Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • funkwhale/ansible
  • lfuelling/ansible
  • kevit/ansible
  • theorangepotato/ansible
  • popindavibe/ansible
  • xenofem/ansible
  • kippix/ansible
  • half-duplex/ansible
  • barslmn/ansible
  • sofubi/ansible
  • DannyBoy/ansible
11 results
Select Git revision
Show changes
Commits on Source (34)
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 919 additions and 133 deletions
.codespellignore 0 → 100644
View file @ 3f0294c3
ro
.gitlab-ci.yml
View file @ 3f0294c3
---
stages: stages:
- test - test
- deploy - deploy
...@@ -5,10 +6,30 @@ stages: ...@@ -5,10 +6,30 @@ stages:
variables: variables:
LATEST_VERSION_URL: https://docs.funkwhale.audio/latest.txt LATEST_VERSION_URL: https://docs.funkwhale.audio/latest.txt
pre-commit:
stage: test
image: python:3.12
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
PRE_COMMIT_HOME: "$CI_PROJECT_DIR/.cache/pre-commit"
cache:
paths:
- $CI_PROJECT_DIR/.cache/pip
- $CI_PROJECT_DIR/.cache/pre-commit
before_script:
- pip3 install pre-commit
script:
- pre-commit run --all --color=always --show-diff-on-failure
test-install-script: test-install-script:
stage: test stage: test
image: debian:10 image: $TEST_IMAGE
parallel:
matrix:
- TEST_IMAGE: ["ubuntu:focal", "ubuntu:jammy", "debian:11", "debian:12"]
interruptible: true interruptible: true
variables:
FUNKWHALE_CLI_USER_PASSWORD: supersecurepassword
before_script: before_script:
- apt-get update && apt-get install -y curl - apt-get update && apt-get install -y curl
- | - |
...@@ -24,9 +45,17 @@ test-install-script: ...@@ -24,9 +45,17 @@ test-install-script:
- | - |
set -x set -x
export ANSIBLE_FUNKWHALE_ROLE_PATH=$(pwd) export ANSIBLE_FUNKWHALE_ROLE_PATH=$(pwd)
printf 'test.deployment\ntest\ncontact@test.deployment\nY\nN\n\n\n\N\n\n\n' | bash install.sh printf 'test.deployment\ntest1234\ncontact@test.deployment\nY\nN\n\n\n\N\n\n\n' | bash install.sh
tags: tags:
- docker - docker
test-install-script-develop:
extends: test-install-script
variables:
FUNKWHALE_VERSION: develop
before_script:
- apt-get update && apt-get install -y curl
pages: pages:
stage: deploy stage: deploy
image: buildpack-deps image: buildpack-deps
......
.pre-commit-config.yaml 0 → 100644
View file @ 3f0294c3
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: check-symlinks
- id: destroyed-symlinks
- id: check-yaml
- id: check-merge-conflict
- id: end-of-file-fixer
- id: mixed-line-ending
- id: trailing-whitespace
- id: requirements-txt-fixer
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v2.7.1
hooks:
- id: prettier
files: \.(md|yml|yaml|json)$
- repo: https://github.com/codespell-project/codespell
rev: v2.2.1
hooks:
- id: codespell
args: [--ignore-words=.codespellignore]
.yamllint
View file @ 3f0294c3
---
extends: default extends: default
rules: rules:
......
CONTRIBUTING.md 0 → 100644
View file @ 3f0294c3
# Contribute to funkwhale/ansible
Check out the [Funkwhale contributing guide](https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/CONTRIBUTING.md) for information about how to contribute to the Funkwhale project.
## Development environment
### Pre-commit
The [`pre-commit`](https://pre-commit.com/) tool is used to ensure that the files you commit are properly formatted, follow best practice, and don't contain syntax or spelling errors.
You can install and setup pre-commit using the [quick-start guide on the pre-commit documentation](https://pre-commit.com/#quick-start). Make sure to [install pre-commit](https://pre-commit.com/#1-install-pre-commit) and [setup the git pre-commit hook](https://pre-commit.com/#3-install-the-git-hook-scripts) so pre-commit runs before you commit any changes to the repository.
