feat: add lemmy service

2025-01-10 10:26:38 -03:00 · 2025-01-10 10:26:38 -03:00 · 467de17183
commit 467de17183
parent e00b44896f
8 changed files with 249 additions and 67 deletions
--- a/files/docker/compose-traefik.yaml
+++ b/files/docker/compose-traefik.yaml
@ -1,43 +0,0 @@
-version: '3'
-networks:
-  reverse-proxy:
-    external: true
-services:
-  traefik:
-    container_name: traefix-proxy
-    image: 'traefik:latest'
-    restart: unless-stopped
-    networks:
-      - reverse-proxy
-    ports:
-      - '80:80'
-      - '443:443'
-      - '8080:8080'
-    healthcheck:
-      test: 'wget -qO- http://localhost:80/ping || exit 1'
-      interval: 4s
-      timeout: 2s
-      retries: 5
-    volumes:
-      - '/var/run/docker.sock:/var/run/docker.sock:ro'
-      - '/data/coolify/proxy:/traefik'
-    command:
-      - '--ping=true'
-      - '--ping.entrypoint=http'
-      - '--api.dashboard=true'
-      - '--api.insecure=true'
-      - '--entrypoints.http.address=:80'
-      - '--entryPoints.http.forwardedHeaders.trustedIPs=10.0.10.0/24'
-      - '--entrypoints.https.address=:443'
-      - '--entryPoints.https.forwardedHeaders.trustedIPs=10.0.10.0/24'
-      - '--entrypoints.http.http.encodequerysemicolons=true'
-      - '--entryPoints.http.http2.maxConcurrentStreams=50'
-      - '--entrypoints.https.http.encodequerysemicolons=true'
-      - '--entryPoints.https.http2.maxConcurrentStreams=50'
-      - '--providers.docker.exposedbydefault=false'
-      - "--providers.swarm.endpoint=tcp://127.0.0.1:2377"
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.traefik.entrypoints=http
-      - traefik.http.routers.traefik.service=api@internal
-      - traefik.http.services.traefik.loadbalancer.server.port=8080
--- a/files/docker/lemmy/customPostgresql.sql
+++ b/files/docker/lemmy/customPostgresql.sql
@ -0,0 +1,32 @@
+-- DB Version: 17
+-- OS Type: linux
+-- DB Type: web
+-- Total Memory (RAM): 512 MB
+-- Data Storage: hdd
+
+ALTER SYSTEM SET
+ max_connections = '200';
+ALTER SYSTEM SET
+ shared_buffers = '128MB';
+ALTER SYSTEM SET
+ effective_cache_size = '384MB';
+ALTER SYSTEM SET
+ maintenance_work_mem = '32MB';
+ALTER SYSTEM SET
+ checkpoint_completion_target = '0.9';
+ALTER SYSTEM SET
+ wal_buffers = '3932kB';
+ALTER SYSTEM SET
+ default_statistics_target = '100';
+ALTER SYSTEM SET
+ random_page_cost = '4';
+ALTER SYSTEM SET
+ effective_io_concurrency = '2';
+ALTER SYSTEM SET
+ work_mem = '327kB';
+ALTER SYSTEM SET
+ huge_pages = 'off';
+ALTER SYSTEM SET
+ min_wal_size = '1GB';
+ALTER SYSTEM SET
+ max_wal_size = '4GB';
--- a/files/docker/lemmy/docker-stack.yaml
+++ b/files/docker/lemmy/docker-stack.yaml
@ -0,0 +1,131 @@
+networks:
+  reverse_proxy:
+    external: true
+
+configs:
+  lemmy_customPostgresql.sql:
+    external: true
+
+secrets:
+  lemmy_lemmy.hjson:
+    external: true
+  lemmy_postgres_pass.txt:
+    external: true
+  lemmy_pictrs.toml:
+    external: true
+
+volumes:
+  ui_themes:
+  pictrs:
+  db:
+
+services:
+  lemmy:
+    image: dessalines/lemmy:0.19.8
+    restart: always
+    networks:
+      - default
+      - reverse_proxy
+    environment:
+      - RUST_LOG="info"
+    secrets:
+      - source: lemmy_lemmy.hjson
+        target: /config/config.hjson
+    deploy:
+      rollback_config:
+        failure_action: continue
+      update_config:
+        delay: 2s
+        failure_action: rollback
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.services_kind==${SERVICE_KIND:-common}
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.lemmy.rule=Host(`lemmy.alecodes.page`) && (PathRegexp(`^/(api|pictrs|feeds|nodeinfo|\\.well-known)`) || HeaderRegexp(`Accept`, `^application/.*`))
+        - traefik.http.services.lemmy.loadbalancer.server.port=8536
+        - traefik.http.middlewares.lemmy-max-bodysize.buffering.maxRequestBodyBytes=20971520 # 20M
