Initialize branch for install strfry-policies.
This commit is contained in:
parent
26275894fa
commit
b529402a87
@ -1,6 +1,6 @@
|
|||||||
# Ansible Role: strfry
|
# Ansible Role: strfry
|
||||||
|
|
||||||
This Ansible Role builds and installs [strfry](https://github.com/hoytech/strfry). It is intended to be composed with a separate role to handle the web proxy configuration.
|
This Ansible Role builds and installs [strfry](https://github.com/hoytech/strfry), and also sets up [strfry-policies](https://gitlab.com/soapbox-pub/strfry-policies). It is intended to be composed with a separate role to handle the web proxy configuration.
|
||||||
|
|
||||||
Tested on:
|
Tested on:
|
||||||
* Archlinux
|
* Archlinux
|
||||||
@ -17,6 +17,7 @@ None.
|
|||||||
strfry_version: beta # git repository branch or release tag
|
strfry_version: beta # git repository branch or release tag
|
||||||
strfry_make_jobs: "{{ ansible_processor_cores }}" # number of CPUs to build with
|
strfry_make_jobs: "{{ ansible_processor_cores }}" # number of CPUs to build with
|
||||||
strfry_skip_config: no
|
strfry_skip_config: no
|
||||||
|
strfry_policies_enabled: yes
|
||||||
```
|
```
|
||||||
|
|
||||||
See the role [defaults](defaults/main.yml).
|
See the role [defaults](defaults/main.yml).
|
||||||
|
@ -9,6 +9,9 @@ strfry_system_user: strfry
|
|||||||
strfry_data_path: /var/lib/strfry
|
strfry_data_path: /var/lib/strfry
|
||||||
strfry_db: "./strfry-db/" # Becomes /var/lib/strfry/strfry-db
|
strfry_db: "./strfry-db/" # Becomes /var/lib/strfry/strfry-db
|
||||||
|
|
||||||
|
strfry_policies_enabled: true
|
||||||
|
strfry_policies_path: "{{ strfry_data_path }}/strfry-policy.ts"
|
||||||
|
|
||||||
strfry_dbParams:
|
strfry_dbParams:
|
||||||
# Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
|
# Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
|
||||||
maxreaders: 256
|
maxreaders: 256
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
remote_src: true
|
remote_src: true
|
||||||
extra_opts:
|
extra_opts:
|
||||||
- -j
|
- -j
|
||||||
|
when: install_deno
|
||||||
|
|
||||||
- name: 'Save meta information about the version of {{ app_name }} that was installed'
|
- name: 'Save meta information about the version of {{ app_name }} that was installed'
|
||||||
community.general.ini_file:
|
community.general.ini_file:
|
||||||
@ -39,3 +40,4 @@
|
|||||||
value: "{{ deno_latest_release_tag.json.tag_name | replace('v','') }}"
|
value: "{{ deno_latest_release_tag.json.tag_name | replace('v','') }}"
|
||||||
backup: true
|
backup: true
|
||||||
no_extra_spaces: true
|
no_extra_spaces: true
|
||||||
|
when: install_deno
|
||||||
|
@ -5,13 +5,11 @@
|
|||||||
dest: "{{ strfry_binary_path }}"
|
dest: "{{ strfry_binary_path }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
remote_src: true
|
remote_src: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Setup strfry service unit
|
- name: Setup strfry service unit
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: strfry.service
|
src: strfry.service
|
||||||
dest: /etc/systemd/system/strfry.service
|
dest: /etc/systemd/system/strfry.service
|
||||||
become: true
|
|
||||||
notify: restart strfry
|
notify: restart strfry
|
||||||
|
|
||||||
- name: Ensure strfry is enabled on boot
|
- name: Ensure strfry is enabled on boot
|
||||||
@ -19,7 +17,6 @@
|
|||||||
name: strfry
|
name: strfry
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Configure strfry
|
- name: Configure strfry
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@ -28,7 +25,16 @@
|
|||||||
owner: "{{ strfry_system_user }}"
|
owner: "{{ strfry_system_user }}"
|
||||||
group: "{{ strfry_system_group }}"
|
group: "{{ strfry_system_group }}"
|
||||||
when: not strfry_skip_config
|
when: not strfry_skip_config
|
||||||
become: true
|
tags: config
|
||||||
|
notify: restart strfry
|
||||||
|
|
||||||
|
- name: Configure basic strfry-policies only if a configuration does not already exist
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: strfry-policy.ts
|
||||||
|
dest: "{{ strfry_policies_path }}"
|
||||||
|
owner: "{{ strfry_system_user }}"
|
||||||
|
group: "{{ strfry_system_group }}"
|
||||||
|
when: not strfry_skip_config
|
||||||
tags: config
|
tags: config
|
||||||
notify: restart strfry
|
notify: restart strfry
|
||||||
|
|
||||||
@ -39,7 +45,6 @@
|
|||||||
owner: "{{ strfry_system_user }}"
|
owner: "{{ strfry_system_user }}"
|
||||||
group: "{{ strfry_system_group }}"
|
group: "{{ strfry_system_group }}"
|
||||||
when: strfry_db.startswith('/')
|
when: strfry_db.startswith('/')
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Ensure the configured database directory exists.
|
- name: Ensure the configured database directory exists.
