feat(mastodon): add ansible role for deployment

roles/mastodon/defaults/main.yml

@@ -0,0 +1,67 @@
+---
+
+mastodon_user: mastodon
+mastodon_base_path: /opt/mastodon
+mastodon_domain: ~
+mastodon_version: 3.5.1
+mastodon_git_upstream_url: "https://github.com/mastodon/mastodon.git"
+
+mastodon_data_path: "{{ mastodon_base_path }}/data"
+mastodon_repo_path: "{{ mastodon_base_path }}/src"
+mastodon_config_path: "{{ mastodon_base_path }}/config"
+mastodon_config_env_file: "{{ mastodon_config_path }}/env.production"
+
+mastodon_container_name: mastodon
+mastodon_container_name_sidekiq: "{{ mastodon_container_name }}_sidekiq"
+mastodon_container_name_streaming: "{{ mastodon_container_name }}_streaming }}"
+mastodon_container_image_name: "tootsuite/mastodon"
+mastodon_container_image_tag: "v{{ mastodon_version }}"
+mastodon_container_image_ref: "{{ mastodon_container_image_name }}:{{ mastodon_container_image_tag }}"
+mastodon_container_networks:
+  - name: "{{ mastodon_container_network_name }}"
+mastodon_container_volumes_streaming: []
+mastodon_container_volumes_sidekiq:
+  - "{{ mastodon_repo_path }}/public/system:/mastodon/public/system:ro"
+mastodon_container_volumes:
+  - "{{ mastodon_repo_path }}/public/system:/mastodon/public/system:x"
+mastodon_container_ports_streaming:
+  - "127.0.0.1:4000:4000"
+mastodon_container_ports:
+  - "127.0.0.1:3000:3000"
+mastodon_container_restart_policy: unless-stopped
+
+mastodon_container_network_name: mastodon
+
+mastodon_secret_key: ~
+mastodon_otp_secret: ~
+mastodon_vapid_public_key: ~
+mastodon_vapid_private_key: ~
+
+mastodon_redis_host: ~
+mastodon_redis_port: ~
+mastodon_redis_pass: ~
+mastodon_redis_db_index: ~
+
+mastodon_database_host: localhost
+mastodon_database_port: 5432
+mastodon_database_user: mastodon
+mastodon_database_pass: ~
+mastodon_database_name: mastodon
+
+mastodon_mail_server: ~
+mastodon_mail_port: 587
+mastodon_mail_user: ~
+mastodon_mail_password: ~
+mastodon_mail_from_address: "notifications@{{ mastodon_domain }}"
+
+mastodon_elasticsearch_enabled: false
+mastodon_elasticsearch_host: ~
+mastodon_elasticsearch_port: ~
+mastodon_elasticsearch_user: ~
+mastodon_elasticsearch_pass: ~
+
+mastodon_s3_enabled: false
+mastodon_s3_bucket: ~
+mastodon_s3_aws_access_key_id: ~
+mastodon_s3_aws_secret_access_key: ~
+mastodon_s3_alias_host: ~

roles/mastodon/handlers/main.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Restart mastodon sidekiq
+  docker_container:
+    name: "{{ mastodon_container_name_sidekiq }}"
+    state: started
+    restart: true
+  listen:
+    - restart-mastodon
+    - restart-mastodon-sidekiq
+
+- name: Restart mastodon streaming
+  docker_container:
+    name: "{{ mastodon_container_name_streaming }}"
+    state: started
+    restart: true
+  listen:
+    - restart-mastodon
+    - restart-mastodon-streaming
+
+- name: Restart mastodon web
+  docker_container:
+    name: "{{ mastodon_container_name }}"
+    state: started
+    restart: true
+  listen: restart-mastodon

