lumin/homelab
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions

Remove s3 storage

Browse source 
It was only used by mastodon, but required a lot of
CPU time for some reason.

I think it's not necessary at my scale.
This commit is contained in:
Ivan R. 2024-12-14 18:18:38 +05:00
parent 366d48f1e5
commit a3d4a031eb
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
10 changed files with 3 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
mastodon.yml
View file

@ -13,11 +13,6 @@
smtp_login: mastodon@comfycamp.space smtp_login: mastodon@comfycamp.space
smtp_from_address: mastodon@comfycamp.space smtp_from_address: mastodon@comfycamp.space
smtp_password: "{{ mail_users['mastodon@comfycamp.space'] }}" smtp_password: "{{ mail_users['mastodon@comfycamp.space'] }}"
s3_enabled: true
s3_endpoint: http://minio:9000
s3_hostname: s3.comfycamp.space
aws_access_key_id: WfSoEsOL1Glg9GXc3sRN
aws_secret_access_key: "{{ mastodon.aws_secret_access_key }}"
active_record_encryption_deterministic_key: "{{ mastodon.active_record_encryption_deterministic_key }}" active_record_encryption_deterministic_key: "{{ mastodon.active_record_encryption_deterministic_key }}"
active_record_encryption_key_derivation_salt: "{{ mastodon.active_record_encryption_key_derivation_salt }}" active_record_encryption_key_derivation_salt: "{{ mastodon.active_record_encryption_key_derivation_salt }}"
active_record_encryption_primary_key: "{{ mastodon.active_record_encryption_primary_key }}" active_record_encryption_primary_key: "{{ mastodon.active_record_encryption_primary_key }}"

15
roles/haproxy/files/haproxy.cfg
View file

@ -66,9 +66,6 @@ frontend https
acl path_matrix path_beg /_synapse/client acl path_matrix path_beg /_synapse/client
use_backend matrix if host_matrix path_matrix use_backend matrix if host_matrix path_matrix
acl host_s3 hdr(host) -i s3.comfycamp.space
use_backend minio if host_s3
acl host_peertube hdr(host) -i v.comfycamp.space acl host_peertube hdr(host) -i v.comfycamp.space
use_backend peertube if host_peertube use_backend peertube if host_peertube
@ -91,9 +88,6 @@ frontend https
acl host_vaultwarden hdr(host) -i vault.comfycamp.space acl host_vaultwarden hdr(host) -i vault.comfycamp.space
use_backend vaultwarden if host_vaultwarden use_backend vaultwarden if host_vaultwarden
acl host_minio hdr(host) -i minio.comfycamp.space
use_backend minio_console if host_minio
acl host_git hdr(host) -i git.comfycamp.space acl host_git hdr(host) -i git.comfycamp.space
use_backend forgejo if host_git use_backend forgejo if host_git
@ -167,15 +161,6 @@ backend vaultwarden
mode http mode http
server green vaultwarden:80 check server green vaultwarden:80 check
backend minio_console
mode http
server green minio:9001 check
backend minio
mode http
http-response set-header Access-Control-Allow-Origin https://m.comfycamp.space
server green minio:9000 check
backend forgejo backend forgejo
mode http mode http
server s1 forgejo-1:3000 check server s1 forgejo-1:3000 check

15
roles/mastodon/meta/argument_specs.yml
View file

@ -69,21 +69,6 @@ argument_specs:
type: str type: str
smtp_password: smtp_password:
type: str type: str
# S3
s3_enabled:
type: bool
s3_endpoint:
type: str
s3_hostname:
type: str
s3_bucket:
type: str
s3_protocol:
type: str
aws_access_key_id:
type: str
aws_secret_access_key:
type: str
# Active record # Active record
active_record_encryption_deterministic_key: active_record_encryption_deterministic_key:
type: str type: str

2
roles/mastodon/tasks/main.yml
View file

@ -77,5 +77,5 @@
- name: minio - name: minio
- name: authentik - name: authentik
volumes: volumes:
- mastodon-public-system:/mastodon/public/system - /mnt/hdd/mastodon:/mastodon/public/system
restart_policy: unless-stopped restart_policy: unless-stopped

