Initialize branch for install strfry-policies.

This commit is contained in:
Brian Lee 2023-08-11 12:28:48 -07:00
parent 26275894fa
commit b529402a87
7 changed files with 53 additions and 21 deletions

View File

@ -1,6 +1,6 @@
# Ansible Role: strfry
This Ansible Role builds and installs [strfry](https://github.com/hoytech/strfry). It is intended to be composed with a separate role to handle the web proxy configuration.
This Ansible Role builds and installs [strfry](https://github.com/hoytech/strfry), and also sets up [strfry-policies](https://gitlab.com/soapbox-pub/strfry-policies). It is intended to be composed with a separate role to handle the web proxy configuration.
Tested on:
* Archlinux
@ -17,6 +17,7 @@ None.
strfry_version: beta # git repository branch or release tag
strfry_make_jobs: "{{ ansible_processor_cores }}" # number of CPUs to build with
strfry_skip_config: no
strfry_policies_enabled: yes
```
See the role [defaults](defaults/main.yml).

View File

@ -9,6 +9,9 @@ strfry_system_user: strfry
strfry_data_path: /var/lib/strfry
strfry_db: "./strfry-db/" # Becomes /var/lib/strfry/strfry-db
strfry_policies_enabled: true
strfry_policies_path: "{{ strfry_data_path }}/strfry-policy.ts"
strfry_dbParams:
# Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
maxreaders: 256

View File

@ -29,6 +29,7 @@
remote_src: true
extra_opts:
- -j
when: install_deno
- name: 'Save meta information about the version of {{ app_name }} that was installed'
community.general.ini_file:
@ -39,3 +40,4 @@
value: "{{ deno_latest_release_tag.json.tag_name | replace('v','') }}"
backup: true
no_extra_spaces: true
when: install_deno

View File

@ -5,13 +5,11 @@
dest: "{{ strfry_binary_path }}"
mode: 0755
remote_src: true
become: true
- name: Setup strfry service unit
ansible.builtin.template:
src: strfry.service
dest: /etc/systemd/system/strfry.service
become: true
notify: restart strfry
- name: Ensure strfry is enabled on boot
@ -19,7 +17,6 @@
name: strfry
enabled: true
state: started
become: true
- name: Configure strfry
ansible.builtin.template:
@ -28,7 +25,16 @@
owner: "{{ strfry_system_user }}"
group: "{{ strfry_system_group }}"
when: not strfry_skip_config
become: true
tags: config
notify: restart strfry
- name: Configure basic strfry-policies only if a configuration does not already exist
ansible.builtin.template:
src: strfry-policy.ts
dest: "{{ strfry_policies_path }}"
owner: "{{ strfry_system_user }}"
group: "{{ strfry_system_group }}"
when: not strfry_skip_config
tags: config
notify: restart strfry
@ -39,7 +45,6 @@
owner: "{{ strfry_system_user }}"
group: "{{ strfry_system_group }}"
when: strfry_db.startswith('/')
become: true
- name: Ensure the configured database directory exists.
ansible.builtin.file:
@ -48,4 +53,3 @@
owner: "{{ strfry_system_user }}"
group: "{{ strfry_system_group }}"
when: not strfry_db.startswith('/')
become: true

View File

@ -6,12 +6,18 @@
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- name: Set up local user account
include_tasks:
file: setup-user.yml
apply:
become: true
- name: Install Deno
ansible.builtin.include_tasks:
include_tasks:
file: deno.yml
apply:
tags: deno
become: true
when: strfry_policies_enabled
- name: Install build dependencies
ansible.builtin.package:
@ -19,12 +25,11 @@
state: present
become: true
- name: Set up local user account
import_tasks: setup-user.yml
- name: Run build tasks
import_tasks: build.yml
tags: build
- name: Run build tasks as the ansible user (must not be root)
include_tasks: build.yml
- name: Proceeding with installation
import_tasks: install.yml
include_tasks:
file: install.yml
apply:
become: true

View File

@ -8,7 +8,6 @@
- /usr/sbin
patterns: nologin
register: nologin_bin
become: true
- name: Create the strfry group
ansible.builtin.group:
@ -16,7 +15,6 @@
state: present
system: true
when: strfry_system_group != "root"
become: true
- name: Create the strfry system user
ansible.builtin.user:
@ -27,7 +25,6 @@
create_home: false
home: "{{ strfry_data_path }}"
when: strfry_system_user != "root"
become: true
- name: Ensure strfry_path exists.
ansible.builtin.file:
@ -36,4 +33,3 @@
group: "{{ strfry_system_group }}"
state: directory
mode: '0750'
become: true

View File

@ -0,0 +1,21 @@
#!/bin/sh
//bin/true; exec deno run "$0" "$@"
import {
antiDuplicationPolicy,
hellthreadPolicy,
pipeline,
rateLimitPolicy,
readStdin,
writeStdout,
} from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/v0.1.0/mod.ts';
for await (const msg of readStdin()) {
const result = await pipeline(msg, [
[hellthreadPolicy, { limit: 100 }],
[antiDuplicationPolicy, { ttl: 60000, minLength: 50 }],
[rateLimitPolicy, { whitelist: ['127.0.0.1'] }],
]);
writeStdout(result);
}