ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit d66699d163a2eee46e893246bcec89dd336700b0
parent 0060bcb9e32872c4fb8926888040a794500df6da
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sat, 6 Mar 2021 00:11:02 +0100

configuration/quitschi: enable media-proxy for pleroma
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/config-files/quitschi/pleroma.exs b/config-files/quitschi/pleroma.exs
@@ -116,9 +116,11 @@ config :pleroma, Pleroma.Emails.Mailer,
   auth: :always
 
 config :pleroma, :media_proxy,
-  enabled: false,
-  redirect_on_failure: true,
-  base_url: "https://cache.domain.tld"
+      enabled: true,
+      proxy_opts: [
+            redirect_on_failure: true
+      ]
+      #base_url: "https://cache.pleroma.social"
 
 config :pleroma, :fetch_initial_posts,
   enabled: false,
diff --git a/configuration/quitschi.yml b/configuration/quitschi.yml
@@ -58,6 +58,11 @@ files:
     mode:    "0755"
     owner:   "leah"
     group:   "nginx"
+  /var/lib/websites/pleroma-cache:
+    state:   "directory"
+    mode:    "0755"
+    owner:   "nginx"
+    group:   "nginx"
   /etc/nginx/passwd/synapse:
     state:   "file"
     content: "{{ lookup('diskcache', 'passwordstore', 'Server/{{system.hostname}}/passwd/synapse returnall=true')}}"

@@ -100,6 +105,9 @@ services:
     user: nginx
     group: nginx
     sslOnly: true
+    extraConfig: "
+      proxy_cache_path /var/lib/websites/pleroma-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
+    "
     vhosts:
       quitschi.ctu.cx:
         defaultServer: true

@@ -255,6 +263,12 @@ services:
         cert: "/var/lib/acme-redirect/live/trans-agenda.de/fullchain"
         privkey: "/var/lib/acme-redirect/live/trans-agenda.de/privkey"
       extraConfig: "
+        location /proxy {
+          proxy_cache pleroma_media_cache;
+          proxy_cache_lock on;
+          proxy_pass http://localhost:4000;
+        }
+
         location /.well-known/matrix/server {
               add_header Content-Type application/json;
               return 200 '{\"m.server\": \"matrix.trans-agenda.de:443\"}';