ansible merge requestshttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests2020-10-01T07:14:28Zhttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/22Add setting for custom nginx config2020-10-01T07:14:28ZmalAdd setting for custom nginx configIn my vhosts, I use an included file for an ACME location block. This PR adds the ability to append arbitrary nginx config to the ansible-installed vhost, which allows me to do what I need to do without needing to maintain my own copy of...In my vhosts, I use an included file for an ACME location block. This PR adds the ability to append arbitrary nginx config to the ansible-installed vhost, which allows me to do what I need to do without needing to maintain my own copy of the entire vhost.
It adds a config var, `funkwhale_nginx_additional_config`, with an empty default.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/21Add setting to disable nginx TLS cipher config2020-10-01T07:13:45ZmalAdd setting to disable nginx TLS cipher configI configure TLS settings in the http{} block in my /etc/nginx/nginx.conf. Attempting to override these settings:
- Interferes with my cipher choices and TLS config on other sites
- In my case (probably because of TLSv1.3), causes the fun...I configure TLS settings in the http{} block in my /etc/nginx/nginx.conf. Attempting to override these settings:
- Interferes with my cipher choices and TLS config on other sites
- In my case (probably because of TLSv1.3), causes the funkwhale site to fail to load with SSL_ERROR_ILLEGAL_PARAMETER_ALERT
This PR adds the `funkwhale_nginx_tls_configure_ciphers` var to disable funkwhale's overriding of the following settings:
```
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
```
The default of `true` maintains the current behavior for indifferent users.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/20fix: remove duplicate task with "Install frontend depencies"2020-07-03T09:38:35Zkippixfix: remove duplicate task with "Install frontend depencies"https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/19Clean ansible task2020-07-01T12:20:58ZkippixClean ansible taskhttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/18Master2020-07-01T10:15:14ZkippixMasterhttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/17fix: add missing dependencies package on debian 102020-07-03T09:40:15Zkippixfix: add missing dependencies package on debian 10```
{
- stdout: ""
- rc: 1
- stderr: Failed to connect to bus: No such file or directory
- msg: Failed to connect to bus: No such file or directory
- cmd: /usr/bin/systemctl
- stderr_lines: [ Failed to connect to bus: ...```
{
- stdout: ""
- rc: 1
- stderr: Failed to connect to bus: No such file or directory
- msg: Failed to connect to bus: No such file or directory
- cmd: /usr/bin/systemctl
- stderr_lines: [ Failed to connect to bus: No such file or directory ]
- changed: False
}
```
Solve with: `apt install dbus`
```
{
- msg: Failed to import the required Python library (psycopg2) on hifi's
Python /usr/bin/python. Please read module documentation and install in the
appropriate location. If the required library is installed, but Ansible is using
the wrong Python interpreter, please consult the documentation on
ansible_python_interpreter
- warnings: [ Module did not set no_log for no_password_changes ]
- changed: False
}
```
Solve with: `apt install python-psycopg2`
```
{
- msg: Failed to find required executable virtualenv in paths:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- changed: False
}
```
Solve with: `apt install virtualenv`https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/16Remove --renew flag for certbot-auto which causes errors2020-05-15T12:45:58ZxenofemRemove --renew flag for certbot-auto which causes errorsThe `--renew` flag given to `certbot-auto` in the cronjob doesn't exist for the version that got installed on my server, and causes it to fail with an error message. The default behavior if there's an existing certificate is already to a...The `--renew` flag given to `certbot-auto` in the cronjob doesn't exist for the version that got installed on my server, and causes it to fail with an error message. The default behavior if there's an existing certificate is already to attempt a renewal, so this flag isn't necessary.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/15Fixed some db issues due to delegation2020-04-24T08:45:18ZAgateFixed some db issues due to delegation!9 introduced some issues during upgrade as delegation to localhost (the host executing the playbook) would not work when you try to apply the playbook on a remote host.!9 introduced some issues during upgrade as delegation to localhost (the host executing the playbook) would not work when you try to apply the playbook on a remote host.