kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
roles/web-app-pixelfed/Administration.md Normal file
View File

@@ -0,0 +1,134 @@
## Accessing Services
### Application Access
To gain shell access to the application container, run the following command:
```bash
docker-compose exec -it application bash
```
### Clear Cache
```bash
docker compose exec -it application php artisan cache:clear
```
### Database Access
To access the MariaDB instance in the database container, run the following command:
```bash
docker-compose exec -it database mariadb -u pixelfed -p
```
### User Management via CLI in Pixelfed Docker Setup
To manage users in your Pixelfed instance running in a Docker container, as configured in Kevin Veen-Birkenbach's web-app-pixelfed role, you can follow these steps via the Command Line Interface (CLI):
1. **Access the Application Container:** First, gain shell access to the Pixelfed application container. Use the command provided in the README:
```bash
docker-compose exec -it application bash
```
This command lets you access the bash shell inside the `application` Docker container where Pixelfed is running.
2. **Navigate to Pixelfed Directory:** Once inside the container, navigate to the Pixelfed directory. This is typically the root directory where Pixelfed is installed.
3. **Use Artisan Commands:** Pixelfed is built on Laravel, so you'll use Laravel's Artisan CLI for user management. Here are some common tasks:
- **Create a New User:**
```bash
php artisan user:create
```
This command will prompt you to enter the user's details like username, email, and password.
- **List Users:**
```bash
php artisan user:list
```
This command displays a list of all users.
- **Delete a User:**
```bash
php artisan user:delete {username}
```
Replace `{username}` with the actual username of the user you wish to delete.
- **Reset Password:**
```bash
php artisan user:reset-password {username}
```
This will initiate a password reset process for the specified user.
4. **Verify and Validate:** Depending on your Pixelfed's configuration, especially if email verification is required, you might need to perform additional steps to verify new accounts or modify user details.
5. **Exit the Container:** After completing your user management tasks, exit the Docker container shell by typing `exit`.
### Note:
- **Commands Variability:** The available Artisan commands can vary based on your version of Pixelfed and Laravel. Always refer to the specific documentation for your version.
- **Permissions:** Ensure you have the necessary permissions and rights within the Docker container to perform these actions.
- **Environment Specifics:** The exact paths and commands may vary based on your Docker and Pixelfed setup, as defined in your `docker-compose.yml` and other configuration files.
This process provides a streamlined way to manage Pixelfed users directly from the CLI in a Dockerized environment, ensuring that you can efficiently administer your Pixelfed instance without needing to access the Pixelfed web interface.
## Instagram Import Cleanup
If you have imported posts from Instagram, you can clean up the imported data and files as follows:
### Database Cleanup
Run these commands inside your MariaDB shell to remove import related data:
```bash
DELETE from import_posts WHERE 1;
DELETE from import_jobs WHERE 1;
DELETE from import_datas WHERE 1;
DELETE from statuses where created_at < "2022-12-01 22:15:39";
DELETE from media where deleted_at >= "2023-07-28 14:39:05";
```
### File System Cleanup
Run these commands to remove the imported files and trigger the cleanup job:
```bash
docker-compose exec -u "www-data" application rm -rv "/var/www/storage/app/imports/1"
docker-compose exec -u "www-data" application php artisan schedule:run
```
## Full Cleanup (Reset)
For a hard reset, which will delete all data and stop all services, use the following commands:
```bash
docker-compose down
docker volume rm pixelfed_application_data pixelfed_database pixelfed_redis
```
## Update Procedure
To update your Pixelfed instance, navigate to the directory where your `docker-compose.yml` file is located and run these commands:
```bash
cd {{path_docker_compose_instances}}pixelfed/ &&
docker-compose down &&
docker network prune -f &&
docker-compose pull &&
docker-compose build &&
docker-compose -p pixelfed up -d --force-recreate
```
## Inspecting the Services
To see the status of all services or follow the logs, use these commands:
```bash
docker-compose ps -a
docker-compose logs -f
```
## Debug
To debug the system set APP_DEBUG to true, like descriped [here](https://docs.pixelfed.org/technical-documentation/config/).
```bash
nano config/app.php
php artisan cache:clear
php artisan route:cache
php artisan view:clear
php artisan config:cache
```
## Modifying files
```bash
apt update && apt upgrade && apt install nano
```

