2023-11-12 16:50:05 -08:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: install base apps
|
|
|
|
|
apt:
|
|
|
|
|
force_apt_get: yes
|
|
|
|
|
name:
|
|
|
|
|
- docker-compose-v2
|
|
|
|
|
- git
|
|
|
|
|
|
2024-01-18 18:14:17 -08:00
|
|
|
- name: base path
|
2023-11-12 16:50:05 -08:00
|
|
|
file:
|
|
|
|
|
path: "/srv/mastodon"
|
|
|
|
|
state: directory
|
|
|
|
|
recurse: true
|
|
|
|
|
|
2024-01-18 18:14:17 -08:00
|
|
|
- name: source
|
2023-11-12 16:50:05 -08:00
|
|
|
git:
|
|
|
|
|
repo: "https://tea.entar.net/teh/mastodon.git"
|
|
|
|
|
dest: /srv/mastodon/src
|
|
|
|
|
|
2024-01-18 18:14:17 -08:00
|
|
|
- name: docker-compose file
|
2023-11-12 16:50:05 -08:00
|
|
|
template:
|
|
|
|
|
src: templates/docker-compose.mastodon.yaml
|
|
|
|
|
dest: /srv/mastodon/docker-compose.yaml
|
2024-01-18 18:14:17 -08:00
|
|
|
register: compose
|
2023-11-12 16:50:05 -08:00
|
|
|
|
2024-01-18 18:14:17 -08:00
|
|
|
## generate a secrets file if we need one
|
|
|
|
|
# FIXME: what's in the mastodon_secrets.yaml file should be in credential lookup like db_password is
|
|
|
|
|
|
|
|
|
|
- name: check mastodon secrets var file
|
|
|
|
|
delegate_to: localhost
|
|
|
|
|
become: false
|
|
|
|
|
stat:
|
|
|
|
|
path: mastodon_secrets.yaml
|
|
|
|
|
register: mastosecrets
|
|
|
|
|
|
|
|
|
|
- name: env file stub
|
|
|
|
|
template:
|
|
|
|
|
src: templates/env.production
|
|
|
|
|
dest: /srv/mastodon/.env.production
|
|
|
|
|
vars:
|
|
|
|
|
db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
|
|
|
|
|
alternate_domains: "mastodon_web"
|
|
|
|
|
when: mastosecrets.stat.exists != true
|
|
|
|
|
|
|
|
|
|
- name: get SECRET_KEY_BASE
|
|
|
|
|
shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
|
|
|
|
|
args:
|
|
|
|
|
chdir: /srv/mastodon
|
|
|
|
|
register: skb
|
|
|
|
|
when: mastosecrets.stat.exists != true
|
|
|
|
|
|
|
|
|
|
- name: get OTP_SECRET
|
|
|
|
|
shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
|
|
|
|
|
args:
|
|
|
|
|
chdir: /srv/mastodon
|
|
|
|
|
register: otp
|
|
|
|
|
when: mastosecrets.stat.exists != true
|
|
|
|
|
|
|
|
|
|
- name: get vapid secrets
|
|
|
|
|
command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key
|
|
|
|
|
args:
|
|
|
|
|
chdir: /srv/mastodon
|
|
|
|
|
register: vapid
|
|
|
|
|
when: mastosecrets.stat.exists != true
|
|
|
|
|
|
|
|
|
|
- name: create mastodon secrets file
|
|
|
|
|
delegate_to: localhost
|
|
|
|
|
become: false
|
|
|
|
|
template:
|
|
|
|
|
src: templates/mastodon_secrets.yaml
|
|
|
|
|
dest: mastodon_secrets.yaml
|
|
|
|
|
when: mastosecrets.stat.exists != true
|
|
|
|
|
|
|
|
|
|
## now that we have a secrets file, read it in and make the env file again
|
|
|
|
|
|
|
|
|
|
- name: read env secret vars
|
|
|
|
|
include_vars:
|
|
|
|
|
file: mastodon_secrets.yaml
|
|
|
|
|
|
|
|
|
|
- name: env file
|
|
|
|
|
template:
|
|
|
|
|
src: templates/env.production
|
|
|
|
|
dest: /srv/mastodon/.env.production
|
|
|
|
|
vars:
|
|
|
|
|
db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
|
|
|
|
|
alternate_domains: "mastodon_web"
|
|
|
|
|
register: envfile
|
|
|
|
|
|
|
|
|
|
## finally, let's launch mastodon
|
|
|
|
|
|
|
|
|
|
- name: launch mastodon
|
|
|
|
|
command: docker compose up -d
|
|
|
|
|
args:
|
|
|
|
|
chdir: /srv/mastodon
|
|
|
|
|
|
|
|
|
|
- name: restart mastodon
|
|
|
|
|
command: docker compose restart
|
|
|
|
|
args:
|
|
|
|
|
chdir: /srv/mastodon
|
|
|
|
|
when: envfile.changed or compose.changed
|
2023-11-12 16:50:05 -08:00
|
|
|
|
|
|
|
|
|