roles/mastodon/tasks/main.yml

@@ -0,0 +1,120 @@
+---
+
+- name: Ensure mastodon user '{{ mastodon_user }}' exists
+  user:
+    name: "{{ mastodon_user }}"
+    state: present
+    system: true
+  register: mastodon_user_info
+
+- name: Ensure host directories are present
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(mastodon_user) }}"
+    group: "{{ item.group | default(mastodon_user) }}"
+    mode: "{{ item.mode | default('0750') }}"
+  loop:
+    - path: "{{ mastodon_base_path }}"
+      mode: '0755'
+    - path: "{{ mastodon_config_path }}"
+    - path: "{{ mastodon_data_path }}"
+    - path: "{{ mastodon_repo_path }}"
+      mode: '0700'
+  loop_control: { label: "{{ item.path }}" }
+
+- name: Ensure environment file is templated
+  template:
+    src: env.j2
+    dest: "{{ mastodon_config_env_file }}"
+    owner: "{{ mastodon_user_info.uid | default(mastodon_user) }}"
+    group: "{{ mastodon_user_info.group | default(mastodon_user) }}"
+    mode: "0640"
+  notify: restart-mastodon
+
+- name: Ensure mastodon git repository is present and up-to-date
+  git:
+    repo: "{{ mastodon_git_upstream_url }}"
+    dest: "{{ mastodon_repo_path }}"
+    refspec: "v{{ mastodon_version }}"
+    version: "v{{ mastodon_version }}"
+    force: no
+    recursive: yes
+    track_submodules: yes
+  register: git_repo_info
+
+- name: Ensure docker network for backend communication is created
+  docker_network:
+    name: "{{ mastodon_container_network_name }}"
+    state: present
+
+- name: Ensure environment file is templated
+  template:
+    src: env.j2
+    dest: "{{ mastodon_config_env_file }}"
+    owner: "{{ mastodon_user_info.uid | default(mastodon_user) }}"
+    group: "{{ mastodon_user_info.group | default(mastodon_user) }}"
+    mode: "0640"
+
+- name: Ensure mastodon docker image is built
+  docker_image:
+    name: "{{ mastodon_container_image_name }}"
+    tag: "{{ mastodon_container_image_tag }}"
+    state: present
+    source: build
+    build:
+      path: "{{ mastodon_repo_path }}"
+      args:
+        UID: "{{ mastodon_user_info.uid }}"
+        GID: "{{ mastodon_user_info.group }}"
+  when: git_repo_info.before != git_repo_info.after
+
+- name: Ensure mastodon sidekiq container '{{ mastodon_container_name_sidekiq }}' is running
+  docker_container:
+    name: "{{ mastodon_container_name_sidekiq }}"
+    image: "{{ mastodon_container_image_ref }}"
+    networks: "{{ mastodon_container_networks }}"
+    volumes: "{{ mastodon_container_volumes_sidekiq }}"
+    env_file: "{{ mastodon_config_env_file }}" 
+    command: "bundle exex sidekiq"
+    restart_policy: "{{ mastodon_container_restart_policy }}"
+    healthcheck:
+      test: ["CMD-SHELL", "ps aux | grep '[s]idekiq\ 6' || false"]
+      interval: 5s
+      retries: 3
+      start_period: 0s
+      timeout: 5s
+
+- name: Ensure mastodon streaming container '{{ mastodon_container_name_streaming }}' is running
+  docker_container:
+    name: "{{ mastodon_container_name_streaming }}"
+    image: "{{ mastodon_container_image_ref }}"
+    networks: "{{ mastodon_container_networks }}"
+    volumes: "{{ mastodon_container_volumes_streaming }}"
+    env_file: "{{ mastodon_config_env_file }}" 
+    command: "node ./streaming"
+    restart_policy: "{{ mastodon_container_restart_policy }}"
+    ports: "{{ mastodon_container_ports_streaming }}"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
+      interval: 5s
+      retries: 3
+      start_period: 0s
+      timeout: 5s
+
+- name: Ensure mastodon streaming container '{{ mastodon_container_name_streaming }}' is running
+  docker_container:
+    name: "{{ mastodon_container_name_streaming }}"
+    image: "{{ mastodon_container_image_ref }}"
+    networks: "{{ mastodon_container_networks }}"
+    volumes: "{{ mastodon_container_volumes }}"
+    env_file: "{{ mastodon_config_env_file }}" 
+    command: "bash -c \"rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000\""
+    restart_policy: "{{ mastodon_container_restart_policy }}"
+    ports: "{{ mastodon_container_ports }}"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
+      interval: 5s
+      retries: 3
+      start_period: 0s
+      timeout: 5s

