Update sample config files (#48)

Reviewed-on: #48
Co-authored-by: norm <normandy@biribiri.dev>
Co-committed-by: norm <normandy@biribiri.dev>
This commit is contained in:
Norm 2022-07-06 18:50:01 +00:00 committed by Norm
parent 1cc2593029
commit 9ed4125608
28 changed files with 188 additions and 209 deletions

View file

@ -18,7 +18,7 @@ Also add the following on top of the configuration, outside of the `server` bloc
```
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
```
If you came here from one of the installation guides, take a look at the example configuration `/installation/akkoma.nginx`, where this part is already included.
If you came here from one of the installation guides, take a look at the example configuration `/installation/nginx/akkoma.nginx`, where this part is already included.
* Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running):
```

View file

@ -168,7 +168,7 @@ If that doesnt work, make sure, that nginx is not already running. If it stil
* Copy the example nginx configuration and activate it:
```shell
sudo cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
sudo cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
sudo ln -s /etc/nginx/sites-available/akkoma.nginx /etc/nginx/sites-enabled/akkoma.nginx
```

View file

@ -131,7 +131,7 @@ If that doesnt work, make sure, that nginx is not already running. If it stil
* Copy the example nginx configuration and activate it:
```shell
sudo cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
sudo cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
sudo ln -s /etc/nginx/sites-available/akkoma.nginx /etc/nginx/sites-enabled/akkoma.nginx
```

View file

@ -143,7 +143,7 @@ sudo certbot certonly --email <your@emailaddress> -d <yourdomain> --standalone
* nginxの設定ファイルサンプルをnginxフォルダーにコピーします。
```
sudo cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
sudo cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
sudo ln -s /etc/nginx/sites-available/akkoma.nginx /etc/nginx/sites-enabled/akkoma.nginx
```

View file

@ -163,7 +163,7 @@ http {
}
```
As root, copy `/home/akkoma/akkoma/installation/akkoma.nginx` to
As root, copy `/home/akkoma/akkoma/installation/nginx/akkoma.nginx` to
`/usr/local/etc/nginx/sites-available/akkoma.nginx`.
Edit the defaults of `/usr/local/etc/nginx/sites-available/akkoma.nginx`:

View file

@ -217,7 +217,7 @@ If you are using any additional subdomains, such as for a media proxy, you can r
* Copy the example nginx configuration and activate it:
```shell
# cp /home/akkoma/akkoma/installation/akkoma.nginx /etc/nginx/sites-available/
# cp /home/akkoma/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/
# ln -s /etc/nginx/sites-available/akkoma.nginx /etc/nginx/sites-enabled/akkoma.nginx
```

View file

@ -101,7 +101,7 @@ $ MIX_ENV=prod mix ecto.migrate
## Configuring nginx
Install the example configuration file
`/home/akkoma/akkoma/installation/akkoma.nginx` to
`/home/akkoma/akkoma/installation/nginx/akkoma.nginx` to
`/usr/pkg/etc/nginx.conf`.
Note that it will need to be wrapped in a `http {}` block. You should add

View file

@ -175,18 +175,18 @@ The location of nginx configs is dependent on the distro
=== "Alpine"
```
cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
```
=== "Debian/Ubuntu"
```
cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/sites-available/akkoma.conf
cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/akkoma.conf
ln -s /etc/nginx/sites-available/akkoma.conf /etc/nginx/sites-enabled/akkoma.conf
```
If your distro does not have either of those you can append `include /etc/nginx/akkoma.conf` to the end of the http section in /etc/nginx/nginx.conf and
```sh
cp /opt/akkoma/installation/akkoma.nginx /etc/nginx/akkoma.conf
cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/akkoma.conf
```
#### Edit the nginx config

