Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • funkwhale/ansible
  • lfuelling/ansible
  • kevit/ansible
  • theorangepotato/ansible
  • popindavibe/ansible
  • xenofem/ansible
  • kippix/ansible
  • half-duplex/ansible
  • barslmn/ansible
  • sofubi/ansible
  • DannyBoy/ansible
11 results
Select Git revision
Show changes
Commits on Source (66)
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 953 additions and 153 deletions
.codespellignore 0 → 100644
View file @ 3f0294c3
ro
.gitlab-ci.yml
View file @ 3f0294c3
---
stages: stages:
- test - test
- deploy - deploy
...@@ -5,10 +6,30 @@ stages: ...@@ -5,10 +6,30 @@ stages:
variables: variables:
LATEST_VERSION_URL: https://docs.funkwhale.audio/latest.txt LATEST_VERSION_URL: https://docs.funkwhale.audio/latest.txt
pre-commit:
stage: test
image: python:3.12
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
PRE_COMMIT_HOME: "$CI_PROJECT_DIR/.cache/pre-commit"
cache:
paths:
- $CI_PROJECT_DIR/.cache/pip
- $CI_PROJECT_DIR/.cache/pre-commit
before_script:
- pip3 install pre-commit
script:
- pre-commit run --all --color=always --show-diff-on-failure
test-install-script: test-install-script:
stage: test stage: test
image: debian:10 image: $TEST_IMAGE
parallel:
matrix:
- TEST_IMAGE: ["ubuntu:focal", "ubuntu:jammy", "debian:11", "debian:12"]
interruptible: true interruptible: true
variables:
FUNKWHALE_CLI_USER_PASSWORD: supersecurepassword
before_script: before_script:
- apt-get update && apt-get install -y curl - apt-get update && apt-get install -y curl
- | - |
...@@ -24,9 +45,17 @@ test-install-script: ...@@ -24,9 +45,17 @@ test-install-script:
- | - |
set -x set -x
export ANSIBLE_FUNKWHALE_ROLE_PATH=$(pwd) export ANSIBLE_FUNKWHALE_ROLE_PATH=$(pwd)
printf 'test.deployment\ntest\ncontact@test.deployment\nY\nN\n\n\n\N\n\n\n' | bash install.sh printf 'test.deployment\ntest1234\ncontact@test.deployment\nY\nN\n\n\n\N\n\n\n' | bash install.sh
tags: tags:
- docker - docker
test-install-script-develop:
extends: test-install-script
variables:
FUNKWHALE_VERSION: develop
before_script:
- apt-get update && apt-get install -y curl
pages: pages:
stage: deploy stage: deploy
image: buildpack-deps image: buildpack-deps
......
.pre-commit-config.yaml 0 → 100644
View file @ 3f0294c3
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: destroyed-symlinks
- id: check-yaml
- id: check-merge-conflict
- id: end-of-file-fixer
- id: mixed-line-ending
- id: trailing-whitespace
- id: requirements-txt-fixer
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.7.1
hooks:
- id: prettier
files: \.(md|yml|yaml|json)$
- repo: https://github.com/codespell-project/codespell
rev: v2.2.1
hooks:
- id: codespell
args: [--ignore-words=.codespellignore]
.yamllint
View file @ 3f0294c3
---
extends: default extends: default
rules: rules:
......
CONTRIBUTING.md 0 → 100644
View file @ 3f0294c3
# Contribute to funkwhale/ansible
Check out the [Funkwhale contributing guide](https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/CONTRIBUTING.md) for information about how to contribute to the Funkwhale project.
## Development environment
### Pre-commit
The [`pre-commit`](https://pre-commit.com/) tool is used to ensure that the files you commit are properly formatted, follow best practice, and don't contain syntax or spelling errors.
You can install and setup pre-commit using the [quick-start guide on the pre-commit documentation](https://pre-commit.com/#quick-start). Make sure to [install pre-commit](https://pre-commit.com/#1-install-pre-commit) and [setup the git pre-commit hook](https://pre-commit.com/#3-install-the-git-hook-scripts) so pre-commit runs before you commit any changes to the repository.
LICENSE 0 → 100644
View file @ 3f0294c3
This diff is collapsed.
README.md
View file @ 3f0294c3
Funkwhale ansible role # Funkwhale ansible role
======================
An ansible role to install and update [Funkwhale](https://funkwhale.audio). An ansible role to install and update [Funkwhale](https://funkwhale.audio).
