_host: 'localhost' + mastodon_db_user: "{{ service }}" + mastodon_db_name: "{{ service }}" + mastodon_db_password: 'zKEh-CHANGEZ-MOI-qIKc' + mastodon_app_secret_key_base: "" + mastodon_app_otp_secret: "" + mastodon_app_vapid_private_key: "" + mastodon_app_vapid_public_key: "" + mastodon_app_smtp_from_address: "mastodon@votre-vrai-domaine.org" pre_tasks: - name: "Installer les rôles systèmes" diff --git a/webapps/mastodon/README.md b/webapps/mastodon/README.md index aa117386..249322b0 100644 --- a/webapps/mastodon/README.md +++ b/webapps/mastodon/README.md @@ -20,13 +20,7 @@ Dependencies This Ansible role depends on the following other roles: -- nodejs -- postgresql -- redis -- elasticsearch - rbenv -- nginx -- certbot Example Playbook ---------------- @@ -37,17 +31,17 @@ Example Playbook - all vars: # Overwrite the role variable here - domains: ['your-real-domain.org'] - service: 'my-mastodon' - db_host: 'localhost' - db_user: "{{ service }}" - db_name: "{{ service }}" - db_password: 'zKEh-CHANGE-ME-qIKc' - app_secret_key_base: "" - app_otp_secret: "" - app_vapid_private_key: "" - app_vapid_public_key: "" - app_smtp_from_address: "mastodon@your-real-domain.org" + mastodon_domains: ['your-real-domain.org'] + mastodon_service: 'my-mastodon' + mastodon_db_host: 'localhost' + mastodon_db_user: "{{ service }}" + mastodon_db_name: "{{ service }}" + mastodon_db_password: 'zKEh-CHANGE-ME-qIKc' + mastodon_app_secret_key_base: "" + mastodon_app_otp_secret: "" + mastodon_app_vapid_private_key: "" + mastodon_app_vapid_public_key: "" + mastodon_app_smtp_from_address: "mastodon@your-real-domain.org" pre_tasks: - name: "Install system roles" diff --git a/webapps/mastodon/defaults/main.yml b/webapps/mastodon/defaults/main.yml index 9f683292..68667691 100644 --- a/webapps/mastodon/defaults/main.yml +++ b/webapps/mastodon/defaults/main.yml @@ -1,26 +1,24 @@ --- # defaults file for mastodon -system_dep: "['imagemagick', 'ffmpeg', 'libpq-dev', 'libxml2-dev', 'libxslt1-dev', 'file', 'git-core', 'g++', 'libprotobuf-dev', 'protobuf-compiler', 'pkg-config', 'nodejs', 'gcc', 'autoconf', 'bison', 'build-essential', 'libssl-dev', 'libyaml-dev', 'libreadline6-dev', 'zlib1g-dev', 'libncurses5-dev', 'libffi-dev', 'libgdbm-dev', 'nginx', 'redis-server', 'redis-tools', 'postgresql', 'postgresql-contrib', 'certbot', 'python3-certbot-nginx', 'libidn11-dev', 'libicu-dev', 'libjemalloc-dev', 'yarn']" -domains: ['example.somedomain.org'] -git_url: 'https://github.com/mastodon/mastodon.git' -git_version: 'v4.0.2' -ruby_version: '3.0.4' -service: 'example' +mastodon_system_dep: "['imagemagick', 'ffmpeg', 'libpq-dev', 'libxml2-dev', 'libxslt1-dev', 'file', 'git-core', 'g++', 'libprotobuf-dev', 'protobuf-compiler', 'pkg-config', 'nodejs', 'gcc', 'autoconf', 'bison', 'build-essential', 'libssl-dev', 'libyaml-dev', 'libreadline6-dev', 'zlib1g-dev', 'libncurses5-dev', 'libffi-dev', 'libgdbm-dev', 'nginx', 'redis-server', 'redis-tools', 'postgresql', 'postgresql-contrib', 'certbot', 'python3-certbot-nginx', 'python3-psycopg2', 'libidn11-dev', 'libicu-dev', 'libjemalloc-dev']" +mastodon_domains: ['example.somedomain.org'] +mastodon_git_url: 'https://github.com/mastodon/mastodon.git' +mastodon_git_version: 'v4.0.2' +mastodon_ruby_version: '3.0.4' +mastodon_service: 'example' -db_host: 'localhost' -db_user: "{{ service }}" -db_name: "{{ service }}_production" -db_password: 'CHANGE_ME' -#puma_port: '3000' -#node_port: '4000' +mastodon_db_host: 'localhost' +mastodon_db_user: "{{ mastodon_service }}" +mastodon_db_name: "{{ mastodon_service }}_production" +mastodon_db_password: 'CHANGE_ME' -app_secret_key_base: "" -app_otp_secret: "" -app_vapid_private_key: "" -app_vapid_public_key: "" -app_smtp_server: "127.0.0.1" -app_smtp_port: "25" -app_smtp_from_address: "example@somedomain.org" -app_smtp_auth_method: "none" -app_smtp_openssl_verify_mode: "none" -app_es_enabled: "false" +mastodon_app_secret_key_base: "" +mastodon_app_otp_secret: "" +mastodon_app_vapid_private_key: "" +mastodon_app_vapid_public_key: "" +mastodon_app_smtp_server: "127.0.0.1" +mastodon_app_smtp_port: "25" +mastodon_app_smtp_from_address: "example@somedomain.org" +mastodon_app_smtp_auth_method: "none" +mastodon_app_smtp_openssl_verify_mode: "none" +mastodon_app_es_enabled: "false" diff --git a/webapps/mastodon/tasks/main.yml b/webapps/mastodon/tasks/main.yml index b2f273de..d08f306f 100644 --- a/webapps/mastodon/tasks/main.yml +++ b/webapps/mastodon/tasks/main.yml @@ -3,18 +3,39 @@ - name: Install main system dependencies apt: - name: "{{ system_dep }}" + name: "{{ mastodon_system_dep }}" + update_cache: yes + +- name: Install npm on Debian 12 + apt: + name: npm + when: ansible_distribution_major_version is version('12', '>=') + +- name: Install corepack via npm on Debian 12 + shell: npm install -g corepack + when: ansible_distribution_major_version is version('12', '>=') + +- name: Fix permissions for corepack + ansible.builtin.file: + path: /usr/local/lib/node_modules/ + state: directory + mode: o+rx + recurse: yes + when: ansible_distribution_major_version is version('12', '>=') + +- name: Enable yarn (via corepack) + shell: "corepack enable; yarn set version classic" - name: Add PostgreSQL user postgresql_user: - name: "{{ db_user }}" - password: "{{ db_password }}" + name: "{{ mastodon_db_user }}" + password: "{{ mastodon_db_password }}" role_attr_flags: CREATEDB become_user: postgres - name: Add UNIX account user: - name: "{{ service }}" + name: "{{ mastodon_service }}" shell: /bin/bash # umask: "0022" nécessite ansible-core 2.12 @@ -22,18 +43,18 @@ include_role: name: rbenv vars: - - username: "{{ service }}" - - rbenv_ruby_version: "{{ ruby_version }}" + - username: "{{ mastodon_service }}" + - rbenv_ruby_version: "{{ mastodon_ruby_version }}" - name: Clone Mastodon repo (git) git: - repo: "{{ git_url }}" + repo: "{{ mastodon_git_url }}" dest: "~/mastodon/" - version: "{{ git_version | default(omit) }}" + version: "{{ mastodon_git_version | default(omit) }}" #force: yes update: yes umask: '0022' - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - block: - name: Install bundler @@ -51,21 +72,21 @@ args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - name: Template .env.production configuration file template: src: "env.j2" - dest: "~{{ service }}/mastodon/.env.production" - owner: "{{ service }}" - group: "{{ service }}" + dest: "~{{ mastodon_service }}/mastodon/.env.production" + owner: "{{ mastodon_service }}" + group: "{{ mastodon_service }}" mode: "0640" - name: Check if secrets need to be generated or not shell: "grep -P SECRET_KEY_BASE=[[:alnum:]]{128} .env.production" args: chdir: "~/mastodon" - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" register: secrets failed_when: "secrets.rc == 2" @@ -103,18 +124,18 @@ lineinfile: path: "~/mastodon/.env.production" regexp: '^VAPID_PRIVATE_KEY=' - line: "VAPID_PRIVATE_KEY={{ app_vapid_private_key.stdout }}" + line: "VAPID_PRIVATE_KEY={{ mastodon_app_vapid_private_key.stdout }}" - name: Write app_vapid_public_key to production .env file lineinfile: path: "~/mastodon/.env.production" regexp: '^VAPID_PUBLIC_KEY=' - line: "VAPID_PUBLIC_KEY={{ app_vapid_public_key.stdout }}" - become_user: "{{ service }}" + line: "VAPID_PUBLIC_KEY={{ mastodon_app_vapid_public_key.stdout }}" + become_user: "{{ mastodon_service }}" when: "secrets.rc == 1" - name: Check if mastodon database is already present or not shell: | - psql -lqt | cut -d \| -f 1 | grep -qw {{ service }}_production + psql -lqt | cut -d \| -f 1 | grep -qw {{ mastodon_service }}_production become_user: postgres register: db_present failed_when: "db_present.rc == 2" @@ -124,7 +145,7 @@ args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" when: "db_present.rc == 1" - name: Precompile assets @@ -132,7 +153,7 @@ args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - name: Adjust permissions of files in public folder file: @@ -140,27 +161,27 @@ state: directory mode: 'o=rX' recurse: true - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - name: Add systemd target template: src: "mastodon.target.j2" - dest: "/etc/systemd/system/{{ service }}.target" + dest: "/etc/systemd/system/{{ mastodon_service }}.target" - name: Add systemd web unit template: src: "mastodon-web.service.j2" - dest: "/etc/systemd/system/{{ service }}-web.service" + dest: "/etc/systemd/system/{{ mastodon_service }}-web.service" - name: Add systemd sidekiq unit template: src: "mastodon-sidekiq.service.j2" - dest: "/etc/systemd/system/{{ service }}-sidekiq.service" + dest: "/etc/systemd/system/{{ mastodon_service }}-sidekiq.service" - name: Add systemd streaming unit template: src: "mastodon-streaming.service.j2" - dest: "/etc/systemd/system/{{ service }}-streaming.service" + dest: "/etc/systemd/system/{{ mastodon_service }}-streaming.service" - name: Enable systemd units systemd: @@ -168,19 +189,19 @@ enabled: yes daemon_reload: yes loop: - - "{{ service }}.target" - - "{{ service }}-web.service" - - "{{ service }}-sidekiq.service" - - "{{ service }}-streaming.service" + - "{{ mastodon_service }}.target" + - "{{ mastodon_service }}-web.service" + - "{{ mastodon_service }}-sidekiq.service" + - "{{ mastodon_service }}-streaming.service" - name: Start services service: - name: "{{ service }}.target" + name: "{{ mastodon_service }}.target" state: started - name: Check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem" register: ssl - name: Generate certificate only if required (first time) @@ -188,34 +209,34 @@ - name: Template vhost without SSL for successfull LE challengce template: src: "vhost.j2" - dest: "/etc/nginx/sites-available/{{ service }}" + dest: "/etc/nginx/sites-available/{{ mastodon_service }}" - name: Enable temporary nginx vhost for LE file: - src: "/etc/nginx/sites-available/{{ service }}" - dest: "/etc/nginx/sites-enabled/{{ service }}" + src: "/etc/nginx/sites-available/{{ mastodon_service }}" + dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}" state: link - name: Reload nginx conf service: name: nginx state: reloaded - name: Generate certificate with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ domains |first }} + shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ mastodon_domains |first }} when: ssl.stat.exists == false - name: (Re)check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem" register: ssl - name: (Re)template conf file for nginx vhost with SSL template: src: "vhost.j2" - dest: "/etc/nginx/sites-available/{{ service }}" + dest: "/etc/nginx/sites-available/{{ mastodon_service }}" - name: Enable nginx vhost for mastodon file: - src: "/etc/nginx/sites-available/{{ service }}" - dest: "/etc/nginx/sites-enabled/{{ service }}" + src: "/etc/nginx/sites-available/{{ mastodon_service }}" + dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}" state: link - name: Reload nginx conf diff --git a/webapps/mastodon/templates/env.j2 b/webapps/mastodon/templates/env.j2 index 69fe5cd9..0b6aec11 100644 --- a/webapps/mastodon/templates/env.j2 +++ b/webapps/mastodon/templates/env.j2 @@ -5,22 +5,22 @@ REDIS_HOST=localhost REDIS_PORT=6379 REDIS_PASSWORD= -REDIS_NAMESPACE={{ service }} +REDIS_NAMESPACE={{ mastodon_service }} # You may set DATABASE_URL instead for more advanced options -DB_HOST={{ db_host }} -DB_USER={{ db_user }} -DB_NAME={{ db_name }} -DB_PASS='{{ db_password }}' +DB_HOST={{ mastodon_db_host }} +DB_USER={{ mastodon_db_user }} +DB_NAME={{ mastodon_db_name }} +DB_PASS='{{ mastodon_db_password }}' DB_PORT=5432 # Optional ElasticSearch configuration -#ES_ENABLED={{ app_es_enabled | default('false') }} -#ES_HOST={{ app_es_host | default('localhost') }} -#ES_PORT={{ app_es_port | default('9200') }} +#ES_ENABLED={{ mastodon_app_es_enabled | default('false') }} +#ES_HOST={{ mastodon_app_es_host | default('localhost') }} +#ES_PORT={{ mastodon_app_es_port | default('9200') }} # Federation # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation. # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com. -LOCAL_DOMAIN={{ domains |first }} +LOCAL_DOMAIN={{ mastodon_domains |first }} # Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links) @@ -36,8 +36,8 @@ LOCAL_DOMAIN={{ domains |first }} # Application secrets # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) -SECRET_KEY_BASE={{ app_secret_key_base }} -OTP_SECRET={{ app_otp_secret }} +SECRET_KEY_BASE={{ mastodon_app_secret_key_base }} +OTP_SECRET={{ mastodon_app_otp_secret }} # VAPID keys (used for push notifications # You can generate the keys using the following command (first is the private key, second is the public one) @@ -47,8 +47,8 @@ OTP_SECRET={{ app_otp_secret }} # Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose) # # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html -VAPID_PRIVATE_KEY={{ app_vapid_private_key }} -VAPID_PUBLIC_KEY={{ app_vapid_public_key }} +VAPID_PRIVATE_KEY={{ mastodon_app_vapid_private_key }} +VAPID_PUBLIC_KEY={{ mastodon_app_vapid_public_key }} # Registrations # Single user mode will disable registrations and redirect frontpage to the first profile @@ -66,16 +66,16 @@ VAPID_PUBLIC_KEY={{ app_vapid_public_key }} # If you want to use an SMTP server without authentication (e.g local Postfix relay) # then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and # *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough). -SMTP_SERVER={{ app_smtp_server | default('smtp.mailgun.org') }} -SMTP_PORT={{ app_smtp_port | default('587') }} +SMTP_SERVER={{ mastodon_app_smtp_server | default('smtp.mailgun.org') }} +SMTP_PORT={{ mastodon_app_smtp_port | default('587') }} #SMTP_LOGIN= #SMTP_PASSWORD= -SMTP_FROM_ADDRESS={{ app_smtp_from_address | default('notifications@example.com') }} +SMTP_FROM_ADDRESS={{ mastodon_app_smtp_from_address | default('notifications@example.com') }} #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail -SMTP_AUTH_METHOD={{ app_smtp_auth_method | default('plain') }} +SMTP_AUTH_METHOD={{ mastodon_app_smtp_auth_method | default('plain') }} #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt -#SMTP_OPENSSL_VERIFY_MODE={{ app_smtp_openssl_verify_mode | default('peer') }} +#SMTP_OPENSSL_VERIFY_MODE={{ mastodon_app_smtp_openssl_verify_mode | default('peer') }} #SMTP_ENABLE_STARTTLS_AUTO=true #SMTP_TLS=true diff --git a/webapps/mastodon/templates/mastodon-sidekiq.service.j2 b/webapps/mastodon/templates/mastodon-sidekiq.service.j2 index c2909526..62059bc4 100644 --- a/webapps/mastodon/templates/mastodon-sidekiq.service.j2 +++ b/webapps/mastodon/templates/mastodon-sidekiq.service.j2 @@ -1,23 +1,23 @@ [Unit] Description=mastodon-sidekiq After=network.target -PartOf={{service}}.target +PartOf={{ mastodon_service }}.target [Service] Type=simple -User={{service}} -Group={{service}} +User={{ mastodon_service }} +Group={{ mastodon_service }} UMask=0027 -WorkingDirectory=/home/{{service}}/mastodon/ +WorkingDirectory=/home/{{ mastodon_service }}/mastodon/ Environment="RAILS_ENV=production" Environment="RAILS_LOG_LEVEL=error" Environment="DB_POOL=25" Environment="MALLOC_ARENA_MAX=2" Environment="LD_PRELOAD=libjemalloc.so" -ExecStart=/home/{{service}}/.rbenv/shims/bundle exec sidekiq -c 25 +ExecStart=/home/{{ mastodon_service }}/.rbenv/shims/bundle exec sidekiq -c 25 TimeoutSec=15 Restart=always SyslogIdentifier=%p [Install] -WantedBy={{service}}.target +WantedBy={{ mastodon_service }}.target diff --git a/webapps/mastodon/templates/mastodon-streaming.service.j2 b/webapps/mastodon/templates/mastodon-streaming.service.j2 index 859d7506..bf5bbb36 100644 --- a/webapps/mastodon/templates/mastodon-streaming.service.j2 +++ b/webapps/mastodon/templates/mastodon-streaming.service.j2 @@ -1,16 +1,16 @@ [Unit] Description=mastodon-streaming After=network.target -PartOf={{service}}.target +PartOf={{ mastodon_service }}.target [Service] Type=simple -User={{service}} -Group={{service}} +User={{ mastodon_service }} +Group={{ mastodon_service }} UMask=0027 -WorkingDirectory=/home/{{service}}/mastodon/ +WorkingDirectory=/home/{{ mastodon_service }}/mastodon/ Environment="NODE_ENV=production" -Environment="PORT={{ node_port | default('4000')}}" +Environment="PORT={{ mastodon_node_port | default('4000') }}" Environment="STREAMING_CLUSTER_NUM=1" ExecStart=/bin/bash -lc "node ./streaming" TimeoutSec=15 @@ -18,4 +18,4 @@ Restart=always SyslogIdentifier=%p [Install] -WantedBy={{service}}.target +WantedBy={{ mastodon_service }}.target diff --git a/webapps/mastodon/templates/mastodon-web.service.j2 b/webapps/mastodon/templates/mastodon-web.service.j2 index 5f249325..ba936851 100644 --- a/webapps/mastodon/templates/mastodon-web.service.j2 +++ b/webapps/mastodon/templates/mastodon-web.service.j2 @@ -1,23 +1,23 @@ [Unit] Description=mastodon-web After=network.target -PartOf={{service}}.target +PartOf={{ mastodon_service }}.target [Service] Type=simple -User={{service}} -Group={{service}} +User={{ mastodon_service }} +Group={{ mastodon_service }} UMask=0027 -WorkingDirectory=/home/{{service}}/mastodon/ +WorkingDirectory=/home/{{ mastodon_service }}/mastodon/ Environment="RAILS_ENV=production" -Environment="PORT={{puma_port|default('3000')}}" +Environment="PORT={{ mastodon_puma_port | default('3000') }}" Environment="RAILS_LOG_LEVEL=warn" Environment="LD_PRELOAD=libjemalloc.so" -ExecStart=/home/{{service}}/.rbenv/shims/bundle exec puma -C config/puma.rb +ExecStart=/home/{{ mastodon_service }}/.rbenv/shims/bundle exec puma -C config/puma.rb ExecReload=/bin/kill -SIGUSR1 $MAINPID TimeoutSec=15 Restart=always SyslogIdentifier=%p [Install] -WantedBy={{service}}.target +WantedBy={{ mastodon_service }}.target diff --git a/webapps/mastodon/templates/mastodon.target.j2 b/webapps/mastodon/templates/mastodon.target.j2 index 0eb5475a..858c3b4d 100644 --- a/webapps/mastodon/templates/mastodon.target.j2 +++ b/webapps/mastodon/templates/mastodon.target.j2 @@ -2,7 +2,7 @@ Description=Mastodon Microblogging service Wants=redis-server.service After=redis-server.service -Requires={{ service }}-web.service {{ service }}-sidekiq.service {{ service }}-streaming.service +Requires={{ mastodon_service }}-web.service {{ mastodon_service }}-sidekiq.service {{ mastodon_service }}-streaming.service [Install] WantedBy=multi-user.target diff --git a/webapps/mastodon/templates/vhost.j2 b/webapps/mastodon/templates/vhost.j2 index 673cb186..6639f5b7 100644 --- a/webapps/mastodon/templates/vhost.j2 +++ b/webapps/mastodon/templates/vhost.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ domains |first }}; + server_name {{ mastodon_domains |first }}; include /etc/nginx/snippets/letsencrypt.conf; {% if ssl.stat.exists %} location / { return 301 https://$host$request_uri; } @@ -17,12 +17,12 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ domains |first }}; + server_name {{ mastodon_domains |first }}; include /etc/nginx/snippets/letsencrypt.conf; - ssl_certificate /etc/letsencrypt/live/{{ domains |first }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ domains |first }}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{{ domains |first }}/chain.pem; + ssl_certificate /etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_domains |first }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ mastodon_domains |first }}/chain.pem; # OCSP stapling ssl_stapling on; @@ -33,7 +33,7 @@ server { sendfile on; client_max_body_size 0; - root /home/{{ service }}/mastodon/public; + root /home/{{ mastodon_service }}/mastodon/public; gzip on; gzip_disable "msie6"; @@ -45,7 +45,7 @@ server { gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; #add_header Strict-Transport-Security "max-age=31536000"; - #add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://{{ domains |first }}; upgrade-insecure-requests"; + #add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://{{ mastodon_domains |first }}; upgrade-insecure-requests"; location / { try_files $uri @proxy; @@ -64,7 +64,7 @@ server { proxy_set_header Proxy ""; proxy_pass_header Server; - proxy_pass http://127.0.0.1:{{puma_port|default('3000')}}; + proxy_pass http://127.0.0.1:{{ mastodon_puma_port | default('3000') }}; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; @@ -81,7 +81,7 @@ server { proxy_set_header X-Forwarded-Proto https; proxy_set_header Proxy ""; - proxy_pass http://127.0.0.1:{{ node_port | default('4000')}}; + proxy_pass http://127.0.0.1:{{ mastodon_node_port | default('4000') }}; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1;