From a3d4a031ebe87170e4acee92c97a48bb1cccc7df Mon Sep 17 00:00:00 2001 From: Ivan Reshetnikov Date: Sat, 14 Dec 2024 18:18:38 +0500 Subject: [PATCH] Remove s3 storage It was only used by mastodon, but required a lot of CPU time for some reason. I think it's not necessary at my scale. --- mastodon.yml | 5 ---- roles/haproxy/files/haproxy.cfg | 15 ----------- roles/mastodon/meta/argument_specs.yml | 15 ----------- roles/mastodon/tasks/main.yml | 2 +- roles/mastodon/tasks/start_web_server.yml | 2 +- roles/mastodon/templates/mastodon.env.j2 | 9 +------ roles/mastodon/vars/main.yml | 8 ------ roles/minio/tasks/main.yml | 28 -------------------- roles/minio/vars/main.yml | 3 --- roles/monitoring/templates/prometheus.yml.j2 | 6 ----- 10 files changed, 3 insertions(+), 90 deletions(-) delete mode 100644 roles/minio/tasks/main.yml delete mode 100644 roles/minio/vars/main.yml diff --git a/mastodon.yml b/mastodon.yml index cfffe3d..9570d96 100644 --- a/mastodon.yml +++ b/mastodon.yml @@ -13,11 +13,6 @@ smtp_login: mastodon@comfycamp.space smtp_from_address: mastodon@comfycamp.space smtp_password: "{{ mail_users['mastodon@comfycamp.space'] }}" - s3_enabled: true - s3_endpoint: http://minio:9000 - s3_hostname: s3.comfycamp.space - aws_access_key_id: WfSoEsOL1Glg9GXc3sRN - aws_secret_access_key: "{{ mastodon.aws_secret_access_key }}" active_record_encryption_deterministic_key: "{{ mastodon.active_record_encryption_deterministic_key }}" active_record_encryption_key_derivation_salt: "{{ mastodon.active_record_encryption_key_derivation_salt }}" active_record_encryption_primary_key: "{{ mastodon.active_record_encryption_primary_key }}" diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg index ef536e6..ac93772 100644 --- a/roles/haproxy/files/haproxy.cfg +++ b/roles/haproxy/files/haproxy.cfg @@ -66,9 +66,6 @@ frontend https acl path_matrix path_beg /_synapse/client use_backend matrix if host_matrix path_matrix - acl host_s3 hdr(host) -i s3.comfycamp.space - use_backend minio if host_s3 - acl host_peertube hdr(host) -i v.comfycamp.space use_backend peertube if host_peertube @@ -91,9 +88,6 @@ frontend https acl host_vaultwarden hdr(host) -i vault.comfycamp.space use_backend vaultwarden if host_vaultwarden - acl host_minio hdr(host) -i minio.comfycamp.space - use_backend minio_console if host_minio - acl host_git hdr(host) -i git.comfycamp.space use_backend forgejo if host_git @@ -167,15 +161,6 @@ backend vaultwarden mode http server green vaultwarden:80 check -backend minio_console - mode http - server green minio:9001 check - -backend minio - mode http - http-response set-header Access-Control-Allow-Origin https://m.comfycamp.space - server green minio:9000 check - backend forgejo mode http server s1 forgejo-1:3000 check diff --git a/roles/mastodon/meta/argument_specs.yml b/roles/mastodon/meta/argument_specs.yml index 62359ef..09abcdd 100644 --- a/roles/mastodon/meta/argument_specs.yml +++ b/roles/mastodon/meta/argument_specs.yml @@ -69,21 +69,6 @@ argument_specs: type: str smtp_password: type: str - # S3 - s3_enabled: - type: bool - s3_endpoint: - type: str - s3_hostname: - type: str - s3_bucket: - type: str - s3_protocol: - type: str - aws_access_key_id: - type: str - aws_secret_access_key: - type: str # Active record active_record_encryption_deterministic_key: type: str diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 988307d..71c389d 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -77,5 +77,5 @@ - name: minio - name: authentik volumes: - - mastodon-public-system:/mastodon/public/system + - /mnt/hdd/mastodon:/mastodon/public/system restart_policy: unless-stopped diff --git a/roles/mastodon/tasks/start_web_server.yml b/roles/mastodon/tasks/start_web_server.yml