Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • ansible-installation-migrate
  • fix-artifact-download
  • master
  • renovate/python-3.x
  • test-debian-12
  • test-develop
6 results

Target

Select target project
  • funkwhale/ansible
  • lfuelling/ansible
  • kevit/ansible
  • theorangepotato/ansible
  • popindavibe/ansible
  • xenofem/ansible
  • kippix/ansible
  • half-duplex/ansible
  • barslmn/ansible
  • sofubi/ansible
  • DannyBoy/ansible
11 results
Select Git revision
  • master
1 result
Show changes
Commits on Source (66)
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 953 additions and 153 deletions
.codespellignore 0 → 100644
View file @ 3f0294c3
ro
.gitlab-ci.yml
View file @ 3f0294c3
---
stages:
- test
- deploy
......@@ -5,10 +6,30 @@ stages:
variables:
LATEST_VERSION_URL: https://docs.funkwhale.audio/latest.txt
pre-commit:
stage: test
image: python:3.12
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
PRE_COMMIT_HOME: "$CI_PROJECT_DIR/.cache/pre-commit"
cache:
paths:
- $CI_PROJECT_DIR/.cache/pip
- $CI_PROJECT_DIR/.cache/pre-commit
before_script:
- pip3 install pre-commit
script:
- pre-commit run --all --color=always --show-diff-on-failure
test-install-script:
stage: test
image: debian:10
image: $TEST_IMAGE
parallel:
matrix:
- TEST_IMAGE: ["ubuntu:focal", "ubuntu:jammy", "debian:11", "debian:12"]
interruptible: true
variables:
FUNKWHALE_CLI_USER_PASSWORD: supersecurepassword
before_script:
- apt-get update && apt-get install -y curl
- |
......@@ -24,9 +45,17 @@ test-install-script:
- |
set -x
export ANSIBLE_FUNKWHALE_ROLE_PATH=$(pwd)
printf 'test.deployment\ntest\ncontact@test.deployment\nY\nN\n\n\n\N\n\n\n' | bash install.sh
printf 'test.deployment\ntest1234\ncontact@test.deployment\nY\nN\n\n\n\N\n\n\n' | bash install.sh
tags:
- docker
test-install-script-develop:
extends: test-install-script
variables:
FUNKWHALE_VERSION: develop
before_script:
- apt-get update && apt-get install -y curl
pages:
stage: deploy
image: buildpack-deps
......
.pre-commit-config.yaml 0 → 100644
View file @ 3f0294c3
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: destroyed-symlinks
- id: check-yaml
- id: check-merge-conflict
- id: end-of-file-fixer
- id: mixed-line-ending
- id: trailing-whitespace
- id: requirements-txt-fixer
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.7.1
hooks:
- id: prettier
files: \.(md|yml|yaml|json)$
- repo: https://github.com/codespell-project/codespell
rev: v2.2.1
hooks:
- id: codespell
args: [--ignore-words=.codespellignore]
.yamllint
View file @ 3f0294c3
---
extends: default
rules:
......
CONTRIBUTING.md 0 → 100644
View file @ 3f0294c3
# Contribute to funkwhale/ansible
Check out the [Funkwhale contributing guide](https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/CONTRIBUTING.md) for information about how to contribute to the Funkwhale project.
## Development environment
### Pre-commit
The [`pre-commit`](https://pre-commit.com/) tool is used to ensure that the files you commit are properly formatted, follow best practice, and don't contain syntax or spelling errors.
You can install and setup pre-commit using the [quick-start guide on the pre-commit documentation](https://pre-commit.com/#quick-start). Make sure to [install pre-commit](https://pre-commit.com/#1-install-pre-commit) and [setup the git pre-commit hook](https://pre-commit.com/#3-install-the-git-hook-scripts) so pre-commit runs before you commit any changes to the repository.
LICENSE 0 → 100644
View file @ 3f0294c3
This diff is collapsed.
README.md
View file @ 3f0294c3
Funkwhale ansible role
======================
# Funkwhale ansible role
An ansible role to install and update [Funkwhale](https://funkwhale.audio).
