Skip to content

Instantly share code, notes, and snippets.

@ceejbot

ceejbot/README.md

Last active December 2, 2020 07:06
Show Gist options
  • Save ceejbot/99227845630f92094ce01d529d71b1b7 to your computer and use it in GitHub Desktop.
Save ceejbot/99227845630f92094ce01d529d71b1b7 to your computer and use it in GitHub Desktop.
Download ZIP
How I set up a mastodon instance on AWS with ansible on ubuntu trusty
Raw
README.md
Raw
host-setup.yml
---
- hosts: general
remote_user: ubuntu
vars:
node_version: 6
packages:
- ack-grep
- build-essential
- ffmpeg
- git
- imagemagick
- libpq-dev
- libxml2-dev
- libxslt1-dev
- nginx
- postgresql
- postgresql-contrib
- redis-server
- redis-tools
- ruby2.3
- ruby2.3-dev
tasks:
- name: set readable host name
become: true
hostname: name="{{inventory_hostname}}"
- name: nginx ppa
become: true
apt_repository: >
repo='ppa:nginx/stable'
state=present
- name: ffmpeg for trusty
become: true
apt_repository: >
repo='ppa:mc3man/trusty-media'
state=present
- name: brightbox's ppa for ruby
become: true
apt_repository: >
repo='ppa:brightbox/ruby-ng'
state=present
- name: node ppa
become: true
shell: curl -sL https://deb.nodesource.com/setup_{{node_version}}.x | sudo bash -
- name: install node
become: true
apt: pkg={{item}}={{node_version}}* force=true update_cache=yes
with_items:
- nodejs
- nodejs-dbg
- name: npm install some things
become: true
command: "npm install -g npm@latest json@latest json-diff@latest yarn"
- name: install all apt packages
become: true
apt: pkg={{item}} state=present force=true update_cache=yes
with_items: "{{packages}}"
- name: create cert dir
become: true
file:
path: /mnt/mastodon/certs
state: directory
mode: 0600
- name: copy TLS certs
become: true
copy:
src: "/local/path/to/certs/{{item}}"
dest: "/mnt/mastodon/certs/{{item}}"
mode: 0600
with_items:
- your-cert.pem
- your-cert.key
- name: install bundler
become: true
command: gem install bundler
Raw
mastodon-sidekiq.conf
description "mastodon worker services"
start on filesystem and static-network-up
stop on deconfiguring-networking
respawn
setuid ubuntu
setgid ubuntu
script
cd /mnt/mastodon/live
HOME=/mnt/mastodon/live RAILS_ENV=production DB_POOL=5 bundle exec sidekiq -c 5 -q default -q pull -q mailers -q push
end script
Raw
mastodon-streaming.conf
description "mastodon streaming service"
start on filesystem and static-network-up
stop on deconfiguring-networking
respawn
setuid ubuntu
setgid ubuntu
script
cd /mnt/mastodon/live
NODE_ENV=production PORT=4000 npm start
end script
Raw
mastodon-web.conf
description "mastodon web service"
start on filesystem and static-network-up
stop on deconfiguring-networking
respawn
setuid ubuntu
setgid ubuntu
script
cd /mnt/mastodon/live
RAILS_ENV=production PORT=3000 bundle exec puma -C config/puma.rb
end script
Raw
mastodon.yml
---
- hosts: general
remote_user: ubuntu
vars:
livedir: /mnt/mastodon/live
tasks:
- name: create live dir
become: true
file:
path: "{{livedir}}"
state: directory
owner: ubuntu
group: ubuntu
- name: clone the repo
git: >
repo=https://github.com/Gargron/mastodon.git
dest="{{livedir}}"
update=yes
accept_hostkey=true
- name: install bundler deps
command: bundle install --deployment --without development test chdir="{{livedir}}"
- name: install npm deps
command: yarn install chdir="{{livedir}}"
Raw
nginx.conf
server {
listen 80;
server_name yourserver.tld;
location / {
rewrite ^(.*) https://yourserver.tld$1 permanent;
}
}
server {
listen 443;
server_name yourserver.tld;
ssl on;
ssl_certificate /mnt/mastodon/certs/your-cert.pem;
ssl_certificate_key /mnt/mastodon/certs/your-cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
gzip off;
root /home/mastodon/live/public;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass_header Server;
proxy_pass http://localhost:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# this needs 1.13
# proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://localhost:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# this needs 1.13
# proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
Raw
services.yml
---
- hosts: general
remote_user: ubuntu
vars:
livedir: /mnt/mastodon/live
services:
- web
- sidekiq
- streaming
tasks:
- name: copy production variables
copy:
src: files/env.production
dest: "{{livedir}}/.env.production"
- name: copy nginx config
become: true
copy:
src: files/nginx.conf
dest: /etc/nginx/sites-enabled/rafting.io
- name: restart nginx
become: true
service: name=nginx state=restarted
- name: create upstart config
become: true
copy:
src: "files/mastodon-{{item}}.conf"
dest: "/etc/init/mastodon-{{item}}.conf"
with_items: "{{services}}"
- name: enable all upstart services
become: true
with_items: "{{services}}"
service:
name: "mastodon-{{item}}"
enabled: yes
- name: stop them all
become: true
with_items: "{{services}}"
service:
name: "mastodon-{{item}}"
state: stopped
- name: start them all
become: true
with_items: "{{services}}"
service:
name: "mastodon-{{item}}"
state: started
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment