Adds Pleroma

Initial Commit

CHANGELOG.md

@@ -5,6 +5,7 @@
 - Added CodiMD - The best platform to write and share markdown
 - Added Encrypted Secrets - All secrets stored in the settings repo are now automatically encrypted with Ansible Vault. Use `make decrypt` to see the values in the file. It re-encrypts when you run `make`.
 - Added One-Line Deploy - `bash <(curl -s https://gitlab.com/NickBusey/HomelabOS/-/raw/dev/install_homelabos.sh)`
+- Added Pleroma - Pleroma is a federated social networking platform, compatible with GNU social and other OStatus implementations. It is free software licensed under the AGPLv3.
 - Updated everything to use traefik version 2
 
 ## Services Added

docs/index.md

@@ -199,6 +199,10 @@ If you are having problems you can:
 
 - [Wallabag](software/wallabag) - Save and classify articles. Read them later. Freely.
 
+### Social networks
+
+- [Pleroma](software/pleroma) - Pleroma is a federated social networking platform, compatible with GNU social and other OStatus implementations. It is free software licensed under the AGPLv3.
+
 ### Software Development
 
 - [Code-Server](software/codeserver) - Run VS Code on a remote server.

docs/software/pleroma.md

@@ -0,0 +1,30 @@
+# Pleroma
+
+[Pleroma](https://github.com/angristan/docker-pleroma) Pleroma is a federated social networking platform, compatible with GNU social and other OStatus implementations. It is free software licensed under the AGPLv3.
+
+## Additional Installation Steps
+
+* Pleroma requires you to interactively create the first user using docker exec, or something similar. Here's a templated version for you to run. You'll need to do this from your homelab server's /var/homelabos/pleroma directory.
+
+```sh
+docker-compose exec web /opt/pleroma/bin/pleroma_ctl user new {{default_username}} {{admin_email}} --name {{default_username}} --password {{default_password}} --admin --moderator -y
+```
+
+## Access
+
+It is available at [https://{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ pleroma.subdomain + "." + domain }}{% endif %}/](https://{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ pleroma.subdomain + "." + domain }}{% endif %}/) or [http://{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ pleroma.subdomain + "." + domain }}{% endif %}/](http://{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ airsonic.subdomain + "." + domain }}{% endif %}/)
+
+{% if enable_tor %}
+It is also available via Tor at [http://{{ pleroma + "." + tor_domain }}/](http://{{ pleroma + "." + tor_domain }}/)
+{% endif %}
+
+## Security enable/disable https_only and auth
+
+To enable https_only or auth set the service config to True
+`settings/config.yml`
+
+```
+pleroma:
+  https_only: True
+  auth: True
+```

group_vars/all

@@ -77,6 +77,7 @@ services:
   pihole: 
   piwigo: 
   pixelfed: 
+  pleroma: 
   plex: 
   poli: 
   portainer: 
@@ -184,6 +185,7 @@ photoprism:
 pihole: 
 piwigo: 
 pixelfed: 
+pleroma:
 plex: 
 poli: 
 portainer: 

mkdocs.yml

@@ -149,6 +149,8 @@ nav:
       - Pixelfed: software/pixelfed.md
     - Read it Later Lists:
       - Wallabag: software/wallabag.md
+    - Social Networking: 
+      - Pleroma: software/pleroma.md
     - Software Development:
       - Codeserver: software/codeserver.md
       - Drone: software/drone.md

roles/homelabos_config/templates/config.yml

@@ -575,6 +575,12 @@ pixelfed:
   auth: {{ pixelfed.auth | default(False) }}
   domain: {{ pixelfed.domain | default(False) }}
   subdomain: {{ pixelfed.subdomain | default("pixelfed") }}
+pleroma:
+  enable: {{ pleroma.enable | default(enable_pleroma, None) | default(False) }}
+  https_only: {{ pleroma.https_only | default(False) }}
+  auth: {{ pleroma.auth | default(False) }}
+  domain: {{ pleroma.domain | default(False) }}
+  subdomain: {{ pleroma.subdomain | default("pleroma")}}
 plex:
   enable: {{ plex.enable | default(enable_plex, None) | default(False) }}
   https_only: {{ plex.https_only | default(False) }}

