Squashed commit of the following:

commit f4dad26 Author: Dessalines <dessalines@users.noreply.github.com> Date: Wed Mar 27 10:46:06 2024 -0400 Fixing woodpecker. (LemmyNet#235) commit 4ec7ac7 Author: Cody Robertson <codyro@users.noreply.github.com> Date: Mon Mar 25 17:03:07 2024 -0400 AlmaLinux/RHEL 9 fixes (LemmyNet#231) * Start & enable nginx before requesting SSL certificate - Fixes issue where certbot starts nginx itself causing a conflict later in the playbook - Refs LemmyNet#229 * Fix prettier/lint issues for CI * Fix AlmaLinux/RHEL 9 playbook to run cleanly - Move internal nginx resolver to variable/conditional based off os_family - Disable SELinux in the `lemmy-almalinux.yml` playbook - Refs LemmyNet#229 * Have docker-compose/podman-compose handle the selinux label for container mounts - /app/extra_themes - /etc/postgresql.conf - Refs LemmyNet#231, LemmyNet#229 * Adjust lemmy-almalinux.yml playbook to work with SELinux enabled & enforcing - Adjust SELinux to allow HTTPD scripts and modules to connect to the network - Refs LemmyNet#231, LemmyNet#229 commit f9d87e5 Author: Sanat Sathaye <15162329+sanatsathaye@users.noreply.github.com> Date: Mon Mar 11 15:24:01 2024 +0530 Add community.docker to requirements.yml (LemmyNet#232) Co-authored-by: Sanat Sathaye <sanatsathaye@users.noreply.github.com>
sanatsathaye · Apr 5, 2024 · 662a774 · 662a774
1 parent ba0d99b
commit 662a774
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 4 deletions.
diff --git a/.woodpecker.yml b/.woodpecker.yml
@@ -1,17 +1,25 @@
-pipeline:
+steps:
   prettier_markdown_check:
     image: tmknom/prettier
     commands:
       - prettier -c "*.md" "*.yml" "examples/vars.yml"
+    when:
+      - event: pull_request
+
   check_ansible_format:
     image: alpine:3
     commands:
       - apk add ansible
       - ansible-playbook lemmy.yml --syntax-check
       - ansible-playbook lemmy-almalinux.yml --syntax-check
       - ansible-playbook uninstall.yml --syntax-check
+    when:
+      - event: pull_request
+
   ansible_lint:
     image: alpine:3
     commands:
       - apk add ansible ansible-lint
       - ansible-lint --warn-list experimental lemmy.yml lemmy-almalinux.yml uninstall.yml examples/vars.yml
+    when:
+      - event: pull_request
diff --git a/examples/vars.yml b/examples/vars.yml
@@ -54,3 +54,6 @@ pictrs_safety_env_vars:
   - secret_key: "{{ pictrs_safety_secret }}"
   - SCAN_BYPASS_THRESHOLD: 10
   - MISSING_WORKER_THRESHOLD: 5
+
+# docker-compose default resolver is 127.0.0.11 while podman-compose is 10.89.0.1
+nginx_internal_resolver: "{{ '127.0.0.11' if ansible_facts['os_family'] != 'RedHat' else '10.89.0.1' }}"
diff --git a/lemmy-almalinux.yml b/lemmy-almalinux.yml
@@ -129,6 +129,15 @@
       tags:
         - firewalld
 
+    - name: Adjust SELinux to allow HTTPD scripts and modules to connect to the network
+      ansible.posix.seboolean:
+        name: httpd_can_network_connect
+        state: true
+        persistent: true
+      tags:
+        - nginx
+        - selinux
+
     - name: Start and enable nginx.service
       ansible.builtin.systemd:
         name: nginx.service

diff --git a/requirements.yml b/requirements.yml
@@ -1,3 +1,4 @@
 ---
 collections:
   - name: ansible.posix
+  - name: community.docker
diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml
@@ -53,7 +53,7 @@ services:
 {% endfor %}
 {% endif %}
     volumes:
-      - ./volumes/lemmy-ui/extra_themes:/app/extra_themes
+      - ./volumes/lemmy-ui/extra_themes:/app/extra_themes:Z
     depends_on:
       - lemmy
     restart: always
@@ -99,7 +99,7 @@ services:
 {% endif %}
     volumes:
       - ./volumes/postgres:/var/lib/postgresql/data:Z
-      - ./customPostgresql.conf:/etc/postgresql.conf
+      - ./customPostgresql.conf:/etc/postgresql.conf:Z
     restart: always
     command: postgres -c config_file=/etc/postgresql.conf
     shm_size: 1g

diff --git a/templates/nginx_internal.conf b/templates/nginx_internal.conf
@@ -7,7 +7,7 @@ events {
 http {
     # Docker internal DNS IP so we always get the newer containers without having to 
     # restart/reload the docker container / nginx configuration
-    resolver 127.0.0.11 valid=5s;
+    resolver {{ nginx_internal_resolver }} valid=5s;
     # set the real_ip when from docker internal ranges. Ensuring our internal nginx
     # container can always see the correct ips in the logs
     set_real_ip_from 172.0.0.0/8;