www/content/blog/ansible/privatebin.md

228 lines
5.4 KiB
Markdown

---
title: 'Migrating privatebin from NixOS to Debian'
description: 'How I deploy privatebin with ansible'
date: '2024-11-17'
tags:
- ansible
- privatebin
---
## Introduction
I am migrating several services from a NixOS server (myth.adyxax.org) to a Debian server (lore.adyxax.org). Here is how I performed the operation for my self hosted [privatebin](https://privatebin.info/) served from paste.adyxax.org.
## Ansible role
### Meta
The `meta/main.yaml` contains the role dependencies:
``` yaml
---
dependencies:
- role: 'borg'
- role: 'nginx'
- role: 'podman'
```
### Tasks
The `tasks/main.yaml` file only creates a data directory and drops a configuration file. All the heavy lifting is then done by calling other roles:
``` yaml
---
- name: 'Make privatebin data directory'
file:
path: '/srv/privatebin'
owner: '65534'
group: '65534'
mode: '0750'
state: 'directory'
- name: 'Deploy privatebin configuration file'
copy:
src: 'privatebin.conf.php'
dest: '/etc/'
owner: 'root'
mode: '0444'
notify: 'restart privatebin'
- include_role:
name: 'podman'
tasks_from: 'container'
vars:
container:
cmd: ['--config-path', '/srv/cfg/conf.php']
name: 'privatebin'
env_vars:
- name: 'PHP_TZ'
value: 'Europe/Paris'
- name: 'TZ'
value: 'Europe/Paris'
image: '{{ versions.privatebin.image }}:{{ versions.privatebin.tag }}'
publishs:
- container_port: '8080'
host_port: '8082'
ip: '127.0.0.1'
volumes:
- dest: '/srv/cfg/conf.php:ro'
src: '/etc/privatebin.conf.php'
- dest: '/srv/data'
src: '/srv/privatebin'
- include_role:
name: 'nginx'
tasks_from: 'vhost'
vars:
vhost:
name: 'privatebin'
path: 'roles/paste.adyxax.org/files/nginx-vhost.conf'
- include_role:
name: 'borg'
tasks_from: 'client'
vars:
client:
jobs:
- name: 'data'
paths:
- '/srv/privatebin'
name: 'privatebin'
server: '{{ paste_adyxax_org.borg }}'
```
### Handlers
There is a single handler:
``` yaml
---
- name: 'restart privatebin'
service:
name: 'podman-privatebin'
state: 'restarted'
```
### Files
First there is my privatebin configuration, fairly simple:
``` php
;###############################################################################
;# \_o< WARNING : This file is being managed by ansible! >o_/ #
;# ~~~~ ~~~~ #
;###############################################################################
[main]
discussion = true
opendiscussion = false
password = true
fileupload = true
burnafterreadingselected = false
defaultformatter = "plaintext"
sizelimit = 10000000
template = "bootstrap"
notice = "Note: This is a personal sharing service: Data may be deleted anytime. Don't share illegal, unethical or morally reprehensible content."
languageselection = true
zerobincompatibility = false
[expire]
default = "1week"
[expire_options]
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
1month = 2592000
1year = 31536000
[formatter_options]
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"
[traffic]
limit = 10
header = "X_FORWARDED_FOR"
dir = PATH "data"
[purge]
limit = 300
batchsize = 10
dir = PATH "data"
[model]
class = Filesystem
[model_options]
dir = PATH "data"
```
Then the nginx vhost file, fairly straightforward too:
``` nginx
###############################################################################
# \_o< WARNING : This file is being managed by ansible! >o_/ #
# ~~~~ ~~~~ #
###############################################################################
server {
listen 80;
listen [::]:80;
server_name paste.adyxax.org;
location / {
return 308 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name paste.adyxax.org;
location / {
proxy_pass http://127.0.0.1:8082;
}
ssl_certificate adyxax.org.fullchain;
ssl_certificate_key adyxax.org.key;
}
```
## Migration process
The first step is to deploy this new configuration to the server:
``` shell
make run limit=lore.adyxax.org tags=paste.adyxax.org
```
After that I log in and manually migrate the privatebin data folder. On the old server I make a backup with:
``` shell
systemctl stop podman-privatebin
tar czf /tmp/privatebin.tar.gz /srv/privatebin/
```
I retrieve this backup on my laptop and send it to the new server with:
``` shell
scp root@myth.adyxax.org:/tmp/privatebin.tar.gz .
scp privatebin.tar.gz root@lore.adyxax.org:
```
On the new server, I restore the backup with:
``` shell
systemctl stop podman-privatebin
tar -xzf privatebin.tar.gz -C /srv/privatebin/
chown -R 65534:65534 /srv/privatebin
chmod -R u=rwX /srv/privatebin
systemctl start podman-privatebin
```
I then test the new server by setting the record in my `/etc/hosts` file. Since all works well, I rollback my change to `/etc/hosts` and update the DNS record using OpenTofu. I then clean up by running this on my laptop:
``` shell
rm privatebin.tar.gz
ssh root@myth.adyxax.org 'rm /tmp/privatebin.tar.gz'
ssh root@lore.adyxax.org 'rm privatebin.tar.gz'
```
## Conclusion
I did all this in early October, my backlog of blog articles is only growing!