Update to 2021-12-01 19:13

2025-10-30 18:31:28 +01:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/funkwhale/templates/env.j2
+++ b/roles/funkwhale/templates/env.j2
@@ -0,0 +1,34 @@
+FUNKWHALE_API_IP=127.0.0.1
+FUNKWHALE_API_PORT={{ funkwhale_api_port }}
+FUNKWHALE_WEB_WORKERS={{ funkwhale_web_workers }}
+FUNKWHALE_HOSTNAME={{ funkwhale_public_url | urlsplit('hostname') }}
+FUNKWHALE_PROTOCOL={{ funkwhale_public_url | urlsplit('scheme') }}
+EMAIL_CONFIG=smtp://127.0.0.1
+DEFAULT_FROM_EMAIL=funkwhale-noreply@{{ ansible_domain }}
+REVERSE_PROXY_TYPE=apache2
+DATABASE_URL='postgresql://{{ funkwhale_db_user }}:{{ funkwhale_db_pass | urlencode | regex_replace('/','%2F') }}@{{ funkwhale_db_server }}:{{ funkwhale_db_port }}/{{ funkwhale_db_name }}'
+CACHE_URL={{ funkwhale_redis_url }}
+MEDIA_ROOT={{ funkwhale_root_dir }}/data/media
+STATIC_ROOT={{ funkwhale_root_dir }}/data/static
+DJANGO_SETTINGS_MODULE=config.settings.production
+DJANGO_SECRET_KEY='{{ funkwhale_secret_key }}'
+RAVEN_ENABLED=False
+RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f716@sentry.eliotberriot.com/5
+MUSIC_DIRECTORY_PATH={{ funkwhale_root_dir }}/data/music
+{% if funkwhale_ldap_url is defined %}
+LDAP_ENABLED=True
+LDAP_SERVER_URI={{ funkwhale_ldap_url }}
+LDAP_START_TLS={{ (funkwhale_ldap_url | urlsplit('scheme') == 'ldaps' or funkwhale_ldap_url | urlsplit('hostname') == '127.0.0.1' or funkwhale_ldap_url | urlsplit('hostname') == 'localhost') | ternary('False', 'True') }}
+{% if funkwhale_ldap_bind_dn is defined and funkwhale_ldap_bind_pass is defined %}
+LDAP_BIND_DN='{{ funkwhale_ldap_bind_dn }}'
+LDAP_BIND_PASSWORD='{{ funkwhale_ldap_bind_pass }}'
+{% endif %}
+LDAP_SEARCH_FILTER='{{ funkwhale_ldap_user_filter }}'
+LDAP_ROOT_DN='{{ funkwhale_ldap_base }}'
+LDAP_USER_ATTR_MAP='{{ funkwhale_ldap_attr_map }}'
+{% endif %}
+FUNKWHALE_FRONTEND_PATH={{ funkwhale_root_dir }}/front/dist
+NGINX_MAX_BODY_SIZE=100M
+MUSIC_USE_DENORMALIZATION=True
+FUNKWHALE_SPA_HTML_ROOT={{ funkwhale_root_dir }}/front/dist/
+FUNKWHALE_URL={{ funkwhale_public_url }}
--- a/roles/funkwhale/templates/funkwhale-beat.service.j2
+++ b/roles/funkwhale/templates/funkwhale-beat.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=Funkwhale celery beat process
+After=redis.service postgresql.service
+
+[Service]
+User={{ funkwhale_user }}
+WorkingDirectory={{ funkwhale_root_dir }}/api
+EnvironmentFile={{ funkwhale_root_dir }}/config/.env
+ExecStart={{ funkwhale_root_dir }}/venv/bin/celery -A funkwhale_api.taskapp beat -l INFO --pidfile /tmp/funkwhale-beat.pid --schedule /tmp/funkwhale-beat-schedule.db
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=funkwhale_{{ funkwhale_id }}-beat
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/funkwhale/templates/funkwhale-server.service.j2
+++ b/roles/funkwhale/templates/funkwhale-server.service.j2
@@ -0,0 +1,23 @@
+[Unit]
+Description=Funkwhale application server
+After=redis.service postgresql.service
+Wants=funkwhale_{{ funkwhale_id }}-worker.service funkwhale_{{ funkwhale_id }}-beat.service
+
+[Service]
+User={{ funkwhale_user }}
+WorkingDirectory={{ funkwhale_root_dir }}/api
+EnvironmentFile={{ funkwhale_root_dir }}/config/.env
