RedXen/ansible-pleroma
RedXen
/
ansible-pleroma
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix all stuff, add custom theme and drop priviledges properly

This commit is contained in:
Alex 2020-06-04 20:17:08 +02:00
parent 8c8ee895ea
commit b1b681d8a0
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
9 changed files with 329 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
files/priv/static/static/background.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 537 KiB

BIN
files/priv/static/static/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

18
files/priv/static/static/styles.json Normal file
View File

@ -0,0 +1,18 @@
{
"pleroma-dark": "/static/themes/pleroma-dark.json",
"pleroma-light": "/static/themes/pleroma-light.json",
"pleroma-amoled": [ "Pleroma Dark AMOLED", "#000000", "#111111", "#b0b0b1", "#d8a070", "#aa0000", "#0fa00f", "#0095ff", "#d59500"],
"classic-dark": [ "Classic Dark", "#161c20", "#282e32", "#b9b9b9", "#baaa9c", "#d31014", "#0fa00f", "#0095ff", "#ffa500" ],
"bird": [ "Bird", "#f8fafd", "#e6ecf0", "#14171a", "#0084b8", "#e0245e", "#17bf63", "#1b95e0", "#fab81e"],
"ir-black": [ "Ir Black", "#000000", "#242422", "#b5b3aa", "#ff6c60", "#FF6C60", "#A8FF60", "#96CBFE", "#FFFFB6" ],
"monokai": [ "Monokai", "#272822", "#383830", "#f8f8f2", "#f92672", "#F92672", "#a6e22e", "#66d9ef", "#f4bf75" ],
"redmond-xx": "/static/themes/redmond-xx.json",
"redmond-xx-se": "/static/themes/redmond-xx-se.json",
"redmond-xxi": "/static/themes/redmond-xxi.json",
"breezy-dark": "/static/themes/breezy-dark.json",
"breezy-light": "/static/themes/breezy-light.json",
"mammal": "/static/themes/mammal.json",
"paper": "/static/themes/paper.json",
"redxen": "/static/themes/redxen.json"
}

11
files/priv/static/static/terms-of-service.html Normal file
View File

@ -0,0 +1,11 @@
<html>
<body>
<h4>Terms of Service</h4>
<ol>
<li>Anything against German law is disallowed.</li>
<li>No child porn.</li>
<li>No taking advantage of exploits.</li>
<li>Have common sense.</li>
</ol>
</body>
</html>

200
files/priv/static/static/themes/redxen.json Normal file
View File

@ -0,0 +1,200 @@
{
"_pleroma_theme_version": 2,
"name": "RedXen Dark",
"source": {
"themeEngineVersion": 3,
"fonts": {},
"shadows": {
"buttonHover": [
{
"x": 0,
"y": 0,
"blur": "1",
"spread": "2",
"color": "#b9b9ba",
"alpha": "0.4",
"inset": true
},
{
"x": 0,
"y": 1,
"blur": 0,
"spread": 0,
"color": "#FFFFFF",
"alpha": 0.2,
"inset": true
},
{
"x": 0,
"y": -1,
"blur": 0,
"spread": 0,
"color": "#000000",
"alpha": 0.2,
"inset": true
}
],
"buttonPressed": [
{
"x": 0,
"y": 0,
"blur": 4,
"spread": 0,
"color": "#000000",
"alpha": 1,
"inset": true
},
{
"x": 0,
"y": 1,
"blur": 0,
"spread": 0,
"color": "#000000",
"alpha": 0.2,
"inset": true
},
{
"x": 0,
"y": -1,
"blur": 0,
"spread": 0,
"color": "#FFFFFF",
"alpha": 0.2,
"inset": true
},
{
"x": 0,
"y": 0,
"blur": "2",
"spread": 0,
"inset": false,
"color": "#000000",
"alpha": 1
}
],
"panelHeader": [
{
"x": 0,
"y": "1",
"blur": "3",
"spread": 0,
"inset": false,
"color": "#000000",
"alpha": "0.4"
},
{
"x": "0",
"y": "1",
"blur": "0",
"spread": 0,
"inset": true,
"color": "#ffffff",
"alpha": "0.2"
}
],
"panel": [
{
"x": "0",
"y": "0",
"blur": "3",
"spread": 0,
"color": "#000000",
"alpha": "0.5"
},
{
"x": "0",
"y": "4",
"blur": "6",
"spread": "3",
"inset": false,
"color": "#000000",
"alpha": "0.3"
}
],
"button": [
{
"x": 0,
"y": 0,
"blur": 2,
"spread": 0,
"color": "#000000",
"alpha": 1
},
{
"x": 0,
"y": 1,
"blur": 0,
"spread": 0,
"color": "#FFFFFF",
"alpha": 0.2,
"inset": true
},
{
"x": 0,
"y": -1,
"blur": 0,
"spread": 0,
"color": "#000000",
"alpha": 0.2,
"inset": true
}
],
"topBar": [
{
"x": 0,
"y": "1",
"blur": 4,
"spread": 0,
"color": "#000000",
"alpha": "0.4"
},
{
"x": 0,
"y": "2",
"blur": "7",
"spread": 0,
"inset": false,
"color": "#000000",
"alpha": "0.3"
}
]
},
"opacity": {
"underlay": 0.6,
"bg": 0.8,
"panel": 1,
"alert": 0.5,
"input": 0.5,
"btn": 1,
"faint": 0.5,
"border": 1,
"popover": 1,
"profileTint": 0.5
},
"colors": {
"bg": "#000000",
"fg": "#111111",
"text": "#ffffff",
"underlay": "#090e14",
"accent": "#ef2929",
"cBlue": "#0095ff",
"cRed": "#ff0000",
"cGreen": "#0fa00f",
"cOrange": "#d59500",
"border": "--fg,3",
"topBarText": "--text,-9.75",
"topBarLink": "--topBarText",
"btnToggled": "--accent,-24.2",
"alertErrorText": "--text,21.2",
"badgeNotification": "#a40000",
"badgeNotificationText": "#ffffff"
},
"radii": {
"btn": "1",
"input": "1",
"panel": "2",
"avatar": "2",
"attachment": "3"
}
}
}

