Add alternative MIX_ENVs, add template systemd service
This commit is contained in:
parent
06ae903e8e
commit
07ab7473b9
|
|
@ -0,0 +1,69 @@
|
|||
use Mix.Config
|
||||
|
||||
# For production, we often load configuration from external
|
||||
# sources, such as your system environment. For this reason,
|
||||
# you won't find the :http configuration below, but set inside
|
||||
# Pleroma.Web.Endpoint.load_from_system_env/1 dynamically.
|
||||
# Any dynamic configuration should be moved to such function.
|
||||
#
|
||||
# Don't forget to configure the url host to something meaningful,
|
||||
# Phoenix uses this information when generating URLs.
|
||||
#
|
||||
# Finally, we also include the path to a cache manifest
|
||||
# containing the digested version of static files. This
|
||||
# manifest is generated by the mix phoenix.digest task
|
||||
# which you typically run after static files are built.
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
http: [port: 4001],
|
||||
protocol: "http"
|
||||
|
||||
config :phoenix, serve_endpoints: true
|
||||
|
||||
# Do not print debug messages in production
|
||||
config :logger, :console, level: :info
|
||||
config :logger, :ex_syslogger, level: :info
|
||||
|
||||
# ## SSL Support
|
||||
#
|
||||
# To get SSL working, you will need to add the `https` key
|
||||
# to the previous section and set your `:url` port to 443:
|
||||
#
|
||||
# config :pleroma, Pleroma.Web.Endpoint,
|
||||
# ...
|
||||
# url: [host: "example.com", port: 443],
|
||||
# https: [:inet6,
|
||||
# port: 443,
|
||||
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
|
||||
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")]
|
||||
#
|
||||
# Where those two env variables return an absolute path to
|
||||
# the key and cert in disk or a relative path inside priv,
|
||||
# for example "priv/ssl/server.key".
|
||||
#
|
||||
# We also recommend setting `force_ssl`, ensuring no data is
|
||||
# ever sent via http, always redirecting to https:
|
||||
#
|
||||
# config :pleroma, Pleroma.Web.Endpoint,
|
||||
# force_ssl: [hsts: true]
|
||||
#
|
||||
# Check `Plug.SSL` for all available options in `force_ssl`.
|
||||
|
||||
# ## Using releases
|
||||
#
|
||||
# If you are doing OTP releases, you need to instruct Phoenix
|
||||
# to start the server for all endpoints:
|
||||
#
|
||||
# config :phoenix, :serve_endpoints, true
|
||||
#
|
||||
# Alternatively, you can configure exactly which server to
|
||||
# start per endpoint:
|
||||
#
|
||||
# config :pleroma, Pleroma.Web.Endpoint, server: true
|
||||
#
|
||||
|
||||
# Finally import the config/huskyapp.secret.exs
|
||||
# which should be versioned separately.
|
||||
import_config "huskyapp.secret.exs"
|
||||
|
||||
if File.exists?("./config/huskyapp.exported_from_db.secret.exs"),
|
||||
do: import_config("huskyapp.exported_from_db.secret.exs")
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
use Mix.Config
|
||||
|
||||
# For production, we often load configuration from external
|
||||
# sources, such as your system environment. For this reason,
|
||||
# you won't find the :http configuration below, but set inside
|
||||
# Pleroma.Web.Endpoint.load_from_system_env/1 dynamically.
|
||||
# Any dynamic configuration should be moved to such function.
|
||||
#
|
||||
# Don't forget to configure the url host to something meaningful,
|
||||
# Phoenix uses this information when generating URLs.
|
||||
#
|
||||
# Finally, we also include the path to a cache manifest
|
||||
# containing the digested version of static files. This
|
||||
# manifest is generated by the mix phoenix.digest task
|
||||
# which you typically run after static files are built.
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
http: [port: 4002],
|
||||
protocol: "http"
|
||||
|
||||
config :phoenix, serve_endpoints: true
|
||||
|
||||
# Do not print debug messages in production
|
||||
config :logger, :console, level: :info
|
||||
config :logger, :ex_syslogger, level: :info
|
||||
|
||||
# ## SSL Support
|
||||
#
|
||||
# To get SSL working, you will need to add the `https` key
|
||||
# to the previous section and set your `:url` port to 443:
|
||||
#
|
||||
# config :pleroma, Pleroma.Web.Endpoint,
|
||||
# ...
|
||||
# url: [host: "example.com", port: 443],
|
||||
# https: [:inet6,
|
||||
# port: 443,
|
||||
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
|
||||
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")]
|
||||
#
|
||||
# Where those two env variables return an absolute path to
|
||||
# the key and cert in disk or a relative path inside priv,
|
||||
# for example "priv/ssl/server.key".
|
||||
#
|
||||
# We also recommend setting `force_ssl`, ensuring no data is
|
||||
# ever sent via http, always redirecting to https:
|
||||
#
|
||||
# config :pleroma, Pleroma.Web.Endpoint,
|
||||
# force_ssl: [hsts: true]
|
||||
#
|
||||
# Check `Plug.SSL` for all available options in `force_ssl`.
|
||||
|
||||
# ## Using releases
|
||||
#
|
||||
# If you are doing OTP releases, you need to instruct Phoenix
|
||||
# to start the server for all endpoints:
|
||||
#
|
||||
# config :phoenix, :serve_endpoints, true
|
||||
#
|
||||
# Alternatively, you can configure exactly which server to
|
||||
# start per endpoint:
|
||||
#
|
||||
# config :pleroma, Pleroma.Web.Endpoint, server: true
|
||||
#
|
||||
|
||||
# Finally import the config/isi.secret.exs
|
||||
# which should be versioned separately.
|
||||
import_config "isi.secret.exs"
|
||||
|
||||
if File.exists?("./config/isi.exported_from_db.secret.exs"),
|
||||
do: import_config("isi.exported_from_db.secret.exs")
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
[Unit]
|
||||
Description=Pleroma social network (%i)
|
||||
After=network.target postgresql.service
|
||||
|
||||
[Service]
|
||||
ExecReload=/bin/kill $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
|
||||
; Name of the user that runs the Pleroma service.
|
||||
User=pleroma
|
||||
; Declares that Pleroma runs in production mode.
|
||||
Environment="MIX_ENV=%i"
|
||||
|
||||
; Make sure that all paths fit your installation.
|
||||
; Path to the home directory of the user running the Pleroma service.
|
||||
Environment="HOME=/var/lib/pleroma"
|
||||
; Path to the folder containing the Pleroma installation.
|
||||
WorkingDirectory=/opt/pleroma
|
||||
; Path to the Mix binary.
|
||||
ExecStart=/usr/bin/mix phx.server
|
||||
|
||||
; Some security directives.
|
||||
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
|
||||
PrivateTmp=true
|
||||
; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
|
||||
ProtectHome=true
|
||||
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
|
||||
ProtectSystem=full
|
||||
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
|
||||
PrivateDevices=false
|
||||
; Drops the sysadmin capability from the daemon.
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
DefaultInstance=prod
|
||||
Loading…
Reference in New Issue