From 4cef4474b5ed84c260533c98d57706eea37fceb0 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Fri, 27 Jun 2025 23:25:43 +0200
Subject: [PATCH] WIP: feat(sharkey): add ansible role for deployment

---
 README.md                                     |  3 +++
 galaxy.yml                                    |  1 +
 playbooks/sharkey.yml                         |  6 +++++
 roles/sharkey/README.md                       | 11 ++++++++
 roles/sharkey/defaults/main/compose.yml       | 15 +++++++++++
 roles/sharkey/defaults/main/config.yml        |  3 +++
 roles/sharkey/defaults/main/container.yml     | 24 +++++++++++++++++
 roles/sharkey/defaults/main/main.yml          |  8 ++++++
 roles/sharkey/defaults/main/user.yml          | 10 +++++++
 roles/sharkey/tasks/check.yml                 | 14 ++++++++++
 .../tasks/configure-docker-compose.yml        |  7 +++++
 roles/sharkey/tasks/configure.yml             | 26 +++++++++++++++++++
 roles/sharkey/tasks/deploy-docker-compose.yml | 14 ++++++++++
 roles/sharkey/tasks/main.yml                  | 12 +++++++++
 roles/sharkey/vars/main.yml                   |  6 +++++
 15 files changed, 160 insertions(+)
 create mode 100644 playbooks/sharkey.yml
 create mode 100644 roles/sharkey/README.md
 create mode 100644 roles/sharkey/defaults/main/compose.yml
 create mode 100644 roles/sharkey/defaults/main/config.yml
 create mode 100644 roles/sharkey/defaults/main/container.yml
 create mode 100644 roles/sharkey/defaults/main/main.yml
 create mode 100644 roles/sharkey/defaults/main/user.yml
 create mode 100644 roles/sharkey/tasks/check.yml
 create mode 100644 roles/sharkey/tasks/configure-docker-compose.yml
 create mode 100644 roles/sharkey/tasks/configure.yml
 create mode 100644 roles/sharkey/tasks/deploy-docker-compose.yml
 create mode 100644 roles/sharkey/tasks/main.yml
 create mode 100644 roles/sharkey/vars/main.yml

diff --git a/README.md b/README.md
index aa825b2..70d0e0a 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,9 @@ available.
 - [`mastodon`](roles/mastodon/README.md): deployment using a container based
   setup, able to use webfinger delegation.
 
+- [`sharkey`](roles/sharkey/README.md): deployment of sharkey, a misskey-
+  fork with full mastodon API compatability.
+
 ## License
 
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License
diff --git a/galaxy.yml b/galaxy.yml
index 2e845fa..75feda8 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -15,5 +15,6 @@ repository: https://git.finally.coffee/finallycoffee/fediverse
 issues: https://codeberg.org/finallycoffee/ansible-collection-fediverse/issues
 tags:
   - fediwall
+  - sharkey
   - gotosocial
   - mastodon
diff --git a/playbooks/sharkey.yml b/playbooks/sharkey.yml
new file mode 100644
index 0000000..93e879e
--- /dev/null
+++ b/playbooks/sharkey.yml
@@ -0,0 +1,6 @@
+---
+- name: Deploy sharkey
+  hosts: "{{ sharkey_hosts | default('sharkey') }}"
+  become: "{{ sharkey_become | default(false) }}"
+  roles:
+    - role: finallycoffee.fediverse.sharkey
diff --git a/roles/sharkey/README.md b/roles/sharkey/README.md
new file mode 100644
index 0000000..fd5c097
--- /dev/null
+++ b/roles/sharkey/README.md
@@ -0,0 +1,11 @@
+# `finallycoffee.fediverse.sharkey` ansible role
+
+## Configuration
+
+## Behind a proxy
+
+The ansible role itself will respect system proxies (in the env var `HTTP_PROXY`/`https_proxy`).
