diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/teddit | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/teddit')
-rw-r--r-- | roles/teddit/defaults/main.yml | 24 | ||||
-rw-r--r-- | roles/teddit/handlers/main.yml | 4 | ||||
-rw-r--r-- | roles/teddit/meta/main.yml | 10 | ||||
-rw-r--r-- | roles/teddit/tasks/main.yml | 104 | ||||
-rw-r--r-- | roles/teddit/templates/etc/systemd/system/teddit.service.j2 | 36 | ||||
-rw-r--r-- | roles/teddit/templates/opt/teddit/teddit-update.sh.j2 | 36 | ||||
-rw-r--r-- | roles/teddit/templates/opt/teddit/teddit/config.js.j2 | 71 | ||||
-rw-r--r-- | roles/teddit/vars/main.yml | 13 |
8 files changed, 298 insertions, 0 deletions
diff --git a/roles/teddit/defaults/main.yml b/roles/teddit/defaults/main.yml new file mode 100644 index 0000000..35557ef --- /dev/null +++ b/roles/teddit/defaults/main.yml @@ -0,0 +1,24 @@ +teddit_version: main +teddit_user: teddit +teddit_port: 8080 +teddit_server_name: '{{ ansible_fqdn }}' + +teddit_update_on_calendar: weekly + +teddit_use_reddit_oauth: no +teddit_theme: auto +teddit_clean_homepage: yes +teddit_flairs_enabled: no +teddit_highlight_controversial: yes +teddit_videos_muted: yes +teddit_comments_sort: confidence +teddit_show_upvotes: yes +teddit_show_upvote_percentage: yes +teddit_suggested_subreddits: + - All + - Saved + +teddit_redis_host: 127.0.0.1 +teddit_redis_password: '' +teddit_redis_port: 6379 +teddit_cache_control_interval: 24 diff --git a/roles/teddit/handlers/main.yml b/roles/teddit/handlers/main.yml new file mode 100644 index 0000000..3b0ce8a --- /dev/null +++ b/roles/teddit/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart teddit + systemd: + name: teddit + state: restarted diff --git a/roles/teddit/meta/main.yml b/roles/teddit/meta/main.yml new file mode 100644 index 0000000..7422a2b --- /dev/null +++ b/roles/teddit/meta/main.yml @@ -0,0 +1,10 @@ +dependencies: + - role: yum + yum_repositories: + - epel + - rpmfusion-free + tags: yum + + - role: redis + redis_port: '{{ teddit_redis_port }}' + tags: redis diff --git a/roles/teddit/tasks/main.yml b/roles/teddit/tasks/main.yml new file mode 100644 index 0000000..a26370f --- /dev/null +++ b/roles/teddit/tasks/main.yml @@ -0,0 +1,104 @@ +- name: install packages + dnf: + name: '{{ teddit_packages }}' + state: present + +- name: create local user + user: + name: '{{ teddit_user }}' + system: yes + home: '{{ teddit_home }}' + shell: /sbin/nologin + create_home: no + +- name: create home directory + file: + path: '{{ teddit_home }}' + owner: '{{ teddit_user }}' + group: '{{ teddit_user }}' + mode: 0755 + state: directory + +- name: disable npm package lock + lineinfile: + regexp: ^package-lock= + line: package-lock=false + path: '{{ teddit_home }}/.npmrc' + create: yes + owner: '{{ teddit_user }}' + group: '{{ teddit_user }}' + mode: 0600 + state: present + +- name: clone git repository + git: + repo: '{{ teddit_git_repo }}' + dest: '{{ teddit_install_dir }}' + version: '{{ teddit_version }}' + force: yes + update: yes + become: yes + become_user: '{{ teddit_user }}' + register: teddit_git + notify: restart teddit + +- name: install npm dependencies + npm: + path: '{{ teddit_install_dir }}' + production: yes + no_optional: yes + become: yes + become_user: '{{ teddit_user }}' + when: teddit_git.changed + notify: restart teddit + +- name: create teddit systemd unit + template: + src: etc/systemd/system/teddit.service.j2 + dest: /etc/systemd/system/teddit.service + register: teddit_unit + notify: restart teddit + +- name: reload systemd daemons + systemd: + daemon_reload: yes + when: teddit_unit.changed + +- name: generate config file + template: + src: '{{ teddit_install_dir[1:] }}/config.js.j2' + dest: '{{ teddit_install_dir }}/config.js' + owner: '{{ teddit_user }}' + group: '{{ teddit_user }}' + mode: 0600 + notify: restart teddit + +- name: start teddit + systemd: + name: teddit + enabled: yes + state: started + +- name: set http_port_t selinux contect on teddit port + seport: + ports: '{{ teddit_port }}' + proto: tcp + setype: http_port_t + state: present + tags: selinux + +- name: generate update script + template: + src: '{{ teddit_home[1:] }}/teddit-update.sh.j2' + dest: '{{ teddit_home }}/teddit-update.sh' + mode: 0555 + +- name: set up teddit-update timer + include_role: + name: systemd_timer + vars: + timer_name: teddit-update + timer_description: Update teddit + timer_after: network.target + timer_on_calendar: '{{ teddit_update_on_calendar }}' + timer_exec: '{{ teddit_home }}/teddit-update.sh' diff --git a/roles/teddit/templates/etc/systemd/system/teddit.service.j2 b/roles/teddit/templates/etc/systemd/system/teddit.service.j2 new file mode 100644 index 0000000..35e3d9d --- /dev/null +++ b/roles/teddit/templates/etc/systemd/system/teddit.service.j2 @@ -0,0 +1,36 @@ +[Unit] +Description=teddit reddit proxy +After=network.target redis@{{ teddit_redis_port }}.service +Requires=redis@{{ teddit_redis_port }}.service +AssertPathExists={{ teddit_install_dir }} + +[Service] +Type=simple +Environment="LISTEN_ADDRESS=127.0.0.1" +Environment="NODE_ENV=production" +EnvironmentFile=-/etc/sysconfig/teddit +ExecStart=/usr/bin/node app.js +WorkingDirectory={{ teddit_install_dir }} +User={{ teddit_user }} +Group={{ teddit_user }} +Restart=on-failure + +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# for details +DevicePolicy=closed +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap + +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/teddit/templates/opt/teddit/teddit-update.sh.j2 b/roles/teddit/templates/opt/teddit/teddit-update.sh.j2 new file mode 100644 index 0000000..07de718 --- /dev/null +++ b/roles/teddit/templates/opt/teddit/teddit-update.sh.j2 @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +set -eu + +SRCDIR={{ teddit_install_dir | quote }} +TEDDIT_USER={{ teddit_user | quote }} + +as-teddit() { + runuser -u "$TEDDIT_USER" -- "$@" +} + +if (( $EUID != 0 )); then + echo 'must be superuser' 1>&2 + exit 1 +fi + +cd "$SRCDIR" + +as-teddit git fetch + +local_rev=$(git rev-parse HEAD) +upstream_rev=$(git rev-parse '@{u}') + +echo "local: $local_rev" +echo "upstream: $upstream_rev" + +if [ "$local_rev" != "$upstream_rev" ]; then + as-teddit git reset --hard HEAD + + echo "installing dependencies..." + as-teddit npm install --production --no-optional + + systemctl restart teddit +else + echo "teddit is already up to date" +fi diff --git a/roles/teddit/templates/opt/teddit/teddit/config.js.j2 b/roles/teddit/templates/opt/teddit/teddit/config.js.j2 new file mode 100644 index 0000000..1f56f92 --- /dev/null +++ b/roles/teddit/templates/opt/teddit/teddit/config.js.j2 @@ -0,0 +1,71 @@ +const config = { + domain: {{ teddit_server_name | to_json }}, + use_reddit_oauth: {{ teddit_use_reddit_oauth | bool | to_json }}, + cert_dir: '', + theme: {{ teddit_theme | to_json }}, + clean_homepage: {{ teddit_clean_homepage | bool | to_json }}, + flairs_enabled: {{ teddit_flairs_enabled | bool | to_json }}, + highlight_controversial: {{ teddit_highlight_controversial | bool | to_json }}, + api_enabled: true, + api_force_https: false, + video_enabled: true, + redis_enabled: true, + redis_db: 0, + redis_host: {{ teddit_redis_host | to_json }}, + redis_password: {{ teddit_redis_password | to_json }}, + redis_port: {{ teddit_redis_port | to_json }}, + ssl_port: 0, + nonssl_port: {{ teddit_port }}, + listen_address: '127.0.0.1', + https_enabled: false, + redirect_http_to_https: false, + redirect_www: false, + use_compression: true, + use_view_cache: false, + use_helmet: false, + use_helmet_hsts: false, + trust_proxy: true, + trust_proxy_address: '127.0.0.1', + http_proxy: '', + nsfw_enabled: true, + videos_muted: {{ teddit_videos_muted | bool | to_json }}, + post_comments_sort: {{ teddit_comments_sort | to_json }}, + reddit_app_id: {{ teddit_reddit_app_id | to_json }}, + domain_replacements: [], + cache_control: true, + cache_control_interval: {{ teddit_cache_control_interval | int | to_json }}, + show_upvoted_percentage: {{ teddit_show_upvote_percentage | bool | to_json }}, + show_upvotes: {{ teddit_show_upvotes | bool | to_json }}, + post_media_max_heights: { + 'extra-small': 300, + 'small': 415, + 'medium': 600, + 'large': 850, + 'extra-large': 1200 + }, + setexs: { + frontpage: 600, + subreddit: 600, + posts: 600, + user: 600, + searches: 600, + sidebar: 60 * 60 * 24 * 7, + shorts: 60 * 60 * 24 * 31, + wikis: 60 * 60 * 24 * 7, + subreddits_explore: { + front: 60 * 60 * 24 * 1, + new_page: 60 + }, + }, + rate_limiting: { + enabled: false, + initial_limit: 100, + limit_after_limited: 30 + }, + valid_media_domains: ['preview.redd.it', 'external-preview.redd.it', 'i.redd.it', 'v.redd.it', 'a.thumbs.redditmedia.com', 'b.thumbs.redditmedia.com', 'emoji.redditmedia.com', 'styles.redditmedia.com', 'www.redditstatic.com', 'thumbs.gfycat.com', 'i.ytimg.com', 'i.imgur.com'], + valid_embed_video_domains: ['gfycat.com', 'youtube.com'], + reddit_api_error_text: `Seems like your instance is either blocked (e.g. due to API rate limiting), reddit is currently down, or your API key is expired and not renewd properly. This can also happen for other reasons.`, + suggested_subreddits: {{ teddit_suggested_subreddits | to_json }} +}; + +module.exports = config; diff --git a/roles/teddit/vars/main.yml b/roles/teddit/vars/main.yml new file mode 100644 index 0000000..c294dfa --- /dev/null +++ b/roles/teddit/vars/main.yml @@ -0,0 +1,13 @@ +teddit_packages: + - ffmpeg + - nodejs + - git + +teddit_git_repo: https://codeberg.org/teddit/teddit +teddit_home: /opt/teddit +teddit_install_dir: '{{ teddit_home }}/teddit' + +teddit_apache_config: | + {{ apache_proxy_config }} + ProxyPass / http://127.0.0.1:{{ teddit_port }}/ + ProxyPassReverse / http://127.0.0.1:{{ teddit_port }}/ |