Summary ## Summary
-------
Using this role, you can install and upgrade a Funkwhale pod, closely matching our [standard installation guide](https://docs.funkwhale.audio/installation/debian.html). The role will take care of: Using this role, you can install and upgrade a Funkwhale pod, closely matching our [standard installation guide](https://docs.funkwhale.audio/installation/debian.html). The role will take care of:
...@@ -13,8 +11,7 @@ Using this role, you can install and upgrade a Funkwhale pod, closely matching o ...@@ -13,8 +11,7 @@ Using this role, you can install and upgrade a Funkwhale pod, closely matching o
- Install and configure Funkwhale and it's dependencies - Install and configure Funkwhale and it's dependencies
- Install and configure a SSL certificate with Let's Encrypt (optional) - Install and configure a SSL certificate with Let's Encrypt (optional)
Philosophy ## Philosophy
----------
This role strives to: This role strives to:
...@@ -25,13 +22,12 @@ This role strives to: ...@@ -25,13 +22,12 @@ This role strives to:
- Allow running multiple Funkwhale instances on the same host - Allow running multiple Funkwhale instances on the same host
- Avoid messing with existing software and apps on the server - Avoid messing with existing software and apps on the server
Installation and usage ## Installation and usage
----------------------
Install ansible: Install ansible:
``` ```
pip install --user ansible pip3 install --user ansible
``` ```
Create a directory for ansible files: Create a directory for ansible files:
...@@ -76,7 +72,6 @@ Add the following to `playbook.yml`: ...@@ -76,7 +72,6 @@ Add the following to `playbook.yml`:
roles: roles:
- role: funkwhale - role: funkwhale
funkwhale_hostname: yourdomain.funkwhale funkwhale_hostname: yourdomain.funkwhale
funkwhale_version: 0.18.3
funkwhale_letsencrypt_email: contact@youremail.com funkwhale_letsencrypt_email: contact@youremail.com
``` ```
...@@ -94,56 +89,60 @@ Launch the installation (in check mode, so nothing is applied): ...@@ -94,56 +89,60 @@ Launch the installation (in check mode, so nothing is applied):
``` ```
ansible-playbook --ask-become-pass -i inventory.ini playbook.yml --check --diff ansible-playbook --ask-become-pass -i inventory.ini playbook.yml --check --diff
``` ```
*On some hosts, you may need to install the `python-apt` package for check mode to work*.
_On some hosts, you may need to install the `python-apt` package for check mode to work_.
This command will show you the changes that would be applied to your system. If you are comfortable with them, This command will show you the changes that would be applied to your system. If you are comfortable with them,
rerun the same command without the `--check` flag. rerun the same command without the `--check` flag.
Once installation is complete, run `/srv/funkwhale/virtualenv/bin/python /srv/funkwhale/api/manage.py createsuperuser` to create your admin account. Once installation is complete, run `/srv/funkwhale/virtualenv/bin/funkwhale-manage createsuperuser` to create your admin account.
Role Variables ## Role Variables
--------------
**Required variables** **Required variables**
| name | Example | Description | | name | Example | Description |
| ----------------------------- | ----------------------------- | --------------------------------------------- | | ----------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod | | `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod |
| `funkwhale_version` | `0.18.3` | The version to install/upgrade to. You can also use `develop` to run the development branch |
| `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) | | `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) |
**Optional variables** **Optional variables**
| name | Default | Description | | name | Default | Description |
| --------------------------------------- | ----------------------------- | --------------------------------------------- | | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server | | `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server |
| `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server | | `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server |
| `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory | | `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory |
| `funkwhale_nginx_csp_policy` | `"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"` | Content-Security-Policy header to us. You will need to tweak this if you're serving media files from a separate domain. |
| `funkwhale_database_managed` | `true` | If `true`, the role will manage the database server and Funkwhale's database | | `funkwhale_database_managed` | `true` | If `true`, the role will manage the database server and Funkwhale's database |
| `funkwhale_database_name` | `funkwhale` | Name of the Funkwhale database to use | | `funkwhale_database_name` | `funkwhale` | Name of the Funkwhale database to use |
| `funkwhale_database_user` | `funkwhale` | Postgresql username to login as | | `funkwhale_database_user` | `funkwhale` | Postgresql username to login as |
| `funkwhale_env_vars` | `[]` | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` | | `funkwhale_env_vars` | `[]` | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` |
| `funkwhale_external_storage_enabled` | `false` | If `true`, set up the proper configuration to use an external storage for media files | | `funkwhale_external_storage_enabled` | `false` | If `true`, set up the proper configuration to use an external storage for media files |
| `funkwhale_disable_django_admin` | `false` | If `true`, returns a 403 (Forbidden) for `/api/admin` | | `funkwhale_disable_django_admin` | `false` | If `true`, returns a 403 (Forbidden) for `/api/admin` |
| `funkwhale_gunicorn_extra_args` | `""` | Additional args to pass to gunicorn in the `funkwhale-server.service` file. Refer to [gunicorn's documentation](https://docs.gunicorn.org/en/stable/settings.html) for possible options |
| `funkwhale_install_path` | `/srv/funkwhale` | Path where frontend, api and virtualenv files should be stored (**no trailing slash**) | | `funkwhale_install_path` | `/srv/funkwhale` | Path where frontend, api and virtualenv files should be stored (**no trailing slash**) |
| `funkwhale_letsencrypt_certbot_flags` | `null` | Additional flags to pass to `certbot` | | `funkwhale_letsencrypt_certbot_flags` | `null` | Additional flags to pass to `certbot` |
| `funkwhale_letsencrypt_enabled` | `true` | If `true`, will configure SSL with certbot and Let's Encrypt | | `funkwhale_letsencrypt_enabled` | `true` | If `true`, will configure SSL with certbot and Let's Encrypt |
| `funkwhale_media_path` | `/srv/funkwhale/data/media` | Path where audio and uploaded files should be stored (**no trailing slash**) | | `funkwhale_media_path` | `/srv/funkwhale/data/media` | Path where audio and uploaded files should be stored (**no trailing slash**) |
| `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) | | `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) |
| `funkwhale_nginx_additional_config` | `""` | Additional nginx configuration to add to the Funkwhale `server{}` block |
| `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx | | `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx |
| `funkwhale_nginx_tls_termination` | `true` | If `false`, disable SSL in nginx |
| `funkwhale_nginx_tls_configure_ciphers` | `true` | Set TLS ciphers, curves, etc, overriding any settings in http{} |
| `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use | | `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use |
| `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. | | `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. |
| `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis | | `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis |
| `funkwhale_ssl_cert_path` | `` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) | | `funkwhale_ssl_cert_path` | `""` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_ssl_key_path` | `` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) | | `funkwhale_ssl_key_path` | `""` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored | | `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored |
| `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services | | `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services |
| `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host | | `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host |
| `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` | | `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` |
| `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration | | `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration |
| `funkwhale_version` | `latest` | The version to install/upgrade to. You can also use `develop` to run the development branch |
| `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download | | `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download |
| `funkwhale_custom_settings` | `` | Some Python code to append to `api/config/settings/production.py`. Use funkwhale_custom_settings: |` for multiline code. | | `funkwhale_custom_settings` | `""` | Some Python code to append to `api/config/settings/production.py`. Use `funkwhale_custom_settings: \| ` for multiline code. |
**Installing from source** **Installing from source**
...@@ -151,41 +150,35 @@ If you want to install Funkwhale from source (e.g to try a nonproduction branch, ...@@ -151,41 +150,35 @@ If you want to install Funkwhale from source (e.g to try a nonproduction branch,
following variables: following variables:
| name | Default | Description | | name | Default | Description |
| --------------------------------------- | ----------------------------------------------------- | --------------------------------------------- | | ------------------------------- | ----------------------------------------------------- | --------------------------------------- |
| `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source | | `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source |
| `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use | | `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use |
Use the `funkwhale_version` variable to control the git tag/branch to checkout. Use the `funkwhale_version` variable to control the git tag/branch to checkout.
Supported platforms ## Supported platforms
-------------------
- Debian 9 - Debian 9
- More to come - More to come
Dependencies ## Dependencies
------------
This roles has no other dependencies. This roles has no other dependencies.
Tests ## Tests
-----
This role is tested using [molecule](https://molecule.readthedocs.io/en/stable/). This role is tested using [molecule](https://molecule.readthedocs.io/en/stable/).
We don't have CI yet, but you can run the tests with `molecule test`. We don't have CI yet, but you can run the tests with `molecule test`.
Todo ## Todo
----
- Backups - Backups
- Superuser creation - Superuser creation
License ## License
-------
AGPL3 AGPL3
Author Information ## Author Information
------------------
Contact us at https://funkwhale.audio/community/ Contact us at https://funkwhale.audio/community/
defaults/main.yml
View file @ 3f0294c3
...@@ -14,8 +14,8 @@ funkwhale_database_managed: true ...@@ -14,8 +14,8 @@ funkwhale_database_managed: true
funkwhale_database_local: true funkwhale_database_local: true
funkwhale_database_name: funkwhale funkwhale_database_name: funkwhale
funkwhale_database_user: funkwhale funkwhale_database_user: funkwhale
# the DB host as per your ansible inventory # the DB host as per your ansible inventory. No delegation is used if left empty
funkwhale_database_host_ansible: localhost funkwhale_database_host_ansible:
# the DB FQDN or IP for funkwhale connector configuration (ex: pg01.local) # the DB FQDN or IP for funkwhale connector configuration (ex: pg01.local)
funkwhale_database_host_app: localhost funkwhale_database_host_app: localhost
funkwhale_database_port: 5432 funkwhale_database_port: 5432
...@@ -26,10 +26,12 @@ funkwhale_database_port: 5432 ...@@ -26,10 +26,12 @@ funkwhale_database_port: 5432
# funkwhale_database_url: postgresql://{{ funkwhale_database_user }}[:{{ funkwhale_database_password }}]@[{{ funkwhale_database_host_app }}]:{{ funkwhale_database_port | default(5432) }}/{{ funkwhale_database_name }} # funkwhale_database_url: postgresql://{{ funkwhale_database_user }}[:{{ funkwhale_database_password }}]@[{{ funkwhale_database_host_app }}]:{{ funkwhale_database_port | default(5432) }}/{{ funkwhale_database_name }}
funkwhale_nginx_managed: true funkwhale_nginx_managed: true
# If you have an hTTPS reverse proxy higher up, set this to true # If you have an HTTPS reverse proxy higher up, set this to true
funkwhale_nginx_tls_termination: true funkwhale_nginx_tls_termination: true
funkwhale_nginx_tls_configure_ciphers: true
funkwhale_nginx_max_body_size: 100M funkwhale_nginx_max_body_size: 100M
funkwhale_nginx_use_compression: true funkwhale_nginx_use_compression: true
funkwhale_nginx_additional_config:
funkwhale_ssl_cert_path: funkwhale_ssl_cert_path:
funkwhale_ssl_key_path: funkwhale_ssl_key_path:
funkwhale_protocol: https funkwhale_protocol: https
...@@ -38,17 +40,17 @@ funkwhale_letsencrypt_certbot_flags: ...@@ -38,17 +40,17 @@ funkwhale_letsencrypt_certbot_flags:
funkwhale_letsencrypt_enabled: true funkwhale_letsencrypt_enabled: true
funkwhale_letsencrypt_skip_cert: false funkwhale_letsencrypt_skip_cert: false
funkwhale_nginx_csp_policy: "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"
funkwhale_redis_managed: true funkwhale_redis_managed: true
funkwhale_api_ip: 127.0.0.1 funkwhale_api_ip: 127.0.0.1
funkwhale_api_port: 5000 funkwhale_api_port: 5000
funkwhale_web_workers: 1 funkwhale_web_workers: 1
funkwhale_gunicorn_extra_args: ""
funkwhale_settings_module: config.settings.production funkwhale_settings_module: config.settings.production
funkwhale_env_vars: [] funkwhale_env_vars: []
funkwhale_systemd_managed: true funkwhale_systemd_managed: true
funkwhale_systemd_after: redis.service postgresql.service funkwhale_systemd_after: redis.service postgresql.service
funkwhale_systemd_service_name: funkwhale funkwhale_systemd_service_name: funkwhale
funkwhale_ssl_cert_path:
funkwhale_ssl_key_path:
funkwhale_custom_settings: funkwhale_custom_settings:
funkwhale_custom_pip_packages: [] funkwhale_custom_pip_packages: []
funkwhale_install_from_source: false funkwhale_install_from_source: false
......