roles/pleroma/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: Make pleroma directory.
+  file:
+    path: "{{ volumes_root }}/pleroma"
+    state: directory
+
+- name: Copy pleroma docker-compose.yml file into place.
+  template:
+    src: docker-compose.pleroma.yml.j2
+    dest: "{{ volumes_root }}/pleroma/docker-compose.yml"
+  vars:
+    tor_domain: "{{ tor_http_domain_file.stdout | default('') }}"
+
+- name: Configure upload directory
+  file:
+    state: directory
+    path: "{{ volumes_root }}/pleroma/upload"
+    owner: "{{ ansible_effective_user_id }}"
+    group: "{{ ansible_effective_group_id }}"
+    recurse: yes
+
+- name: Configure config directory
+  file:
+    state: directory
+    path: "{{ volumes_root }}/pleroma/config"
+    owner: "{{ ansible_effective_user_id }}"
+    group: "{{ ansible_effective_group_id }}"
+    recurse: yes
+
+- name: Generate Pleroma Secret Key Base
+  shell: >
+    openssl rand -base64 48
+  register: secret_key
+
+- name: Copy Secret.exs into place.
+  template:
+    src: secret.exs
+    dest: "{{ volumes_root }}/pleroma/config/secret.exs"
+  vars:
+    secret_key: secret_key
+
+# - name: Install CIText postgres extension
+#   shell: >
+#     docker-compose -f {{ volumes_root}}/pleroma/docker-compose.yml up -d pleromadb; docker-compose -f {{ volumes_root}}/pleroma/docker-compose.yml exec pleromadb psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;"; docker-compose -f {{ volumes_root}}/pleroma/docker-compose.yml down
+
+- name: Configure pleroma systemd service.
+  template:
+    src: service.j2
+    dest: /etc/systemd/system/pleroma.service
+
+- name: Start pleroma
+  systemd:
+    name: pleroma
+    enabled: "yes"
+    daemon-reload: "yes"
+    state: started

roles/pleroma/templates/Dockerfile

@@ -0,0 +1,31 @@
+FROM elixir:1.10.3-alpine
+
+ENV UID=911 GID=911 \
+  MIX_ENV=prod
+
+ARG PLEROMA_VER=stable
+
+RUN apk -U upgrade \
+  && apk add --no-cache \
+  build-base \
+  git
+
+RUN addgroup -g ${GID} pleroma \
+  && adduser -h /pleroma -s /bin/sh -D -G pleroma -u ${UID} pleroma
+
+USER pleroma
+WORKDIR pleroma
+
+RUN git clone -b develop https://git.pleroma.social/pleroma/pleroma.git /pleroma \
+  && git checkout ${PLEROMA_VER}
+
+COPY config/secret.exs /pleroma/config/prod.secret.exs
+
+RUN mix local.rebar --force \
+  && mix local.hex --force \
+  && mix deps.get \
+  && mix compile
+
+VOLUME /pleroma/uploads/
+
+CMD ["mix", "phx.server"]

