diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 04babbe0fe4841afe4474f4878ef1193b684f0a2..8f53c0549e895584dd168a7b6dd5b532c406f917 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,4 @@
---
-
stages:
- test
- deploy
diff --git a/README.md b/README.md
index 4b7039b964dd5656b822f7af6ff1d770eb38fcd3..c5727b88908d6c5783400119260ce9137c4eab0f 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,8 @@
-Funkwhale ansible role
-======================
+# Funkwhale ansible role
An ansible role to install and update [Funkwhale](https://funkwhale.audio).
-Summary
--------
+## Summary
Using this role, you can install and upgrade a Funkwhale pod, closely matching our [standard installation guide](https://docs.funkwhale.audio/installation/debian.html). The role will take care of:
@@ -13,8 +11,7 @@ Using this role, you can install and upgrade a Funkwhale pod, closely matching o
- Install and configure Funkwhale and it's dependencies
- Install and configure a SSL certificate with Let's Encrypt (optional)
-Philosophy
-----------
+## Philosophy
This role strives to:
@@ -25,8 +22,7 @@ This role strives to:
- Allow running multiple Funkwhale instances on the same host
- Avoid messing with existing software and apps on the server
-Installation and usage
-----------------------
+## Installation and usage
Install ansible:
@@ -93,102 +89,95 @@ Launch the installation (in check mode, so nothing is applied):
```
ansible-playbook --ask-become-pass -i inventory.ini playbook.yml --check --diff
```
-*On some hosts, you may need to install the `python-apt` package for check mode to work*.
+
+_On some hosts, you may need to install the `python-apt` package for check mode to work_.
This command will show you the changes that would be applied to your system. If you are comfortable with them,
rerun the same command without the `--check` flag.
Once installation is complete, run `/srv/funkwhale/virtualenv/bin/python /srv/funkwhale/api/manage.py createsuperuser` to create your admin account.
-Role Variables
---------------
+## Role Variables
**Required variables**
-| name | Example | Description |
-| ----------------------------- | ----------------------------- | --------------------------------------------- |
-| `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod |
-| `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) |
+| name | Example | Description |
+| ----------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
+| `funkwhale_hostname` | `yourdomain.funkwhale` | The domain name of your Funkwhale pod |
+| `funkwhale_letsencrypt_email` | `contact@youremail.com` | The email to associate with your Let's Encrypt certificate (not needed if you set `funkwhale_letsencrypt_enabled: false`, see below) |
**Optional variables**
-
-| name | Default | Description |
-| --------------------------------------- | ----------------------------- | --------------------------------------------- |
-| `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server |
-| `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server |
-| `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory |
-| `funkwhale_nginx_csp_policy` | `"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"` | Content-Security-Policy header to us. You will need to tweak this if you're serving media files from a separate domain. |
-| `funkwhale_database_managed` | `true` | If `true`, the role will manage the database server and Funkwhale's database |
-| `funkwhale_database_name` | `funkwhale` | Name of the Funkwhale database to use |
-| `funkwhale_database_user` | `funkwhale` | Postgresql username to login as |
-| `funkwhale_env_vars` | `[]` | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` |
-| `funkwhale_external_storage_enabled` | `false` | If `true`, set up the proper configuration to use an external storage for media files |
-| `funkwhale_disable_django_admin` | `false` | If `true`, returns a 403 (Forbidden) for `/api/admin` |
-| `funkwhale_gunicorn_extra_args` | `""` | Additional args to pass to gunicorn in the `funkwhale-server.service` file. Refer to [gunicorn's documentation](https://docs.gunicorn.org/en/stable/settings.html) for possible options |
-| `funkwhale_install_path` | `/srv/funkwhale` | Path where frontend, api and virtualenv files should be stored (**no trailing slash**) |
-| `funkwhale_letsencrypt_certbot_flags` | `null` | Additional flags to pass to `certbot` |
-| `funkwhale_letsencrypt_enabled` | `true` | If `true`, will configure SSL with certbot and Let's Encrypt |
-| `funkwhale_media_path` | `/srv/funkwhale/data/media` | Path where audio and uploaded files should be stored (**no trailing slash**) |
-| `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) |
-| `funkwhale_nginx_additional_config` | `""` | Additional nginx configuration to add to the Funkwhale `server{}` block |
-| `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx |
-| `funkwhale_nginx_tls_configure_ciphers` | `true` | Set TLS ciphers, curves, etc, overriding any settings in http{} |
-| `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use |
-| `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. |
-| `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis |
-| `funkwhale_ssl_cert_path` | `` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
-| `funkwhale_ssl_key_path` | `` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
-| `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored |
-| `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services |