install.sh 100644 → 100755
View file @ 3f0294c3
...@@ -12,7 +12,7 @@ funkwhale_hostname="${FUNKWHALE_DOMAIN-}" ...@@ -12,7 +12,7 @@ funkwhale_hostname="${FUNKWHALE_DOMAIN-}"
funkwhale_admin_email="${FUNKWHALE_ADMIN_EMAIL-}" funkwhale_admin_email="${FUNKWHALE_ADMIN_EMAIL-}"
funkwhale_admin_username="${FUNKWHALE_ADMIN_USERNAME-}" funkwhale_admin_username="${FUNKWHALE_ADMIN_USERNAME-}"
ansible_flags="${ANSIBLE_FLAGS- --diff}" ansible_flags="${ANSIBLE_FLAGS- --diff}"
ansible_version="${ANSIBLE_VERSION-2.8.2}" ansible_version="${ANSIBLE_VERSION-4.10.0}"
customize_install="${CUSTOMIZE_INSTALL-}" customize_install="${CUSTOMIZE_INSTALL-}"
skip_confirm="${SKIP_CONFIRM-}" skip_confirm="${SKIP_CONFIRM-}"
is_dry_run=${DRY_RUN-false} is_dry_run=${DRY_RUN-false}
...@@ -20,7 +20,7 @@ min_python_version_major="3" ...@@ -20,7 +20,7 @@ min_python_version_major="3"
min_python_version_minor="5" min_python_version_minor="5"
base_path="/srv/funkwhale" base_path="/srv/funkwhale"
ansible_conf_path="$base_path/ansible" ansible_conf_path="$base_path/ansible"
ansible_bin_path="$HOME/.local/bin" ansible_venv_path="$HOME/.local/ansible"
ansible_funkwhale_role_version="${ANSIBLE_FUNKWHALE_ROLE_VERSION-master}" ansible_funkwhale_role_version="${ANSIBLE_FUNKWHALE_ROLE_VERSION-master}"
ansible_funkwhale_role_path="${ANSIBLE_FUNKWHALE_ROLE_PATH-}" ansible_funkwhale_role_path="${ANSIBLE_FUNKWHALE_ROLE_PATH-}"
funkwhale_systemd_after="" funkwhale_systemd_after=""
...@@ -216,9 +216,11 @@ do_install() { ...@@ -216,9 +216,11 @@ do_install() {
init_ansible() { init_ansible() {
echo "[2/$total_steps] Installing ansible dependencies..." echo "[2/$total_steps] Installing ansible dependencies..."
install_packages curl git python3-pip python3-apt sudo locales locales-all install_packages curl git python3-pip python3-venv python3-apt python3-psycopg2 sudo locales locales-all
echo "[2/$total_steps] Installing Ansible..." echo "[2/$total_steps] Installing Ansible..."
pip3 install --user ansible=="$ansible_version" psycopg2-binary python3 -m venv $ansible_venv_path
$ansible_venv_path/bin/pip3 install --upgrade pip
$ansible_venv_path/bin/pip3 install ansible=="$ansible_version"
echo "[2/$total_steps] Creating ansible configuration files in $ansible_conf_path..." echo "[2/$total_steps] Creating ansible configuration files in $ansible_conf_path..."
