Co-operative Technologists Ansible Playbooks

These Playbooks are designed to be used on Debian Stretch virtual servers.

Discourse

Login to the virtual server console, install python, enable root ssh access using keys by adding your keys to /root/.ssh/authorized_keys, edit /etc/sshd/sshd_config to set PermitRootLogin prohibit-password, run service ssh restart and then run the first Playbook:

export SERVERNAME="community.coops.tech"
ansible-playbook -u root discourse.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"

Then login to the site, get the API key from https://$SERVERNAME/admin/api/keys and run the second Playbook, adding the API key when prompted:

export SERVERNAME="community.coops.tech"
ansible-playbook -u root discourse_api.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"

Then check these settings for email:

• Required : notification email set this to discourse@$SERVERNAME (use the actual domain name not $SERVERNAME)
• Email : reply by email enabled tick "Enable replying to topics via email."
• Email : reply by email address set this to discourse+%{reply_key}@$SERVERNAME (use the actual domain name not $SERVERNAME)
• Email : manual polling enabled rick "Push emails using the API for email replies."

Then tighten some security settings:

• Security : force https tick "Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"

If you are using this Playbook somewhere other than on a Webarchitects virtual server in Sheffield then the iptables and munin-node roles will, as a minimum, need editing and might be best omitted. Also note that these Playbooks are based on using mx.webarch.net for incoming email -- this is an anti-spam gateway, if this wasn't used then SpamAssassin should probably be added to the mix.

The email setup was originally based on the mail-reciever Docker container plus the outstanding pull request and the Postfix notes for using the host for outgoing email, but then we switched it over to use Exim.

TODO:

CoTech Community Discourse Settings

Initial settings used for community.coops.tech when it was created:

• title: Cooperative Technologists Community
• site description: The intersection of co-operation and technology, the CoTech community forum.
• contact email: community@coops.tech
• contact url: https://www.coops.tech/
• notification email: discourse@community.coops.tech
• site contact username: system
• logo url: https://wiki.coops.tech/wiki/File:Cotech-blue.png
• logo small url: https://wiki.coops.tech/wiki/File:Cotech-blue-text.png
• company short name: CoTech
• company full name: Cooperative Technologists
• company domain: coops.tech

On the Email settings admin page:

• reply by email enabled
• reply by email address: discourse+%{reply_key}@community.coops.tech
• manual polling enabled
• email prefix: cotech-community
• email site title: CoTech Community

On the Security page:

• force https

On the User Preferences page:

• default email digest frequency: every hour
• default include tl0 in digests
• default email mailing list mode
• default email mailing list mode frequency: Send an email for every new post
• default email always

The first post text:

Welcome to the Cooperative Technologists Community, we are a network of technology focused cooperatives, CoTech who are "building a tech industry that's better for its workers and customers through co-operation, democracy and worker ownership." This is our open community discussion forum, you don't have to be a member of a coop to join this community but you do need to support the cooperative values and principles and have an interest in technology, you can find out more about us, read our manifesto, see who we are and who we have worked for and watch a video made at our first gathering on www.coops.tech. Please read our community guidelines before signing up.