-| `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host |
-| `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` |
-| `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration |
-| `funkwhale_version` | `latest` | The version to install/upgrade to. You can also use `develop` to run the development branch |
-| `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download |
-| `funkwhale_custom_settings` | `` | Some Python code to append to `api/config/settings/production.py`. Use funkwhale_custom_settings: |` for multiline code. |
+| name | Default | Description |
+| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
+| `funkwhale_api_ip` | `127.0.0.1` | IP address with which to bind the Funkwhale server |
+| `funkwhale_api_port` | `5000` | Port with which to bind the Funkwhale server |
+| `funkwhale_config_path` | `/srv/funkwhale/config` | Path to Funkwhale's configuration directory |
+| `funkwhale_nginx_csp_policy` | `"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"` | Content-Security-Policy header to us. You will need to tweak this if you're serving media files from a separate domain. |
+| `funkwhale_database_managed` | `true` | If `true`, the role will manage the database server and Funkwhale's database |
+| `funkwhale_database_name` | `funkwhale` | Name of the Funkwhale database to use |
+| `funkwhale_database_user` | `funkwhale` | Postgresql username to login as |
+| `funkwhale_env_vars` | `[]` | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` |
+| `funkwhale_external_storage_enabled` | `false` | If `true`, set up the proper configuration to use an external storage for media files |
+| `funkwhale_disable_django_admin` | `false` | If `true`, returns a 403 (Forbidden) for `/api/admin` |
+| `funkwhale_gunicorn_extra_args` | `""` | Additional args to pass to gunicorn in the `funkwhale-server.service` file. Refer to [gunicorn's documentation](https://docs.gunicorn.org/en/stable/settings.html) for possible options |
+| `funkwhale_install_path` | `/srv/funkwhale` | Path where frontend, api and virtualenv files should be stored (**no trailing slash**) |
+| `funkwhale_letsencrypt_certbot_flags` | `null` | Additional flags to pass to `certbot` |
+| `funkwhale_letsencrypt_enabled` | `true` | If `true`, will configure SSL with certbot and Let's Encrypt |
+| `funkwhale_media_path` | `/srv/funkwhale/data/media` | Path where audio and uploaded files should be stored (**no trailing slash**) |
+| `funkwhale_music_path` | `/srv/funkwhale/data/music` | Path to your existing music library, to use with [CLI import](https://docs.funkwhale.audio/admin/importing-music.html) (**no trailing slash**) |
+| `funkwhale_nginx_additional_config` | `""` | Additional nginx configuration to add to the Funkwhale `server{}` block |
+| `funkwhale_nginx_managed` | `true` | If `true`, will install and configure nginx |
+| `funkwhale_nginx_tls_configure_ciphers` | `true` | Set TLS ciphers, curves, etc, overriding any settings in http{} |
+| `funkwhale_nginx_max_body_size` | `100M` | Value of nginx's `max_body_size` parameter to use |
+| `funkwhale_protocol` | `https` | If set to `https`, will configure Funkwhale and Nginx to work behind HTTPS. Use `http` to completely disable SSL. |
+| `funkwhale_redis_managed` | `true` | If `true`, will install and configure redis |
+| `funkwhale_ssl_cert_path` | `` | Path to an existing SSL certificate to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
+| `funkwhale_ssl_key_path` | `` | Path to an existing SSL key to use (use in combination with `funkwhale_letsencrypt_enabled: false`) |
+| `funkwhale_static_path` | `/srv/funkwhale/data/static` | Path where Funkwhale static files should be stored |
+| `funkwhale_systemd_managed` | `true` | If `true`, will configure Funkwhale systemd services |
+| `funkwhale_systemd_after` | `redis.service postgresql.service` | Configuration used for Systemd `After=` directive. Modify it if you have a database or redis server on a separate host |
+| `funkwhale_systemd_service_name` | `funkwhale` | Name of the generated Systemd service, e.g when calling `systemctl start <xxx>` |
+| `funkwhale_username` | `funkwhale` | Username of the system user and owner of Funkwhale data, files and configuration |
+| `funkwhale_version` | `latest` | The version to install/upgrade to. You can also use `develop` to run the development branch |
+| `funkwhale_custom_pip_packages` | `[]` | A list of additional python packages to download |
+| `funkwhale_custom_settings` | `` | Some Python code to append to `api/config/settings/production.py`. Use funkwhale_custom_settings: | ` for multiline code. |
**Installing from source**
If you want to install Funkwhale from source (e.g to try a nonproduction branch, or use your own fork), you use the
following variables:
-| name | Default | Description |
-| --------------------------------------- | ----------------------------------------------------- | --------------------------------------------- |
-| `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source |
-| `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use |
+| name | Default | Description |
+| ------------------------------- | ----------------------------------------------------- | --------------------------------------- |
+| `funkwhale_install_from_source` | `false` | Install and build Funkwhale from source |
+| `funkwhale_source_url` | `https://dev.funkwhale.audio/funkwhale/funkwhale.git` | URL to the git repository to use |
Use the `funkwhale_version` variable to control the git tag/branch to checkout.
-Supported platforms
--------------------
+## Supported platforms
- Debian 9
- More to come
-Dependencies
-------------
+## Dependencies
This roles has no other dependencies.
-Tests
------
+## Tests
This role is tested using [molecule](https://molecule.readthedocs.io/en/stable/).
We don't have CI yet, but you can run the tests with `molecule test`.
-Todo
-----
+## Todo
- Backups
- Superuser creation
-License
--------
+## License
AGPL3
-Author Information
-------------------
+## Author Information
Contact us at https://funkwhale.audio/community/
diff --git a/tasks/db.yml b/tasks/db.yml
index fefe542949d5a9f11791316a04ced58e6d1b5832..8b7ba7cda07aa709162d259be842ba28ff844b01 100644
--- a/tasks/db.yml
+++ b/tasks/db.yml
@@ -51,9 +51,7 @@
db: "{{ funkwhale_database_name }}"
name: "{{ myext }}"
login_user: postgres
- loop: ['unaccent', 'citext']
+ loop: ["unaccent", "citext"]
loop_control:
loop_var: myext
delegate_to: "{{ funkwhale_database_host_ansible or inventory_hostname }}"
-
-...
diff --git a/tasks/funkwhale.yml b/tasks/funkwhale.yml
index 65304c16dc65fc9eea6f3553cce25502d30e980e..c978e49942c0758c09f304de6aaf7ee4c1ee5b5c 100644
--- a/tasks/funkwhale.yml
+++ b/tasks/funkwhale.yml
@@ -1,5 +1,4 @@
---
-
- name: Check latest version
when: funkwhale_version is not defined or funkwhale_version == "latest"
uri:
@@ -31,7 +30,7 @@
owner: "{{ funkwhale_username }}"
group: "{{ funkwhale_username }}"
state: directory
- mode: '755'
+ mode: "755"
with_items:
- "{{ funkwhale_install_path }}"
- "{{ funkwhale_media_path }}"
@@ -58,7 +57,7 @@
copy:
content: "{{ result_secret_key_generation.stdout }}"
dest: "{{ funkwhale_config_path }}/django_secret_key"
- mode: '600'
+ mode: "600"
- name: "Setup a dummy secret key"
when: ansible_check_mode
@@ -87,7 +86,6 @@
notify:
- restart funkwhale
-
- name: Download front-end files
become: true
become_user: "{{ funkwhale_username }}"
@@ -249,7 +247,6 @@
insertafter: "EOF"
block: "{{ funkwhale_custom_settings }}"
-
- name: "Collect static files"
command: "{{ funkwhale_install_path }}/virtualenv/bin/python api/manage.py collectstatic --no-input"
become: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 4858288153741a30d9912e09b4b855399fe65539..af78a5da9fb72a502286460084f93f8d0f45ed88 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: set a password for postgresql DB (remote psql server only)
- tags: [ db ]
+ tags: [db]
set_fact:
# Look up for the key 'vault_funkwhale_database_password' (for you to create, ideally in a vault).
# If no key is found,it will search inside ./pgsql_funkwhale.credentials.txt.
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
index 1f4932bf13afa5e5d57f498178e5cf323b006988..d1182dfd25391b706117fe8197ec4a71c9ba2541 100644
--- a/tasks/nginx.yml
+++ b/tasks/nginx.yml
@@ -66,7 +66,7 @@
template:
src: funkwhale_proxy.conf.j2
dest: "/etc/nginx/funkwhale_proxy.conf"
- mode: '644'
+ mode: "644"
notify:
- reload nginx
@@ -76,6 +76,6 @@
template:
src: nginx.conf.j2
dest: "/etc/nginx/sites-enabled/{{ funkwhale_hostname }}.conf"
- mode: '644'
+ mode: "644"
notify:
- reload nginx
diff --git a/tasks/services.yml b/tasks/services.yml
index 9ff452de20ea1890069ebb1a3ea3f07baf9e225f..c40acc07065594268b5bedc4bb2bb0815c45cefd 100644
--- a/tasks/services.yml
+++ b/tasks/services.yml
@@ -1,5 +1,4 @@
---
-
- name: "Create {{ funkwhale_systemd_service_name }}-* systemd file"
become: true
when: funkwhale_systemd_managed