136 lines
3.4 KiB
YAML
136 lines
3.4 KiB
YAML
---
|
|
|
|
- name: install base apps
|
|
apt:
|
|
force_apt_get: yes
|
|
name:
|
|
- docker-compose-v2
|
|
- git
|
|
|
|
- name: base path
|
|
file:
|
|
path: "/srv/mastodon"
|
|
state: directory
|
|
recurse: true
|
|
|
|
- name: source
|
|
git:
|
|
repo: "https://tea.entar.net/teh/mastodon.git"
|
|
dest: /srv/mastodon/src
|
|
|
|
- name: docker-compose file
|
|
template:
|
|
src: templates/docker-compose.mastodon.yaml
|
|
dest: /srv/mastodon/docker-compose.yaml
|
|
register: compose
|
|
|
|
## generate secrets if they're needed
|
|
- name: check secret_key_base
|
|
delegate_to: localhost
|
|
become: false
|
|
stat:
|
|
path: credentials/mastodon/secret_key_base
|
|
register: secret_key_base_file
|
|
|
|
- name: check otp_secret
|
|
delegate_to: localhost
|
|
become: false
|
|
stat:
|
|
path: credentials/mastodon/otp_secret
|
|
register: otp_secret_file
|
|
|
|
- name: check vapid_secrets
|
|
delegate_to: localhost
|
|
become: false
|
|
stat:
|
|
path: credentials/mastodon/vapid_secrets
|
|
register: vapid_secrets_file
|
|
|
|
- name: env file stub
|
|
template:
|
|
src: templates/env.production
|
|
dest: /srv/mastodon/.env.production
|
|
vars:
|
|
db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
|
|
alternate_domains: "mastodon_web"
|
|
when: secret_key_base_file.stat.exists != true or otp_secret_file.stat.exists != true or vapid_secrets_file.stat.exists != true
|
|
|
|
- name: get SECRET_KEY_BASE
|
|
shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: skb
|
|
when: secret_key_base_file.stat.exists != true
|
|
|
|
- name: store SECRET_KEY_BASE
|
|
delegate_to: localhost
|
|
become: false
|
|
copy:
|
|
dest: credentials/mastodon/secret_key_base
|
|
content: "{{skb.stdout}}"
|
|
when: secret_key_base_file.stat.exists != true
|
|
|
|
- name: get OTP_SECRET
|
|
shell: docker compose run --rm mastodon_web rake secret 2>/dev/null | tail -1
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: otp
|
|
when: otp_secret_file.stat.exists != true
|
|
|
|
- name: store OTP_SECRET
|
|
delegate_to: localhost
|
|
become: false
|
|
copy:
|
|
dest: credentials/mastodon/otp_secret
|
|
content: "{{otp.stdout}}"
|
|
when: secret_key_base_file.stat.exists != true
|
|
|
|
- name: get vapid secrets
|
|
command: docker compose run --rm mastodon_web rake mastodon:webpush:generate_vapid_key
|
|
args:
|
|
chdir: /srv/mastodon
|
|
register: vapid
|
|
when: vapid_secrets_file.stat.exists != true
|
|
|
|
- name: store vapid secrets
|
|
delegate_to: localhost
|
|
become: false
|
|
copy:
|
|
dest: credentials/mastodon/vapid_secrets
|
|
content: "{{vapid.stdout}}"
|
|
when: vapid_secrets_file.stat.exists != true
|
|
|
|
- name: env file
|
|
template:
|
|
src: templates/env.production
|
|
dest: /srv/mastodon/.env.production
|
|
vars:
|
|
db_password: "{{ lookup('ansible.builtin.password', 'credentials/mastodon/postgres', length=15) }}"
|
|
secret_key_base: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/secret_key_base') }}"
|
|
otp_secret: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/otp_secret') }}"
|
|
vapid_secrets: "{{ lookup('ansible.builtin.file', 'credentials/mastodon/vapid_secrets') }}"
|
|
alternate_domains: "mastodon_web"
|
|
register: envfile
|
|
|
|
## finally, let's launch mastodon
|
|
|
|
- name: launch mastodon
|
|
command: docker compose up -d
|
|
args:
|
|
chdir: /srv/mastodon
|
|
|
|
- name: restart mastodon
|
|
command: docker compose restart
|
|
args:
|
|
chdir: /srv/mastodon
|
|
when: envfile.changed or compose.changed
|
|
|
|
|
|
|
|
## ---
|
|
|
|
- name: clean up docker
|
|
command: docker system prune -f
|
|
|
|
|
|
|