+        - traefik.http.routers.lemmy.middlewares=lemmy-max-bodysize
+
+  lemmy_ui:
+    image: dessalines/lemmy-ui:0.19.8
+    restart: always
+    networks:
+      - default
+      - reverse_proxy
+    environment:
+      - LEMMY_UI_LEMMY_INTERNAL_HOST=tasks.lemmy:8536
+      - LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.alecodes.page
+      - LEMMY_UI_HTTPS=true
+    volumes:
+      - ui_themes:/app/extra_themes
+    deploy:
+      rollback_config:
+        failure_action: continue
+      update_config:
+        delay: 2s
+        failure_action: rollback
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.services_kind==${SERVICE_KIND:-common}
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.middlewares.lemmy-ui-client-max-bodysize.buffering.maxRequestBodyBytes=20971520" # 20M
+        - "traefik.http.routers.lemmy-ui.middlewares=lemmy-ui-client-max-bodysize"
+        - "traefik.http.routers.lemmy-ui.rule=Host(`lemmy.alecodes.page`)"
+        - "traefik.http.routers.lemmy-ui.service=lemmy-ui"
+        - "traefik.http.services.lemmy-ui.loadbalancer.server.port=1234"
+
+        - "traefik.http.routers.lemmy-security-txt.rule=Host(`lemmy.alecodes.page`) && Path(`/.well-known/security.txt`)"
+        - "traefik.http.routers.lemmy-security-txt.service=lemmy-security-txt"
+        - "traefik.http.services.lemmy-security-txt.loadbalancer.server.port=1234"
+
+  pictrs:
+    image: asonix/pictrs:0.5.16
+    restart: always
+    # this needs to match the pictrs url in lemmy_lemmy.hjson
+    entrypoint: /sbin/tini -- /usr/local/bin/pict-rs -c /run/secrets/lemmy_pictrs.toml run
+    secrets:
+      - lemmy_pictrs.toml
+    environment:
+      - RUST_BACKTRACE=full
+    user: 991:991
+    volumes:
+      - pictrs:/mnt:Z
+    deploy:
+      rollback_config:
+        failure_action: continue
+      update_config:
+        delay: 2s
+        failure_action: rollback
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.services_kind==${SERVICE_KIND:-common}
+
+  lemmy_db:
+    image: pgautoupgrade/pgautoupgrade:17-bookworm
+    restart: always
+    secrets:
+      - lemmy_postgres_pass.txt
+    configs:
+      - source: lemmy_customPostgresql.sql
+        target: /docker-entrypoint-initdb.d/config.sql
+    environment:
+      - POSTGRES_USER=lemmy
+      - POSTGRES_PASSWORD_FILE=/run/secrets/lemmy_postgres_pass.txt
+      - POSTGRES_DB=lemmy
+    volumes:
+      - db:/var/lib/postgresql/data:Z
+    deploy:
+      rollback_config:
+        failure_action: continue
+      update_config:
+        delay: 2s
+        failure_action: rollback
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.services_kind==${SERVICE_KIND:-common}
--- a/files/docker/lemmy/lemmy.hjson
+++ b/files/docker/lemmy/lemmy.hjson
@ -0,0 +1,21 @@
+{
+  # for more info about the config, check out the documentation
+  # https://join-lemmy.org/docs/en/administration/configuration.html
+  hostname: "lemmy.alecodes.page"
+  tls_enabled: true
+  database: {
+    host: "tasks.lemmy_db"
+    password: "529a6b836665075b535f8cc56d8f30cde7b7c9b01062feaa1b0da817fd7af2f8"
+  }
+  pictrs: {
+    url: "http://tasks.pictrs:8080/"
+    api_key: "529a6b836665075b535f8cc56d8f30cde7b7c9b01062feaa1b0da817fd7af2f8"
+  }
+  email: {
+    smtp_server: "smtp.gmail.com:587"
+    smtp_login: "ale.navarro.parra@gmail.com"
+    smtp_password: "steuuamhzngjgfwn"
+    smtp_from_address: "ale.navarro.parra@gmail.com"
+    tls_type: "starttls"
+  }
+}
--- a/files/docker/lemmy/pictrs.toml
+++ b/files/docker/lemmy/pictrs.toml
@ -0,0 +1,10 @@
+[server]
+api_key = '529a6b836665075b535f8cc56d8f30cde7b7c9b01062feaa1b0da817fd7af2f8'
+
+[media.animation]
+max_width = 256
+max_height = 256
+max_frame_count = 400
+
+[media.video]
+video_codec = 'vp9'
--- a/files/docker/lemmy/postgres_pass.txt
+++ b/files/docker/lemmy/postgres_pass.txt
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+65343339376264393533303231656562316534643432643737653132646561316266386363376331
+6137323165303633633535653537336436333834363564660a303934353533643965323636346536
+38613331623336303130383261623162333437363830326434393463333564623032383434316130
+6564646161353937320a666531326338663433326431346539346335346430653032643530386231
+64636263343437333066323163336637386639643836336438663730623633633666383737353461
+62656262626537303838613764366565393863393961373564343230363433343737303834353037
+31653136323563333164303766636539313362363434336430303962653633316661623932396137
+39353136643865303636
--- a/playbooks/docker/services.yaml
+++ b/playbooks/docker/services.yaml
@ -3,34 +3,55 @@
 - name: Deploy homelab services
  hosts: 10.0.10.50
  tasks:
-    - name: Deploy RSS Services
-      vars:
-        project_name: rss
-      block:
-      # - name: Generate random hash
-      #   no_log: true
-      #   community.crypto.openssl_random:
-      #     length: 32
-      #     hex: false
-      #   register: random_hash
+    # - name: Deploy RSS Services
+    #   vars:
+    #     project_name: rss
+    #   block:
+    #   - name: Load environment variables
+    #     include_vars:
+    #       file: ../../files/docker/rss/env.yaml
+    #       name: env_vars
    #
-      # - name: Create Docker secret for PostgreSQL password
-      #   no_log: true
-      #   community.docker.docker_secret:
+    #   - name: Deploy RSS Feed
+    #     environment: "{{ env_vars }}"
+    #     community.docker.docker_stack:
    #       state: present
-      #     name: "{{ project_name + '_db_password'}}"
-      #     secret: "{{ random_hash.stdout }}"
+    #       prune: true
+    #       name: "{{ project_name }}"
+    #       compose:
+    #         - "{{ lookup('file', '../../files/docker/rss/docker-stack.yaml') | from_yaml }}"

-      - name: Load environment variables
-        include_vars:
-          file: ../../files/docker/rss/env.yaml
-          name: env_vars
-
-      - name: Deploy RSS Feed
-        environment: "{{ env_vars }}"
+    - name: Deploy Lemmy Services
+      vars:
+        project_name: lemmy
+      block:
+      - name: Create config
+        loop:
+          - customPostgresql.sql
+        community.docker.docker_config:
+          name: '{{ project_name + "_" + item }}'
+          data: "{{ lookup('file', '../../files/docker/lemmy/{{ item }}') | b64encode }}"
+          data_is_b64: true
+          state: present
+          labels:
+            com.docker.stack.namespace: "{{ project_name }}"
+      - name: Create secrets
+        loop:
+          - lemmy.hjson
+          - postgres_pass.txt
+          - pictrs.toml
+        community.docker.docker_secret:
+          name: '{{ project_name + "_" + item }}'
+          data: "{{ lookup('file', '../../files/docker/lemmy/{{ item }}') | b64encode }}"
+          data_is_b64: true
+          state: present
+          labels:
+            com.docker.stack.namespace: "{{ project_name }}"
+      - name: Deploy lemmy stack
+        # environment: "{{ lookup('ini', '../../files/docker/lemmy/.env') }}"
        community.docker.docker_stack:
          state: present
          prune: true
          name: "{{ project_name }}"
          compose:
-            - "{{ lookup('file', '../../files/docker/rss/docker-stack.yaml') | from_yaml }}"
+            - "{{ lookup('file', '../../files/docker/lemmy/docker-stack.yaml') | from_yaml }}"
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@ -10,6 +10,7 @@
    create_home: true
    password: "{{ (item.value.password != '!' or item.value.password != '*') | ternary(item.value.password | password_hash('sha512'), item.value.password) }}"
    groups: "{{ item.value.groups + (extra_groups | default([])) }}"
+    append: true

 - name: Add SSH public key to users
  loop: "{{ users | dict2items }}"