From 3ec359ed0ef40d9b32d9030e5707244d2784f02e Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 18 Nov 2022 09:12:28 +0000 Subject: [PATCH] Deploy me a mastodon --- ansible/main.yml | 1 + .../roles/mastodon/files/docker-compose.yml | 61 +++++++++++++++++++ ansible/roles/mastodon/handlers/main.yml | 4 ++ ansible/roles/mastodon/tasks/main.yml | 20 ++++++ ansible/roles/mastodon/vars/main.yml | 4 ++ ansible/roles/mastodon/vars/vault.yml | 30 +++++++++ .../roles/website/files/docker-compose.yml | 1 + terraform/theorangeone.net.tf | 8 +++ 8 files changed, 129 insertions(+) create mode 100644 ansible/roles/mastodon/files/docker-compose.yml create mode 100644 ansible/roles/mastodon/handlers/main.yml create mode 100644 ansible/roles/mastodon/tasks/main.yml create mode 100644 ansible/roles/mastodon/vars/main.yml create mode 100644 ansible/roles/mastodon/vars/vault.yml diff --git a/ansible/main.yml b/ansible/main.yml index 390b606..3747183 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -70,6 +70,7 @@ - vaultwarden - tandoor - authentik + - mastodon - hosts: ingress roles: diff --git a/ansible/roles/mastodon/files/docker-compose.yml b/ansible/roles/mastodon/files/docker-compose.yml new file mode 100644 index 0000000..9129eca --- /dev/null +++ b/ansible/roles/mastodon/files/docker-compose.yml @@ -0,0 +1,61 @@ +version: "2.3" + +services: + mastodon: + image: lscr.io/linuxserver/mastodon:4.0.2 + environment: + - TZ={{ timezone }} + - PUID={{ docker_user.id }} + - PGID={{ docker_user.id }} + - LOCAL_DOMAIN=theorangeone.net + - WEB_DOMAIN=mastodon.theorangeone.net + - DATABASE_URL=postgresql://mastodon:mastodon@db/mastodon + - REDIS_URL=redis://redis + - SECRET_KEY_BASE={{ secret_key_base }} + - OTP_SECRET={{ otp_secret }} + - VAPID_PRIVATE_KEY={{ vapid_private_key }} + - VAPID_PUBLIC_KEY={{ vapid_public_key }} + - TRUSTED_PROXY_IP=172.20.0.1 + - SINGLE_USER_MODE=true + - DEFAULT_LOCALE=en + - STREAMING_CLUSTER_NUM=2 + - WEB_CONCURRENCY=2 + - MAX_THREADS=4 + - HTTP_PROXY={{ pve_hosts.qbittorrent.ip }}:3128 + - HTTPS_PROXY={{ pve_hosts.qbittorrent.ip }}:3128 + restart: unless-stopped + volumes: + - "{{ app_data_dir }}/mastodon:/config/mastodon" + depends_on: + - db + - redis + networks: + - default + - traefik + tmpfs: + - /var/cache + - /config/log + labels: + - traefik.enable=true + - traefik.http.routers.mastodon.rule=Host(`mastodon.theorangeone.net`) + - traefik.http.services.mastodon-mastodon.loadbalancer.server.port=443 + - traefik.http.services.mastodon-mastodon.loadbalancer.server.scheme=https + + db: + image: postgres:14-alpine + restart: unless-stopped + volumes: + - /mnt/tank/dbs/postgres/mastodon/:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=mastodon + - POSTGRES_USER=mastodon + + redis: + image: redis:6-alpine + restart: unless-stopped + volumes: + - /mnt/tank/dbs/redis/mastodon/:/data + +networks: + traefik: + external: true diff --git a/ansible/roles/mastodon/handlers/main.yml b/ansible/roles/mastodon/handlers/main.yml new file mode 100644 index 0000000..49092bc --- /dev/null +++ b/ansible/roles/mastodon/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart mastodon + shell: + chdir: /opt/mastodon + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/mastodon/tasks/main.yml b/ansible/roles/mastodon/tasks/main.yml new file mode 100644 index 0000000..4f3491c --- /dev/null +++ b/ansible/roles/mastodon/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/mastodon + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/mastodon/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart mastodon + become: true diff --git a/ansible/roles/mastodon/vars/main.yml b/ansible/roles/mastodon/vars/main.yml new file mode 100644 