mkdir -p "$ansible_conf_path" mkdir -p "$ansible_conf_path"
...@@ -275,13 +277,19 @@ EOF ...@@ -275,13 +277,19 @@ EOF
if [ "$funkwhale_systemd_managed" = "false" ]; then if [ "$funkwhale_systemd_managed" = "false" ]; then
cat <<EOF >>playbook.yml cat <<EOF >>playbook.yml
funkwhale_systemd_managed: false funkwhale_systemd_managed: false
EOF
fi
if [ "$(lsb_release -sc)" = "focal" ]; then
cat <<EOF >>playbook.yml
funkwhale_custom_pip_packages:
- twisted==22.4.0
EOF EOF
fi fi
cat <<EOF >reconfigure cat <<EOF >reconfigure
#!/bin/sh #!/bin/sh
# reapply playbook with existing parameter # reapply playbook with existing parameter
# Useful if you changed some variables in playbook.yml # Useful if you changed some variables in playbook.yml
exec $ansible_bin_path/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags exec $ansible_venv_path/bin/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags
EOF EOF
chmod +x ./reconfigure chmod +x ./reconfigure
if [ "$funkwhale_redis_managed" = "false" ]; then if [ "$funkwhale_redis_managed" = "false" ]; then
...@@ -300,7 +308,7 @@ EOF ...@@ -300,7 +308,7 @@ EOF
EOF EOF
if [ "$ansible_funkwhale_role_path" = '' ]; then if [ "$ansible_funkwhale_role_path" = '' ]; then
echo "[2/$total_steps] Downloading Funkwhale playbook dependencies" echo "[2/$total_steps] Downloading Funkwhale playbook dependencies"
$ansible_bin_path/ansible-galaxy install -r requirements.yml -f $ansible_venv_path/bin/ansible-galaxy install -r requirements.yml -f
else else
echo "[2/$total_steps] Skipping playbook dependencies, using local role instead" echo "[2/$total_steps] Skipping playbook dependencies, using local role instead"
fi fi
...@@ -308,7 +316,7 @@ EOF ...@@ -308,7 +316,7 @@ EOF
run_playbook() { run_playbook() {
cd "$ansible_conf_path" cd "$ansible_conf_path"
echo "[3/$total_steps] Installing Funkwhale using ansible playbook in $ansible_conf_path..." echo "[3/$total_steps] Installing Funkwhale using ansible playbook in $ansible_conf_path..."
playbook_command="$ansible_bin_path/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags" playbook_command="$ansible_venv_path/bin/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags"
if [ "$is_dry_run" = "true" ]; then if [ "$is_dry_run" = "true" ]; then
playbook_command="$playbook_command --check" playbook_command="$playbook_command --check"
echo "[3/$total_steps] Skipping playbook because DRY_RUN=true" echo "[3/$total_steps] Skipping playbook because DRY_RUN=true"
...@@ -326,19 +334,20 @@ configure_server() { ...@@ -326,19 +334,20 @@ configure_server() {
cat <<EOF >$base_path/manage cat <<EOF >$base_path/manage
#!/bin/sh #!/bin/sh
set -eu set -eu
sudo -u funkwhale -E $base_path/virtualenv/bin/python $base_path/api/manage.py \$@ sudo -u funkwhale -E $base_path/virtualenv/bin/funkwhale-manage \$@
EOF EOF
chmod +x $base_path/manage chmod +x $base_path/manage
if [ -z "$funkwhale_admin_username" ]; then if [ -z "$funkwhale_admin_username" ]; then
echo "[4/$total_steps] Skipping superuser account creation" echo "[4/$total_steps] Skipping superuser account creation"
else else
echo "[4/$total_steps] Creating superuser account…" echo "[4/$total_steps] Creating superuser account…"
if [ -z "$FUNKWHALE_CLI_USER_PASSWORD" ]; then
echo " Please input the password for the admin account password" echo " Please input the password for the admin account password"
LOGLEVEL=error sudo -u funkwhale -E $base_path/virtualenv/bin/python \ fi
$base_path/api/manage.py createsuperuser \ LOGLEVEL=error sudo -u funkwhale -E \
$base_path/virtualenv/bin/funkwhale-manage fw users create --superuser \
--email $funkwhale_admin_email \ --email $funkwhale_admin_email \
--username $funkwhale_admin_username \ --username $funkwhale_admin_username
-v 0
fi fi
} }
......
meta/main.yml
View file @ 3f0294c3
molecule/default/Dockerfile.j2
View file @ 3f0294c3
...@@ -6,7 +6,7 @@ FROM {{ item.registry.url }}/{{ item.image }} ...@@ -6,7 +6,7 @@ FROM {{ item.registry.url }}/{{ item.image }}
FROM {{ item.image }} FROM {{ item.image }}
{% endif %} {% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-setuptools sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
......
molecule/default/playbook.yml molecule/default/converge.yml
View file @ 3f0294c3
...@@ -12,7 +12,6 @@ ...@@ -12,7 +12,6 @@
funkwhale_ssl_cert_path: /certs/test.crt funkwhale_ssl_cert_path: /certs/test.crt
funkwhale_ssl_key_path: /certs/test.key funkwhale_ssl_key_path: /certs/test.key
funkwhale_hostname: yourdomain.funkwhale funkwhale_hostname: yourdomain.funkwhale
funkwhale_version: 0.19.0-rc2
funkwhale_env_vars: funkwhale_env_vars:
- EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587 - EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587
- DEFAULT_FROM_EMAIL=noreply@yourdomain.funkwhale - DEFAULT_FROM_EMAIL=noreply@yourdomain.funkwhale
......
molecule/default/molecule.yml
View file @ 3f0294c3
...@@ -3,11 +3,13 @@ dependency: ...@@ -3,11 +3,13 @@ dependency:
name: galaxy name: galaxy
driver: driver:
name: docker name: docker
lint: lint: |
name: yamllint yamllint .