Summary
-------
## Summary
Using this role, you can install and upgrade a Funkwhale pod, closely matching our [standard installation guide](https://docs.funkwhale.audio/installation/debian.html). The role will take care of:
......@@ -13,8 +11,7 @@ Using this role, you can install and upgrade a Funkwhale pod, closely matching o
- Install and configure Funkwhale and it's dependencies
- Install and configure a SSL certificate with Let's Encrypt (optional)
Philosophy
----------
## Philosophy
This role strives to:
......@@ -25,13 +22,12 @@ This role strives to:
- Allow running multiple Funkwhale instances on the same host
- Avoid messing with existing software and apps on the server
Installation and usage
----------------------
## Installation and usage
Install ansible:
```
pip install --user ansible
pip3 install --user ansible
```
Create a directory for ansible files:
......@@ -76,7 +72,6 @@ Add the following to `playbook.yml`:
roles:
- role: funkwhale
funkwhale_hostname: yourdomain.funkwhale
funkwhale_version: 0.18.3
funkwhale_letsencrypt_email: contact@youremail.com
```
......@@ -94,56 +89,60 @@ Launch the installation (in check mode, so nothing is applied):
```
ansible-playbook --ask-become-pass -i inventory.ini playbook.yml --check --diff
```
*On some hosts, you may need to install the `python-apt` package for check mode to work*.
_On some hosts, you may need to install the `python-apt` package for check mode to work_.
This command will show you the changes that would be applied to your system. If you are comfortable with them,
rerun the same command without the `--check` flag.
Once installation is complete, run `/srv/funkwhale/virtualenv/bin/python /srv/funkwhale/api/manage.py createsuperuser` to create your admin account.
Once installation is complete, run `/srv/funkwhale/virtualenv/bin/funkwhale-manage createsuperuser` to create your admin account.
Role Variables
--------------
## Role Variables
**Required variables**
| name | Example | Description |
| ----------------------------- | ----------------------------- | --------------------------------------------- |
| ----------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod |
| `funkwhale_version` | `0.18.3` | The version to install/upgrade to. You can also use `develop` to run the development branch |
| `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) |
**Optional variables**
| name | Default | Description |
| --------------------------------------- | ----------------------------- | --------------------------------------------- |
| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server |
| `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server |
| `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory |
| `funkwhale_nginx_csp_policy` | `"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"` | Content-Security-Policy header to us. You will need to tweak this if you're serving media files from a separate domain. |
| `funkwhale_database_managed` | `true` | If `true`, the role will manage the database server and Funkwhale's database |
| `funkwhale_database_name` | `funkwhale` | Name of the Funkwhale database to use |
| `funkwhale_database_user` | `funkwhale` | Postgresql username to login as |
| `funkwhale_env_vars` | `[]` | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` |
| `funkwhale_external_storage_enabled` | `false` | If `true`, set up the proper configuration to use an external storage for media files |
| `funkwhale_disable_django_admin` | `false` | If `true`, returns a 403 (Forbidden) for `/api/admin` |
| `funkwhale_gunicorn_extra_args` | `""` | Additional args to pass to gunicorn in the `funkwhale-server.service` file. Refer to [gunicorn's documentation](https://docs.gunicorn.org/en/stable/settings.html) for possible options |
| `funkwhale_install_path` | `/srv/funkwhale` | Path where frontend, api and virtualenv files should be stored (**no trailing slash**) |
| `funkwhale_letsencrypt_certbot_flags` | `null` | Additional flags to pass to `certbot` |
| `funkwhale_letsencrypt_enabled` | `true` | If `true`, will configure SSL with certbot and Let's Encrypt |
| `funkwhale_media_path` | `/srv/funkwhale/data/media` | Path where audio and uploaded files should be stored (**no trailing slash**) |
| `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) |
| `funkwhale_nginx_additional_config` | `""` | Additional nginx configuration to add to the Funkwhale `server{}` block |
| `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx |
| `funkwhale_nginx_tls_termination` | `true` | If `false`, disable SSL in nginx |
| `funkwhale_nginx_tls_configure_ciphers` | `true` | Set TLS ciphers, curves, etc, overriding any settings in http{} |
| `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use |
| `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. |
| `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis |
| `funkwhale_ssl_cert_path` | `` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_ssl_key_path` | `` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_ssl_cert_path` | `""` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_ssl_key_path` | `""` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored |
| `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services |
| `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host |
| `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` |
| `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration |
| `funkwhale_version` | `latest` | The version to install/upgrade to. You can also use `develop` to run the development branch |
| `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download |
| `funkwhale_custom_settings` | `` | Some Python code to append to `api/config/settings/production.py`. Use funkwhale_custom_settings: |` for multiline code. |
| `funkwhale_custom_settings` | `""` | Some Python code to append to `api/config/settings/production.py`. Use `funkwhale_custom_settings: \| ` for multiline code. |
**Installing from source**
......@@ -151,41 +150,35 @@ If you want to install Funkwhale from source (e.g to try a nonproduction branch,
following variables:
| name | Default | Description |
| --------------------------------------- | ----------------------------------------------------- | --------------------------------------------- |
| ------------------------------- | ----------------------------------------------------- | --------------------------------------- |
| `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source |
| `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use |
Use the `funkwhale_version` variable to control the git tag/branch to checkout.
