mirror of
https://codeberg.org/hyperreal/techne
synced 2024-11-01 06:13:06 +01:00
Add pixelfed.org
This commit is contained in:
parent
a63e3bf1c5
commit
077f9274c8
@ -30,6 +30,7 @@ This is a collection of notes on tech and other things. Intended audience: mostl
|
||||
- [[file:openssl.org][OpenSSL]]
|
||||
- [[file:packet-tracer.org][Packet Tracer]]
|
||||
- [[file:parallel.org][Parallel]]
|
||||
- [[file:pixelfed.org][Pixelfed]]
|
||||
- [[file:postgresql.org][PostgreSQL]]
|
||||
- [[file:prometheus.org][Prometheus]]
|
||||
- [[file:qcow2.org][QCOW2]]
|
||||
|
||||
242
pixelfed.org
Normal file
242
pixelfed.org
Normal file
@ -0,0 +1,242 @@
|
||||
#+title: Pixelfed
|
||||
|
||||
** Install Pixelfed on Debian (Bookworm)
|
||||
|
||||
*** Prerequisites
|
||||
|
||||
Install dependencies.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
apt install -y php-bcmath php-curl exif php-gd php8.2-common php-intl php-json php-mbstring libcurl4-openssl-dev php-redis php-tokenizer php-xml php-zip php-pgsql php-fpm composer
|
||||
#+END_SRC
|
||||
|
||||
Set the following upload limits for PHP processes.
|
||||
|
||||
#+BEGIN_SRC ini
|
||||
post_max_size = 2G
|
||||
file_uploads = On
|
||||
upload_max_filesize = 2G
|
||||
max_file_uploads = 20
|
||||
max_execution_time = 1000
|
||||
#+END_SRC
|
||||
|
||||
Create the PostgreSQL database:
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
sudo -u postgres psql
|
||||
#+END_SRC
|
||||
|
||||
#+BEGIN_SRC sql
|
||||
CREATE USER pixelfed CREATEDB;
|
||||
CREATE DATABASE pixelfed;
|
||||
GRANT ALL PRIVILEGES ON DATABASE pixelfed TO pixelfed;
|
||||
\q
|
||||
#+END_SRC
|
||||
|
||||
Create dedicated pixelfed user.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
useradd -rU -s /bin/bash pixelfed
|
||||
#+END_SRC
|
||||
|
||||
Configure PHP-FPM pool and socket.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
cd /etc/php/8.2/fpm/pool.d/
|
||||
cp www.conf pixelfed.conf
|
||||
#+END_SRC
|
||||
|
||||
Edit ~/etc/php/8.2/fpm/pool.d/pixelfed.conf~.
|
||||
|
||||
#+BEGIN_SRC ini
|
||||
; use the username of the app-user as the pool name, e.g. pixelfed
|
||||
[pixelfed]
|
||||
user = pixelfed
|
||||
group = pixelfed
|
||||
; to use a tcp socket, e.g. if running php-fpm on a different machine than your app:
|
||||
; (note that the port 9001 is used, since php-fpm defaults to running on port 9000;)
|
||||
; (however, the port can be whatever you want)
|
||||
; listen = 127.0.0.1:9001;
|
||||
; but it's better to use a socket if you're running locally on the same machine:
|
||||
listen = /run/php-fpm/pixelfed.sock
|
||||
listen.owner = caddy
|
||||
listen.group = caddy
|
||||
listen.mode = 0660
|
||||
; [...]
|
||||
#+END_SRC
|
||||
|
||||
*** Installation
|
||||
|
||||
**** Setup Pixelfed files
|
||||
|
||||
Download the source from GitHub.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
cd /usr/share/caddy
|
||||
git clone -b dev https://github.com/pixelfed/pixelfed.git pixelfed
|
||||
#+END_SRC
|
||||
|
||||
Set correct permissions.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
cd pixelfed
|
||||
chown -R pixelfed:pixelfed .