LICENSE 0 → 100644
View file @ 3f0294c3
This diff is collapsed.
README.md
View file @ 3f0294c3
Funkwhale ansible role # Funkwhale ansible role
======================
An ansible role to install and update [Funkwhale](https://funkwhale.audio). An ansible role to install and update [Funkwhale](https://funkwhale.audio).
Summary ## Summary
-------
Using this role, you can install and upgrade a Funkwhale pod, closely matching our [standard installation guide](https://docs.funkwhale.audio/installation/debian.html). The role will take care of: Using this role, you can install and upgrade a Funkwhale pod, closely matching our [standard installation guide](https://docs.funkwhale.audio/installation/debian.html). The role will take care of:
...@@ -13,8 +11,7 @@ Using this role, you can install and upgrade a Funkwhale pod, closely matching o ...@@ -13,8 +11,7 @@ Using this role, you can install and upgrade a Funkwhale pod, closely matching o
- Install and configure Funkwhale and it's dependencies - Install and configure Funkwhale and it's dependencies
- Install and configure a SSL certificate with Let's Encrypt (optional) - Install and configure a SSL certificate with Let's Encrypt (optional)
Philosophy ## Philosophy
----------
This role strives to: This role strives to:
...@@ -25,8 +22,7 @@ This role strives to: ...@@ -25,8 +22,7 @@ This role strives to:
- Allow running multiple Funkwhale instances on the same host - Allow running multiple Funkwhale instances on the same host
- Avoid messing with existing software and apps on the server - Avoid messing with existing software and apps on the server
Installation and usage ## Installation and usage
----------------------
Install ansible: Install ansible:
...@@ -76,7 +72,6 @@ Add the following to `playbook.yml`: ...@@ -76,7 +72,6 @@ Add the following to `playbook.yml`:
roles: roles:
- role: funkwhale - role: funkwhale
funkwhale_hostname: yourdomain.funkwhale funkwhale_hostname: yourdomain.funkwhale
funkwhale_version: 0.18.3
funkwhale_letsencrypt_email: contact@youremail.com funkwhale_letsencrypt_email: contact@youremail.com
``` ```
...@@ -94,29 +89,27 @@ Launch the installation (in check mode, so nothing is applied): ...@@ -94,29 +89,27 @@ Launch the installation (in check mode, so nothing is applied):
``` ```
ansible-playbook --ask-become-pass -i inventory.ini playbook.yml --check --diff ansible-playbook --ask-become-pass -i inventory.ini playbook.yml --check --diff
``` ```
*On some hosts, you may need to install the `python-apt` package for check mode to work*.
_On some hosts, you may need to install the `python-apt` package for check mode to work_.
This command will show you the changes that would be applied to your system. If you are comfortable with them, This command will show you the changes that would be applied to your system. If you are comfortable with them,
rerun the same command without the `--check` flag. rerun the same command without the `--check` flag.
Once installation is complete, run `/srv/funkwhale/virtualenv/bin/python /srv/funkwhale/api/manage.py createsuperuser` to create your admin account. Once installation is complete, run `/srv/funkwhale/virtualenv/bin/funkwhale-manage createsuperuser` to create your admin account.
