masto-aio/ansible/roles/mastodon/tasks/main.yaml

---

- name: install base apps
  apt:
    force_apt_get: yes
    name:
      - docker-compose-v2
      - git

- name: base path
  file:
    path: "/srv/mastodon"
    state: directory
    recurse: true

- name: source
  git:
    repo: "https://tea.entar.net/teh/mastodon.git"
    dest: /srv/mastodon/src

- name: docker-compose file
  template:
    src: templates/docker-compose.mastodon.yaml
    dest: /srv/mastodon/docker-compose.yaml
  register: compose

## generate secrets if they're needed
- name: check secret_key_base
  delegate_to: localhost
  become: false
  stat:
    path: credentials/mastodon/secret_key_base
  register: secret_key_base_file

- name: check otp_secret
  delegate_to: localhost
  become: false
  stat:
    path: credentials/mastodon/otp_secret
  register: otp_secret_file

- name: check vapid_secrets
  delegate_to: localhost
  become: false
  stat:
    path: credentials/mastodon/vapid_secrets
  register: vapid_secrets_file

- name: env file stub
  template:
    src: templates/env.production
    dest: /srv/mastodon/.env.production
  vars:
    db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
    alternate_domains: "mastodon_web"
  when: secret_key_base_file.stat.exists != true or otp_secret_file.stat.exists != true or vapid_secrets_file.stat.exists != true

- name: get SECRET_KEY_BASE
  shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
  args:
    chdir: /srv/mastodon
  register: skb
  when: secret_key_base_file.stat.exists != true

- name: store SECRET_KEY_BASE
  delegate_to: localhost
  become: false
  copy:
    dest: credentials/mastodon/secret_key_base
    content: "{{skb.stdout}}"
  when: secret_key_base_file.stat.exists != true

- name: get OTP_SECRET
  shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
  args:
    chdir: /srv/mastodon
  register: otp
  when: otp_secret_file.stat.exists != true

- name: store OTP_SECRET
  delegate_to: localhost
  become: false
  copy:
    dest: credentials/mastodon/otp_secret
    content: "{{otp.stdout}}"
  when: secret_key_base_file.stat.exists != true

- name: get vapid secrets
  command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key
  args:
    chdir: /srv/mastodon
  register: vapid
  when: vapid_secrets_file.stat.exists != true

- name: store vapid secrets
  delegate_to: localhost
  become: false
  copy:
    dest: credentials/mastodon/vapid_secrets
    content: "{{vapid.stdout}}"
  when: vapid_secrets_file.stat.exists != true

- name: env file
  template:
    src: templates/env.production
    dest: /srv/mastodon/.env.production
  vars:
    db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
    secret_key_base: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/secret_key_base') }}"
    otp_secret:      "{{ lookup('ansible.builtin.file', 'credentials/mastodon/otp_secret') }}"
    vapid_secrets:   "{{ lookup('ansible.builtin.file', 'credentials/mastodon/vapid_secrets') }}"
    alternate_domains: "mastodon_web"
  register: envfile

## finally, let's launch mastodon

# XXX FIXME: this should handle DB upgrades when appropriate
# -- check the upgrade instructions for any major release really

- name: launch mastodon
  command: docker compose up -d
  args:
    chdir: /srv/mastodon

# create an admin user!
# -- it's in lib/tasks/mastodon.rake under User.new
# or https://docs.joinmastodon.org/admin/tootctl/#accounts-create

- name: check for any tables at all
  command: docker exec -t mastodon_db psql -U postgres mastodon_production -P pager=off -c '\dt'
  register: hazschema

- name: initialize mastodon database
  command: docker compose run -t --rm mastodon_web bundle exec rails db:setup
  args:
    chdir: /srv/mastodon
  when: hazschema.stdout is match("Did not find any relations")

- name: restart mastodon
  command: docker compose restart
  args:
    chdir: /srv/mastodon
  when: envfile.changed or compose.changed


## add nginx config

- name: copy nginx config
  template:
    src: templates/nginx.conf
    dest: /srv/nginx/conf.d/mastodon.conf
  register: nginxconf

- name: reload nginx
  command: docker exec -t nginx nginx -s reload
  when: nginxconf.changed


## ---

- name: clean up docker
  command: docker system prune -f
Initial commit. 2023-11-12 16:50:05 -08:00			`---`

			`- name: install base apps`
			`apt:`
			`force_apt_get: yes`
			`name:`
			`- docker-compose-v2`
			`- git`

First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`- name: base path`
Initial commit. 2023-11-12 16:50:05 -08:00			`file:`
			`path: "/srv/mastodon"`
			`state: directory`
			`recurse: true`

First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`- name: source`
Initial commit. 2023-11-12 16:50:05 -08:00			`git:`
			`repo: "https://tea.entar.net/teh/mastodon.git"`
			`dest: /srv/mastodon/src`

