Permalink
Browse files

add mastodon support

  • Loading branch information...
cullum committed Nov 20, 2018
1 parent e57a663 commit c62b6233fbbff4b3fc293c054f3c07dfed4530e7
@@ -1,13 +1,15 @@
# Matrix Homeserver-in-a-Box (Debian)
# Matrix Homeserver + Mastodon Instance in-a-box (Debian)
This is an ansible playbook for running your own [Matrix](https://matrix.org) homeserver.
This is an ansible playbook for running your own [Matrix](https://matrix.org) homeserver and
[Mastodon](https://joinmastodon.org/) instance.
## Requirements
- VPS running Debian Stretch
- Public IP address and domain name
- `A` record of `matrix.yourdomain.com` in DNS pointing to your server
- `A` record of `matrix.yourdomain.com` and `mastodon.yourdomain.com` in DNS pointing to your server
- `SRV` records set up for matrix federation as described [here](https://github.com/matrix-org/synapse#setting-up-federation)
- `.well-known` redirect on your bare domain for Mastodon federation as described [here](https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md)
## Instructions
@@ -34,7 +36,9 @@ is only used by the `add_matrix_user.sh` script for sending registration emails.
The generated nginx config will host a simple how-to page with instructions for connecting
to your custom homeserver in [Riot](https://riot.im). It will be hosted at `https://matrix.yourdomain.com/howto/`.
## Adding Users
You Mastodon instance will be hosted at `https://mastodon.yourdomain.com/`
## Adding Matrix Users
You can run my `add_matrix_user.sh` script to add new users:
@@ -47,3 +51,8 @@ and connectivity instructions.
If you don't specify an email address, the randomly generated password will be printed to stdout.
Make sure your users change this password once they login!
## Administering Mastodon
The `tootctl` script in the `scripts` directory can be used to control the Mastodon instance.
It just sets up the right environment variables to call the `tootctl` script in the mastodon distribution.
@@ -1,6 +1,7 @@
[defaults]
inventory = inventory.ini
retry_files_enabled = False
allow_world_readable_tmpfiles = True
[privilege_escalation]
become = True
@@ -103,3 +103,8 @@
apt:
name: unattended-upgrades
state: present
- name: install apt-https transport
apt:
name: apt-transport-https
state: present
@@ -13,9 +13,26 @@
state: directory
- name: fetch letsencrypt certificate
command: certbot certonly -n --webroot -w /var/www/letsencrypt -m {{ username }}@{{ domain }} --agree-tos -d matrix.{{ domain }}
command: certbot certonly -n --webroot -w /var/www/letsencrypt -m {{ username }}@{{ domain }} --agree-tos -d {{ item }}.{{ domain }}
args:
creates: /etc/letsencrypt/live/matrix.{{ domain }}
creates: /etc/letsencrypt/live/{{ item }}.{{ domain }}
with_items: '{{ certbot_domains }}'
- name: make hooks directory
file:
path: '{{ item }}'
state: directory
with_items:
- /etc/letsencrypt/renewal-hooks
- /etc/letsencrypt/renewal-hooks/deploy
- name: create nginx renewal script
copy:
content: |
#!/bin/sh
systemctl reload nginx
dest: /etc/letsencrypt/renewal-hooks/deploy/nginx.sh
mode: 0555
- name: enable certbot timer
systemd:
@@ -0,0 +1,4 @@
---
certbot_domains:
- matrix
- mastodon
@@ -0,0 +1,7 @@
---
mastodon_uid: 901
mastodon_home: /usr/local/share/mastodon
mastodon_web_port: 3000
mastodon_streaming_port: 4000
mastodon_single_user_mode: False
redis_port: 6379
@@ -0,0 +1,15 @@
---
- name: reload nginx
systemd:
name: nginx
state: reloaded