ansible-lint
#flake8
platforms: platforms:
- name: debian-stretch - name: debian-buster
image: alehaa/debian-systemd:stretch image: alehaa/debian-systemd:buster
command: /sbin/init command: /sbin/init
tmpfs: tmpfs:
- /run - /run
...@@ -17,11 +19,10 @@ platforms: ...@@ -17,11 +19,10 @@ platforms:
provisioner: provisioner:
name: ansible name: ansible
lint: inventory:
name: ansible-lint host_vars:
debian-buster:
ansible_python_interpreter: "/usr/bin/python3"
verifier: verifier:
name: testinfra name: testinfra
lint:
name: flake8
enabled: False
renovate.json 0 → 100644
View file @ 3f0294c3
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}
tasks/db.yml
View file @ 3f0294c3
...@@ -13,26 +13,25 @@ ...@@ -13,26 +13,25 @@
name: postgresql name: postgresql
state: started state: started
- name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible }} (local / passwordless)" - name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible or inventory_hostname }} (local / passwordless)"
become: true become: true
become_user: postgres become_user: postgres
when: funkwhale_database_managed and funkwhale_database_host_ansible == 'localhost' when: funkwhale_database_managed and funkwhale_database_host_ansible == none
postgresql_user: postgresql_user:
name: "{{ funkwhale_database_user }}" name: "{{ funkwhale_database_user }}"
login_user: postgres login_user: postgres
delegate_to: "{{ funkwhale_database_host_ansible }}"
- name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible }} (remote / with password)" - name: "Create {{ funkwhale_database_user }} database user on {{ funkwhale_database_host_ansible }} (remote / with password)"
become: true become: true
become_user: postgres become_user: postgres
when: funkwhale_database_managed and funkwhale_database_host_ansible != 'localhost' when: funkwhale_database_managed and funkwhale_database_host_ansible != none
postgresql_user: postgresql_user:
name: "{{ funkwhale_database_user }}" name: "{{ funkwhale_database_user }}"
password: "{{ funkwhale_database_password }}" password: "{{ funkwhale_database_password }}"
login_user: postgres login_user: postgres
delegate_to: "{{ funkwhale_database_host_ansible }}" delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
- name: "Create {{ funkwhale_database_name }} database on {{ funkwhale_database_host_ansible }}" - name: "Create {{ funkwhale_database_name }} database on {{ funkwhale_database_host_ansible or inventory_hostname }}"
become: true become: true
become_user: postgres become_user: postgres
when: funkwhale_database_managed when: funkwhale_database_managed
...@@ -42,7 +41,7 @@ ...@@ -42,7 +41,7 @@
owner: "{{ funkwhale_database_user }}" owner: "{{ funkwhale_database_user }}"
encoding: UTF-8 encoding: UTF-8
template: template0 template: template0
delegate_to: "{{ funkwhale_database_host_ansible }}" delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
- name: set up pgsql extensions - name: set up pgsql extensions
become: yes become: yes
...@@ -52,9 +51,7 @@ ...@@ -52,9 +51,7 @@
db: "{{ funkwhale_database_name }}" db: "{{ funkwhale_database_name }}"
name: "{{ myext }}" name: "{{ myext }}"
login_user: postgres login_user: postgres
loop: ['unaccent', 'citext'] loop: ["unaccent", "citext"]
loop_control: loop_control:
loop_var: myext loop_var: myext
delegate_to: "{{ funkwhale_database_host_ansible }}" delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
...
tasks/funkwhale.yml
View file @ 3f0294c3
--- ---
- name: Check latest version
when: funkwhale_version is not defined or funkwhale_version == "latest"
uri:
url: https://docs.funkwhale.audio/latest.txt
return_content: yes
register: latest_version
- name: Set version to install
set_fact:
funkwhale_install_version: "{{ latest_version.get('content', funkwhale_version) | trim }}"
- name: Ensure home folder can be created - name: Ensure home folder can be created
become: true become: true
...@@ -13,12 +23,23 @@ ...@@ -13,12 +23,23 @@
shell: /bin/false shell: /bin/false
home: "{{ funkwhale_install_path }}" home: "{{ funkwhale_install_path }}"
- name: "Delete old source files"
become: true
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ funkwhale_install_path }}/front"
- "{{ funkwhale_install_path }}/api"
- name: "Create funkwhale directories" - name: "Create funkwhale directories"
become: true become: true
file: file:
path: "{{ item }}" path: "{{ item }}"
owner: "{{ funkwhale_username }}" owner: "{{ funkwhale_username }}"
group: "{{ funkwhale_username }}"
state: directory state: directory
mode: "755"
with_items: with_items:
- "{{ funkwhale_install_path }}" - "{{ funkwhale_install_path }}"
- "{{ funkwhale_media_path }}" - "{{ funkwhale_media_path }}"
...@@ -32,19 +53,20 @@ ...@@ -32,19 +53,20 @@
register: "result_django_secret_key" register: "result_django_secret_key"
- name: "Generate a random secret key" - name: "Generate a random secret key"
when: result_django_secret_key.stat.exists == False when: not result_django_secret_key.stat.exists
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
command: "openssl rand -hex 25" command: "openssl rand -hex 25"
register: result_secret_key_generation register: result_secret_key_generation
- name: "Create django_secret_key file" - name: "Create django_secret_key file"