First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`- name: docker-compose file`
Initial commit. 2023-11-12 16:50:05 -08:00			`template:`
			`src: templates/docker-compose.mastodon.yaml`
			`dest: /srv/mastodon/docker-compose.yaml`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`register: compose`
Initial commit. 2023-11-12 16:50:05 -08:00
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`## generate secrets if they're needed`
			`- name: check secret_key_base`
			`delegate_to: localhost`
			`become: false`
			`stat:`
			`path: credentials/mastodon/secret_key_base`
			`register: secret_key_base_file`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`- name: check otp_secret`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`delegate_to: localhost`
			`become: false`
			`stat:`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`path: credentials/mastodon/otp_secret`
			`register: otp_secret_file`

			`- name: check vapid_secrets`
			`delegate_to: localhost`
			`become: false`
			`stat:`
			`path: credentials/mastodon/vapid_secrets`
			`register: vapid_secrets_file`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
			`- name: env file stub`
			`template:`
			`src: templates/env.production`
			`dest: /srv/mastodon/.env.production`
			`vars:`
			`db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"`
			`alternate_domains: "mastodon_web"`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`when: secret_key_base_file.stat.exists != true or otp_secret_file.stat.exists != true or vapid_secrets_file.stat.exists != true`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
			`- name: get SECRET_KEY_BASE`
			`shell: docker compose run --rm mastodon_web rake secret 2>/dev/null \| tail -1`
			`args:`
			`chdir: /srv/mastodon`
			`register: skb`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`when: secret_key_base_file.stat.exists != true`

			`- name: store SECRET_KEY_BASE`
			`delegate_to: localhost`
			`become: false`
			`copy:`
			`dest: credentials/mastodon/secret_key_base`
			`content: "{{skb.stdout}}"`
			`when: secret_key_base_file.stat.exists != true`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
			`- name: get OTP_SECRET`
			`shell: docker compose run --rm mastodon_web rake secret 2>/dev/null \| tail -1`
			`args:`
			`chdir: /srv/mastodon`
			`register: otp`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`when: otp_secret_file.stat.exists != true`

			`- name: store OTP_SECRET`
			`delegate_to: localhost`
			`become: false`
			`copy:`
			`dest: credentials/mastodon/otp_secret`
			`content: "{{otp.stdout}}"`
			`when: secret_key_base_file.stat.exists != true`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
			`- name: get vapid secrets`
			`command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key`
			`args:`
			`chdir: /srv/mastodon`
			`register: vapid`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`when: vapid_secrets_file.stat.exists != true`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`- name: store vapid secrets`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`delegate_to: localhost`
			`become: false`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`copy:`
			`dest: credentials/mastodon/vapid_secrets`
			`content: "{{vapid.stdout}}"`
			`when: vapid_secrets_file.stat.exists != true`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00
			`- name: env file`
			`template:`
			`src: templates/env.production`
			`dest: /srv/mastodon/.env.production`
			`vars:`
			`db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"`
Move secrets into credentials dir 2024-01-18 19:54:44 -08:00			`secret_key_base: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/secret_key_base') }}"`
			`otp_secret: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/otp_secret') }}"`
			`vapid_secrets: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/vapid_secrets') }}"`
First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`alternate_domains: "mastodon_web"`
			`register: envfile`

			`## finally, let's launch mastodon`

Add ssl config and create masto schema 2024-01-20 08:34:40 -08:00			`# XXX FIXME: this should handle DB upgrades when appropriate`
			`# -- check the upgrade instructions for any major release really`

First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`- name: launch mastodon`
			`command: docker compose up -d`
			`args:`
			`chdir: /srv/mastodon`

Add ssl config and create masto schema 2024-01-20 08:34:40 -08:00			`# create an admin user!`
			`# -- it's in lib/tasks/mastodon.rake under User.new`
			`# or https://docs.joinmastodon.org/admin/tootctl/#accounts-create`

			`- name: check for any tables at all`
Add mastodon to nginx config 2024-01-20 12:15:36 -08:00			`command: docker exec -t mastodon_db psql -U postgres mastodon_production -P pager=off -c '\dt'`
Add ssl config and create masto schema 2024-01-20 08:34:40 -08:00			`register: hazschema`

			`- name: initialize mastodon database`
Add mastodon to nginx config 2024-01-20 12:15:36 -08:00			`command: docker compose run -t --rm mastodon_web bundle exec rails db:setup`
Add ssl config and create masto schema 2024-01-20 08:34:40 -08:00			`args:`
			`chdir: /srv/mastodon`
			`when: hazschema.stdout is match("Did not find any relations")`

First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`- name: restart mastodon`
			`command: docker compose restart`
			`args:`
			`chdir: /srv/mastodon`
			`when: envfile.changed or compose.changed`
Initial commit. 2023-11-12 16:50:05 -08:00

Add mastodon to nginx config 2024-01-20 12:15:36 -08:00			`## add nginx config`

			`- name: copy nginx config`
			`template:`
			`src: templates/nginx.conf`
			`dest: /srv/nginx/conf.d/mastodon.conf`
			`register: nginxconf`

			`- name: reload nginx`
			`command: docker exec -t nginx nginx -s reload`
			`when: nginxconf.changed`

Move secrets into credentials dir 2024-01-18 19:54:44 -08:00
			`## ---`

			`- name: clean up docker`
			`command: docker system prune -f`