|
||||
find . -type d -exec chmod 755 {} \;
|
||||
find . -type f -exec chmod 644 {} \;
|
||||
#+END_SRC
|
||||
|
||||
Become the pixelfed user.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
su - pixelfed
|
||||
#+END_SRC
|
||||
|
||||
Initialize PHP dependencies.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
composer update
|
||||
composer install --no-ansi --no-interaction --optimize-autoloader
|
||||
#+END_SRC
|
||||
|
||||
**** Configure environment variables
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
cp .env.example .env
|
||||
#+END_SRC
|
||||
|
||||
Edit ~/usr/share/caddy/pixelfed/.env~.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
APP_NAME="hyperreal's Pixelfed"
|
||||
APP_DEBUG="false"
|
||||
APP_URL="https://pixelfed.hyperreal.coffee"
|
||||
APP_DOMAIN="pixelfed.hyperreal.coffee"
|
||||
ADMIN_DOMAIN="pixelfed.hyperreal.coffee"
|
||||
SESSION_DOMAIN="pixelfed.hyperreal.coffee"
|
||||
DB_CONNECTION=pgsql
|
||||
DB_HOST=localhost
|
||||
DB_PORT=5432
|
||||
DB_DATABASE=pixelfed
|
||||
DB_USERNAME=pixelfed
|
||||
DB_PASSWORD=<password>
|
||||
REDIS_HOST=localhost
|
||||
REDIS_PORT=6379
|
||||
MAIL_FROM_ADDRESS=onboarding@resend.dev
|
||||
MAIL_FROM_NAME=Pixelfed
|
||||
MAIL_ENCRYPTION=tls
|
||||
MAIL_DRIVER=smtp
|
||||
MAIL_HOST=smtp.resend.com
|
||||
MAIL_PORT=465
|
||||
MAIL_USERNAME=resend
|
||||
MAIL_PASSWORD=<resend API key>
|
||||
ACTIVITY_PUB=true
|
||||
AP_REMOTE_FOLLOW=true
|
||||
#+END_SRC
|
||||
|
||||
**** Setting up services
|
||||
|
||||
These commands should only be run one time.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
php artisan key:generate
|
||||
#+END_SRC
|
||||
|
||||
Link the ~storage/~ directory to the application.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
php artisan storage:link
|
||||
#+END_SRC
|
||||
|
||||
Run database migrations.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
php artisan migrate --force
|
||||
#+END_SRC
|
||||
|
||||
#+BEGIN_QUOTE
|
||||
If the above command fails due to insufficient privileges, then the pixelfed database user needs permission to create tables in the public schema. When we created the database, we ran ~GRANT ALL PRIVILEGES ON DATABASE pixelfed TO pixelfed;~ in the psql shell. This granted the pixelfed database user privileges on the database /itself/, not on things within the database. To fix this, the pixelfed database user needs to /own/ the database and all within it, so go back to the psql shell and run ~ALTER DATABASE pixelfed OWNER TO pixelfed;~
|
||||
|
||||
See [[https://anonoverflow.hyperreal.coffee/questions/74110708/postgres-15-permission-denied-for-schema-public]]
|
||||
#+END_QUOTE
|
||||
|
||||
To enable ActivityPub federation:
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
php artisan instance:actor
|
||||
#+END_SRC
|
||||
|
||||
To have routes cached, run the following commands now, and whenever the source code changes or if you change routes.
|
||||
#+BEGIN_SRC shell
|
||||
php artisan route:cache
|
||||
php artisan view:cache
|
||||
#+END_SRC
|
||||
|
||||
Run this command whenever you change the ~.env~ file for the changes to take effect.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
php artisan config:cache
|
||||
#+END_SRC
|
||||
|
||||
Use Laravel Horizon for job queueing.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
php artisan horizon:install
|
||||
php artisan horizon:publish
|
||||
#+END_SRC
|
||||
|
||||
Create a systemd service unit for Pixelfed task queueing.
|
||||
|
||||
#+BEGIN_SRC systemd
|
||||
[Unit]
|
||||
Description=Pixelfed task queueing via Laravel Horizon
|
||||
After=network.target
|
||||
Requires=postgresql
|
||||
Requires=php8.2-fpm
|
||||
Requires=redis-server
|
||||
Requires=caddy
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/php /usr/share/caddy/pixelfed/artisan horizon
|
||||
User=pixelfed
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
#+END_SRC
|
||||
|
||||
Use Cron to schedule periodic tasks. As the pixelfed user, run ~crontab -e~.
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
* * * * * /usr/bin/php /usr/share/caddy/pixelfed/artisan schedule:run >> /dev/null 2>&1
|
||||
#+END_SRC
|
||||
|
||||
Create a Caddyfile that translates HTTP web requests to PHP workers.
|
||||
|
||||
#+BEGIN_SRC caddy
|
||||
pixelfed.hyperreal.coffee {
|
||||
root * /usr/share/caddy/pixelfed/public
|
||||
|
||||
header {
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
}
|
||||
|
||||
php_fastcgi unix//run/php/php-fpm.sock
|
||||
file_server
|
||||
}
|
||||
#+END_SRC
|
||||
|
||||
** Updating Pixelfed
|
||||
|
||||
#+BEGIN_SRC shell
|
||||
sudo su - pixelfed
|
||||
cd /usr/share/caddy/pixelfed
|
||||
git reset --hard
|
||||
git pull origin dev
|
||||
composer install
|
||||
php artisan config:cache
|
||||
php artisan route:cache
|
||||
php artisan migrate --force
|
||||
#+END_SRC
|
||||
Loading…
Reference in New Issue
Block a user