+
+To use this role with a registry like Artifactory or Nexus3,
+set `sharkey_repo_server` to your registry server with full
+protocol, hostname, port. For example `sharkey_repo_server: "https://my.orgs.registry.local:8443/sharkey-internet-proxy/"`
diff --git a/roles/sharkey/defaults/main/compose.yml b/roles/sharkey/defaults/main/compose.yml
new file mode 100644
index 0000000..f26cb2f
--- /dev/null
+++ b/roles/sharkey/defaults/main/compose.yml
@@ -0,0 +1,15 @@
+---
+sharkey_compose_state: "{{ sharkey_state }}"
+sharkey_compose_project_name: "sharkey"
+sharkey_compose_project_src: "/etc/sharkey"
+sharkey_compose_upstream_file: "{{ sharkey_compose_project_src }}/compose.upstream.yml"
+sharkey_compose_file: "{{ sharkey_compose_project_src }}/compose.yml"
+sharkey_compose_build: >-2
+  {{ (sharkey_container_image_source == 'pull') | ternary('never', 'policy') }}
+sharkey_compose_build: "never"
+
+sharkey_repo_server: "https://activitypub.software"
+sharkey_repo_path: "Transfem-org/Sharkey"
+sharkey_repo_tag: "{{ sharkey_version }}"
+sharkey_compose_file_url: >-2
+  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/compose_example.yml?ref_type=tags
diff --git a/roles/sharkey/defaults/main/config.yml b/roles/sharkey/defaults/main/config.yml
new file mode 100644
index 0000000..ebf93d0
--- /dev/null
+++ b/roles/sharkey/defaults/main/config.yml
@@ -0,0 +1,3 @@
+---
+sharkey_config_url: ~
+sharkey_config_setup_password: ~
diff --git a/roles/sharkey/defaults/main/container.yml b/roles/sharkey/defaults/main/container.yml
new file mode 100644
index 0000000..eb8ca74
--- /dev/null
+++ b/roles/sharkey/defaults/main/container.yml
@@ -0,0 +1,24 @@
+---
+sharkey_container_name: sharkey
+sharkey_container_image_registry: "registry.activitypub.software"
+sharkey_container_iamge_namespace: "transfem-org"
+sharkey_container_image_name: "sharkey"
+sharkey_container_image_repository: >-2
+  {{
+    [
+      sharkey_container_image_registry | default([], true),
+      sharkey_container_iamge_namespace | default([], true),
+      sharkey_container_image_name
+    ] | flatten | join('/')
+  }}
+sharkey_container_image_tag: ~
+sharkey_container_image_source: pull
+sharkey_container_image_force_source: >-2
+  {{ sharkey_container_image_tag | default(false, true) | bool }}
+sharkey_container_image: >-2
+  {{
+    [
+      sharkey_container_image_repository,
+      sharkey_container_image_tag | default(sharkey_version, true)
+    ] | join(':')
+  }}
diff --git a/roles/sharkey/defaults/main/main.yml b/roles/sharkey/defaults/main/main.yml
new file mode 100644
index 0000000..1326c36
--- /dev/null
+++ b/roles/sharkey/defaults/main/main.yml
@@ -0,0 +1,8 @@
+---
+sharkey_user: sharkey
+sharkey_version: "2025.4.3"
+sharkey_config_dir: "/etc/sharkey"
+sharkey_data_dir: "/var/lib/sharkey"
+
+sharkey_state: present
+sharkey_deployment_method: "docker-compose"
diff --git a/roles/sharkey/defaults/main/user.yml b/roles/sharkey/defaults/main/user.yml
new file mode 100644
index 0000000..ff4aa7f
--- /dev/null
+++ b/roles/sharkey/defaults/main/user.yml
@@ -0,0 +1,10 @@
+---
+sharkey_user_system: true
+sharkey_user_create_home: false
+sharkey_user_groups: ~
+sharkey_user_append_groups: >-2
+  {{ sharkey_user_groups | default(omit, true) }}
+sharkey_user_uid: >-2
+  {{ sharkey_user_info.uid | default(sharkey_user) }}
+sharkey_user_gid: >-2
+  {{ sharkey_user_info.group | default(sharkey_user) }}
diff --git a/roles/sharkey/tasks/check.yml b/roles/sharkey/tasks/check.yml
new file mode 100644
index 0000000..f829304
--- /dev/null
+++ b/roles/sharkey/tasks/check.yml
@@ -0,0 +1,14 @@
+---
+- name: Ensure 'sharkey_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported sharkey_state '{{ sharkey_state }}'.