23
roles/web-app-pixelfed/README.md Normal file
View File

@@ -0,0 +1,23 @@
# Pixelfed
## Description
Pixelfed is a decentralized image-sharing platform that champions creativity and privacy. It offers a secure, community-driven alternative to centralized social networks by enabling federated communication and seamless content sharing through a modern web interface.
## Overview
This Docker Compose deployment automates the installation and operation of a Pixelfed instance.
## Features
* **Decentralized Content Sharing:** Empower users to share photos and visual content across an interoperable, federated network with enhanced privacy controls.
* **Modern, Responsive Web Interface:** Access an intuitive and adaptive UI for effortless browsing, administration, and content management.
* **Robust Scalability & Performance:** Leverage integrated Redis caching and a reliable database (MariaDB or PostgreSQL) for smooth scaling and high performance.
* **Flexible Configuration:** Customize cache sizes, domain settings, and authentication options via environment variables and templated configuration files.
* **Maintenance & Administration Tools:** Built-in CLI and web-app-based tools to clear caches, manage the database, and monitor application health.
* **Single Sign-On (SSO) / OpenID Connect (OIDC):** Seamless integration with external identity providers for centralized authentication.
## Other Resources
* [Official Pixelfed website](https://pixelfed.org/)
* [Pixelfed GitHub repository](https://github.com/pixelfed/pixelfed)

28
roles/web-app-pixelfed/meta/main.yml Normal file
View File

@@ -0,0 +1,28 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Pixelfed is a decentralized image sharing platform that champions creativity and privacy. This containerized deployment provides a secure, scalable, and modern environment for sharing visual content within a federated network."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Archlinux
versions:
- rolling
galaxy_tags:
- pixelfed
- docker
- federation
- decentralization
- socialmedia
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
logo:
class: "fa-solid fa-camera"
run_after:
- web-app-keycloak

5
roles/web-app-pixelfed/meta/schema.yml Normal file
View File

@@ -0,0 +1,5 @@
credentials:
app_key:
description: "Generic 32-byte base64 key with base64: prefix"
algorithm: base64_prefixed_32
validation: '^base64:[A-Za-z0-9+/]{43}=$'

11
roles/web-app-pixelfed/tasks/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: "include service-rdbms-central"
include_role:
name: service-rdbms-central
- name: "include role webserver-proxy-domain for {{application_id}}"
include_role:
name: webserver-proxy-domain
vars:
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"

34
roles/web-app-pixelfed/templates/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,34 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images.pixelfed }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- "data:/var/www/storage"
- "./env:/var/www/.env"
ports:
- "{{ports.localhost.http[application_id]}}:80"
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
worker:
image: "{{ applications[application_id].images.pixelfed }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- "data:/var/www/storage"
- "./env:/var/www/.env"
entrypoint: /worker-entrypoint.sh
healthcheck:
test: php artisan horizon:status | grep running
interval: 60s
timeout: 5s
retries: 1
{% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
application:
condition: service_started
{% include 'roles/docker-container/templates/networks.yml.j2' %}
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
redis:
data:
{% include 'roles/docker-compose/templates/networks.yml.j2' %}