2
roles/mastodon/tasks/start_web_server.yml
View file

@ -23,7 +23,7 @@
- name: haproxy - name: haproxy
- name: authentik - name: authentik
volumes: volumes:
- mastodon-public-system:/mastodon/public/system - /mnt/hdd/mastodon:/mastodon/public/system
restart_policy: unless-stopped restart_policy: unless-stopped
healthcheck: healthcheck:
test: ["CMD", "curl", "--fail", "127.0.0.1:3000/health"] test: ["CMD", "curl", "--fail", "127.0.0.1:3000/health"]

9
roles/mastodon/templates/mastodon.env.j2
View file

@ -2,6 +2,7 @@ LOCAL_DOMAIN={{ local_domain }}
ALTERNATE_DOMAINS={{ alternate_domains }} ALTERNATE_DOMAINS={{ alternate_domains }}
RAILS_LOG_LEVEL={{ rails_log_level }} RAILS_LOG_LEVEL={{ rails_log_level }}
DEFAULT_LOCALE={{ default_locale }} DEFAULT_LOCALE={{ default_locale }}
RAILS_SERVE_STATIC_FILES=true
REDIS_HOST=redis-mastodon REDIS_HOST=redis-mastodon
REDIS_PORT=6379 REDIS_PORT=6379
@ -27,14 +28,6 @@ SMTP_PASSWORD={{ smtp_password }}
SMTP_FROM_ADDRESS={{ smtp_from_address }} SMTP_FROM_ADDRESS={{ smtp_from_address }}
SMTP_ENABLE_STARTTLS={{ smtp_enable_starttls }} SMTP_ENABLE_STARTTLS={{ smtp_enable_starttls }}
S3_ENABLED={{ s3_enabled | string | lower }}
S3_ENDPOINT={{ s3_endpoint }}
S3_BUCKET={{ s3_bucket }}
S3_PROTOCOL={{ s3_protocol }}
S3_HOSTNAME={{ s3_hostname }}
AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ active_record_encryption_deterministic_key }} ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ active_record_encryption_deterministic_key }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ active_record_encryption_key_derivation_salt }} ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ active_record_encryption_key_derivation_salt }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ active_record_encryption_primary_key }} ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ active_record_encryption_primary_key }}

8
roles/mastodon/vars/main.yml
View file

@ -17,14 +17,6 @@ smtp_login: ""
smtp_from_address: "" smtp_from_address: ""
smtp_password: "" smtp_password: ""
s3_enabled: false
s3_endpoint: ""
s3_hostname: ""
s3_bucket: mastodon
s3_protocol: https
aws_access_key_id: ""
aws_secret_access_key: ""
ldap_enabled: false ldap_enabled: false
ldap_host: "" ldap_host: ""
ldap_port: 389 ldap_port: 389

28
roles/minio/tasks/main.yml
View file

@ -1,28 +0,0 @@
---
- name: Create minio network
become: true
community.docker.docker_network:
name: minio
- name: Run minio container
become: true
community.docker.docker_container:
name: minio
image: minio/minio:{{ minio_version }}
command: ["minio", "server", "--console-address", ":9001"]
networks:
- name: minio
- name: haproxy
- name: monitoring
volumes:
- /mnt/hdd/minio:/data
env:
MINIO_ROOT_USER: "{{ minio_root_user }}"
MINIO_ROOT_PASSWORD: "{{ minio_root_password }}"
MINIO_VOLUMES: /data
MINIO_PROMETHEUS_URL: http://prometheus:9090
MINIO_PROMETHEUS_JOB_ID: minio
restart_policy: unless-stopped
- name: Install rclone
become: true
ansible.builtin.apt:
name: rclone

3
roles/minio/vars/main.yml
View file

@ -1,3 +0,0 @@
minio_version: RELEASE.2024-09-22T00-33-43Z
minio_root_user: lumin
minio_root_password: change_me

6
roles/monitoring/templates/prometheus.yml.j2
View file

@ -8,12 +8,6 @@ scrape_configs:
- job_name: postgresql - job_name: postgresql
static_configs: static_configs:
- targets: ["postgresql-exporter:9187"] - targets: ["postgresql-exporter:9187"]
- job_name: minio
bearer_token: {{ minio_bearer_token }}
metrics_path: /minio/v2/metrics/cluster
scheme: http
static_configs:
- targets: ["minio:9000"]
- job_name: authentik - job_name: authentik
static_configs: static_configs:
- targets: ["authentik-1:9300"] - targets: ["authentik-1:9300"]