From 6ac081e501d7b3c8a3c198383d798141acf22f1b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 4 Jan 2024 20:57:02 +0100 Subject: [PATCH] Implemented central database for matrix and mastodon --- group_vars/all | 3 +- roles/docker-mastodon/README.md | 10 ++- roles/docker-mastodon/tasks/main.yml | 6 ++ .../templates/.env.production.j2 | 1 + .../templates/docker-compose.yml.j2 | 6 +- .../templates/homeserver.yaml.j2 | 8 +- roles/docker-postgres/tasks/main.yml | 74 +++++++++++++++++-- 7 files changed, 91 insertions(+), 17 deletions(-) diff --git a/group_vars/all b/group_vars/all index 3d87d746..028e88e5 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,8 +1,9 @@ # General +setup: false # Pass CLI commands to execute the setup tasks for the different roles verbose: false # Prints well formated debug information top_domain: "localhost" # Change this in inventory to your domain ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server -backups_folder_path: "/Backups/" +backups_folder_path: "/Backups/" # Path to the backups folder # Server Tact Variables diff --git a/roles/docker-mastodon/README.md b/roles/docker-mastodon/README.md index 2d1dd775..e74bca84 100644 --- a/roles/docker-mastodon/README.md +++ b/roles/docker-mastodon/README.md @@ -1,8 +1,15 @@ # docker mastodon + ## create configuration ```bash docker-compose run --rm web bundle exec rake mastodon:setup ``` + +## Setup with existing configuration +```bash +docker-compose run --rm web bundle exec rails db:migrate +``` + ## cleanup ```bash cd {{path_docker_compose_instances}}mastodon/ @@ -29,4 +36,5 @@ docker-compose exec -it -u root web chown -R 991:991 public - https://goneuland.de/mastodon-mit-docker-und-traefik-installieren/ - https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4 - https://www.2daygeek.com/linux-command-check-website-is-up-down-alive/ -- https://vitobotta.com/2022/11/07/setting-up-a-personal-mastodon-instance/ \ No newline at end of file +- https://vitobotta.com/2022/11/07/setting-up-a-personal-mastodon-instance/ +- https://www.digitalocean.com/community/tutorials/how-to-scale-your-mastodon-server \ No newline at end of file diff --git a/roles/docker-mastodon/tasks/main.yml b/roles/docker-mastodon/tasks/main.yml index 8ed0107e..ba05ad2a 100644 --- a/roles/docker-mastodon/tasks/main.yml +++ b/roles/docker-mastodon/tasks/main.yml @@ -23,3 +23,9 @@ src: .env.production.j2 dest: "{{docker_compose_instance_directory}}.env.production" notify: docker compose project setup + +- name: execute database migration + command: + cmd: "docker-compose run --rm web bundle exec rails db:migrate" + chdir: "{{docker_compose_instance_directory}}" + when: setup | bool \ No newline at end of file diff --git a/roles/docker-mastodon/templates/.env.production.j2 b/roles/docker-mastodon/templates/.env.production.j2 index 7a772a03..ee838f84 100644 --- a/roles/docker-mastodon/templates/.env.production.j2 +++ b/roles/docker-mastodon/templates/.env.production.j2 @@ -5,6 +5,7 @@ SECRET_KEY_BASE={{mastodon_secret_key_base}} OTP_SECRET={{mastodon_otp_secret}} VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}} VAPID_PUBLIC_KEY={{mastodon_vapid_public_key}} + DB_HOST={{database_host}} DB_PORT=5432 DB_NAME={{database_databasename}} diff --git a/roles/docker-mastodon/templates/docker-compose.yml.j2 b/roles/docker-mastodon/templates/docker-compose.yml.j2 index 4d715ca3..7546657a 100644 --- a/roles/docker-mastodon/templates/docker-compose.yml.j2 +++ b/roles/docker-mastodon/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ services: {% include 'templates/docker-service-' + database_type + '.yml.j2' %} web: - image: tootsuite/mastodon:{{version_mastodon}} + image: ghcr.io/mastodon/mastodon:{{version_mastodon}} restart: always env_file: .env.production command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" @@ -22,7 +22,7 @@ services: {% include 'templates/docker-container-networks.yml.j2' %} streaming: - image: tootsuite/mastodon:{{version_mastodon}} + image: ghcr.io/mastodon/mastodon:{{version_mastodon}} restart: always env_file: .env.production command: node ./streaming @@ -36,7 +36,7 @@ services: {% include 'templates/docker-container-networks.yml.j2' %} sidekiq: - image: tootsuite/mastodon:{{version_mastodon}} + image: ghcr.io/mastodon/mastodon:{{version_mastodon}} restart: always env_file: .env.production command: bundle exec sidekiq diff --git a/roles/docker-matrix-compose/templates/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/homeserver.yaml.j2 index 9509c15b..d77549e9 100644 --- a/roles/docker-matrix-compose/templates/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/homeserver.yaml.j2 @@ -11,10 +11,10 @@ listeners: database: name: psycopg2 args: - user: matrix - password: "{{matrix_database_password}}" - database: matrix - host: database + user: "{{database_username}}" + password: "{{database_password}}" + database: "{{database_databasename}}" + host: "{{database_host}}" cp_min: 5 cp_max: 10 log_config: "/data/{{domain_matrix_synapse}}.log.config" diff --git a/roles/docker-postgres/tasks/main.yml b/roles/docker-postgres/tasks/main.yml index 181df3f0..df84c540 100644 --- a/roles/docker-postgres/tasks/main.yml +++ b/roles/docker-postgres/tasks/main.yml @@ -6,8 +6,8 @@ - name: Install PostgreSQL docker_container: - name: postgres - image: postgres:latest + name: central-postgres + image: "postgres:{{database_version}}" detach: yes env: POSTGRES_PASSWORD: "{{ central_postgres_password }}" @@ -16,6 +16,8 @@ - name: central_postgres_network published_ports: - "127.0.0.1:5432:5432" + volumes: + - central_postgres_database:/var/lib/postgresql/data when: run_once_docker_postgres is not defined - name: wait for availability of postgres @@ -23,10 +25,16 @@ host: "127.0.0.1" port: "5432" delay: 0 - timeout: 120 + timeout: 300 when: run_once_docker_postgres is not defined -- name: Create database +- name: install python-psycopg2 + pacman: + name: python-psycopg2 + state: present + when: run_once_docker_postgres is not defined + +- name: "Create database: {{ database_databasename }}" postgresql_db: name: "{{ database_databasename }}" state: present @@ -35,18 +43,68 @@ login_host: 127.0.0.1 login_port: 5432 -- name: Create database user +- name: "Create database user: {{ database_username }}" postgresql_user: - name: "{{ database_username }}" - password: "{{ database_password }}" + name: "{{ database_username }}" + password: "{{ database_password }}" + db: "{{ database_databasename }}" + state: present + login_user: postgres + login_password: "{{ central_postgres_password }}" + login_host: 127.0.0.1 + login_port: 5432 + +- name: "Set privileges for database user: {{ database_username }}" + postgresql_privs: + db: "{{ database_databasename }}" + role: "{{ database_username }}" + objs: ALL_IN_SCHEMA + privs: ALL + type: table + state: present + login_user: postgres + login_password: "{{ central_postgres_password }}" + login_host: 127.0.0.1 + login_port: 5432 + +- name: Grant all privileges at the database level + postgresql_privs: db: "{{ database_databasename }}" - priv: ALL + role: "{{ database_username }}" + privs: ALL + type: database state: present login_user: postgres login_password: "{{ central_postgres_password }}" login_host: 127.0.0.1 login_port: 5432 +- name: Grant all privileges on all tables in the public schema + postgresql_privs: + db: "{{ database_databasename }}" + role: "{{ database_username }}" + objs: ALL_IN_SCHEMA + privs: ALL + type: table + schema: public + state: present + login_user: postgres + login_password: "{{ central_postgres_password }}" + login_host: 127.0.0.1 + login_port: 5432 + +- name: Set comprehensive privileges for user on public schema + postgresql_query: + db: "{{ database_databasename }}" + login_user: postgres + login_password: "{{ central_postgres_password }}" + login_host: 127.0.0.1 + login_port: 5432 + query: | + GRANT USAGE ON SCHEMA public TO {{ database_username }}; + GRANT CREATE ON SCHEMA public TO {{ database_username }}; + ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }}; + - name: Run the docker_postgres tasks once set_fact: run_once_docker_postgres: true