154
roles/web-app-pixelfed/templates/env.j2 Normal file
View File

@@ -0,0 +1,154 @@
## Crypto
APP_KEY={{applications[application_id].credentials.app_key}}
## General Settings
APP_NAME="{{applications.pixelfed.titel}}"
APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
APP_DEBUG={{enable_debug | string | lower }}
APP_URL={{ domains | get_url(application_id, web_protocol) }}
APP_DOMAIN="{{domains | get_domain(application_id)}}"
ADMIN_DOMAIN="{{domains | get_domain(application_id)}}"
SESSION_DOMAIN="{{domains | get_domain(application_id)}}"
OPEN_REGISTRATION=false
ENFORCE_EMAIL_VERIFICATION=false
PF_MAX_USERS=1000
OAUTH_ENABLED=true
APP_TIMEZONE={{ HOST_TIMEZONE }}
APP_LOCALE={{ HOST_LL }}
## Pixelfed Tweaks
LIMIT_ACCOUNT_SIZE=true
MAX_ACCOUNT_SIZE=1000000
MAX_PHOTO_SIZE=15000
MAX_AVATAR_SIZE=2000
MAX_CAPTION_LENGTH=500
MAX_BIO_LENGTH=125
MAX_NAME_LENGTH=30
MAX_ALBUM_LENGTH=4
IMAGE_QUALITY=80
PF_OPTIMIZE_IMAGES=true
PF_OPTIMIZE_VIDEOS=true
ADMIN_ENV_EDITOR=false
ACCOUNT_DELETION=true
ACCOUNT_DELETE_AFTER=false
MAX_LINKS_PER_POST=0
## Instance
#INSTANCE_DESCRIPTION=
INSTANCE_PUBLIC_HASHTAGS=false
#INSTANCE_CONTACT_EMAIL=
INSTANCE_PUBLIC_LOCAL_TIMELINE=false
#BANNED_USERNAMES=
STORIES_ENABLED=false
RESTRICTED_INSTANCE=false
## Mail
MAIL_DRIVER=log
MAIL_HOST={{system_email.host}}
MAIL_PORT={{system_email.port}}
MAIL_FROM_ADDRESS="{{ users['no-reply'].email }}"
MAIL_FROM_NAME={{ service_provider.company.titel }} - Pixelfed
MAIL_USERNAME={{ users['no-reply'].email }}
MAIL_PASSWORD={{ users['no-reply'].mailu_token }}
# Not sure if the following is correct
# Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker
MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }}
## Databases (MySQL)
DB_CONNECTION=mysql
DB_DATABASE={{database_name}}
DB_HOST={{database_host}}
DB_PASSWORD="{{database_password}}"
DB_PORT="{{database_port}}"
DB_USERNAME={{database_username}}
## Cache (Redis)
REDIS_CLIENT=phpredis
REDIS_SCHEME=tcp
REDIS_HOST=redis
#REDIS_PASSWORD=
REDIS_PORT=6379
REDIS_DATABASE=0
HORIZON_PREFIX="horizon-"
## EXPERIMENTS
EXP_LC=false
EXP_REC=false
EXP_LOOPS=false
## ActivityPub Federation
ACTIVITY_PUB=true
AP_REMOTE_FOLLOW=true
AP_SHAREDINBOX=true
AP_INBOX=true
AP_OUTBOX=true
ATOM_FEEDS=true
NODEINFO=true
WEBFINGER=true
## S3
FILESYSTEM_DRIVER=local
FILESYSTEM_CLOUD=s3
PF_ENABLE_CLOUD=false
## Horizon
HORIZON_DARKMODE=false
## COSTAR - Confirm Object Sentiment Transform and Reduce
PF_COSTAR_ENABLED=false
# Media
MEDIA_EXIF_DATABASE=false
## Logging
LOG_CHANNEL=stderr
## Image
IMAGE_DRIVER=imagick
## Broadcasting
BROADCAST_DRIVER=log # log driver for local development
## Cache
CACHE_DRIVER=redis
## Purify
RESTRICT_HTML_TYPES=true
## Queue
QUEUE_DRIVER=redis
## Session
SESSION_DRIVER=redis
## Trusted Proxy
TRUST_PROXIES="*"
## Passport
#PASSPORT_PRIVATE_KEY=
#PASSPORT_PUBLIC_KEY=
ENABLE_CONFIG_CACHE=true
{% if applications | is_feature_enabled('oidc',application_id) %}
###################################
# OpenID Connect settings
###################################
# @see https://github.com/pixelfed/pixelfed/commit/b3c27815788e4b47e7eb3fca727d817512cf26c2#diff-66e408190a301e81b5f1c079463487c54a6452c4944dc5ae80770f50101283ff
PF_OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | lower }}
PF_OIDC_AUTHORIZE_URL="{{oidc.client.authorize_url}}"
PF_OIDC_TOKEN_URL="{{oidc.client.token_url}}"
PF_OIDC_PROFILE_URL="{{ oidc.client.user_info_url }}"
PF_OIDC_LOGOUT_URL="{{oidc.client.logout_url}}"
PF_OIDC_USERNAME_FIELD="{{oidc.attributes.username}}"
PF_OIDC_FIELD_ID="{{oidc.attributes.username}}"
PF_OIDC_CLIENT_SECRET={{oidc.client.secret}}
PF_OIDC_CLIENT_ID={{oidc.client.id}}
PF_OIDC_SCOPES="openid profile email"
{% endif %}

31
roles/web-app-pixelfed/vars/configuration.yml Normal file
View File

@@ -0,0 +1,31 @@
titel: "Pictures on {{primary_domain}}"
#version: "latest"
images:
pixelfed: "zknt/pixelfed:latest"
features:
matomo: true
css: false # Needs to be reactivated
portfolio_iframe: true
central_database: true
oidc: true
csp:
flags:
script-src:
unsafe-eval: true
unsafe-inline: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
domains:
canonical:
- "picture.{{ primary_domain }}"
aliases:
- "pictures.{{ primary_domain }}"
docker:
services:
redis:
enabled: true
database:
enabled: true

3
roles/web-app-pixelfed/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
application_id: "pixelfed"
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;"
database_type: "mariadb"