when: not ansible_check_mode and result_django_secret_key.stat.exists == False when: not ansible_check_mode and not result_django_secret_key.stat.exists
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
copy: copy:
content: "{{ result_secret_key_generation.stdout }}" content: "{{ result_secret_key_generation.stdout }}"
dest: "{{ funkwhale_config_path }}/django_secret_key" dest: "{{ funkwhale_config_path }}/django_secret_key"
mode: "600"
- name: "Setup a dummy secret key" - name: "Setup a dummy secret key"
when: ansible_check_mode when: ansible_check_mode
...@@ -73,13 +95,12 @@ ...@@ -73,13 +95,12 @@
notify: notify:
- restart funkwhale - restart funkwhale
- name: Download front-end files - name: Download front-end files
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
when: funkwhale_frontend_managed and not funkwhale_install_from_source when: funkwhale_frontend_managed and not funkwhale_install_from_source
unarchive: unarchive:
src: https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/{{ funkwhale_version }}/download?job=build_front src: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_install_version }}/download?job=build_front
dest: "{{ funkwhale_install_path }}" dest: "{{ funkwhale_install_path }}"
remote_src: true remote_src: true
notify: notify:
...@@ -90,7 +111,7 @@ ...@@ -90,7 +111,7 @@
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
when: not funkwhale_install_from_source when: not funkwhale_install_from_source
unarchive: unarchive:
src: https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/{{ funkwhale_version }}/download?job=build_api src: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_install_version }}/download?job=build_api
dest: "{{ funkwhale_install_path }}" dest: "{{ funkwhale_install_path }}"
remote_src: true remote_src: true
notify: notify:
...@@ -104,7 +125,7 @@ ...@@ -104,7 +125,7 @@
git: git:
repo: "{{ funkwhale_source_url }}" repo: "{{ funkwhale_source_url }}"
dest: "{{ funkwhale_install_path }}/src" dest: "{{ funkwhale_install_path }}/src"
version: "{{ funkwhale_version }}" version: "{{ funkwhale_install_version }}"
force: true force: true
notify: notify:
- reload funkwhale - reload funkwhale
...@@ -156,17 +177,7 @@ ...@@ -156,17 +177,7 @@
- "deb https://dl.yarnpkg.com/debian/ stable main" - "deb https://dl.yarnpkg.com/debian/ stable main"
- "deb https://deb.nodesource.com/node_{{ funkwhale_node_version }}.x {{ ansible_distribution_release }} main" - "deb https://deb.nodesource.com/node_{{ funkwhale_node_version }}.x {{ ansible_distribution_release }} main"
- name: "Install frontend build dependencies" - name: "Install frontend dependencies"
become: true
when: funkwhale_frontend_managed and funkwhale_install_from_source
package:
name: "{{ item }}"
with_items:
- nodejs
- yarn
- yarn
- name: "Install frontend depencies"
become: true become: true
when: funkwhale_frontend_managed and funkwhale_install_from_source when: funkwhale_frontend_managed and funkwhale_install_from_source
package: package:
...@@ -199,11 +210,20 @@ ...@@ -199,11 +210,20 @@
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
pip: pip:
name: wheel name:
- "wheel"
- "pip>=21.3"
- "setuptools>=64"
virtualenv: "{{ funkwhale_install_path }}/virtualenv" virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3 virtualenv_python: python3
- name: "Install python dependencies" # Deprecated, not required anymore after funkwhale 1.3
- name: "Check if requirements.txt exists"
stat:
path: "{{ funkwhale_install_path }}/api/requirements.txt"
register: "requirements_file"
- name: "Install python dependencies from requirements.txt"
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
pip: pip:
...@@ -212,6 +232,19 @@ ...@@ -212,6 +232,19 @@
virtualenv_python: python3 virtualenv_python: python3
notify: notify:
- reload funkwhale - reload funkwhale
when: requirements_file.stat.exists
- name: "Install python dependencies from pyproject.toml"
become: true
become_user: "{{ funkwhale_username }}"
pip:
name: "{{ funkwhale_install_path }}/api"
editable: true
virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3
notify:
- reload funkwhale
when: not requirements_file.stat.exists
- name: "Install custom python dependencies, if any" - name: "Install custom python dependencies, if any"
when: funkwhale_custom_pip_packages is defined and (funkwhale_custom_pip_packages|length>0) when: funkwhale_custom_pip_packages is defined and (funkwhale_custom_pip_packages|length>0)
...@@ -230,7 +263,7 @@ ...@@ -230,7 +263,7 @@
pip: pip:
name: name:
- gunicorn - gunicorn
- uvicorn - uvicorn[standard]
virtualenv: "{{ funkwhale_install_path }}/virtualenv" virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3 virtualenv_python: python3
notify: notify:
...@@ -239,14 +272,14 @@ ...@@ -239,14 +272,14 @@
- name: Append custom settings to production.py, if any - name: Append custom settings to production.py, if any
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
when: "funkwhale_custom_settings != none"
blockinfile: blockinfile:
path: "{{ funkwhale_install_path }}/api/config/settings/production.py" path: "{{ funkwhale_install_path }}/api/config/settings/production.py"
insertafter: "EOF" insertafter: "EOF"
block: "{{ funkwhale_custom_settings }}" block: "{{ funkwhale_custom_settings }}"