View file

@ -1,5 +1,5 @@
[Unit]
Description=Pleroma social network
Description=Akkoma social network
After=network.target postgresql.service
[Service]
@ -7,23 +7,23 @@ ExecReload=/bin/kill $MAINPID
KillMode=process
Restart=on-failure
; Name of the user that runs the Pleroma service.
User=pleroma
; Declares that Pleroma runs in production mode.
; Name of the user that runs the Akkoma service.
User=akkoma
; Declares that Akkoma runs in production mode.
Environment="MIX_ENV=prod"
; Make sure that all paths fit your installation.
; Path to the home directory of the user running the Pleroma service.
Environment="HOME=/var/lib/pleroma"
; Path to the folder containing the Pleroma installation.
WorkingDirectory=/opt/pleroma
; Path to the home directory of the user running the Akkoma service.
Environment="HOME=/var/lib/akkoma"
; Path to the folder containing the Akkoma installation.
WorkingDirectory=/opt/akkoma
; Path to the Mix binary.
ExecStart=/usr/bin/mix phx.server
; Some security directives.
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
PrivateTmp=true
; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Akkoma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
ProtectHome=true
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
ProtectSystem=full

View file

@ -0,0 +1,21 @@
; Assumes akkoma is installed in /home/akkoma/akkoma and running as the akkoma user
; Also assumes mix is in /usr/bin, this might differ on BSDs or niche Linux distros
; Logs into /home/akkoma/logs
[program:akkoma]
command=/usr/bin/mix phx.server
directory=/home/akkoma/akkoma
autostart=true
autorestart=true
user=akkoma
environment =
MIX_ENV=prod,
HOME=/home/akkoma,
USER=akkoma,
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/akkoma/bin:%(ENV_PATH)s",
PWD=/home/akkoma/akkoma
stdout_logfile=/home/akkoma/logs/stdout.log
stdout_logfile_maxbytes=50MB
stdout_logfile_backups=10
stderr_logfile=/home/akkoma/logs/stderr.log
stderr_logfile_maxbytes=50MB
stderr_logfile_backups=10

View file

@ -1,14 +1,14 @@
# Sample Apache config for Pleroma
# Sample Apache config for Akkoma
#
# Simple installation instructions:
# 1. Install your TLS certificate. We recommend using Let's Encrypt via Certbot
# 2. Replace 'example.tld' with your instance's domain.
# 3. This assumes a Debian-style Apache config. Copy this file to
# /etc/apache2/sites-available/ and then activate the site by running
# 'a2ensite pleroma-apache.conf', then restart Apache.
# 'a2ensite akkoma-apache.conf', then restart Apache.
#
# Optional: enable disk-based caching for the media proxy
# For details, see https://git.pleroma.social/pleroma/pleroma/wikis/How%20to%20activate%20mediaproxy
# For details, see https://docs.akkoma.dev/main/backend/configuration/howto_mediaproxy/
#
# 1. Create a directory as shown below for the CacheRoot and make sure
# the Apache user can write to it.
@ -42,9 +42,9 @@ Define servername example.tld
ServerName ${servername}
ServerTokens Prod
# If you want Pleroma-specific logs
#ErrorLog /var/log/httpd-pleroma-error.log
#CustomLog /var/log/httpd-pleroma-access.log combined
# If you want Akkoma-specific logs
#ErrorLog /var/log/httpd-akkoma-error.log
#CustomLog /var/log/httpd-akkoma-access.log combined
<VirtualHost *:80>
RewriteEngine on
@ -60,7 +60,7 @@ ServerTokens Prod
Include /etc/letsencrypt/options-ssl-apache.conf
# Uncomment the following to enable MediaProxy caching on disk
#CacheRoot /tmp/pleroma-media-cache/
#CacheRoot /tmp/akkoma-media-cache/
#CacheDirLevels 1
#CacheDirLength 2
#CacheEnable disk /proxy

View file

@ -4,7 +4,7 @@
# You will likely need to setup a sudo rule like the following:
#
# Cmnd_Alias HTCACHECLEAN = /usr/local/sbin/htcacheclean
# pleroma ALL=HTCACHECLEAN, NOPASSWD: HTCACHECLEAN
# akkoma ALL=HTCACHECLEAN, NOPASSWD: HTCACHECLEAN
#
# Please also ensure you have enabled:
#
@ -16,7 +16,7 @@
SCRIPTNAME=${0##*/}
# mod_disk_cache directory
CACHE_DIRECTORY="/tmp/pleroma-media-cache"
CACHE_DIRECTORY="/tmp/akkoma-media-cache"
## Removes an item via the htcacheclean utility
## $1 - the filename, can be a pattern .