Supported platforms
-------------------
## Supported platforms
- Debian 9
- More to come
Dependencies
------------
## Dependencies
This roles has no other dependencies.
Tests
-----
## Tests
This role is tested using [molecule](https://molecule.readthedocs.io/en/stable/).
We don't have CI yet, but you can run the tests with `molecule test`.
Todo
----
## Todo
- Backups
- Superuser creation
License
-------
## License
AGPL3
Author Information
------------------
## Author Information
Contact us at https://funkwhale.audio/community/
defaults/main.yml
View file @ 3f0294c3
......@@ -14,8 +14,8 @@ funkwhale_database_managed: true
funkwhale_database_local: true
funkwhale_database_name: funkwhale
funkwhale_database_user: funkwhale
# the DB host as per your ansible inventory
funkwhale_database_host_ansible: localhost
# the DB host as per your ansible inventory. No delegation is used if left empty
funkwhale_database_host_ansible:
# the DB FQDN or IP for funkwhale connector configuration (ex: pg01.local)
funkwhale_database_host_app: localhost
funkwhale_database_port: 5432
......@@ -26,10 +26,12 @@ funkwhale_database_port: 5432
# funkwhale_database_url: postgresql://{{ funkwhale_database_user }}[:{{ funkwhale_database_password }}]@[{{ funkwhale_database_host_app }}]:{{ funkwhale_database_port | default(5432) }}/{{ funkwhale_database_name }}
funkwhale_nginx_managed: true
# If you have an hTTPS reverse proxy higher up, set this to true
# If you have an HTTPS reverse proxy higher up, set this to true
funkwhale_nginx_tls_termination: true
funkwhale_nginx_tls_configure_ciphers: true
funkwhale_nginx_max_body_size: 100M
funkwhale_nginx_use_compression: true
funkwhale_nginx_additional_config:
funkwhale_ssl_cert_path:
funkwhale_ssl_key_path:
funkwhale_protocol: https
......@@ -38,17 +40,17 @@ funkwhale_letsencrypt_certbot_flags:
funkwhale_letsencrypt_enabled: true
funkwhale_letsencrypt_skip_cert: false
funkwhale_nginx_csp_policy: "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"
funkwhale_redis_managed: true
funkwhale_api_ip: 127.0.0.1
funkwhale_api_port: 5000
funkwhale_web_workers: 1
funkwhale_gunicorn_extra_args: ""
funkwhale_settings_module: config.settings.production
funkwhale_env_vars: []
funkwhale_systemd_managed: true
funkwhale_systemd_after: redis.service postgresql.service
funkwhale_systemd_service_name: funkwhale
funkwhale_ssl_cert_path:
funkwhale_ssl_key_path:
funkwhale_custom_settings:
funkwhale_custom_pip_packages: []
funkwhale_install_from_source: false
......
install.sh 100644 → 100755
View file @ 3f0294c3
......@@ -12,7 +12,7 @@ funkwhale_hostname="${FUNKWHALE_DOMAIN-}"
funkwhale_admin_email="${FUNKWHALE_ADMIN_EMAIL-}"
funkwhale_admin_username="${FUNKWHALE_ADMIN_USERNAME-}"
ansible_flags="${ANSIBLE_FLAGS- --diff}"
ansible_version="${ANSIBLE_VERSION-2.8.2}"
ansible_version="${ANSIBLE_VERSION-4.10.0}"
customize_install="${CUSTOMIZE_INSTALL-}"
skip_confirm="${SKIP_CONFIRM-}"
is_dry_run=${DRY_RUN-false}
......@@ -20,7 +20,7 @@ min_python_version_major="3"
min_python_version_minor="5"
base_path="/srv/funkwhale"
ansible_conf_path="$base_path/ansible"
ansible_bin_path="$HOME/.local/bin"
ansible_venv_path="$HOME/.local/ansible"
ansible_funkwhale_role_version="${ANSIBLE_FUNKWHALE_ROLE_VERSION-master}"
ansible_funkwhale_role_path="${ANSIBLE_FUNKWHALE_ROLE_PATH-}"
funkwhale_systemd_after=""
......@@ -216,9 +216,11 @@ do_install() {
init_ansible() {
echo "[2/$total_steps] Installing ansible dependencies..."
install_packages curl git python3-pip python3-apt sudo locales locales-all
install_packages curl git python3-pip python3-venv python3-apt python3-psycopg2 sudo locales locales-all
echo "[2/$total_steps] Installing Ansible..."
pip3 install --user ansible=="$ansible_version" psycopg2-binary
python3 -m venv $ansible_venv_path
$ansible_venv_path/bin/pip3 install --upgrade pip
$ansible_venv_path/bin/pip3 install ansible=="$ansible_version"
echo "[2/$total_steps] Creating ansible configuration files in $ansible_conf_path..."
mkdir -p "$ansible_conf_path"
......@@ -275,13 +277,19 @@ EOF
if [ "$funkwhale_systemd_managed" = "false" ]; then
cat <<EOF >>playbook.yml
funkwhale_systemd_managed: false
EOF
fi
if [ "$(lsb_release -sc)" = "focal" ]; then
cat <<EOF >>playbook.yml
funkwhale_custom_pip_packages:
- twisted==22.4.0
EOF
fi
cat <<EOF >reconfigure
#!/bin/sh
# reapply playbook with existing parameter
# Useful if you changed some variables in playbook.yml
exec $ansible_bin_path/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags
exec $ansible_venv_path/bin/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags
EOF
chmod +x ./reconfigure
if [ "$funkwhale_redis_managed" = "false" ]; then
......@@ -300,7 +308,7 @@ EOF
EOF
if [ "$ansible_funkwhale_role_path" = '' ]; then
echo "[2/$total_steps] Downloading Funkwhale playbook dependencies"
$ansible_bin_path/ansible-galaxy install -r requirements.yml -f
$ansible_venv_path/bin/ansible-galaxy install -r requirements.yml -f
else
echo "[2/$total_steps] Skipping playbook dependencies, using local role instead"
fi
......@@ -308,7 +316,7 @@ EOF
run_playbook() {
cd "$ansible_conf_path"
echo "[3/$total_steps] Installing Funkwhale using ansible playbook in $ansible_conf_path..."
playbook_command="$ansible_bin_path/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags"
playbook_command="$ansible_venv_path/bin/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags"
if [ "$is_dry_run" = "true" ]; then
playbook_command="$playbook_command --check"
echo "[3/$total_steps] Skipping playbook because DRY_RUN=true"
......@@ -326,19 +334,20 @@ configure_server() {
cat <<EOF >$base_path/manage
#!/bin/sh
set -eu
sudo -u funkwhale -E $base_path/virtualenv/bin/python $base_path/api/manage.py \$@
sudo -u funkwhale -E $base_path/virtualenv/bin/funkwhale-manage \$@
EOF
chmod +x $base_path/manage
if [ -z "$funkwhale_admin_username" ]; then
echo "[4/$total_steps] Skipping superuser account creation"
else
echo "[4/$total_steps] Creating superuser account…"
if [ -z "$FUNKWHALE_CLI_USER_PASSWORD" ]; then
echo " Please input the password for the admin account password"
LOGLEVEL=error sudo -u funkwhale -E $base_path/virtualenv/bin/python \
$base_path/api/manage.py createsuperuser \
fi
LOGLEVEL=error sudo -u funkwhale -E \
$base_path/virtualenv/bin/funkwhale-manage fw users create --superuser \
--email $funkwhale_admin_email \
--username $funkwhale_admin_username \
-v 0
--username $funkwhale_admin_username
fi
}
......
