Deploy me a mastodon

ansible/main.yml

@@ -70,6 +70,7 @@
     - vaultwarden
     - tandoor
     - authentik
+    - mastodon
 
 - hosts: ingress
   roles:

ansible/roles/mastodon/files/docker-compose.yml

@@ -0,0 +1,61 @@
+version: "2.3"
+
+services:
+  mastodon:
+    image: lscr.io/linuxserver/mastodon:4.0.2
+    environment:
+      - TZ={{ timezone }}
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - LOCAL_DOMAIN=theorangeone.net
+      - WEB_DOMAIN=mastodon.theorangeone.net
+      - DATABASE_URL=postgresql://mastodon:mastodon@db/mastodon
+      - REDIS_URL=redis://redis
+      - SECRET_KEY_BASE={{ secret_key_base }}
+      - OTP_SECRET={{ otp_secret }}
+      - VAPID_PRIVATE_KEY={{ vapid_private_key }}
+      - VAPID_PUBLIC_KEY={{ vapid_public_key }}
+      - TRUSTED_PROXY_IP=172.20.0.1
+      - SINGLE_USER_MODE=true
+      - DEFAULT_LOCALE=en
+      - STREAMING_CLUSTER_NUM=2
+      - WEB_CONCURRENCY=2
+      - MAX_THREADS=4
+      - HTTP_PROXY={{ pve_hosts.qbittorrent.ip }}:3128
+      - HTTPS_PROXY={{ pve_hosts.qbittorrent.ip }}:3128
+    restart: unless-stopped
+    volumes:
+      - "{{ app_data_dir }}/mastodon:/config/mastodon"
+    depends_on:
+      - db
+      - redis
+    networks:
+      - default
+      - traefik
+    tmpfs:
+      - /var/cache
+      - /config/log
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.mastodon.rule=Host(`mastodon.theorangeone.net`)
+      - traefik.http.services.mastodon-mastodon.loadbalancer.server.port=443
+      - traefik.http.services.mastodon-mastodon.loadbalancer.server.scheme=https
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/tank/dbs/postgres/mastodon/:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=mastodon
+      - POSTGRES_USER=mastodon
+
+  redis:
+    image: redis:6-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/tank/dbs/redis/mastodon/:/data
+
+networks:
+  traefik:
+    external: true

ansible/roles/mastodon/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart mastodon
+  shell:
+    chdir: /opt/mastodon
+    cmd: "{{ docker_update_command }}"

ansible/roles/mastodon/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/mastodon
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/mastodon/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart mastodon
+  become: true

ansible/roles/mastodon/vars/main.yml

@@ -0,0 +1,4 @@
+secret_key_base: "{{ vault_secret_key_base }}"
+otp_secret: "{{ vault_otp_secret }}"
+vapid_private_key: "{{ vault_vapid_private_key }}"
+vapid_public_key: "{{ vault_vapid_public_key }}"

ansible/roles/mastodon/vars/vault.yml

@@ -0,0 +1,30 @@
+$ANSIBLE_VAULT;1.1;AES256
+63646161653431383335313735643535313434613362343161373961633539373932313338343633
+6637323935616636353731336531663635656532383166640a633335666633363136333433343266
+37383237623837616464613561633931613230623633313533393464646464646566366330323365
+6563396262363238320a303433636266616635313536396132366239343230656432626639653230
+63336165323337393664373635616532643935343363303766376533366661663366623939653564
+35363335396266363532653038623038383836383236366466366339343433393338343566653834
+30393761626537313531346466373136666565653731663430376664353737663039643263303533
+35663836626462333262356330616131316432326139616165363831393036343235663736626661
+35666264346563306133306565636261633766616135616366376430643763333031353534373033
+35373739333562313639376264343562363130373531313563643834613533653034316536323339
+39646337376462656362666330643831653730393562316661326433633334353963306664396264
+30373238653832613861633263383663616538366361336163373861613538613132353963373666
+34376464333462633839396263396335613233356261666661313763333033376434626463663133
+32646130333635656665396335393232346661303861626566663931303637653065313031323936
+64333931393165343761376630666462343136353335343632323435306261633232633662353137
+32323863343365623566316537343062393638393434323134633535313531333135666535323439
+35613439373737396562613834373638356534326438646330663564366436333962626135363833
+63653731383163653932383632306239663365323237363562306639643662393530633430386164
+61613137663734636666633966663366393832353166343239656335396630323138366338616430
+37653036303735383664656530626630616437373762343263643661343464326466353234316363
+64643733363435656365343537626364643430316630663666373932663564623835646336633034
+65646264346439356161353838353064626230636664373035336433356530326632613035316434
+31613434366530323263383337316432316432373835343164313963643733626362393334623266
+65356131626135336337383139643838333134616137366530353730646634633364353333646563
+66333134616639363932613238346538623764663831353031383834613230393936386432623434
+37393935346238633338323432613638616466623264656434393761623363356330623632323261
+36393064316263666432663633323535363035323535653834323064383437343530306166306239
+37316236313533393062623066336561373138636339393631313866303433643832383230656532
+3137

ansible/roles/website/files/docker-compose.yml

@@ -19,6 +19,7 @@ x-website: &website
     - BASE_HOSTNAME=theorangeone.net
     - WEB_CONCURRENCY=4
     - SEO_INDEX=true
+    - ACTIVITYPUB_HOST=mastodon.theorangeone.net
   volumes:
     - ./media:/app/media
   depends_on:

terraform/theorangeone.net.tf

@@ -260,3 +260,11 @@ resource "cloudflare_record" "theorangeonenet_gitlab_pages_wildcard" {
   type    = "CNAME"
   ttl     = 1
 }
+
+resource "cloudflare_record" "theorangeonenet_mastodon" {
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "mastodon"
+  value   = linode_instance.casey.ip_address
+  type    = "A"
+  ttl     = 1
+}