View file

@ -0,0 +1,17 @@
# default Caddyfile config for Akkoma
#
# Simple installation instructions:
# 1. Replace 'example.tld' with your instance's domain wherever it appears.
# 2. Copy this section into your Caddyfile and restart Caddy.
example.tld {
log {
output file /var/log/caddy/akkoma.log
}
encode gzip
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
reverse_proxy 127.0.0.1:4000
}

View file

@ -1,38 +0,0 @@
# default Caddyfile config for Pleroma
#
# Simple installation instructions:
# 1. Replace 'example.tld' with your instance's domain wherever it appears.
# 2. Copy this section into your Caddyfile and restart Caddy.
example.tld {
log /var/log/caddy/pleroma_access.log
errors /var/log/caddy/pleroma_error.log
gzip
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
proxy / 127.0.0.1:4000 {
websocket
transparent
}
tls {
# Remove the rest of the lines in here, if you want to support older devices
key_type p256
ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256
}
# If you do not want to use the mediaproxy function, remove these lines.
# To use this directive, you need the http.cache plugin for Caddy.
cache {
match_path /media
default_max_age 720m
}
cache {
match_path /proxy
default_max_age 720m
}
# Stop removing lines here.
}

View file

@ -0,0 +1,27 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: akkoma
# REQUIRE: DAEMON postgresql
# KEYWORD: shutdown
# sudo -u akkoma MIX_ENV=prod elixir --erl \"-detached\" -S mix phx.server
. /etc/rc.subr
name=akkoma
rcvar=akkoma_enable
desc="Akkoma Social Media Platform"
load_rc_config ${name}
: ${akkoma_user:=akkoma}
: ${akkoma_home:=$(getent passwd ${akkoma_user} | awk -F: '{print $6}')}
: ${akkoma_chdir:="${akkoma_home}/akkoma"}
: ${akkoma_env:="HOME=${akkoma_home} MIX_ENV=prod"}
command=/usr/local/bin/elixir
command_args="--erl \"-detached\" -S /usr/local/bin/mix phx.server"
procname="*beam.smp"
run_rc_command "$1"

View file

@ -1,27 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: pleroma
# REQUIRE: DAEMON postgresql
# KEYWORD: shutdown
# sudo -u pleroma MIX_ENV=prod elixir --erl \"-detached\" -S mix phx.server
. /etc/rc.subr
name=pleroma
rcvar=pleroma_enable
desc="Pleroma Social Media Platform"
load_rc_config ${name}
: ${pleroma_user:=pleroma}
: ${pleroma_home:=$(getent passwd ${pleroma_user} | awk -F: '{print $6}')}
: ${pleroma_chdir:="${pleroma_home}/pleroma"}
: ${pleroma_env:="HOME=${pleroma_home} MIX_ENV=prod"}
command=/usr/local/bin/elixir
command_args="--erl \"-detached\" -S /usr/local/bin/mix phx.server"
procname="*beam.smp"
run_rc_command "$1"

45
installation/init.d/akkoma Executable file
View file

@ -0,0 +1,45 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
command_user=akkoma:akkoma
command_background=1
# Ask process to terminate within 30 seconds, otherwise kill it
retry="SIGTERM/30/SIGKILL/5"
pidfile="/var/run/akkoma.pid"
directory=/opt/akkoma
healthcheck_delay=60
healthcheck_timer=30
: ${akkoma_port:-4000}
# Needs OpenRC >= 0.42
#respawn_max=0
#respawn_delay=5
# put akkoma_console=YES in /etc/conf.d/akkoma if you want to be able to
# connect to akkoma via an elixir console
if yesno "${akkoma_console}"; then
command=elixir
command_args="--name akkoma@127.0.0.1 --erl '-kernel inet_dist_listen_min 9001 inet_dist_listen_max 9001 inet_dist_use_interface {127,0,0,1}' -S mix phx.server"
start_post() {
einfo "You can get a console by using this command as akkoma's user:"
einfo "iex --name console@127.0.0.1 --remsh akkoma@127.0.0.1"
}
else
command=/usr/bin/mix
command_args="phx.server"
fi
export MIX_ENV=prod
depend() {
need nginx postgresql
}
healthcheck() {
# put akkoma_health=YES in /etc/conf.d/akkoma if you want healthchecking
# and make sure you have curl installed
yesno "$akkoma_health" || return 0
curl -q "localhost:${akkoma_port}/api/akkoma/healthcheck"
}

View file

@ -1,45 +0,0 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
command_user=pleroma:pleroma
command_background=1
# Ask process to terminate within 30 seconds, otherwise kill it
retry="SIGTERM/30/SIGKILL/5"
pidfile="/var/run/pleroma.pid"
directory=/opt/pleroma
healthcheck_delay=60
healthcheck_timer=30
: ${pleroma_port:-4000}
# Needs OpenRC >= 0.42
#respawn_max=0
#respawn_delay=5
# put pleroma_console=YES in /etc/conf.d/pleroma if you want to be able to
# connect to pleroma via an elixir console
if yesno "${pleroma_console}"; then
command=elixir
command_args="--name pleroma@127.0.0.1 --erl '-kernel inet_dist_listen_min 9001 inet_dist_listen_max 9001 inet_dist_use_interface {127,0,0,1}' -S mix phx.server"
start_post() {
einfo "You can get a console by using this command as pleroma's user:"
einfo "iex --name console@127.0.0.1 --remsh pleroma@127.0.0.1"
}
else
command=/usr/bin/mix
command_args="phx.server"
fi
export MIX_ENV=prod
depend() {
need nginx postgresql
}
healthcheck() {
# put pleroma_health=YES in /etc/conf.d/pleroma if you want healthchecking
# and make sure you have curl installed
yesno "$pleroma_health" || return 0
curl -q "localhost:${pleroma_port}/api/pleroma/healthcheck"
}

View file

@ -1,24 +1,24 @@
#!/bin/sh
# PROVIDE: pleroma
# PROVIDE: akkoma
# REQUIRE: DAEMON pgsql
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
fi
name="pleroma"
name="akkoma"
rcvar=${name}
command="/usr/pkg/bin/elixir"
command_args="--detached -S /usr/pkg/bin/mix phx.server"
start_precmd="ulimit -n unlimited"
pidfile="/dev/null"
pleroma_chdir="${pleroma_home}/pleroma"
pleroma_env="HOME=${pleroma_home} MIX_ENV=prod"
akkoma_chdir="${akkoma_home}/akkoma"
akkoma_env="HOME=${akkoma_home} MIX_ENV=prod"
check_pidfile()
{
pid=$(pgrep -U "${pleroma_user}" /bin/beam.smp$)
pid=$(pgrep -U "${akkoma_user}" /bin/beam.smp$)
echo -n "${pid}"
}

View file

@ -1,4 +1,4 @@
# default nginx site config for Pleroma
# default nginx site config for Akkoma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
@ -6,7 +6,7 @@
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
@ -82,7 +82,7 @@ server {
}
location ~ ^/(media|proxy) {
proxy_cache pleroma_media_cache;
proxy_cache akkoma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;

View file

@ -5,7 +5,7 @@
SCRIPTNAME=${0##*/}
# NGINX cache directory
CACHE_DIRECTORY="/tmp/pleroma-media-cache"
CACHE_DIRECTORY="/tmp/akkoma-media-cache"
## Return the files where the items are cached.
## $1 - the filename, can be a pattern .