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/14Added CSP configuration2020-04-23T08:51:41ZAgateAdded CSP configurationhttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/13Use full path for certbot-auto in cronjob2020-04-23T08:38:00ZxenofemUse full path for certbot-auto in cronjobOn my Debian 10 system, the cronjob for `certbot-auto` fails because it can't find certbot-auto. It looks like the default environment used for root's crontab is pretty sparse and doesn't include `/usr/local/bin`, so I've changed the cro...On my Debian 10 system, the cronjob for `certbot-auto` fails because it can't find certbot-auto. It looks like the default environment used for root's crontab is pretty sparse and doesn't include `/usr/local/bin`, so I've changed the cronjob to refer to `certbot-auto` by its full path, which fixes the issue and is safer in general.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/12Always set X-Forwarded-Proto to avoid mixed content warnings2020-04-23T08:37:30ZxenofemAlways set X-Forwarded-Proto to avoid mixed content warningsThis fixes mixed content warnings I've been getting when loading album covers. As documented in https://dev.funkwhale.audio/funkwhale/funkwhale/-/issues/901 and https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/237 , the X...This fixes mixed content warnings I've been getting when loading album covers. As documented in https://dev.funkwhale.audio/funkwhale/funkwhale/-/issues/901 and https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/237 , the X-Forwarded-Proto header needs to be set to https so album covers will be loaded securely, even when we have a TLS terminating proxy.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/11readme: spelling/grammar fixes2020-02-25T08:51:05ZGhost Userreadme: spelling/grammar fixesJust some petty english fixes. :)Just some petty english fixes. :)https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/10Nginx support for http local reverse proxy (i.e. TLS reverse higher up the ch...2020-02-06T13:41:05ZJeanNginx support for http local reverse proxy (i.e. TLS reverse higher up the chain)Addressing part of #6.
Here we add key and modify nginx templates (compression settings becomes an option) to handle both Nginx as a TLS reverse proxy (default and current behaviour) or as a local HTTP Web server tapping into funkwhale ...Addressing part of #6.
Here we add key and modify nginx templates (compression settings becomes an option) to handle both Nginx as a TLS reverse proxy (default and current behaviour) or as a local HTTP Web server tapping into funkwhale server.
This new option, when enabled, also removes some of the proxy settings, which were counter-productive on my own implementation, resulting in mixed HTTP/HTTPS content.https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/9Add possibility to handle remote managed postgresql setup2020-04-24T08:39:56ZJeanAdd possibility to handle remote managed postgresql setupThis is to address another part of issue #6
This has been only partly tested (on the new possibility of remote postgresql setup), on classic (remote) Ansible deployment, but not through the shell script + ansible mix installation.
...This is to address another part of issue #6
This has been only partly tested (on the new possibility of remote postgresql setup), on classic (remote) Ansible deployment, but not through the shell script + ansible mix installation.
The new keys have been set in order to match current expectations (i.e. a local install of postgresql).
I end up declaring `funkwhale_database_url` in playbook and modifying `DATABASE_URL` in `.env` (it feels redundant).https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/8handling custom path with non-existent subdirs2020-02-04T09:25:22ZJeanhandling custom path with non-existent subdirsAddresses part of issue #6Addresses part of issue #6https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/7Now support installing funkwhale from source2020-01-17T13:39:03ZAgateNow support installing funkwhale from sourceCf Readme for how-toCf Readme for how-tobackloghttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/6CI tests2020-01-07T11:15:42ZAgateCI testshttps://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/5Clarify when Certbot is installed2020-01-02T13:25:59ZAustin BohannonClarify when Certbot is installedCloses #3Closes #3https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/4Update db.yml so postgresql_db uses template02020-01-02T13:25:15ZAustin BohannonUpdate db.yml so postgresql_db uses template0Closes #5Closes #5https://dev.funkwhale.audio/funkwhale/ansible/-/merge_requests/3Update nginx.conf.j2 based on https://governance.funkwhale.audio/d/0P4YcUp6/c...2019-11-14T10:07:24ZSergey KaratkevichUpdate nginx.conf.j2 based on https://governance.funkwhale.audio/d/0P4YcUp6/comment/1008MR based on discussionMR based on discussion