+ExecStart={{ funkwhale_root_dir }}/venv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=funkwhale_{{ funkwhale_id }}-server
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/funkwhale/templates/funkwhale-update-media.service.j2
+++ b/roles/funkwhale/templates/funkwhale-update-media.service.j2
@@ -0,0 +1,23 @@
+[Unit]
+Description=Update funkwhale media library
+
+[Service]
+Type=oneshot
+{% for lib in funkwhale_libraries %}
+ExecStart={{ funkwhale_root_dir }}/venv/bin/python \
+            {{ funkwhale_root_dir }}/api/manage.py \
+            import_files {{ lib.id }} \
+            --no-input{% if lib.inplace %} --in-place{% endif %} \
+            "{{ lib.path }}" \
+            --recursive
+{% endfor %}
+ExecStart={{ funkwhale_root_dir }}/venv/bin/python \
+            {{ funkwhale_root_dir }}/api/manage.py \
+            check_inplace_files \
+            --no-dry-run
+ExecStart={{ funkwhale_root_dir }}/venv/bin/python \
+            {{ funkwhale_root_dir }}/api/manage.py \
+            prune_library \
+            --tracks --albums --artists --no-dry-run
+User={{ funkwhale_user }}
+Group={{ funkwhale_user }}
--- a/roles/funkwhale/templates/funkwhale-update-media.timer.j2
+++ b/roles/funkwhale/templates/funkwhale-update-media.timer.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Update funkwhale media library
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=timers.target
--- a/roles/funkwhale/templates/funkwhale-worker.service.j2
+++ b/roles/funkwhale/templates/funkwhale-worker.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=Funkwhale celery worker
+After=redis.service postgresql.service
+
+[Service]
+User={{ funkwhale_user }}
+WorkingDirectory={{ funkwhale_root_dir }}/api
+EnvironmentFile={{ funkwhale_root_dir }}/config/.env
+ExecStart={{ funkwhale_root_dir }}/venv/bin/celery -A funkwhale_api.taskapp worker -l INFO --pool=solo --concurrency=1
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=funkwhale_{{ funkwhale_id }}-worker
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/funkwhale/templates/httpd.conf.j2
+++ b/roles/funkwhale/templates/httpd.conf.j2
@@ -0,0 +1,81 @@
+<VirtualHost *:80>
+  ServerName {{ funkwhale_public_url | urlsplit('hostname') }}
+  ProxyVia On
+  ProxyPreserveHost On
+  <IfModule mod_remoteip.c>
+    RemoteIPHeader X-Forwarded-For
+  </IfModule>
+  <Proxy *>
+    AddDefaultCharset off
+    Order Allow,Deny
+    Allow from all
+  </Proxy>
+
+  <Location "/">
+    LimitRequestBody 104857600
+    ProxyPass http://127.0.0.1:{{ funkwhale_api_port }}/
+    ProxyPassReverse http://127.0.0.1:{{ funkwhale_api_port }}/
+  </Location>
+  <Location "/federation">
+    ProxyPass http://127.0.0.1:{{ funkwhale_api_port }}/federation
+    ProxyPassReverse http://127.0.0.1:{{ funkwhale_api_port }}/federation
+  </Location>
+
+  <Location "/rest">
+    ProxyPass http://127.0.0.1:{{ funkwhale_api_port }}/api/subsonic/rest
+    ProxyPassReverse http://127.0.0.1:{{ funkwhale_api_port }}/api/subsonic/rest
+  </Location>
+
+  <Location "/.well-known/">
+    ProxyPass http://127.0.0.1:{{ funkwhale_api_port }}/.well-known/
+    ProxyPassReverse http://127.0.0.1:{{ funkwhale_api_port }}/.well-known/
+  </Location>
+
+  <Location "/front">
+    ProxyPass  "!"
+  </Location>
+
+  Alias /front {{ funkwhale_root_dir }}/front/dist/
+
+  <Location "/media">
+    ProxyPass  "!"
+  </Location>
+  Alias /media {{ funkwhale_root_dir }}/data/media/
+
+  <Location "/staticfiles">
+    ProxyPass  "!"
+  </Location>
+  Alias /staticfiles {{ funkwhale_root_dir }}/data/static
+
+  <Location "/api/v1/activity">
+    ProxyPass ws://127.0.0.1:{{ funkwhale_api_port }}/api/v1/activity
+  </Location>
+
+  <Directory "{{ funkwhale_root_dir }}/data/static">
+    Options FollowSymLinks
+    AllowOverride None
+    Require all granted
+  </Directory>
+
+  <Directory "{{ funkwhale_root_dir }}/front/dist">
+    Options FollowSymLinks
+    AllowOverride None
+    Require all granted
+  </Directory>
+
+  <Directory "{{ funkwhale_root_dir }}/data/media">
+    Options FollowSymLinks
+    AllowOverride None
+    Require all granted
+  </Directory>
+
+{% if funkwhale_xsendfile.stat.exists %}
+  LoadModule xsendfile_module modules/mod_xsendfile.so
+{% endif %}
+  <IfModule mod_xsendfile.c>
+    XSendFile On
+    XSendFilePath {{ funkwhale_root_dir }}/data/media
+    XSendFilePath {{ funkwhale_root_dir }}/data/music
+    SetEnv MOD_X_SENDFILE_ENABLED 1
+  </IfModule>
+</VirtualHost>
--- a/roles/funkwhale/templates/perms.sh.j2
+++ b/roles/funkwhale/templates/perms.sh.j2
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+chown -R root:root {{ funkwhale_root_dir }}/{front,api}
+chmod 755 {{ funkwhale_root_dir }}
+chown {{ funkwhale_user }}:apache {{ funkwhale_root_dir }}/data
+chmod 750 {{ funkwhale_root_dir }}/data
+chown -R {{ funkwhale_user }}:{{ funkwhale_user }} {{ funkwhale_root_dir }}/data/{media,music}
+chown -R root:root {{ funkwhale_root_dir }}/data/static
+find {{ funkwhale_root_dir }}/{front,api,data/static} -type f -exec chmod 644 "{}" \;
+find {{ funkwhale_root_dir }}/{front,api} -type d -exec chmod 755 "{}" \;
+chmod 755 {{ funkwhale_root_dir }}/api/manage.py
+chmod 700 {{ funkwhale_root_dir }}/{meta,db_dumps,archives}
+chown -R root:{{ funkwhale_user }} {{ funkwhale_root_dir }}/config
+chmod 750 {{ funkwhale_root_dir }}/config
+chmod 640 {{ funkwhale_root_dir }}/config/.env
--- a/roles/funkwhale/templates/post-backup.sh.j2
+++ b/roles/funkwhale/templates/post-backup.sh.j2
@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ funkwhale_root_dir }}/backup/{{ funkwhale_db_name }}.sql.zst
--- a/roles/funkwhale/templates/pre-backup.sh.j2
+++ b/roles/funkwhale/templates/pre-backup.sh.j2
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eo pipefail
+
+PGPASSWORD={{ funkwhale_db_pass | quote }} /usr/pgsql-14/bin/pg_dump \
+  --clean \
+  --create \
+  --username={{ funkwhale_db_user | quote }} \
+  --host={{ funkwhale_db_server | quote }} \
+  {{ funkwhale_db_name | quote }} | \
+  zstd -c > {{ funkwhale_root_dir }}/backup/{{ funkwhale_db_name | quote }}.sql.zst