View file

@ -1,5 +1,5 @@
#
# Default httpd.conf file for Pleroma on OpenBSD
# Default httpd.conf file for Akkoma on OpenBSD
# Simple installation instructions
# 1. Place file in /etc
# 2. Replace <IPv4 address> with your public IP address

View file

@ -0,0 +1,34 @@
#!/bin/ksh
#
# Default init file for Akkoma on OpenBSD
#
# Simple installation instructions:
# 1. Install Akkoma per wiki instructions
# 2. Place this akkomad file in /etc/rc.d
# 3. Enable and start Akkoma
# # doas rcctl enable akkomad
# # doas rcctl start akkomad
#
daemon="/usr/local/bin/elixir"
daemon_flags="--detached -S /usr/local/bin/mix phx.server"
daemon_user="_akkoma"
. /etc/rc.d/rc.subr
rc_reload=NO
pexp="phx.server"
rc_check() {
pgrep -q -U _akkoma -f "phx.server"
}
rc_start() {
${rcexec} "cd akkoma; ${daemon} ${daemon_flags}"
}
rc_stop() {
pkill -q -U _akkoma -f "phx.server"
}
rc_cmd $1

View file

@ -1,34 +0,0 @@
#!/bin/ksh
#
# Default init file for Pleroma on OpenBSD
#
# Simple installation instructions:
# 1. Install Pleroma per wiki instructions
# 2. Place this pleromad file in /etc/rc.d
# 3. Enable and start Pleroma
# # doas rcctl enable pleromad
# # doas rcctl start pleromad
#
daemon="/usr/local/bin/elixir"
daemon_flags="--detached -S /usr/local/bin/mix phx.server"
daemon_user="_pleroma"
. /etc/rc.d/rc.subr
rc_reload=NO
pexp="phx.server"
rc_check() {
pgrep -q -U _pleroma -f "phx.server"
}
rc_start() {
${rcexec} "cd pleroma; ${daemon} ${daemon_flags}"
}
rc_stop() {
pkill -q -U _pleroma -f "phx.server"
}
rc_cmd $1

View file

@ -1,5 +1,5 @@
#
# Default relayd.conf file for Pleroma on OpenBSD
# Default relayd.conf file for Akkoma on OpenBSD
# Simple installation instructions:
# 1. Place in /etc
# 2. Replace <ipaddr> with your public IPv4 address
@ -13,19 +13,19 @@
ext_inet="<ipaddr>"
#ext_inet6="<ip6addr>"
table <pleroma_server> { 127.0.0.1 }
table <akkoma_server> { 127.0.0.1 }
table <httpd_server> { 127.0.0.1 }
http protocol plerup { # Protocol for upstream pleroma server
http protocol plerup { # Protocol for upstream akkoma server
#tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit
tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA0-POLY1305"
tls ecdhe secp384r1
# Forward some paths to the local server (as pleroma won't respond to them as you might want)
# Forward some paths to the local server (as akkoma won't respond to them as you might want)
pass request quick path "/robots.txt" forward to <httpd_server>
# Append a bunch of headers
match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictl required by pleroma but adding them won't hurt
match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match request header append "Connection" value "upgrade"
@ -38,7 +38,7 @@ relay wwwtls {
protocol plerup
forward to <pleroma_server> port 4000 check http "/" code 200
forward to <akkoma_server> port 4000 check http "/" code 200
forward to <httpd_server> port 80 check http "/robots.txt" code 200
}

View file

@ -1,21 +0,0 @@
; Assumes pleroma is installed in /home/pleroma/pleroma and running as the pleroma user
; Also assumes mix is in /usr/bin, this might differ on BSDs or niche Linux distros
; Logs into /home/pleroma/logs
[program:pleroma]
command=/usr/bin/mix phx.server
directory=/home/pleroma/pleroma
autostart=true
autorestart=true
user=pleroma
environment =
MIX_ENV=prod,
HOME=/home/pleroma,
USER=pleroma,
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/pleroma/bin:%(ENV_PATH)s",
PWD=/home/pleroma/pleroma
stdout_logfile=/home/pleroma/logs/stdout.log
stdout_logfile_maxbytes=50MB
stdout_logfile_backups=10
stderr_logfile=/home/pleroma/logs/stderr.log
stderr_logfile_maxbytes=50MB
stderr_logfile_backups=10