roles/pleroma/templates/docker-compose.pleroma.yml.j2

@@ -0,0 +1,67 @@
+---
+version: '3'
+
+# This networks section required for the pacakge to be visible to Traefik. 
+# DO NOT Remove
+networks:
+  traefik_network:
+    external:
+      name: homelabos_traefik
+
+services:
+  db:
+    image: postgres:9.6-alpine
+    restart: always
+    networks:
+      - traefik_network
+    environment:
+      - POSTGRES_USER=pleroma
+      - POSTGRES_PASSWORD={{lookup('password', './settings/passwords/pleroma_db_password chars=digits')}}
+      - DB_PASS={{lookup('password', './settings/passwords/pleroma_db_password chars=digits')}}
+      - POSTGRES_DB=pleroma
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+
+  web:
+    image: git.pleroma.social:5050/pleroma/pleroma:latest
+    restart: unless-stopped
+    volumes:
+      - "{{ volumes_root }}/pleroma/uploads:/uploads"
+      - "{{ volumes_root }}/pleroma/config:/config"
+    networks:
+      - traefik_network
+    depends_on:
+      - db
+    environment:
+      - POSTGRES_USER=pleroma
+      - DB_PASS={{lookup('password', './settings/passwords/pleroma_db_password chars=digits')}}
+      - POSTGRES_DB=pleroma
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=homelabos_traefik"
+      - "traefik.http.services.pleroma.loadbalancer.server.scheme=http"
+      - "traefik.http.services.pleroma.loadbalancer.server.port=4000"
+      - "traefik.http.routers.pleroma-http.rule=Host(`{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ pleroma.subdomain + "." + domain }}{% endif %}`)"
+      - "traefik.http.routers.pleroma-http.entrypoints=http"
+{% if not pleroma.https_only %}
+      - "traefik.http.routers.pleroma-http.middlewares={% if pleroma.https_only %}redirect@file, {% else %}{% if pleroma.auth %}{% if authelia.enable %}authelia@file{% else %}basicAuth@file{% endif %}, {% endif %}{% endif %}customFrameHomelab@file"
+{% else %}
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.routers.pleroma-http.middlewares=redirect-to-https"
+{% endif %}
+      - "traefik.http.routers.pleroma.rule=Host(`{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ pleroma.subdomain + "." + domain }}{% endif %}`)"
+      - "traefik.http.routers.pleroma.entrypoints=https"
+      - "traefik.http.routers.pleroma.middlewares={% if pleroma.auth %}{% if authelia.enable %}authelia@file{% else %}basicAuth@file{% endif %}, {% endif %}customFrameHomelab@file"
+      - "traefik.http.routers.pleroma.tls=true"
+{% if traefik.dns_challenge_provider %}
+      - "traefik.http.routers.pleroma.tls.certresolver=dns"
+      - "traefik.http.routers.pleroma.tls.domains[0].main={{ domain }}"
+      - "traefik.http.routers.pleroma.tls.domains[0].sans=*.{{ domain }}"
+{% else %}
+      - "traefik.http.routers.pleroma.tls.certresolver=http"
+{% endif %}
+{% if enable_tor %}
+      - "traefik.http.routers.pleroma-tor-http.rule=Host(`{{ pleroma.subdomain }}.{{ tor_domain }}`)"
+      - "traefik.http.routers.pleroma-tor-http.entrypoints=http"
+      - "traefik.http.routers.pleroma-tor-http.middlewares={% if pleroma.auth %}{% if authelia.enable %}authelia-tor@file{% else %}basicAuth@file{% endif %}, {% endif %}customFrameHomelab-tor@file"
+{% endif %}

roles/pleroma/templates/secret.exs

@@ -0,0 +1,26 @@
+use Mix.Config
+
+config :pleroma, Pleroma.Web.Endpoint,
+   http: [ ip: {0, 0, 0, 0}, ],
+   url: [host: "{% if pleroma.domain %}{{ pleroma.domain }}{% else %}{{ pleroma.subdomain + "." + domain }}{% endif %}", scheme: "https", port: 443],
+   secret_key_base: "{{secret_key.stdout}}"
+
+config :pleroma, :instance,
+  name: "Pleroma",
+  email: "{{admin_email}}",
+  limit: 5000,
+  registrations_open: true
+
+config :pleroma, :media_proxy,
+  enabled: false,
+  redirect_on_failure: true,
+  base_url: "https://cache.domain.tld"
+
+# Configure your database
+config :pleroma, Pleroma.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: "pleroma",
+  password: "{{lookup('password', './settings/passwords/pleroma_db_password chars=digits')}}",
+  database: "pleroma",
+  hostname: "pleromadb",
+  pool_size: 20