Role Variables ## Role Variables
--------------
**Required variables** **Required variables**
| name | Example | Description | | name | Example | Description |
| ----------------------------- | ----------------------------- | --------------------------------------------- | | ----------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod | | `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod |
| `funkwhale_version` | `0.18.3` | The version to install/upgrade to. You can also use `develop` to run the development branch |
| `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) | | `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) |
**Optional variables** **Optional variables**
| name | Default | Description | | name | Default | Description |
| --------------------------------------- | ----------------------------- | --------------------------------------------- | | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server | | `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server |
| `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server | | `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server |
| `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory | | `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory |
...@@ -135,19 +128,21 @@ Role Variables ...@@ -135,19 +128,21 @@ Role Variables
| `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) | | `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) |
| `funkwhale_nginx_additional_config` | `""` | Additional nginx configuration to add to the Funkwhale `server{}` block | | `funkwhale_nginx_additional_config` | `""` | Additional nginx configuration to add to the Funkwhale `server{}` block |
| `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx | | `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx |
| `funkwhale_nginx_tls_termination` | `true` | If `false`, disable SSL in nginx |
| `funkwhale_nginx_tls_configure_ciphers` | `true` | Set TLS ciphers, curves, etc, overriding any settings in http{} | | `funkwhale_nginx_tls_configure_ciphers` | `true` | Set TLS ciphers, curves, etc, overriding any settings in http{} |
| `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use | | `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use |
| `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. | | `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. |
| `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis | | `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis |
| `funkwhale_ssl_cert_path` | `` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) | | `funkwhale_ssl_cert_path` | `""` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_ssl_key_path` | `` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) | | `funkwhale_ssl_key_path` | `""` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
| `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored | | `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored |
| `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services | | `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services |
| `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host | | `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host |
| `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` | | `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` |
| `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration | | `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration |
| `funkwhale_version` | `latest` | The version to install/upgrade to. You can also use `develop` to run the development branch |
| `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download | | `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download |
| `funkwhale_custom_settings` | `` | Some Python code to append to `api/config/settings/production.py`. Use funkwhale_custom_settings: |` for multiline code. | | `funkwhale_custom_settings` | `""` | Some Python code to append to `api/config/settings/production.py`. Use `funkwhale_custom_settings: \| ` for multiline code. |
**Installing from source** **Installing from source**
...@@ -155,41 +150,35 @@ If you want to install Funkwhale from source (e.g to try a nonproduction branch, ...@@ -155,41 +150,35 @@ If you want to install Funkwhale from source (e.g to try a nonproduction branch,
following variables: following variables:
| name | Default | Description | | name | Default | Description |
| --------------------------------------- | ----------------------------------------------------- | --------------------------------------------- | | ------------------------------- | ----------------------------------------------------- | --------------------------------------- |
| `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source | | `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source |
| `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use | | `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use |
Use the `funkwhale_version` variable to control the git tag/branch to checkout. Use the `funkwhale_version` variable to control the git tag/branch to checkout.
Supported platforms ## Supported platforms
-------------------
- Debian 9 - Debian 9
- More to come - More to come
Dependencies ## Dependencies
------------
This roles has no other dependencies. This roles has no other dependencies.
Tests ## Tests
-----
This role is tested using [molecule](https://molecule.readthedocs.io/en/stable/). This role is tested using [molecule](https://molecule.readthedocs.io/en/stable/).
We don't have CI yet, but you can run the tests with `molecule test`. We don't have CI yet, but you can run the tests with `molecule test`.
Todo ## Todo
----
- Backups - Backups
- Superuser creation - Superuser creation
License ## License
-------
AGPL3 AGPL3
Author Information ## Author Information
------------------
Contact us at https://funkwhale.audio/community/ Contact us at https://funkwhale.audio/community/
defaults/main.yml
View file @ 3f0294c3
...@@ -40,7 +40,7 @@ funkwhale_letsencrypt_certbot_flags: ...@@ -40,7 +40,7 @@ funkwhale_letsencrypt_certbot_flags:
funkwhale_letsencrypt_enabled: true funkwhale_letsencrypt_enabled: true
funkwhale_letsencrypt_skip_cert: false funkwhale_letsencrypt_skip_cert: false
funkwhale_nginx_csp_policy: "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:" funkwhale_nginx_csp_policy: "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"
funkwhale_redis_managed: true funkwhale_redis_managed: true
funkwhale_api_ip: 127.0.0.1 funkwhale_api_ip: 127.0.0.1
funkwhale_api_port: 5000 funkwhale_api_port: 5000
......
install.sh 100644 → 100755
View file @ 3f0294c3
...@@ -12,7 +12,7 @@ funkwhale_hostname="${FUNKWHALE_DOMAIN-}" ...@@ -12,7 +12,7 @@ funkwhale_hostname="${FUNKWHALE_DOMAIN-}"
funkwhale_admin_email="${FUNKWHALE_ADMIN_EMAIL-}" funkwhale_admin_email="${FUNKWHALE_ADMIN_EMAIL-}"
funkwhale_admin_username="${FUNKWHALE_ADMIN_USERNAME-}" funkwhale_admin_username="${FUNKWHALE_ADMIN_USERNAME-}"
ansible_flags="${ANSIBLE_FLAGS- --diff}" ansible_flags="${ANSIBLE_FLAGS- --diff}"
ansible_version="${ANSIBLE_VERSION-2.8.2}" ansible_version="${ANSIBLE_VERSION-4.10.0}"
customize_install="${CUSTOMIZE_INSTALL-}" customize_install="${CUSTOMIZE_INSTALL-}"
skip_confirm="${SKIP_CONFIRM-}" skip_confirm="${SKIP_CONFIRM-}"
is_dry_run=${DRY_RUN-false} is_dry_run=${DRY_RUN-false}
...@@ -20,7 +20,7 @@ min_python_version_major="3" ...@@ -20,7 +20,7 @@ min_python_version_major="3"
min_python_version_minor="5" min_python_version_minor="5"
base_path="/srv/funkwhale" base_path="/srv/funkwhale"
ansible_conf_path="$base_path/ansible" ansible_conf_path="$base_path/ansible"
ansible_bin_path="$HOME/.local/bin" ansible_venv_path="$HOME/.local/ansible"
ansible_funkwhale_role_version="${ANSIBLE_FUNKWHALE_ROLE_VERSION-master}" ansible_funkwhale_role_version="${ANSIBLE_FUNKWHALE_ROLE_VERSION-master}"
ansible_funkwhale_role_path="${ANSIBLE_FUNKWHALE_ROLE_PATH-}" ansible_funkwhale_role_path="${ANSIBLE_FUNKWHALE_ROLE_PATH-}"
funkwhale_systemd_after="" funkwhale_systemd_after=""
...@@ -216,9 +216,11 @@ do_install() { ...@@ -216,9 +216,11 @@ do_install() {
init_ansible() { init_ansible() {
echo "[2/$total_steps] Installing ansible dependencies..." echo "[2/$total_steps] Installing ansible dependencies..."
install_packages curl git python3-pip python3-apt sudo locales locales-all install_packages curl git python3-pip python3-venv python3-apt python3-psycopg2 sudo locales locales-all
echo "[2/$total_steps] Installing Ansible..." echo "[2/$total_steps] Installing Ansible..."
pip3 install --user ansible=="$ansible_version" psycopg2-binary python3 -m venv $ansible_venv_path
$ansible_venv_path/bin/pip3 install --upgrade pip
$ansible_venv_path/bin/pip3 install ansible=="$ansible_version"
echo "[2/$total_steps] Creating ansible configuration files in $ansible_conf_path..." echo "[2/$total_steps] Creating ansible configuration files in $ansible_conf_path..."
mkdir -p "$ansible_conf_path" mkdir -p "$ansible_conf_path"
...@@ -275,13 +277,19 @@ EOF ...@@ -275,13 +277,19 @@ EOF
if [ "$funkwhale_systemd_managed" = "false" ]; then if [ "$funkwhale_systemd_managed" = "false" ]; then
cat <<EOF >>playbook.yml cat <<EOF >>playbook.yml
funkwhale_systemd_managed: false funkwhale_systemd_managed: false
EOF
fi
if [ "$(lsb_release -sc)" = "focal" ]; then
cat <<EOF >>playbook.yml
funkwhale_custom_pip_packages:
- twisted==22.4.0
EOF EOF
fi fi
cat <<EOF >reconfigure cat <<EOF >reconfigure
#!/bin/sh #!/bin/sh
# reapply playbook with existing parameter # reapply playbook with existing parameter
# Useful if you changed some variables in playbook.yml # Useful if you changed some variables in playbook.yml
exec $ansible_bin_path/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags exec $ansible_venv_path/bin/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags
EOF EOF
chmod +x ./reconfigure chmod +x ./reconfigure
if [ "$funkwhale_redis_managed" = "false" ]; then if [ "$funkwhale_redis_managed" = "false" ]; then
...@@ -300,7 +308,7 @@ EOF ...@@ -300,7 +308,7 @@ EOF
EOF EOF
if [ "$ansible_funkwhale_role_path" = '' ]; then if [ "$ansible_funkwhale_role_path" = '' ]; then
echo "[2/$total_steps] Downloading Funkwhale playbook dependencies" echo "[2/$total_steps] Downloading Funkwhale playbook dependencies"
$ansible_bin_path/ansible-galaxy install -r requirements.yml -f $ansible_venv_path/bin/ansible-galaxy install -r requirements.yml -f
else else
echo "[2/$total_steps] Skipping playbook dependencies, using local role instead" echo "[2/$total_steps] Skipping playbook dependencies, using local role instead"
fi fi
...@@ -308,7 +316,7 @@ EOF ...@@ -308,7 +316,7 @@ EOF
run_playbook() { run_playbook() {
cd "$ansible_conf_path" cd "$ansible_conf_path"
echo "[3/$total_steps] Installing Funkwhale using ansible playbook in $ansible_conf_path..." echo "[3/$total_steps] Installing Funkwhale using ansible playbook in $ansible_conf_path..."
playbook_command="$ansible_bin_path/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags" playbook_command="$ansible_venv_path/bin/ansible-playbook -i $ansible_conf_path/inventory.ini $ansible_conf_path/playbook.yml -u root $ansible_flags"
if [ "$is_dry_run" = "true" ]; then if [ "$is_dry_run" = "true" ]; then
playbook_command="$playbook_command --check" playbook_command="$playbook_command --check"
echo "[3/$total_steps] Skipping playbook because DRY_RUN=true" echo "[3/$total_steps] Skipping playbook because DRY_RUN=true"
...@@ -326,19 +334,20 @@ configure_server() { ...@@ -326,19 +334,20 @@ configure_server() {
cat <<EOF >$base_path/manage cat <<EOF >$base_path/manage
#!/bin/sh #!/bin/sh
set -eu set -eu
sudo -u funkwhale -E $base_path/virtualenv/bin/python $base_path/api/manage.py \$@ sudo -u funkwhale -E $base_path/virtualenv/bin/funkwhale-manage \$@
EOF EOF
chmod +x $base_path/manage chmod +x $base_path/manage
if [ -z "$funkwhale_admin_username" ]; then if [ -z "$funkwhale_admin_username" ]; then
echo "[4/$total_steps] Skipping superuser account creation" echo "[4/$total_steps] Skipping superuser account creation"
else else
echo "[4/$total_steps] Creating superuser account…" echo "[4/$total_steps] Creating superuser account…"
if [ -z "$FUNKWHALE_CLI_USER_PASSWORD" ]; then
echo " Please input the password for the admin account password" echo " Please input the password for the admin account password"
LOGLEVEL=error sudo -u funkwhale -E $base_path/virtualenv/bin/python \ fi
$base_path/api/manage.py createsuperuser \ LOGLEVEL=error sudo -u funkwhale -E \
$base_path/virtualenv/bin/funkwhale-manage fw users create --superuser \
--email $funkwhale_admin_email \ --email $funkwhale_admin_email \
--username $funkwhale_admin_username \ --username $funkwhale_admin_username
-v 0
fi fi
} }
......
meta/main.yml
View file @ 3f0294c3
molecule/default/Dockerfile.j2
View file @ 3f0294c3
...@@ -6,7 +6,7 @@ FROM {{ item.registry.url }}/{{ item.image }} ...@@ -6,7 +6,7 @@ FROM {{ item.registry.url }}/{{ item.image }}
FROM {{ item.image }} FROM {{ item.image }}
{% endif %} {% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-setuptools sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
......