51
tasks/main.yml
View File

@ -4,14 +4,18 @@
content: 'import Mix.Config'
follow: yes
tags:
- setup
- pleroma
- build
- name: Fetch dependencies
loop:
- "mix local.hex --force"
- "mix local.rebar --force"
- "mix deps.get --only prod --force"
shell:
chdir: "/home/repositories/pleroma/"
cmd: "MIX_ENV=prod mix deps.get --only prod"
cmd: "MIX_ENV=prod {{ item }}"
tags:
- setup
- pleroma
- build
- name: Ensure that output dir is created
file:
@ -19,15 +23,46 @@
state: directory
follow: yes
tags:
- setup
- pleroma
- build
- name: Copy custom files
loop:
- "priv/static/static/themes/redxen.json"
- "priv/static/static/styles.json"
- "priv/static/static/background.jpg"
- "priv/static/static/logo.png"
- "priv/static/static/terms-of-service.html"
copy:
src: '{{ role_path }}/files/{{ item }}'
dest: '/home/repositories/pleroma/{{ item }}'
tags:
- pleroma
- build
- name: Build pleroma
shell:
chdir: "/home/repositories/pleroma/"
cmd: "MIX_ENV=prod mix release --path {{ pleroma.root }}"
tags:
- setup
- pleroma
- build
- name: Copy configuration files
loop:
- "config.exs"
- "mrf.exs"
template:
src: "{{ item }}.j2"
dest: "/etc/pleroma/{{ item }}"
follow: yes
tags:
- pleroma
- name: Copy secrets
template:
src: "{{ role_path }}/vault/secret.exs"
dest: "/etc/pleroma/secret.exs"
follow: yes
tags:
- pleroma
- vault
- name: Copy systemd service file
template:
follow: yes
@ -37,3 +72,9 @@
tags:
- pleroma
- systemd
- name: Make the binary exectuable
file:
mode: "755"
path: "/etc/pleroma/bin/pleroma"
tags:
- pleroma

42
templates/config.exs.j2 Normal file
View File

@ -0,0 +1,42 @@
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "{{ pleroma.listen.domain }}", scheme: "https", port: 443],
http: [ip: {0, 0, 0, 0}, port: {{ pleroma.listen.port }}]
config :pleroma, :instance,
name: "{{ pleroma.instance.name }}",
email: "{{ pleroma.instance.email.admin }}",
notify_email: "{{ pleroma.instance.email.notify }}",
description: "{{ pleroma.instance.description }}",
limit: 5000,
federating: {{ pleroma.instance.federating }},
invites_enabled: {{ pleroma.instance.invites }},
static_dir: "/pleroma-data/static",
registrations_open: {{ pleroma.instance.registrations }}
config :pleroma, :frontend_configurations,
pleroma_fe: %{
theme: "{{ pleroma.instance.frontend.theme }}",
logo: "{{ pleroma.instance.frontend.logo }}",
logoMask: {{ pleroma.instance.frontend.logomask }},
background: "{{ pleroma.instance.frontend.bg }}"
}
config :pleroma, :media_proxy, enabled: {{ pleroma.instance.media_proxy }}
# Configure web push notifications
config :web_push_encryption, :vapid_details, subject: "mailto:fedi@redxen.eu"
config :pleroma, configurable_from_database: {{ pleroma.instance.database_configurable }}
config :pleroma, :database, rum_enabled: false
config :pleroma, Pleroma.Uploaders.Local, uploads: "/pleroma-data/uploads"
config :pleroma, :gopher,
enabled: false,
ip: {0, 0, 0, 0},
port: 9999
{% for config in pleroma.instance.imports %}
import_config("{{ config }}")
{% endfor %}

7
templates/mrf.exs.j2 Normal file
View File

@ -0,0 +1,7 @@
import Config
config :pleroma, :instance,
rewrite_policy: "Pleroma.Web.ActivityPub.MRF.NoOpPolicy"
config :pleroma, :mrf_simple,
media_nsfw: ["stereophonic.space"]

11
templates/pleroma.service.j2
View File

@ -3,20 +3,19 @@ Description=Pleroma
After=network.target
[Service]
ExecStart=/bin/pleroma
ExecStartPre={{ pleroma.root }}/bin/pleroma_ctl migrate
ExecStart={{ pleroma.root }}/bin/pleroma start
User=nobody
Restart=on-failure
DynamicUser=true
ProtectSystem=strict
BindReadOnlyPaths={{ pleroma.data }}:/pleroma-data
RootDirectory={{ pleroma.root }}
TemporaryFileSystem=/:ro
BindPaths={{ pleroma.data }}:/pleroma-data /etc/pleroma
ProtectSystem=strict
PrivateUsers=true
NoNewPrivileges=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes