185 lines
5.1 KiB
YAML
185 lines
5.1 KiB
YAML
---
|
|
|
|
- name: install base apps
|
|
apt:
|
|
force_apt_get: yes
|
|
name:
|
|
- docker-compose-v2
|
|
- git
|
|
|
|
- name: base path
|
|
file:
|
|
path: "/srv/mastodon"
|
|
state: directory
|
|
recurse: true
|
|
|
|
- name: source
|
|
git:
|
|
repo: "https://tea.entar.net/teh/mastodon.git"
|
|
dest: /srv/mastodon/src
|
|
version: deploy
|
|
|
|
- name: docker-compose file
|
|
template:
|
|
src: templates/docker-compose.mastodon.yaml
|
|
dest: /srv/mastodon/docker-compose.yaml
|
|
register: compose
|
|
|
|
## generate secrets if they're needed
|
|
- name: check secret_key_base
|
|
delegate_to: localhost
|
|
become: false
|
|
stat:
|
|
path: credentials/mastodon/secret_key_base
|
|
register: secret_key_base_file
|
|
|
|
- name: check otp_secret
|
|
delegate_to: localhost
|
|
become: false
|
|
stat:
|
|
path: credentials/mastodon/otp_secret
|
|
register: otp_secret_file
|
|
|
|
- name: check vapid_secrets
|
|
delegate_to: localhost
|
|
become: false
|
|
stat:
|
|
path: credentials/mastodon/vapid_secrets
|
|
register: vapid_secrets_file
|
|
|
|
- name: env file stub
|
|
template:
|
|
src: templates/env.production
|
|
dest: /srv/mastodon/.env.production
|
|
vars:
|
|
db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
|
|
alternate_domains: "mastodon_web"
|
|
when: secret_key_base_file.stat.exists != true or otp_secret_file.stat.exists != true or vapid_secrets_file.stat.exists != true
|
|
|
|
- name: get SECRET_KEY_BASE
|
|
shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: skb
|
|
when: secret_key_base_file.stat.exists != true
|
|
|
|
- name: store SECRET_KEY_BASE
|
|
delegate_to: localhost
|
|
become: false
|
|
copy:
|
|
dest: credentials/mastodon/secret_key_base
|
|
content: "{{skb.stdout}}"
|
|
when: secret_key_base_file.stat.exists != true
|
|
|
|
- name: get OTP_SECRET
|
|
shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: otp
|
|
when: otp_secret_file.stat.exists != true
|
|
|
|
- name: store OTP_SECRET
|
|
delegate_to: localhost
|
|
become: false
|
|
copy:
|
|
dest: credentials/mastodon/otp_secret
|
|
content: "{{otp.stdout}}"
|
|
when: secret_key_base_file.stat.exists != true
|
|
|
|
- name: get vapid secrets
|
|
command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: vapid
|
|
when: vapid_secrets_file.stat.exists != true
|
|
|
|
- name: store vapid secrets
|
|
delegate_to: localhost
|
|
become: false
|
|
copy:
|
|
dest: credentials/mastodon/vapid_secrets
|
|
content: "{{vapid.stdout}}"
|
|
when: vapid_secrets_file.stat.exists != true
|
|
|
|
- name: env file
|
|
template:
|
|
src: templates/env.production
|
|
dest: /srv/mastodon/.env.production
|
|
vars:
|
|
db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
|
|
secret_key_base: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/secret_key_base') }}"
|
|
otp_secret: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/otp_secret') }}"
|
|
vapid_secrets: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/vapid_secrets') }}"
|
|
alternate_domains: "mastodon_web"
|
|
register: envfile
|
|
|
|
## finally, let's launch mastodon
|
|
|
|
# XXX FIXME: this should handle DB upgrades when appropriate
|
|
# -- check the upgrade instructions for any major release really
|
|
|
|
- name: launch mastodon
|
|
command: docker compose up -d
|
|
args:
|
|
chdir: /srv/mastodon
|
|
|
|
# create an admin user!
|
|
# -- it's in lib/tasks/mastodon.rake under User.new
|
|
# or https://docs.joinmastodon.org/admin/tootctl/#accounts-create
|
|
|
|
- name: wait for the db to come up
|
|
command: timeout --foreground 300 bash -c -- 'until docker compose exec -t mastodon_db psql -U postgres mastodon_production -P pager=off -c "\\dt"; do sleep 1; done'
|
|
args:
|
|
chdir: /srv/mastodon
|
|
|
|
- name: check for any tables at all
|
|
command: docker compose exec -t mastodon_db psql -U postgres mastodon_production -P pager=off -c '\dt'
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: hazschema
|
|
|
|
- name: initialize mastodon database
|
|
command: docker compose run -t --rm mastodon_web bundle exec rails db:setup
|
|
args:
|
|
chdir: /srv/mastodon
|
|
when: hazschema.stderr is match("Did not find any relations")
|
|
register: newschema
|
|
|
|
- name: check whether our admin account has been created yet
|
|
shell: "docker exec -t mastodon_db psql -U postgres mastodon_production -t -c 'select count(*) from accounts;' | awk '{ print $1 }' | head -1"
|
|
register: accountcount
|
|
|
|
- name: create admin account
|
|
command: "docker compose exec -it mastodon_web bash -c 'RAILS_ENV=production tootctl accounts create meat --email {{ admin_email }} --confirmed --role Owner'"
|
|
args:
|
|
chdir: /srv/mastodon
|
|
when: accountcount.stdout == "1"
|
|
|
|
|
|
- name: restart mastodon
|
|
command: docker compose restart
|
|
args:
|
|
chdir: /srv/mastodon
|
|
when: envfile.changed or compose.changed or newschema.changed
|
|
|
|
|
|
## add nginx config
|
|
|
|
- name: copy nginx config
|
|
template:
|
|
src: templates/nginx.conf
|
|
dest: /srv/nginx/conf.d/mastodon.conf
|
|
register: nginxconf
|
|
|
|
- name: reload nginx
|
|
command: docker exec -t nginx nginx -s reload
|
|
when: nginxconf.changed
|
|
|
|
|
|
## ---
|
|
|
|
- name: clean up docker
|
|
command: docker system prune -f
|
|
|
|
|
|
|