molecule/default/playbook.yml molecule/default/converge.yml
View file @ 3f0294c3
...@@ -12,7 +12,6 @@ ...@@ -12,7 +12,6 @@
funkwhale_ssl_cert_path: /certs/test.crt funkwhale_ssl_cert_path: /certs/test.crt
funkwhale_ssl_key_path: /certs/test.key funkwhale_ssl_key_path: /certs/test.key
funkwhale_hostname: yourdomain.funkwhale funkwhale_hostname: yourdomain.funkwhale
funkwhale_version: 0.19.0-rc2
funkwhale_env_vars: funkwhale_env_vars:
- EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587 - EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587
- DEFAULT_FROM_EMAIL=noreply@yourdomain.funkwhale - DEFAULT_FROM_EMAIL=noreply@yourdomain.funkwhale
......
molecule/default/molecule.yml
View file @ 3f0294c3
...@@ -3,11 +3,13 @@ dependency: ...@@ -3,11 +3,13 @@ dependency:
name: galaxy name: galaxy
driver: driver:
name: docker name: docker
lint: lint: |
name: yamllint yamllint .
ansible-lint
#flake8
platforms: platforms:
- name: debian-stretch - name: debian-buster
image: alehaa/debian-systemd:stretch image: alehaa/debian-systemd:buster
command: /sbin/init command: /sbin/init
tmpfs: tmpfs:
- /run - /run
...@@ -17,11 +19,10 @@ platforms: ...@@ -17,11 +19,10 @@ platforms:
provisioner: provisioner:
name: ansible name: ansible
lint: inventory:
name: ansible-lint host_vars:
debian-buster:
ansible_python_interpreter: "/usr/bin/python3"
verifier: verifier:
name: testinfra name: testinfra
lint:
name: flake8
enabled: False
renovate.json 0 → 100644
View file @ 3f0294c3
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}
tasks/db.yml
View file @ 3f0294c3
...@@ -51,9 +51,7 @@ ...@@ -51,9 +51,7 @@
db: "{{ funkwhale_database_name }}" db: "{{ funkwhale_database_name }}"
name: "{{ myext }}" name: "{{ myext }}"
login_user: postgres login_user: postgres
loop: ['unaccent', 'citext'] loop: ["unaccent", "citext"]
loop_control: loop_control:
loop_var: myext loop_var: myext
delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}" delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
...
tasks/funkwhale.yml
View file @ 3f0294c3
--- ---
- name: Check latest version
when: funkwhale_version is not defined or funkwhale_version == "latest"
uri:
url: https://docs.funkwhale.audio/latest.txt
return_content: yes
register: latest_version
- name: Set version to install
set_fact:
funkwhale_install_version: "{{ latest_version.get('content', funkwhale_version) | trim }}"
- name: Ensure home folder can be created - name: Ensure home folder can be created
become: true become: true
...@@ -13,12 +23,23 @@ ...@@ -13,12 +23,23 @@
shell: /bin/false shell: /bin/false
home: "{{ funkwhale_install_path }}" home: "{{ funkwhale_install_path }}"
- name: "Delete old source files"
become: true
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ funkwhale_install_path }}/front"
- "{{ funkwhale_install_path }}/api"
- name: "Create funkwhale directories" - name: "Create funkwhale directories"
become: true become: true
file: file:
path: "{{ item }}" path: "{{ item }}"
owner: "{{ funkwhale_username }}" owner: "{{ funkwhale_username }}"
group: "{{ funkwhale_username }}"
state: directory state: directory
mode: "755"
with_items: with_items:
- "{{ funkwhale_install_path }}" - "{{ funkwhale_install_path }}"
- "{{ funkwhale_media_path }}" - "{{ funkwhale_media_path }}"
...@@ -32,19 +53,20 @@ ...@@ -32,19 +53,20 @@
register: "result_django_secret_key" register: "result_django_secret_key"
- name: "Generate a random secret key" - name: "Generate a random secret key"
when: result_django_secret_key.stat.exists == False when: not result_django_secret_key.stat.exists
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
command: "openssl rand -hex 25" command: "openssl rand -hex 25"
register: result_secret_key_generation register: result_secret_key_generation
- name: "Create django_secret_key file" - name: "Create django_secret_key file"
when: not ansible_check_mode and result_django_secret_key.stat.exists == False when: not ansible_check_mode and not result_django_secret_key.stat.exists
