3 files changed, 143 insertions, 0 deletions
diff --git a/roles/teddit/templates/etc/systemd/system/teddit.service.j2 b/roles/teddit/templates/etc/systemd/system/teddit.service.j2
new file mode 100644
index 0000000..35e3d9d
--- /dev/null
+++ b/roles/teddit/templates/etc/systemd/system/teddit.service.j2
@@ -0,0 +1,36 @@
+[Unit]
+Description=teddit reddit proxy
+After=network.target redis@{{ teddit_redis_port }}.service
+Requires=redis@{{ teddit_redis_port }}.service
+AssertPathExists={{ teddit_install_dir }}
+
+[Service]
+Type=simple
+Environment="LISTEN_ADDRESS=127.0.0.1"
+Environment="NODE_ENV=production"
+EnvironmentFile=-/etc/sysconfig/teddit
+ExecStart=/usr/bin/node app.js
+WorkingDirectory={{ teddit_install_dir }}
+User={{ teddit_user }}
+Group={{ teddit_user }}
+Restart=on-failure
+
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+# for details
+DevicePolicy=closed
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap
+
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/teddit/templates/opt/teddit/teddit-update.sh.j2 b/roles/teddit/templates/opt/teddit/teddit-update.sh.j2
new file mode 100644
index 0000000..07de718
--- /dev/null
+++ b/roles/teddit/templates/opt/teddit/teddit-update.sh.j2
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+set -eu
+
+SRCDIR={{ teddit_install_dir | quote }}
+TEDDIT_USER={{ teddit_user | quote }}
+
+as-teddit() {
+  runuser -u "$TEDDIT_USER" -- "$@"
+}
+
+if (( $EUID != 0 )); then
+  echo 'must be superuser' 1>&2
+  exit 1
+fi
+
+cd "$SRCDIR"
+
+as-teddit git fetch
+
+local_rev=$(git rev-parse HEAD)
+upstream_rev=$(git rev-parse '@{u}')
+
+echo "local: $local_rev"
+echo "upstream: $upstream_rev"
+
+if [ "$local_rev" != "$upstream_rev" ]; then
+  as-teddit git reset --hard HEAD
+
+  echo "installing dependencies..."
+  as-teddit npm install --production --no-optional
+
+  systemctl restart teddit
+else
+  echo "teddit is already up to date"
+fi
diff --git a/roles/teddit/templates/opt/teddit/teddit/config.js.j2 b/roles/teddit/templates/opt/teddit/teddit/config.js.j2
new file mode 100644
index 0000000..1f56f92
--- /dev/null
+++ b/roles/teddit/templates/opt/teddit/teddit/config.js.j2
@@ -0,0 +1,71 @@
+const config = {
+  domain: {{ teddit_server_name | to_json }},
+  use_reddit_oauth: {{ teddit_use_reddit_oauth | bool | to_json }},
+  cert_dir: '',
+  theme: {{ teddit_theme | to_json }},
+  clean_homepage: {{ teddit_clean_homepage | bool | to_json }},
+  flairs_enabled: {{ teddit_flairs_enabled | bool | to_json }},
+  highlight_controversial: {{ teddit_highlight_controversial | bool | to_json }},
+  api_enabled: true,
+  api_force_https: false,
+  video_enabled: true,
+  redis_enabled: true,
+  redis_db: 0,
+  redis_host: {{ teddit_redis_host | to_json }},
+  redis_password: {{ teddit_redis_password | to_json }},
+  redis_port: {{ teddit_redis_port | to_json }},
+  ssl_port: 0,
+  nonssl_port: {{ teddit_port }},
+  listen_address: '127.0.0.1',
+  https_enabled: false,
+  redirect_http_to_https: false,
+  redirect_www: false,
+  use_compression: true,
+  use_view_cache: false,
+  use_helmet: false,
+  use_helmet_hsts: false,
+  trust_proxy: true,
+  trust_proxy_address: '127.0.0.1',
+  http_proxy: '',
+  nsfw_enabled: true,
+  videos_muted: {{ teddit_videos_muted | bool | to_json }},
+  post_comments_sort: {{ teddit_comments_sort | to_json }},
+  reddit_app_id: {{ teddit_reddit_app_id | to_json }},
+  domain_replacements: [],
+  cache_control: true,
+  cache_control_interval: {{ teddit_cache_control_interval | int | to_json }},
+  show_upvoted_percentage: {{ teddit_show_upvote_percentage | bool | to_json }},
+  show_upvotes: {{ teddit_show_upvotes | bool | to_json }},
+  post_media_max_heights: {
+    'extra-small': 300,
+    'small': 415,
+    'medium': 600,
+    'large': 850,
+    'extra-large': 1200
+  },
+  setexs: {
+    frontpage: 600,
+    subreddit: 600,
+    posts: 600,
+    user: 600,
+    searches: 600,
+    sidebar: 60 * 60 * 24 * 7,
+    shorts: 60 * 60 * 24 * 31,
+    wikis: 60 * 60 * 24 * 7,
+    subreddits_explore: {
+      front: 60 * 60 * 24 * 1,
+      new_page: 60
+    },
+  },
+  rate_limiting: {
+    enabled: false,
+    initial_limit: 100,
+    limit_after_limited: 30
+  },
+  valid_media_domains: ['preview.redd.it', 'external-preview.redd.it', 'i.redd.it', 'v.redd.it', 'a.thumbs.redditmedia.com', 'b.thumbs.redditmedia.com', 'emoji.redditmedia.com', 'styles.redditmedia.com', 'www.redditstatic.com', 'thumbs.gfycat.com', 'i.ytimg.com', 'i.imgur.com'],
+  valid_embed_video_domains: ['gfycat.com', 'youtube.com'],
+  reddit_api_error_text: `Seems like your instance is either blocked (e.g. due to API rate limiting), reddit is currently down, or your API key is expired and not renewd properly. This can also happen for other reasons.`,
+  suggested_subreddits: {{ teddit_suggested_subreddits | to_json }}
+};
+
+module.exports = config;