roles/mastodon/templates/env.j2

@@ -0,0 +1,76 @@
+# This is a sample configuration file. You can generate your configuration
+# with the `rake mastodon:setup` interactive setup wizard, but to customize
+# your setup even further, you'll need to edit it manually. This sample does
+# not demonstrate all available configuration options. Please look at
+# https://docs.joinmastodon.org/admin/config/ for the full documentation.
+
+# Note that this file accepts slightly different syntax depending on whether
+# you are using `docker-compose` or not. In particular, if you use
+# `docker-compose`, the value of each declared variable will be taken verbatim,
+# including surrounding quotes.
+# See: https://github.com/mastodon/mastodon/issues/16895
+
+# Federation
+# ----------
+# This identifies your server and cannot be changed safely later
+# ----------
+LOCAL_DOMAIN={{ mastodon_domain }}
+
+# Redis
+# -----
+REDIS_HOST={{ mastodon_redis_host }}
+REDIS_PORT={{ mastodon_redis_port }}
+{% if mastodon_redis_password %}
+REDIS_PASSWORD={{ mastodon_redis_password }
+{% endif %}
+{% if mastodon_redis_db_index %}
+REDIS_PASSWORD={{ mastodon_redis_db_index }
+{% endif %}
+
+# PostgreSQL
+# ----------
+DB_HOST={{ mastodon_database_host }}
+DB_USER={{ mastodon_database_user }}
+DB_NAME={{ mastodon_database_name }}
+DB_PASS={{ mastodon_database_pass }}
+DB_PORT={{ mastodon_database_port }}
+
+# Elasticsearch (optional)
+# ------------------------
+ES_ENABLED={{ mastodon_elasticsearch_enabled }}
+ES_HOST={{ mastodon_elasticsearch_host }}
+ES_PORT={{ mastodon_elasticsearch_port }}
+# Authentication for ES (optional)
+ES_USER={{ mastodon_elasticsearch_user }}
+ES_PASS={{ mastodon_elasticsearch_pass }}
+
+# Secrets
+# -------
+# Make sure to use `rake secret` to generate secrets
+# -------
+SECRET_KEY_BASE={{ mastodon_secret_key }}
+OTP_SECRET={{ mastodon_otp_secret }}
+
+# Web Push
+# --------
+# Generate with `rake mastodon:webpush:generate_vapid_key`
+# --------
+VAPID_PRIVATE_KEY={{ mastodon_vapid_private_key }}
+VAPID_PUBLIC_KEY={{ mastodon_vapid_public_key }}
+
+# Sending mail
+# ------------
+SMTP_SERVER={{ mastodon_mail_server }}
+SMTP_PORT={{ mastodon_mail_port }}
+SMTP_LOGIN={{ mastodon_mail_user }}
+SMTP_PASSWORD={{ mastodon_mail_password }}
+SMTP_FROM_ADDRESS={{ mastodon_mail_from_address }}
+
+# File storage (optional)
+# -----------------------
+S3_ENABLED={{ mastodon_s3_enabled }}
+S3_BUCKET={{ mastodon_s3_bucket }}
+AWS_ACCESS_KEY_ID={{ mastodon_s3_aws_access_key_id }}
+AWS_SECRET_ACCESS_KEY={{ mastodon_s3_aws_secret_access_key }}
+S3_ALIAS_HOST={{ mastodon_s3_alias_host }}
+