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@ -48,4 +53,3 @@
|
|||||||
owner: "{{ strfry_system_user }}"
|
owner: "{{ strfry_system_user }}"
|
||||||
group: "{{ strfry_system_group }}"
|
group: "{{ strfry_system_group }}"
|
||||||
when: not strfry_db.startswith('/')
|
when: not strfry_db.startswith('/')
|
||||||
become: true
|
|
@ -6,12 +6,18 @@
|
|||||||
- "{{ ansible_distribution }}.yml"
|
- "{{ ansible_distribution }}.yml"
|
||||||
- "{{ ansible_os_family }}.yml"
|
- "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
|
- name: Set up local user account
|
||||||
|
include_tasks:
|
||||||
|
file: setup-user.yml
|
||||||
|
apply:
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Install Deno
|
- name: Install Deno
|
||||||
ansible.builtin.include_tasks:
|
include_tasks:
|
||||||
file: deno.yml
|
file: deno.yml
|
||||||
apply:
|
apply:
|
||||||
tags: deno
|
|
||||||
become: true
|
become: true
|
||||||
|
when: strfry_policies_enabled
|
||||||
|
|
||||||
- name: Install build dependencies
|
- name: Install build dependencies
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
@ -19,12 +25,11 @@
|
|||||||
state: present
|
state: present
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Set up local user account
|
- name: Run build tasks as the ansible user (must not be root)
|
||||||
import_tasks: setup-user.yml
|
include_tasks: build.yml
|
||||||
|
|
||||||
- name: Run build tasks
|
|
||||||
import_tasks: build.yml
|
|
||||||
tags: build
|
|
||||||
|
|
||||||
- name: Proceeding with installation
|
- name: Proceeding with installation
|
||||||
import_tasks: install.yml
|
include_tasks:
|
||||||
|
file: install.yml
|
||||||
|
apply:
|
||||||
|
become: true
|
@ -8,7 +8,6 @@
|
|||||||
- /usr/sbin
|
- /usr/sbin
|
||||||
patterns: nologin
|
patterns: nologin
|
||||||
register: nologin_bin
|
register: nologin_bin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create the strfry group
|
- name: Create the strfry group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
@ -16,7 +15,6 @@
|
|||||||
state: present
|
state: present
|
||||||
system: true
|
system: true
|
||||||
when: strfry_system_group != "root"
|
when: strfry_system_group != "root"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create the strfry system user
|
- name: Create the strfry system user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
@ -27,7 +25,6 @@
|
|||||||
create_home: false
|
create_home: false
|
||||||
home: "{{ strfry_data_path }}"
|
home: "{{ strfry_data_path }}"
|
||||||
when: strfry_system_user != "root"
|
when: strfry_system_user != "root"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Ensure strfry_path exists.
|
- name: Ensure strfry_path exists.
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@ -36,4 +33,3 @@
|
|||||||
group: "{{ strfry_system_group }}"
|
group: "{{ strfry_system_group }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0750'
|
mode: '0750'
|
||||||
become: true
|
|
||||||
|
21
templates/strfry-policy.ts
Normal file
21
templates/strfry-policy.ts
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
//bin/true; exec deno run "$0" "$@"
|
||||||
|
import {
|
||||||
|
antiDuplicationPolicy,
|
||||||
|
hellthreadPolicy,
|
||||||
|
pipeline,
|
||||||
|
rateLimitPolicy,
|
||||||
|
readStdin,
|
||||||
|
writeStdout,
|
||||||
|
} from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/v0.1.0/mod.ts';
|
||||||
|
|
||||||
|
for await (const msg of readStdin()) {
|
||||||
|
const result = await pipeline(msg, [
|
||||||
|
[hellthreadPolicy, { limit: 100 }],
|
||||||
|
[antiDuplicationPolicy, { ttl: 60000, minLength: 50 }],
|
||||||
|
[rateLimitPolicy, { whitelist: ['127.0.0.1'] }],
|
||||||
|
]);
|
||||||
|
|
||||||
|
writeStdout(result);
|
||||||
|
}
|
||||||
|
|
Loading…
x
Reference in New Issue
Block a user