index 6487872..218b628 100644 --- a/roles/mastodon/tasks/start_web_server.yml +++ b/roles/mastodon/tasks/start_web_server.yml @@ -23,7 +23,7 @@ - name: haproxy - name: authentik volumes: - - mastodon-public-system:/mastodon/public/system + - /mnt/hdd/mastodon:/mastodon/public/system restart_policy: unless-stopped healthcheck: test: ["CMD", "curl", "--fail", "127.0.0.1:3000/health"] diff --git a/roles/mastodon/templates/mastodon.env.j2 b/roles/mastodon/templates/mastodon.env.j2 index 8d751dc..977ae01 100644 --- a/roles/mastodon/templates/mastodon.env.j2 +++ b/roles/mastodon/templates/mastodon.env.j2 @@ -2,6 +2,7 @@ LOCAL_DOMAIN={{ local_domain }} ALTERNATE_DOMAINS={{ alternate_domains }} RAILS_LOG_LEVEL={{ rails_log_level }} DEFAULT_LOCALE={{ default_locale }} +RAILS_SERVE_STATIC_FILES=true REDIS_HOST=redis-mastodon REDIS_PORT=6379 @@ -27,14 +28,6 @@ SMTP_PASSWORD={{ smtp_password }} SMTP_FROM_ADDRESS={{ smtp_from_address }} SMTP_ENABLE_STARTTLS={{ smtp_enable_starttls }} -S3_ENABLED={{ s3_enabled | string | lower }} -S3_ENDPOINT={{ s3_endpoint }} -S3_BUCKET={{ s3_bucket }} -S3_PROTOCOL={{ s3_protocol }} -S3_HOSTNAME={{ s3_hostname }} -AWS_ACCESS_KEY_ID={{ aws_access_key_id }} -AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }} - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ active_record_encryption_deterministic_key }} ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ active_record_encryption_key_derivation_salt }} ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ active_record_encryption_primary_key }} diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 6610656..ee208d9 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -17,14 +17,6 @@ smtp_login: "" smtp_from_address: "" smtp_password: "" -s3_enabled: false -s3_endpoint: "" -s3_hostname: "" -s3_bucket: mastodon -s3_protocol: https -aws_access_key_id: "" -aws_secret_access_key: "" - ldap_enabled: false ldap_host: "" ldap_port: 389 diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml deleted file mode 100644 index fb3725b..0000000 --- a/roles/minio/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Create minio network - become: true - community.docker.docker_network: - name: minio -- name: Run minio container - become: true - community.docker.docker_container: - name: minio - image: minio/minio:{{ minio_version }} - command: ["minio", "server", "--console-address", ":9001"] - networks: - - name: minio - - name: haproxy - - name: monitoring - volumes: - - /mnt/hdd/minio:/data - env: - MINIO_ROOT_USER: "{{ minio_root_user }}" - MINIO_ROOT_PASSWORD: "{{ minio_root_password }}" - MINIO_VOLUMES: /data - MINIO_PROMETHEUS_URL: http://prometheus:9090 - MINIO_PROMETHEUS_JOB_ID: minio - restart_policy: unless-stopped -- name: Install rclone - become: true - ansible.builtin.apt: - name: rclone diff --git a/roles/minio/vars/main.yml b/roles/minio/vars/main.yml deleted file mode 100644 index 3682dcb..0000000 --- a/roles/minio/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -minio_version: RELEASE.2024-09-22T00-33-43Z -minio_root_user: lumin -minio_root_password: change_me diff --git a/roles/monitoring/templates/prometheus.yml.j2 b/roles/monitoring/templates/prometheus.yml.j2 index 8411f43..67120cb 100644 --- a/roles/monitoring/templates/prometheus.yml.j2 +++ b/roles/monitoring/templates/prometheus.yml.j2 @@ -8,12 +8,6 @@ scrape_configs: - job_name: postgresql static_configs: - targets: ["postgresql-exporter:9187"] - - job_name: minio - bearer_token: {{ minio_bearer_token }} - metrics_path: /minio/v2/metrics/cluster - scheme: http - static_configs: - - targets: ["minio:9000"] - job_name: authentik static_configs: - targets: ["authentik-1:9300"]