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
copy: copy:
content: "{{ result_secret_key_generation.stdout }}" content: "{{ result_secret_key_generation.stdout }}"
dest: "{{ funkwhale_config_path }}/django_secret_key" dest: "{{ funkwhale_config_path }}/django_secret_key"
mode: "600"
- name: "Setup a dummy secret key" - name: "Setup a dummy secret key"
when: ansible_check_mode when: ansible_check_mode
...@@ -73,13 +95,12 @@ ...@@ -73,13 +95,12 @@
notify: notify:
- restart funkwhale - restart funkwhale
- name: Download front-end files - name: Download front-end files
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
when: funkwhale_frontend_managed and not funkwhale_install_from_source when: funkwhale_frontend_managed and not funkwhale_install_from_source
unarchive: unarchive:
src: https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/{{ funkwhale_version }}/download?job=build_front src: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_install_version }}/download?job=build_front
dest: "{{ funkwhale_install_path }}" dest: "{{ funkwhale_install_path }}"
remote_src: true remote_src: true
notify: notify:
...@@ -90,7 +111,7 @@ ...@@ -90,7 +111,7 @@
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
when: not funkwhale_install_from_source when: not funkwhale_install_from_source
unarchive: unarchive:
src: https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/{{ funkwhale_version }}/download?job=build_api src: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_install_version }}/download?job=build_api
dest: "{{ funkwhale_install_path }}" dest: "{{ funkwhale_install_path }}"
remote_src: true remote_src: true
notify: notify:
...@@ -104,7 +125,7 @@ ...@@ -104,7 +125,7 @@
git: git:
repo: "{{ funkwhale_source_url }}" repo: "{{ funkwhale_source_url }}"
dest: "{{ funkwhale_install_path }}/src" dest: "{{ funkwhale_install_path }}/src"
version: "{{ funkwhale_version }}" version: "{{ funkwhale_install_version }}"
force: true force: true
notify: notify:
- reload funkwhale - reload funkwhale
...@@ -156,7 +177,7 @@ ...@@ -156,7 +177,7 @@
- "deb https://dl.yarnpkg.com/debian/ stable main" - "deb https://dl.yarnpkg.com/debian/ stable main"
- "deb https://deb.nodesource.com/node_{{ funkwhale_node_version }}.x {{ ansible_distribution_release }} main" - "deb https://deb.nodesource.com/node_{{ funkwhale_node_version }}.x {{ ansible_distribution_release }} main"
- name: "Install frontend depencies" - name: "Install frontend dependencies"
become: true become: true
when: funkwhale_frontend_managed and funkwhale_install_from_source when: funkwhale_frontend_managed and funkwhale_install_from_source
package: package:
...@@ -189,11 +210,20 @@ ...@@ -189,11 +210,20 @@
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
pip: pip:
name: wheel name:
- "wheel"
- "pip>=21.3"
- "setuptools>=64"
virtualenv: "{{ funkwhale_install_path }}/virtualenv" virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3 virtualenv_python: python3
- name: "Install python dependencies" # Deprecated, not required anymore after funkwhale 1.3
- name: "Check if requirements.txt exists"
stat:
path: "{{ funkwhale_install_path }}/api/requirements.txt"
register: "requirements_file"
- name: "Install python dependencies from requirements.txt"
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
pip: pip:
...@@ -202,6 +232,19 @@ ...@@ -202,6 +232,19 @@
virtualenv_python: python3 virtualenv_python: python3
notify: notify:
- reload funkwhale - reload funkwhale
when: requirements_file.stat.exists
- name: "Install python dependencies from pyproject.toml"
become: true
become_user: "{{ funkwhale_username }}"
pip:
name: "{{ funkwhale_install_path }}/api"
editable: true
virtualenv: "{{ funkwhale_install_path }}/virtualenv"
virtualenv_python: python3
notify:
- reload funkwhale
when: not requirements_file.stat.exists
- name: "Install custom python dependencies, if any" - name: "Install custom python dependencies, if any"
