Snippets Groups Projects

This is an archived project. Repository and other project resources are read-only.

Chris Croome authored 7 years ago

f869535e

f869535e 7 years ago

Name	Last commit	Last update
roles
.gitattributes
README.md
discourse.yml
discourse_api.yml

Co-operative Technologists Ansible Playbooks

These Playbooks are designed to be used on Debian Stretch virtual servers.

Discourse

Login to the virtual server console, install python, enable root ssh access using keys by adding your keys to /root/.ssh/authorized_keys, edit /etc/sshd/sshd_config to set PermitRootLogin prohibit-password, run service ssh restart and then run the first Playbook:

export SERVERNAME="community.coops.tech"
ansible-playbook -u root discourse.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"

Then login to the site, get the API key from https://$SERVERNAME/admin/api/keys and run the second Playbook, adding the API key when prompted:

export SERVERNAME="community.coops.tech"
ansible-playbook -u root discourse_api.yml -i "${SERVERNAME}," -e "hostname=${SERVERNAME}"

Then check these settings for email:

Required : notification email set this to discourse@$SERVERNAME (use the actual domain name not $SERVERNAME)
Email : reply by email enabled tick "Enable replying to topics via email."
Email : reply by email address set this to discourse+%{reply_key}@$SERVERNAME (use the actual domain name not $SERVERNAME)
Email : manual polling enabled rick "Push emails using the API for email replies."

Then tighten some security settings:

Security : force https tick "Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"

If you are using this Playbook somewhere other than on a Webarchitects virtual server in Sheffield then the iptables and munin-node roles will, as a minimum, need editing and might be best omitted. Also note that these Playbooks are based on using mx.webarch.net for incoming email -- this is an anti-spam gateway, if this wasn't used then SpamAssassin should probably be added to the mix.

The email setup is based on the mail-reciever Docker container plus the outstanding pull request and the Postfix notes for using the host for outgoing email.

TODO:

Email: Postfix isn't configured correctly, for outgoing email some of these steps were followed and then the mail-reciever Docker setup was copied and this thread and some of the changes here were implemented and it is not quite right...
Munin node plugin setup

CoTech Community Discourse Settings

Suggested settings the be used for community.coops.tech:

title: Co-operative Technologists Community
site description: The intersection of co-operation and technology, the CoTech community forum.
contact email: community@coops.tech
contact url: https://www.coops.tech/
notification email: discourse@community.coops.tech
site contact username: system
company short name: CoTech
company full name: Co-operative Technologists
company domain: coops.tech

On the Email settings admin page:

reply by email enabled
reply by email address: discourse+%{reply_key}@community.coops.tech
manual polling enabled
email prefix: cotech-community
email site title: CoTech Community

On the Security page:

force https

On the User Preferences page:

default email digest frequency: every hour
default include tl0 in digests
default email mailing list mode
default email mailing list mode frequency: Send an email for every new post
default email always

Webarchitects | Forum | Status | SSH Fingerprints