Post

Pleroma 2.7.0 upgrade in FreeBSD jail

Posted Updated
By Evaldas Auryla
3 min read

1. Create new jail for Pleroma

1

zfs receive -v rpool/jail/pleroma < /poudriere/data/packages/zfs/jail141-release.zfs

Add new entry for it in /etc/jail.conf

1
2

# PostreSQL needs allow.sysvipc = 1;
pleroma  { ip4.addr = vlan2|192.168.X.X; allow.sysvipc = 1; }

Start the jail, enter it, and bootstrap pkg

1
2
3

service jail start pleroma
jexec pleroma sh
pkg

2. Prepare jail packages

Install required packages in jail and start PostgreSQL

1
2
3
4
5
6
7
8
9

# Joe is my preferred editor and I'll use bash as Pleroma service shell
pkg install bash joe git-lite cmake gcc gmake vips-nox11 elixir postgresql17-server postgresql17-contrib
sysrc postgresql_enable=YES
service postgresql initdb
# Change PostgreSQL conf to enable password auth
joe /var/db/postgres/data17/pg_hba.conf
# host    all             all             127.0.0.1/32     password
# host    all             all             192.168.X.X/32   password
service postgresql start

3. Install Pleroma from source

Prepare service account

1
2
3
4
5
6
7
8
9
10
11

NAME=pleroma ID=1244 && pw groupadd -n $NAME -g $ID && pw useradd -n $NAME -g $NAME -u $ID -s /usr/local/bin/bash -c "Pleroma User" -w no -m -d /home/pleroma
# optional, install preferred joe editor and bash settings to pleroma user
cp .joerc .bashrc /home/pleroma/ && chown pleroma:pleroma /home/pleroma/.bashrc /home/pleroma/.joerc
# this account needs UTF-8 locale
echo "export LANG=en_US.UTF-8" >>/home/pleroma/.bashrc
echo "export CHARSET=UTF-8" >>/home/pleroma/.bashrc
echo "export LC_ALL=en_US.UTF-8" >>/home/pleroma/.bashrc
echo "export VIX_COMPILATION_MODE=PLATFORM_PROVIDED_LIBVIPS" >>/home/pleroma/.bashrc
# check locale is correct
su pleroma
locale

Upgrade Pleroma from source

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

su pleroma
cd ~/pleroma
git pull
git checkout v2.7.0
MAKE=gmake CC=gcc mix deps.get
MAKE=gmake CC=gcc mix compile
MAKE=gmake CC=gcc mix ecto.migrate
# edit dbpass
joe config/setup_db.psql
exit
cat /home/pleroma/pleroma/config/setup_db.psql | su postgres -c "psql -f -"
# PostgreSQL version changed in new jail, do dump-restore to migrate data
# in old jail
su postgres -c "pg_dump -Fc pleroma >/var/tmp/db.dump"
# nullfs mount /jail/preromaold/var/tmp in new jail as /jail/pleroma/var/tmpold
# then in new jail
su postgres -c "pg_restore -v -1 -d pleroma /var/tmpold/db.dump"

First time Pleroma install from source, generate configuration

1
2
3
4
5
6
7
8
9
10

su pleroma
cd
git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
cd pleroma
MAKE=gmake CC=gcc mix deps.get
MAKE=gmake CC=gcc mix pleroma.instance gen
mv config/generated_config.exs config/prod.secret.exs
chmod 600 config/setup_db.psql config/prod.secret.exs
exit
su postgres -c "psql -f /home/pleroma/pleroma/config/setup_db.psql"

Start Pleroma first time

1
2
3
4
5
6
7
8

# Run the database migrations. You will need to do this whenever you update with git pull:
su pleroma
cd ~/pleroma
MAKE=gmake CC=gcc MIX_ENV=prod mix ecto.migrate
# run server
MAKE=gmake CC=gcc MIX_ENV=prod mix phx.server
# create user
MAKE=gmake CC=gcc MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress> --admin

Enable Pleroma as service in jail

As of 2020-08-30, the new Pleroma version 2.1 comes with FreeBSD rc startup script, see Pleroma Documentation - Installing on FreeBSD, install it as root user in jail

1
2
3

install /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d
sysrc pleroma_enable=YES
service pleroma start

4. Enable reverse proxy for Pleroma service

The reverse proxy which is running H2O server in another jail (192.168.Y.Y) has following configuration entry for pleroma

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

  "toot.uoga.net:80":
    listen:
      host: 192.168.Y.Y
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://toot.uoga.net/"
      "/.well-known/acme-challenge":
        file.dir: "/usr/local/www/dehydrated"

  "toot.uoga.net:443":
    listen:
      host: 192.168.Y.Y
      port: 443
      ssl:
        certificate-file: /usr/local/etc/dehydrated/certs/toot.uoga.net/fullchain.pem
        key-file: /usr/local/etc/dehydrated/certs/toot.uoga.net/privkey.pem
    paths:
      "/":
        file.send-compressed: ON  # Performance: minify and pre-compress css
        proxy.reverse.url: http://192.168.X.X:4000/
        proxy.websocket: ON
        proxy.preserve-host: ON

The same jail has also dehydrated package, so I simply add toot.uoga.net to /usr/local/etc/dehydrated/domains.txt and rerun dehydrated -c to install LetsEncrypt certificate for Pleroma service.

Software, FreeBSD
Pleroma jail