when: funkwhale_custom_pip_packages is defined and (funkwhale_custom_pip_packages|length>0) when: funkwhale_custom_pip_packages is defined and (funkwhale_custom_pip_packages|length>0)
...@@ -235,9 +278,8 @@ ...@@ -235,9 +278,8 @@
insertafter: "EOF" insertafter: "EOF"
block: "{{ funkwhale_custom_settings }}" block: "{{ funkwhale_custom_settings }}"
- name: "Collect static files" - name: "Collect static files"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py collectstatic --no-input" command: "{{ funkwhale_install_path }}/virtualenv/bin/funkwhale-manage collectstatic --no-input"
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
args: args:
...@@ -246,6 +288,6 @@ ...@@ -246,6 +288,6 @@
- name: "Apply database migrations" - name: "Apply database migrations"
become: true become: true
become_user: "{{ funkwhale_username }}" become_user: "{{ funkwhale_username }}"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py migrate --no-input" command: "{{ funkwhale_install_path }}/virtualenv/bin/funkwhale-manage migrate --no-input"
args: args:
chdir: "{{ funkwhale_install_path }}" chdir: "{{ funkwhale_install_path }}"
tasks/main.yml
View file @ 3f0294c3
tasks/nginx.yml
View file @ 3f0294c3
...@@ -15,30 +15,35 @@ ...@@ -15,30 +15,35 @@
# from https://gist.github.com/mattiaslundberg/ba214a35060d3c8603e9b1ec8627d349 # from https://gist.github.com/mattiaslundberg/ba214a35060d3c8603e9b1ec8627d349
- name: Check if certbot is already installed
stat:
path: "/usr/bin/certbot"
register: "certbot_installed"
- name: Install snapd - name: Install snapd
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
package: package:
name: snapd name: snapd
state: present state: present
- name: Prepare snapd for certbot installation - name: Prepare snapd for certbot installation
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
command: snap install core command: snap install core
- name: Refresh core snap before installing certbot - name: Refresh core snap before installing certbot
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
command: snap refresh core command: snap refresh core
- name: Install certbot snap - name: Install certbot snap
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
command: snap install --classic certbot command: snap install --classic certbot
- name: Link certbot snap installation - name: Link certbot snap installation
when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled when: funkwhale_nginx_managed and funkwhale_letsencrypt_enabled and not certbot_installed.stat.exists
become: true become: true
file: file:
src: /snap/bin/certbot src: /snap/bin/certbot
...@@ -66,6 +71,7 @@ ...@@ -66,6 +71,7 @@
template: template:
src: funkwhale_proxy.conf.j2 src: funkwhale_proxy.conf.j2
dest: "/etc/nginx/funkwhale_proxy.conf" dest: "/etc/nginx/funkwhale_proxy.conf"
mode: "644"
notify: notify:
- reload nginx - reload nginx
...@@ -75,5 +81,6 @@ ...@@ -75,5 +81,6 @@
template: template:
src: nginx.conf.j2 src: nginx.conf.j2
dest: "/etc/nginx/sites-enabled/{{ funkwhale_hostname }}.conf" dest: "/etc/nginx/sites-enabled/{{ funkwhale_hostname }}.conf"
mode: "644"
notify: notify:
- reload nginx - reload nginx
tasks/services.yml
View file @ 3f0294c3
--- ---
- name: "Create {{ funkwhale_systemd_service_name }}-* systemd file" - name: "Create {{ funkwhale_systemd_service_name }}-* systemd file"
become: true become: true
when: funkwhale_systemd_managed when: funkwhale_systemd_managed
......
templates/funkwhale_proxy.conf.j2
View file @ 3f0294c3
# global proxy conf # global proxy conf
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
{% if not funkwhale_nginx_tls_termination -%} {% if not funkwhale_nginx_tls_termination -%}
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off; proxy_redirect off;
{% endif -%} {% endif -%}
# websocket support # websocket support
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection $funkwhale_connection_upgrade;