- name: restart mastodon
systemd:
name: '{{ item }}'
state: restarted
daemon_reload: yes
with_items:
- mastodon-web
- mastodon-sidekiq
- mastodon-streaming
@@ -0,0 +1,5 @@
---
dependencies:
- { role: nginx, tags: ['nginx'] }
- { role: postgresql, tags: ['postgresql'] }
- { role: redis, tags: ['redis'] }
@@ -0,0 +1,77 @@
---
- name: get current secret key
shell: grep '^SECRET_KEY_BASE=' '{{ mastodon_home }}/live/.env.production' | awk -F= '{ print $2 }'
changed_when: False
failed_when: False
register: grep_secret_key
- name: check secret key
set_fact:
secret_key: '{{ grep_secret_key.stdout }}'
when: grep_secret_key.stdout != ""
- block:
- name: generate new secret key
command: pwgen 64 1
changed_when: False
register: pwgen_secret_key
- name: set secret key
set_fact:
secret_key: '{{ pwgen_secret_key.stdout }}'
when: grep_secret_key.stdout == ""
- name: get current otp secret
shell: grep '^OTP_SECRET=' '{{ mastodon_home }}/live/.env.production' | awk -F= '{ print $2 }'
changed_when: False
failed_when: False
register: grep_otp_secret
- name: check otp secret
set_fact:
otp_secret: '{{ grep_otp_secret.stdout }}'
when: grep_otp_secret.stdout != ""
- block:
- name: generate new otp secret
command: pwgen 64 1
changed_when: False
register: pwgen_otp_secret
- name: set otp secret
set_fact:
otp_secret: '{{ pwgen_otp_secret.stdout }}'
when: grep_otp_secret.stdout == ""
- name: get current vapid keys
shell: grep -A1 '^VAPID_PRIVATE_KEY=' '{{ mastodon_home }}/live/.env.production'
changed_when: False
failed_when: False
register: grep_vapid_keys
- name: check vapid keys
set_fact:
vapid_keys: '{{ grep_vapid_keys.stdout }}'
when: grep_vapid_keys.stdout != ""
- block:
- name: generate new vapid keys
shell: . {{ mastodon_home }}/.bashrc && bundle exec rake mastodon:webpush:generate_vapid_key
args:
chdir: '{{ mastodon_home }}/live'
environment:
RAILS_ENV: production
OTP_SECRET: '{{ otp_secret }}'
SECRET_KEY_BASE: '{{ secret_key }}'
become_user: mastodon
changed_when: False
register: generate_vapid_keys
- name: set vapid keys
set_fact:
vapid_keys: '{{ generate_vapid_keys.stdout }}'
when: grep_vapid_keys.stdout == ""
@@ -0,0 +1,177 @@
---
- name: add apt keys
apt_key:
url: '{{ item }}'
with_items:
- https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- https://dl.yarnpkg.com/debian/pubkey.gpg
- name: add nodesource apt repo
apt_repository:
repo: '{{ item }}'
with_items:
- deb https://deb.nodesource.com/node_8.x {{ ansible_distribution_release }} main
- deb https://dl.yarnpkg.com/debian/ stable main
- name: install packages
apt:
name: '{{ item }}'
state: present
update_cache: yes
with_items: '{{ mastodon_apt_dependencies }}'
- name: create mastodon user
user:
name: mastodon
comment: "Mastodon Pseudo-User"
shell: /usr/sbin/nologin
home: '{{ mastodon_home }}'
uid: '{{ mastodon_uid }}'
- name: clone rbenv repo
git:
repo: https://github.com/rbenv/rbenv.git
dest: '{{ mastodon_home }}/.rbenv'
become_user: mastodon
register: rbenv_git
- name: build rbenv
shell: ./src/configure && make -C src
args:
chdir: '{{ mastodon_home }}/.rbenv'
become_user: mastodon
when: rbenv_git.changed
- name: create mastodon bashrc
copy:
content: |
export PATH="$HOME/.rbenv/bin:$PATH"
eval "$(rbenv init -)"
dest: '{{ mastodon_home }}/.bashrc'
become_user: mastodon
- name: install ruby-build
git:
repo: https://github.com/rbenv/ruby-build.git
dest: '{{ mastodon_home}}/.rbenv/plugins/ruby-build'
become_user: mastodon
