From 077f9274c825abf3d9dd1e3d70a7dda7ce7948e9 Mon Sep 17 00:00:00 2001 From: Jeffrey Serio Date: Thu, 3 Oct 2024 02:10:08 -0500 Subject: [PATCH] Add pixelfed.org --- README.org | 1 + pixelfed.org | 242 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 243 insertions(+) create mode 100644 pixelfed.org diff --git a/README.org b/README.org index 200e3db..65a1c7d 100644 --- a/README.org +++ b/README.org @@ -30,6 +30,7 @@ This is a collection of notes on tech and other things. Intended audience: mostl - [[file:openssl.org][OpenSSL]] - [[file:packet-tracer.org][Packet Tracer]] - [[file:parallel.org][Parallel]] +- [[file:pixelfed.org][Pixelfed]] - [[file:postgresql.org][PostgreSQL]] - [[file:prometheus.org][Prometheus]] - [[file:qcow2.org][QCOW2]] diff --git a/pixelfed.org b/pixelfed.org new file mode 100644 index 0000000..67f3840 --- /dev/null +++ b/pixelfed.org @@ -0,0 +1,242 @@ +#+title: Pixelfed + +** Install Pixelfed on Debian (Bookworm) + +*** Prerequisites + +Install dependencies. + +#+BEGIN_SRC shell +apt install -y php-bcmath php-curl exif php-gd php8.2-common php-intl php-json php-mbstring libcurl4-openssl-dev php-redis php-tokenizer php-xml php-zip php-pgsql php-fpm composer +#+END_SRC + +Set the following upload limits for PHP processes. + +#+BEGIN_SRC ini +post_max_size = 2G +file_uploads = On +upload_max_filesize = 2G +max_file_uploads = 20 +max_execution_time = 1000 +#+END_SRC + +Create the PostgreSQL database: + +#+BEGIN_SRC shell +sudo -u postgres psql +#+END_SRC + +#+BEGIN_SRC sql +CREATE USER pixelfed CREATEDB; +CREATE DATABASE pixelfed; +GRANT ALL PRIVILEGES ON DATABASE pixelfed TO pixelfed; +\q +#+END_SRC + +Create dedicated pixelfed user. + +#+BEGIN_SRC shell +useradd -rU -s /bin/bash pixelfed +#+END_SRC + +Configure PHP-FPM pool and socket. + +#+BEGIN_SRC shell +cd /etc/php/8.2/fpm/pool.d/ +cp www.conf pixelfed.conf +#+END_SRC + +Edit ~/etc/php/8.2/fpm/pool.d/pixelfed.conf~. + +#+BEGIN_SRC ini +; use the username of the app-user as the pool name, e.g. pixelfed +[pixelfed] +user = pixelfed +group = pixelfed +; to use a tcp socket, e.g. if running php-fpm on a different machine than your app: +; (note that the port 9001 is used, since php-fpm defaults to running on port 9000;) +; (however, the port can be whatever you want) +; listen = 127.0.0.1:9001; +; but it's better to use a socket if you're running locally on the same machine: +listen = /run/php-fpm/pixelfed.sock +listen.owner = caddy +listen.group = caddy +listen.mode = 0660 +; [...] +#+END_SRC + +*** Installation + +**** Setup Pixelfed files + +Download the source from GitHub. + +#+BEGIN_SRC shell +cd /usr/share/caddy +git clone -b dev https://github.com/pixelfed/pixelfed.git pixelfed +#+END_SRC + +Set correct permissions. + +#+BEGIN_SRC shell +cd pixelfed +chown -R pixelfed:pixelfed . +find . -type d -exec chmod 755 {} \; +find . -type f -exec chmod 644 {} \; +#+END_SRC + +Become the pixelfed user. + +#+BEGIN_SRC shell +su - pixelfed +#+END_SRC + +Initialize PHP dependencies. + +#+BEGIN_SRC shell +composer update +composer install --no-ansi --no-interaction --optimize-autoloader +#+END_SRC + +**** Configure environment variables + +#+BEGIN_SRC shell +cp .env.example .env +#+END_SRC + +Edit ~/usr/share/caddy/pixelfed/.env~. + +#+BEGIN_SRC shell +APP_NAME="hyperreal's