--- - name: install base apps apt: force_apt_get: yes name: - docker-compose-v2 - git - name: base path file: path: "/srv/mastodon" state: directory recurse: true - name: source git: repo: "https://tea.entar.net/teh/mastodon.git" dest: /srv/mastodon/src version: deploy - name: docker-compose file template: src: templates/docker-compose.mastodon.yaml dest: /srv/mastodon/docker-compose.yaml register: compose ## generate secrets if they're needed - name: check secret_key_base delegate_to: localhost become: false stat: path: credentials/mastodon/secret_key_base register: secret_key_base_file - name: check otp_secret delegate_to: localhost become: false stat: path: credentials/mastodon/otp_secret register: otp_secret_file - name: check vapid_secrets delegate_to: localhost become: false stat: path: credentials/mastodon/vapid_secrets register: vapid_secrets_file - name: env file stub template: src: templates/env.production dest: /srv/mastodon/.env.production vars: db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}" alternate_domains: "mastodon_web" when: secret_key_base_file.stat.exists != true or otp_secret_file.stat.exists != true or vapid_secrets_file.stat.exists != true - name: get SECRET_KEY_BASE shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1 args: chdir: /srv/mastodon register: skb when: secret_key_base_file.stat.exists != true - name: store SECRET_KEY_BASE delegate_to: localhost become: false copy: dest: credentials/mastodon/secret_key_base content: "{{skb.stdout}}" when: secret_key_base_file.stat.exists != true - name: get OTP_SECRET shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1 args: chdir: /srv/mastodon register: otp when: otp_secret_file.stat.exists != true - name: store OTP_SECRET delegate_to: localhost become: false copy: dest: credentials/mastodon/otp_secret content: "{{otp.stdout}}" when: secret_key_base_file.stat.exists != true - name: get vapid secrets command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key args: chdir: /srv/mastodon register: vapid when: vapid_secrets_file.stat.exists != true - name: store vapid secrets delegate_to: localhost become: false copy: dest: credentials/mastodon/vapid_secrets content: "{{vapid.stdout}}" when: vapid_secrets_file.stat.exists != true - name: env file template: src: templates/env.production dest: /srv/mastodon/.env.production vars: db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}" secret_key_base: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/secret_key_base') }}" otp_secret: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/otp_secret') }}" vapid_secrets: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/vapid_secrets') }}" alternate_domains: "mastodon_web" register: envfile ## finally, let's launch mastodon # XXX FIXME: this should handle DB upgrades when appropriate # -- check the upgrade instructions for any major release really - name: launch mastodon command: docker compose up -d args: chdir: /srv/mastodon # create an admin user! # -- it's in lib/tasks/mastodon.rake under User.new # or https://docs.joinmastodon.org/admin/tootctl/#accounts-create - name: check for any tables at all command: docker exec -t mastodon_db psql -U postgres mastodon_production -P pager=off -c '\dt' register: hazschema - name: initialize mastodon database command: docker compose run -t --rm mastodon_web bundle exec rails db:setup args: chdir: /srv/mastodon when: hazschema.stdout is match("Did not find any relations") - name: restart mastodon command: docker compose restart args: chdir: /srv/mastodon when: envfile.changed or compose.changed ## add nginx config - name: copy nginx config template: src: templates/nginx.conf dest: /srv/nginx/conf.d/mastodon.conf register: nginxconf - name: reload nginx command: docker exec -t nginx nginx -s reload when: nginxconf.changed ## --- - name: clean up docker command: docker system prune -f