Implemented central database for matrix and mastodon

2024-09-20 00:13:09 +02:00 · 2024-01-04 20:57:02 +01:00 · 2024-01-04 20:57:02 +01:00 · 6ac081e501
commit 6ac081e501
parent 77a3fb220a
7 changed files with 91 additions and 17 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -1,8 +1,9 @@
 # General
+setup:                false       # Pass CLI commands to execute the setup tasks for the different roles
 verbose:              false       # Prints well formated debug information
 top_domain:           "localhost" # Change this in inventory to your domain
 ip4_address:          "127.0.0.1" # Change thie in inventory to the ip address of your server
-backups_folder_path:  "/Backups/"
+backups_folder_path:  "/Backups/" # Path to the backups folder

 # Server Tact Variables 

--- a/roles/docker-mastodon/README.md
+++ b/roles/docker-mastodon/README.md
@ -1,8 +1,15 @@
 # docker mastodon
+
 ## create configuration
 ```bash
    docker-compose run --rm web bundle exec rake mastodon:setup
 ```
+
+## Setup with existing configuration
+```bash 
+docker-compose run --rm web bundle exec rails db:migrate
+```
+
 ## cleanup
 ```bash
 cd {{path_docker_compose_instances}}mastodon/
@ -30,3 +37,4 @@ docker-compose exec -it -u root web chown -R 991:991 public
 - https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4
 - https://www.2daygeek.com/linux-command-check-website-is-up-down-alive/
 - https://vitobotta.com/2022/11/07/setting-up-a-personal-mastodon-instance/
+- https://www.digitalocean.com/community/tutorials/how-to-scale-your-mastodon-server
--- a/roles/docker-mastodon/tasks/main.yml
+++ b/roles/docker-mastodon/tasks/main.yml
@ -23,3 +23,9 @@
    src: .env.production.j2 
    dest: "{{docker_compose_instance_directory}}.env.production"
  notify: docker compose project setup
+
+- name: execute database migration
+  command:
+    cmd: "docker-compose run --rm web bundle exec rails db:migrate"
+    chdir: "{{docker_compose_instance_directory}}"
+  when: setup | bool 
--- a/roles/docker-mastodon/templates/.env.production.j2
+++ b/roles/docker-mastodon/templates/.env.production.j2
@ -5,6 +5,7 @@ SECRET_KEY_BASE={{mastodon_secret_key_base}}
 OTP_SECRET={{mastodon_otp_secret}}
 VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}}
 VAPID_PUBLIC_KEY={{mastodon_vapid_public_key}}
+
 DB_HOST={{database_host}}
 DB_PORT=5432
 DB_NAME={{database_databasename}}
--- a/roles/docker-mastodon/templates/docker-compose.yml.j2
+++ b/roles/docker-mastodon/templates/docker-compose.yml.j2
@ -6,7 +6,7 @@ services:
 {% include 'templates/docker-service-' + database_type + '.yml.j2' %}

  web:
-    image: tootsuite/mastodon:{{version_mastodon}}
+    image: ghcr.io/mastodon/mastodon:{{version_mastodon}}
    restart: always
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
@ -22,7 +22,7 @@ services:
 {% include 'templates/docker-container-networks.yml.j2' %}

  streaming:
-    image: tootsuite/mastodon:{{version_mastodon}}
+    image: ghcr.io/mastodon/mastodon:{{version_mastodon}}
    restart: always
    env_file: .env.production
    command: node ./streaming
@ -36,7 +36,7 @@ services:
 {% include 'templates/docker-container-networks.yml.j2' %}

  sidekiq:
-    image: tootsuite/mastodon:{{version_mastodon}}
+    image: ghcr.io/mastodon/mastodon:{{version_mastodon}}
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq
--- a/roles/docker-matrix-compose/templates/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/homeserver.yaml.j2
@ -11,10 +11,10 @@ listeners:
 database:
  name: psycopg2
  args:
-    user: matrix
-    password: "{{matrix_database_password}}"
-    database: matrix
-    host: database
+    user: "{{database_username}}"
+    password: "{{database_password}}"
+    database: "{{database_databasename}}"
+    host: "{{database_host}}"
    cp_min: 5
    cp_max: 10
 log_config:                     "/data/{{domain_matrix_synapse}}.log.config"
--- a/roles/docker-postgres/tasks/main.yml
+++ b/roles/docker-postgres/tasks/main.yml
@ -6,8 +6,8 @@

 - name: Install PostgreSQL
  docker_container:
-    name: postgres
-    image: postgres:latest
+    name: central-postgres
+    image: "postgres:{{database_version}}"
    detach: yes
    env:
      POSTGRES_PASSWORD: "{{ central_postgres_password }}"
@ -16,6 +16,8 @@
      - name: central_postgres_network
    published_ports:
      - "127.0.0.1:5432:5432"
+    volumes:
+      - central_postgres_database:/var/lib/postgresql/data
  when: run_once_docker_postgres is not defined

 - name: wait for availability of postgres
@ -23,10 +25,16 @@
    host: "127.0.0.1"
    port: "5432"
    delay: 0      
-    timeout: 120
+    timeout: 300
  when: run_once_docker_postgres is not defined  

- name: Create database
+- name: install python-psycopg2
+  pacman: 
+    name: python-psycopg2
+    state: present
+  when: run_once_docker_postgres is not defined
+
+- name: "Create database: {{ database_databasename }}"
  postgresql_db:
    name: "{{ database_databasename }}"
    state: present
@ -35,18 +43,68 @@
    login_host: 127.0.0.1
    login_port: 5432

- name: Create database user
+- name: "Create database user: {{ database_username }}"
  postgresql_user:
-    name: "{{ database_username }}"
-    password: "{{ database_password }}"
+    name:           "{{ database_username }}"
+    password:       "{{ database_password }}"
+    db:             "{{ database_databasename }}"
+    state:          present
+    login_user:     postgres
+    login_password: "{{ central_postgres_password }}"
+    login_host:     127.0.0.1
+    login_port:     5432
+
+- name: "Set privileges for database user: {{ database_username }}"
+  postgresql_privs:
+    db:             "{{ database_databasename }}"
+    role:           "{{ database_username }}"
+    objs:           ALL_IN_SCHEMA
+    privs:          ALL
+    type:           table
+    state:          present
+    login_user:     postgres
+    login_password: "{{ central_postgres_password }}"
+    login_host:     127.0.0.1
+    login_port:     5432
+
+- name: Grant all privileges at the database level
+  postgresql_privs:
    db: "{{ database_databasename }}"
-    priv: ALL
+    role: "{{ database_username }}"
+    privs: ALL
+    type: database
    state: present
    login_user: postgres
    login_password: "{{ central_postgres_password }}"
    login_host: 127.0.0.1
    login_port: 5432

+- name: Grant all privileges on all tables in the public schema
+  postgresql_privs:
+    db: "{{ database_databasename }}"
+    role: "{{ database_username }}"
+    objs: ALL_IN_SCHEMA
+    privs: ALL
+    type: table
+    schema: public
+    state: present
+    login_user: postgres
+    login_password: "{{ central_postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: 5432
+
+- name: Set comprehensive privileges for user on public schema
+  postgresql_query:
+    db: "{{ database_databasename }}"
+    login_user: postgres
+    login_password: "{{ central_postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: 5432
+    query: |
+      GRANT USAGE ON SCHEMA public TO {{ database_username }};
+      GRANT CREATE ON SCHEMA public TO {{ database_username }};
+      ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
+
 - name: Run the docker_postgres tasks once
  set_fact:
    run_once_docker_postgres: true