Pixelfed" +APP_DEBUG="false" +APP_URL="https://pixelfed.hyperreal.coffee" +APP_DOMAIN="pixelfed.hyperreal.coffee" +ADMIN_DOMAIN="pixelfed.hyperreal.coffee" +SESSION_DOMAIN="pixelfed.hyperreal.coffee" +DB_CONNECTION=pgsql +DB_HOST=localhost +DB_PORT=5432 +DB_DATABASE=pixelfed +DB_USERNAME=pixelfed +DB_PASSWORD= +REDIS_HOST=localhost +REDIS_PORT=6379 +MAIL_FROM_ADDRESS=onboarding@resend.dev +MAIL_FROM_NAME=Pixelfed +MAIL_ENCRYPTION=tls +MAIL_DRIVER=smtp +MAIL_HOST=smtp.resend.com +MAIL_PORT=465 +MAIL_USERNAME=resend +MAIL_PASSWORD= +ACTIVITY_PUB=true +AP_REMOTE_FOLLOW=true +#+END_SRC + +**** Setting up services + +These commands should only be run one time. + +#+BEGIN_SRC shell +php artisan key:generate +#+END_SRC + +Link the ~storage/~ directory to the application. + +#+BEGIN_SRC shell +php artisan storage:link +#+END_SRC + +Run database migrations. + +#+BEGIN_SRC shell +php artisan migrate --force +#+END_SRC + +#+BEGIN_QUOTE +If the above command fails due to insufficient privileges, then the pixelfed database user needs permission to create tables in the public schema. When we created the database, we ran ~GRANT ALL PRIVILEGES ON DATABASE pixelfed TO pixelfed;~ in the psql shell. This granted the pixelfed database user privileges on the database /itself/, not on things within the database. To fix this, the pixelfed database user needs to /own/ the database and all within it, so go back to the psql shell and run ~ALTER DATABASE pixelfed OWNER TO pixelfed;~ + +See [[https://anonoverflow.hyperreal.coffee/questions/74110708/postgres-15-permission-denied-for-schema-public]] +#+END_QUOTE + +To enable ActivityPub federation: + +#+BEGIN_SRC shell +php artisan instance:actor +#+END_SRC + +To have routes cached, run the following commands now, and whenever the source code changes or if you change routes. +#+BEGIN_SRC shell +php artisan route:cache +php artisan view:cache +#+END_SRC + +Run this command whenever you change the ~.env~ file for the changes to take effect. + +#+BEGIN_SRC shell +php artisan config:cache +#+END_SRC + +Use Laravel Horizon for job queueing. + +#+BEGIN_SRC shell +php artisan horizon:install +php artisan horizon:publish +#+END_SRC + +Create a systemd service unit for Pixelfed task queueing. + +#+BEGIN_SRC systemd +[Unit] +Description=Pixelfed task queueing via Laravel Horizon +After=network.target +Requires=postgresql +Requires=php8.2-fpm +Requires=redis-server +Requires=caddy + +[Service] +Type=simple +ExecStart=/usr/bin/php /usr/share/caddy/pixelfed/artisan horizon +User=pixelfed +Restart=on-failure + +[Install] +WantedBy=multi-user.target +#+END_SRC + +Use Cron to schedule periodic tasks. As the pixelfed user, run ~crontab -e~. + +#+BEGIN_SRC shell + * * * * * /usr/bin/php /usr/share/caddy/pixelfed/artisan schedule:run >> /dev/null 2>&1 +#+END_SRC + +Create a Caddyfile that translates HTTP web requests to PHP workers. + +#+BEGIN_SRC caddy +pixelfed.hyperreal.coffee { + root * /usr/share/caddy/pixelfed/public + + header { + X-Frame-Options "SAMEORIGIN" + X-XSS-Protection "1; mode=block" + X-Content-Type-Options "nosniff" + } + + php_fastcgi unix//run/php/php-fpm.sock + file_server +} +#+END_SRC + +** Updating Pixelfed + +#+BEGIN_SRC shell +sudo su - pixelfed +cd /usr/share/caddy/pixelfed +git reset --hard +git pull origin dev +composer install +php artisan config:cache +php artisan route:cache +php artisan migrate --force +#+END_SRC