- name: "Collect static files" - name: "Collect static files"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py collectstatic --no-input" command: "{{ funkwhale_install_path }}/virtualenv/bin/funkwhale-manage collectstatic --no-input"
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
args: args:
...@@ -255,6 +288,6 @@ ...@@ -255,6 +288,6 @@
- name: "Apply database migrations" - name: "Apply database migrations"
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py migrate --no-input" command: "{{ funkwhale_install_path }}/virtualenv/bin/funkwhale-manage migrate --no-input"
args: args:
chdir: "{{ funkwhale_install_path }}" chdir: "{{ funkwhale_install_path }}"
tasks/main.yml
View file @ 3f0294c3
tasks/nginx.yml
View file @ 3f0294c3
...@@ -14,23 +14,46 @@ ...@@ -14,23 +14,46 @@
state: started state: started
# from https://gist.github.com/mattiaslundberg/ba214a35060d3c8603e9b1ec8627d349 # from https://gist.github.com/mattiaslundberg/ba214a35060d3c8603e9b1ec8627d349
- name: "Download certbot-auto"
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled - name: Check if certbot is already installed
stat:
path: "/usr/bin/certbot"
register: "certbot_installed"
- name: Install snapd
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
package:
name: snapd
state: present
- name: Prepare snapd for certbot installation
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
command: snap install core
- name: Refresh core snap before installing certbot
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true
command: snap refresh core
- name: Install certbot snap
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
get_url: command: snap install --classic certbot
url: https://dl.eff.org/certbot-auto
dest: /usr/local/bin/certbot-auto
mode: 0750
- name: "Install certbot using certbot-auto" - name: Link certbot snap installation
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
command: certbot-auto --install-only -n -v file:
src: /snap/bin/certbot
dest: /usr/bin/certbot
state: link
- name: Create letsencrypt certificate - name: Create letsencrypt certificate
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not funkwhale_letsencrypt_skip_cert when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not funkwhale_letsencrypt_skip_cert
become: true become: true
command: certbot-auto -v -n certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }} command: certbot -v -n certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }}
args: args:
creates: /etc/letsencrypt/live/{{ funkwhale_hostname }} creates: /etc/letsencrypt/live/{{ funkwhale_hostname }}
...@@ -40,7 +63,7 @@ ...@@ -40,7 +63,7 @@
cron: cron:
name: funkwhale_letsencrypt_renewal name: funkwhale_letsencrypt_renewal
special_time: weekly special_time: weekly
job: certbot-auto -v -n --renew certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }} job: /usr/bin/certbot -v -n certonly --nginx -m {{ funkwhale_letsencrypt_email }} --agree-tos -d {{ funkwhale_hostname }} {{ funkwhale_letsencrypt_certbot_flags }}
- name: "Create funkwhale proxy file" - name: "Create funkwhale proxy file"
when: funkwhale_nginx_managed when: funkwhale_nginx_managed
...@@ -48,6 +71,7 @@ ...@@ -48,6 +71,7 @@
template: template:
src: funkwhale_proxy.conf.j2 src: funkwhale_proxy.conf.j2
dest: "/etc/nginx/funkwhale_proxy.conf" dest: "/etc/nginx/funkwhale_proxy.conf"
mode: "644"
notify: notify:
- reload nginx - reload nginx
...@@ -57,5 +81,6 @@ ...@@ -57,5 +81,6 @@
template: template:
src: nginx.conf.j2 src: nginx.conf.j2
dest: "/etc/nginx/sites-enabled/{{ funkwhale_hostname }}.conf" dest: "/etc/nginx/sites-enabled/{{ funkwhale_hostname }}.conf"
mode: "644"
notify: notify:
- reload nginx - reload nginx
tasks/packages.yml
View file @ 3f0294c3
...@@ -6,7 +6,6 @@ ...@@ -6,7 +6,6 @@
- "python3" - "python3"
- "python3-dev" - "python3-dev"
- "python3-pip" - "python3-pip"
- "python-virtualenv" # for ansible
- "python3-virtualenv" - "python3-virtualenv"
- "libldap2-dev" - "libldap2-dev"
- "libsasl2-dev" - "libsasl2-dev"
...@@ -24,3 +23,5 @@ ...@@ -24,3 +23,5 @@
- libffi-dev - libffi-dev
# not strictly needed but useful # not strictly needed but useful
- "curl" - "curl"
- "dbus"
- "virtualenv"
tasks/services.yml
View file @ 3f0294c3
--- ---
- name: "Create {{ funkwhale_systemd_service_name }}-* systemd file" - name: "Create {{ funkwhale_systemd_service_name }}-* systemd file"
become: true become: true
when: funkwhale_systemd_managed when: funkwhale_systemd_managed
...@@ -13,7 +12,7 @@ ...@@ -13,7 +12,7 @@
command: "{{ funkwhale_install_path }}/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO" command: "{{ funkwhale_install_path }}/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO"
- name: server - name: server
description: Funkwhale application server description: Funkwhale application server
command: "{{ funkwhale_install_path }}/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}" command: "{{ funkwhale_install_path }}/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} {{ funkwhale_gunicorn_extra_args }}"
- name: beat - name: beat
description: Funkwhale celery beat process description: Funkwhale celery beat process
command: "{{ funkwhale_install_path }}/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO" command: "{{ funkwhale_install_path }}/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO"
......