- name: install ruby {{ mastodon_ruby_version }}
shell: . {{ mastodon_home }}/.bashrc && rbenv install {{ mastodon_ruby_version }}
args:
creates: '{{ mastodon_home }}/.rbenv/versions/{{ mastodon_ruby_version }}/bin/ruby'
become_user: mastodon
- name: activate ruby {{ mastodon_ruby_version }}
shell: . {{ mastodon_home }}/.bashrc && rbenv global {{ mastodon_ruby_version }}
become_user: mastodon
changed_when: False
- name: clone mastodon
git:
repo: https://github.com/tootsuite/mastodon.git
dest: '{{ mastodon_home }}/live'
version: v{{ mastodon_version }}
become_user: mastodon
register: mastodon_git
- name: install mastodon dependencies
shell: . {{ mastodon_home }}/.bashrc && {{ item }}
args:
chdir: '{{ mastodon_home }}/live'
executable: /bin/bash
become_user: mastodon
with_items:
- gem install bundler
- bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test
- yarn install --pure-lockfile
when: mastodon_git.changed
- name: create database user
postgresql_user:
name: mastodon
role_attr_flags: CREATEDB
- name: generate mastodon vhost
template:
src: mastodon.conf.j2
dest: /etc/nginx/sites-available/mastodon.conf
notify: reload nginx
- name: enable mastodon vhost
file:
src: /etc/nginx/sites-available/mastodon.conf
dest: /etc/nginx/sites-enabled/mastodon.conf
state: link
notify: reload nginx
- include: generate_secrets.yml
- name: generate .env.production
template:
src: env.production.j2
dest: '{{ mastodon_home }}/live/.env.production'
owner: mastodon
group: mastodon
mode: 0440
notify: restart mastodon
- name: check if database is initialized
command: psql mastodon -c 'SELECT 1'
become_user: mastodon
changed_when: False
failed_when: False
register: check_db
- name: initialize database
shell: . {{ mastodon_home }}/.bashrc && bundle exec rails db:setup
args:
chdir: '{{ mastodon_home }}/live'
environment:
RAILS_ENV: production
SAFETY_ASSURED: 1
become_user: mastodon
when: check_db.rc != 0
- name: precompile web assets
shell: . {{ mastodon_home }}/.bashrc && bundle exec rails assets:precompile
args:
chdir: '{{ mastodon_home }}/live'
environment:
RAILS_ENV: production
become_user: mastodon
when: mastodon_git.changed
- name: generate systemd services
template:
src: '{{ item }}.service.j2'
dest: /etc/systemd/system/{{ item }}.service
with_items:
- mastodon-web
- mastodon-sidekiq
- mastodon-streaming
notify: restart mastodon
- name: enable systemd services
systemd:
name: '{{ item }}'
state: started
enabled: yes
with_items:
- mastodon-web
- mastodon-sidekiq
- mastodon-streaming
- name: set crontab environment variable
cron:
name: RAILS_ENV
env: yes
value: production
user: mastodon
- name: enable media cleanup crontab
cron:
name: cleanup mastodon media cache
special_time: daily
job: cd /home/mastodon/live && {{ mastodon_home }}/.rbenv/shims/bundle exec rake mastodon:media:remove_remote
user: mastodon
@@ -0,0 +1,17 @@
WEB_DOMAIN=mastodon.{{ domain }}
LOCAL_DOMAIN={{ domain }}
SINGLE_USER_MODE={{ 'true' if mastodon_single_user_mode else 'false' }}
SECRET_KEY_BASE={{ secret_key }}
OTP_SECRET={{ otp_secret }}
{{ vapid_keys }}
DB_HOST=/var/run/postgresql
DB_PORT=5432
DB_NAME=mastodon
DB_USER=mastodon
REDIS_HOST=localhost
REDIS_PORT={{ redis_port }}
SMTP_SERVER=localhost
SMTP_PORT=25
SMTP_AUTH_METHOD=none
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_FROM_ADDRESS=Mastodon <mastodon-noreply@{{ domain }}>
Oops, something went wrong.

0 comments on commit c62b623

Please sign in to comment.