meta/main.yml
View file @ 3f0294c3
molecule/default/Dockerfile.j2
View file @ 3f0294c3
......@@ -6,7 +6,7 @@ FROM {{ item.registry.url }}/{{ item.image }}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-setuptools sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
......
molecule/default/playbook.yml molecule/default/converge.yml
View file @ 3f0294c3
......@@ -12,7 +12,6 @@
funkwhale_ssl_cert_path: /certs/test.crt
funkwhale_ssl_key_path: /certs/test.key
funkwhale_hostname: yourdomain.funkwhale
funkwhale_version: 0.19.0-rc2
funkwhale_env_vars:
- EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587
- DEFAULT_FROM_EMAIL=noreply@yourdomain.funkwhale
......
molecule/default/molecule.yml
View file @ 3f0294c3
......@@ -3,11 +3,13 @@ dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
lint: |
yamllint .
ansible-lint
#flake8
platforms:
- name: debian-stretch
image: alehaa/debian-systemd:stretch
- name: debian-buster
image: alehaa/debian-systemd:buster
command: /sbin/init
tmpfs:
- /run
......@@ -17,11 +19,10 @@ platforms:
provisioner:
name: ansible
lint:
name: ansible-lint
inventory:
host_vars:
debian-buster:
ansible_python_interpreter: "/usr/bin/python3"
verifier:
name: testinfra
lint:
name: flake8
enabled: False
renovate.json 0 → 100644
View file @ 3f0294c3
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}
tasks/db.yml
View file @ 3f0294c3
......@@ -13,26 +13,25 @@
name: postgresql
state: started
- name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible }} (local / passwordless)"
- name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible or inventory_hostname }} (local / passwordless)"
become: true
become_user: postgres
when: funkwhale_database_managed and funkwhale_database_host_ansible == 'localhost'
when: funkwhale_database_managed and funkwhale_database_host_ansible == none
postgresql_user:
name: "{{ funkwhale_database_user }}"
login_user: postgres
delegate_to: "{{ funkwhale_database_host_ansible }}"
- name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible }} (remote / with password)"
become: true
become_user: postgres
when: funkwhale_database_managed and funkwhale_database_host_ansible != 'localhost'
when: funkwhale_database_managed and funkwhale_database_host_ansible != none
postgresql_user:
name: "{{ funkwhale_database_user }}"
password: "{{ funkwhale_database_password }}"
login_user: postgres
delegate_to: "{{ funkwhale_database_host_ansible }}"
delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
- name: "Create {{ funkwhale_database_name }} database on {{ funkwhale_database_host_ansible }}"
- name: "Create {{ funkwhale_database_name }} database on {{ funkwhale_database_host_ansible or inventory_hostname }}"
become: true
become_user: postgres
when: funkwhale_database_managed
......@@ -42,7 +41,7 @@
owner: "{{ funkwhale_database_user }}"
encoding: UTF-8
template: template0
delegate_to: "{{ funkwhale_database_host_ansible }}"
delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
- name: set up pgsql extensions
become: yes
......@@ -52,9 +51,7 @@
db: "{{ funkwhale_database_name }}"
name: "{{ myext }}"
login_user: postgres
loop: ['unaccent', 'citext']
loop: ["unaccent", "citext"]
loop_control:
loop_var: myext
delegate_to: "{{ funkwhale_database_host_ansible }}"
...
delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
tasks/funkwhale.yml
View file @ 3f0294c3
---
- name: Check latest version
when: funkwhale_version is not defined or funkwhale_version == "latest"
uri:
url: https://docs.funkwhale.audio/latest.txt
return_content: yes
register: latest_version
- name: Set version to install
set_fact:
funkwhale_install_version: "{{ latest_version.get('content', funkwhale_version) | trim }}"
- name: Ensure home folder can be created
become: true
......@@ -13,12 +23,23 @@
shell: /bin/false
home: "{{ funkwhale_install_path }}"
- name: "Delete old source files"
become: true
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ funkwhale_install_path }}/front"
- "{{ funkwhale_install_path }}/api"
- name: "Create funkwhale directories"
become: true
file:
path: "{{ item }}"
owner: "{{ funkwhale_username }}"
group: "{{ funkwhale_username }}"
state: directory
mode: "755"
with_items:
- "{{ funkwhale_install_path }}"
- "{{ funkwhale_media_path }}"
......@@ -32,19 +53,20 @@
register: "result_django_secret_key"
- name: "Generate a random secret key"
when: result_django_secret_key.stat.exists == False
when: not result_django_secret_key.stat.exists
become: true
become_user: "{{ funkwhale_username }}"
command: "openssl rand -hex 25"
register: result_secret_key_generation
- name: "Create django_secret_key file"
when: not ansible_check_mode and result_django_secret_key.stat.exists == False
when: not ansible_check_mode and not result_django_secret_key.stat.exists
become: true
become_user: "{{ funkwhale_username }}"
copy:
content: "{{ result_secret_key_generation.stdout }}"
dest: "{{ funkwhale_config_path }}/django_secret_key"
mode: "600"
- name: "Setup a dummy secret key"
when: ansible_check_mode
......@@ -73,13 +95,12 @@
notify:
- restart funkwhale
- name: Download front-end files
become: true
become_user: "{{ funkwhale_username }}"
when: funkwhale_frontend_managed and not funkwhale_install_from_source
unarchive:
src: https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/{{ funkwhale_version }}/download?job=build_front
src: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_install_version }}/download?job=build_front
dest: "{{ funkwhale_install_path }}"
remote_src: true
notify:
......@@ -90,7 +111,7 @@
become_user: "{{ funkwhale_username }}"
when: not funkwhale_install_from_source
unarchive:
src: https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/{{ funkwhale_version }}/download?job=build_api
src: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_install_version }}/download?job=build_api
dest: "{{ funkwhale_install_path }}"
remote_src: true
notify:
......@@ -104,7 +125,7 @@
git:
repo: "{{ funkwhale_source_url }}"
dest: "{{ funkwhale_install_path }}/src"
version: "{{ funkwhale_version }}"
version: "{{ funkwhale_install_version }}"
force: true
notify:
- reload funkwhale
......@@ -156,17 +177,7 @@
- "deb https://dl.yarnpkg.com/debian/ stable main"
- "deb https://deb.nodesource.com/node_{{ funkwhale_node_version }}.x {{ ansible_distribution_release }} main"
- name: "Install frontend build dependencies"
become: true
when: funkwhale_frontend_managed and funkwhale_install_from_source
package:
name: "{{ item }}"
with_items:
- nodejs
- yarn
- yarn
- name: "Install frontend depencies"
- name: "Install frontend dependencies"
become: true
when: funkwhale_frontend_managed and funkwhale_install_from_source
package:
......@@ -199,11 +210,20 @@
become: true
become_user: "{{ funkwhale_username }}"
pip:
name: wheel
name:
- "wheel"
- "pip>=21.3"
- "setuptools>=64"
virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3
- name: "Install python dependencies"
# Deprecated, not required anymore after funkwhale 1.3
- name: "Check if requirements.txt exists"
stat:
path: "{{ funkwhale_install_path }}/api/requirements.txt"
register: "requirements_file"
- name: "Install python dependencies from requirements.txt"
become: true
become_user: "{{ funkwhale_username }}"
pip:
......@@ -212,6 +232,19 @@
virtualenv_python: python3
notify:
- reload funkwhale
when: requirements_file.stat.exists
- name: "Install python dependencies from pyproject.toml"
become: true
become_user: "{{ funkwhale_username }}"
pip:
name: "{{ funkwhale_install_path }}/api"
editable: true
virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3
notify:
- reload funkwhale
when: not requirements_file.stat.exists
- name: "Install custom python dependencies, if any"
when: funkwhale_custom_pip_packages is defined and (funkwhale_custom_pip_packages|length>0)
......@@ -230,7 +263,7 @@
pip:
name:
- gunicorn
- uvicorn
- uvicorn[standard]
virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3
notify:
......@@ -239,14 +272,14 @@
- name: Append custom settings to production.py, if any
become: true
become_user: "{{ funkwhale_username }}"
when: "funkwhale_custom_settings != none"
blockinfile:
path: "{{ funkwhale_install_path }}/api/config/settings/production.py"
insertafter: "EOF"
block: "{{ funkwhale_custom_settings }}"
- name: "Collect static files"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py collectstatic --no-input"
command: "{{ funkwhale_install_path }}/virtualenv/bin/funkwhale-manage collectstatic --no-input"
become: true
become_user: "{{ funkwhale_username }}"
args:
......@@ -255,6 +288,6 @@
- name: "Apply database migrations"
become: true
become_user: "{{ funkwhale_username }}"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py migrate --no-input"
command: "{{ funkwhale_install_path }}/virtualenv/bin/funkwhale-manage migrate --no-input"
args:
chdir: "{{ funkwhale_install_path }}"
tasks/main.yml
View file @ 3f0294c3
tasks/nginx.yml
View file @ 3f0294c3
......@@ -14,23 +14,46 @@
state: started
# from https://gist.github.com/mattiaslundberg/ba214a35060d3c8603e9b1ec8627d349
- name: "Download certbot-auto"
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled
- name: Check if certbot is already installed
stat:
path: "/usr/bin/certbot"
register: "certbot_installed"
- name: Install snapd
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
package:
name: snapd
state: present
- name: Prepare snapd for certbot installation
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
command: snap install core
- name: Refresh core snap before installing certbot
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
command: snap refresh core
- name: Install certbot snap
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
get_url:
url: https://dl.eff.org/certbot-auto
dest: /usr/local/bin/certbot-auto
mode: 0750
command: snap install --classic certbot
- name: "Install certbot using certbot-auto"
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled
- name: Link certbot snap installation
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
command: certbot-auto --install-only -n -v
file:
src: /snap/bin/certbot
dest: /usr/bin/certbot
state: link
- name: Create letsencrypt certificate
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not funkwhale_letsencrypt_skip_cert
become: true
command: certbot-auto -v -n certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }}
command: certbot -v -n certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }}
args:
creates: /etc/letsencrypt/live/{{ funkwhale_hostname }}
......@@ -40,7 +63,7 @@
cron:
name: funkwhale_letsencrypt_renewal
special_time: weekly
job: certbot-auto -v -n --renew certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }}
job: /usr/bin/certbot -v -n certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }}
- name: "Create funkwhale proxy file"
when: funkwhale_nginx_managed
......@@ -48,6 +71,7 @@
template:
src: funkwhale_proxy.conf.j2
dest: "/etc/nginx/funkwhale_proxy.conf"
mode: "644"
notify:
- reload nginx
......@@ -57,5 +81,6 @@
template:
src: nginx.conf.j2
dest: "/etc/nginx/sites-enabled/{{ funkwhale_hostname }}.conf"
mode: "644"
notify:
- reload nginx
tasks/packages.yml
View file @ 3f0294c3
......@@ -6,7 +6,6 @@
- "python3"
- "python3-dev"
- "python3-pip"
- "python-virtualenv" # for ansible
- "python3-virtualenv"
- "libldap2-dev"
- "libsasl2-dev"
......@@ -24,3 +23,5 @@
- libffi-dev
# not strictly needed but useful
- "curl"
- "dbus"
- "virtualenv"
tasks/services.yml
View file @ 3f0294c3
---
- name: "Create {{ funkwhale_systemd_service_name }}-* systemd file"
become: true
when: funkwhale_systemd_managed
......@@ -13,7 +12,7 @@
command: "{{ funkwhale_install_path }}/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO"
- name: server
description: Funkwhale application server
command: "{{ funkwhale_install_path }}/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}"
command: "{{ funkwhale_install_path }}/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} {{ funkwhale_gunicorn_extra_args }}"
- name: beat
description: Funkwhale celery beat process
command: "{{ funkwhale_install_path }}/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO"
......