+      Supported values are {{ sharkey_states | join(', ') }}
+  when: sharkey_state not in sharkey_states
+
+- name: Ensure 'sharkey_deployment_method' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported sharkey_deployment_method '{{ sharkey_deployment_method }}.
+      Supported values are {{ sharkey_deployment_methods | join(', ') }}
+  when: sharkey_deployment_method not in sharkey_deployment_methods
diff --git a/roles/sharkey/tasks/configure-docker-compose.yml b/roles/sharkey/tasks/configure-docker-compose.yml
new file mode 100644
index 0000000..20c0f57
--- /dev/null
+++ b/roles/sharkey/tasks/configure-docker-compose.yml
@@ -0,0 +1,7 @@
+---
+- name: Ensure compose files are downloaded
+  ansible.builtin.get_url:
+    # TODO: how to avoid redownloading default.yml when the role made changes?
+    url: "{{ sharkey_compose_file_url }}"
+    dest: "{{ sharkey_compose_upstream_file }}"
+
diff --git a/roles/sharkey/tasks/configure.yml b/roles/sharkey/tasks/configure.yml
new file mode 100644
index 0000000..a3d2704
--- /dev/null
+++ b/roles/sharkey/tasks/configure.yml
@@ -0,0 +1,26 @@
+---
+- name: Ensure sharkey user '{{ sharkey_user }}' is {{ sharkey_state }}
+  ansible.builtin.user:
+    name: "{{ sharkey_user }}"
+    state: "{{ sharkey_state }}"
+    system: "{{ sharkey_user_system }}"
+    create_home: "{{ sharkey_user_create_home }}"
+    groups: "{{ sharkey_user_groups }}"
+    append: "{{ sharkey_user_append_groups }}"
+  register: sharkey_user_info
+
+- name: Ensure sharkey config directory '{{ sharkey_config_dir }}' is {{ sharkey_state }}
+  ansible.builtin.file:
+    path: "{{ sharkey_config_dir }}"
+    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0750"
+
+- name: Ensure sharkey data directory '{{ sharkey_data_dir }}' is {{ sharkey_state }}
+  ansible.builtin.file:
+    path: "{{ sharkey_data_dir }}"
+    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0750"
diff --git a/roles/sharkey/tasks/deploy-docker-compose.yml b/roles/sharkey/tasks/deploy-docker-compose.yml
new file mode 100644
index 0000000..0c12f51
--- /dev/null
+++ b/roles/sharkey/tasks/deploy-docker-compose.yml
@@ -0,0 +1,14 @@
+---
+- name: Ensure sharkey container image '{{ sharkey_container_image }}' is {{ sharkey_state }}
+  community.docker.docker_image:
+    name: "{{ sharkey_container_image }}"
+    state: "{{ sharkey_state }}"
+    source: "{{ sharkey_container_image_source }}"
+    force_source: "{{ sharkey_container_image_force_source }}"
+
+- name: Ensure docker compose project is {{ sharkey_compose_state }}
+  community.docker.docker_compose_v2:
+    project_name: "{{ sharkey_compose_project_name }}"
+    project_src: "{{ sharkey_compose_project_src }}"
+    state: "{{ sharkey_compose_state }}"
+    build: "{{ sharkey_compose_build }}"
diff --git a/roles/sharkey/tasks/main.yml b/roles/sharkey/tasks/main.yml
new file mode 100644
index 0000000..fc3ca77
--- /dev/null
+++ b/roles/sharkey/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Check role prerequisites
+  ansible.builtin.include_tasks:
+    file: check.yml
+
+- name: Run common configuration tasks
+  ansible.builtin.include_tasks:
+    file: configure.yml
+
+- name: Deploy using {{ sharkey_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ sharkey_deployment_method }}.yml"
diff --git a/roles/sharkey/vars/main.yml b/roles/sharkey/vars/main.yml
new file mode 100644
index 0000000..348169e
--- /dev/null
+++ b/roles/sharkey/vars/main.yml
@@ -0,0 +1,6 @@
+---
+sharkey_states:
+  - present
+  - absent
+sharkey_deployment_methods:
+  - "docker-compose"