index 0000000..1cc9557 --- /dev/null +++ b/ansible/roles/mastodon/vars/main.yml @@ -0,0 +1,4 @@ +secret_key_base: "{{ vault_secret_key_base }}" +otp_secret: "{{ vault_otp_secret }}" +vapid_private_key: "{{ vault_vapid_private_key }}" +vapid_public_key: "{{ vault_vapid_public_key }}" diff --git a/ansible/roles/mastodon/vars/vault.yml b/ansible/roles/mastodon/vars/vault.yml new file mode 100644 index 0000000..4dab4e4 --- /dev/null +++ b/ansible/roles/mastodon/vars/vault.yml @@ -0,0 +1,30 @@ +$ANSIBLE_VAULT;1.1;AES256 +63646161653431383335313735643535313434613362343161373961633539373932313338343633 +6637323935616636353731336531663635656532383166640a633335666633363136333433343266 +37383237623837616464613561633931613230623633313533393464646464646566366330323365 +6563396262363238320a303433636266616635313536396132366239343230656432626639653230 +63336165323337393664373635616532643935343363303766376533366661663366623939653564 +35363335396266363532653038623038383836383236366466366339343433393338343566653834 +30393761626537313531346466373136666565653731663430376664353737663039643263303533 +35663836626462333262356330616131316432326139616165363831393036343235663736626661 +35666264346563306133306565636261633766616135616366376430643763333031353534373033 +35373739333562313639376264343562363130373531313563643834613533653034316536323339 +39646337376462656362666330643831653730393562316661326433633334353963306664396264 +30373238653832613861633263383663616538366361336163373861613538613132353963373666 +34376464333462633839396263396335613233356261666661313763333033376434626463663133 +32646130333635656665396335393232346661303861626566663931303637653065313031323936 +64333931393165343761376630666462343136353335343632323435306261633232633662353137 +32323863343365623566316537343062393638393434323134633535313531333135666535323439 +35613439373737396562613834373638356534326438646330663564366436333962626135363833 +63653731383163653932383632306239663365323237363562306639643662393530633430386164 +61613137663734636666633966663366393832353166343239656335396630323138366338616430 +37653036303735383664656530626630616437373762343263643661343464326466353234316363 +64643733363435656365343537626364643430316630663666373932663564623835646336633034 +65646264346439356161353838353064626230636664373035336433356530326632613035316434 +31613434366530323263383337316432316432373835343164313963643733626362393334623266 +65356131626135336337383139643838333134616137366530353730646634633364353333646563 +66333134616639363932613238346538623764663831353031383834613230393936386432623434 +37393935346238633338323432613638616466623264656434393761623363356330623632323261 +36393064316263666432663633323535363035323535653834323064383437343530306166306239 +37316236313533393062623066336561373138636339393631313866303433643832383230656532 +3137 diff --git a/ansible/roles/website/files/docker-compose.yml b/ansible/roles/website/files/docker-compose.yml index c70fac5..06ef3e9 100644 --- a/ansible/roles/website/files/docker-compose.yml +++ b/ansible/roles/website/files/docker-compose.yml @@ -19,6 +19,7 @@ x-website: &website - BASE_HOSTNAME=theorangeone.net - WEB_CONCURRENCY=4 - SEO_INDEX=true + - ACTIVITYPUB_HOST=mastodon.theorangeone.net volumes: - ./media:/app/media depends_on: diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index f3a208c..4bc6023 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -260,3 +260,11 @@ resource "cloudflare_record" "theorangeonenet_gitlab_pages_wildcard" { type = "CNAME" ttl = 1 } + +resource "cloudflare_record" "theorangeonenet_mastodon" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "mastodon" + value = linode_instance.casey.ip_address + type = "A" + ttl = 1 +}