feat(sharkey): add ansible role for deployment

README.md

@@ -18,6 +18,9 @@ available.
 - [`mastodon`](roles/mastodon/README.md): deployment using a container based
   setup, able to use webfinger delegation.
 
+- [`sharkey`](roles/sharkey/README.md): deployment of sharkey, a misskey-
+  fork with full mastodon API compatability.
+
 ## License
 
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

galaxy.yml

@@ -15,5 +15,6 @@ repository: https://git.finally.coffee/finallycoffee/fediverse
 issues: https://codeberg.org/finallycoffee/ansible-collection-fediverse/issues
 tags:
   - fediwall
+  - sharkey
   - gotosocial
   - mastodon

playbooks/sharkey.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy sharkey
+  hosts: "{{ sharkey_hosts | default('sharkey') }}"
+  become: "{{ sharkey_become | default(false) }}"
+  roles:
+    - role: finallycoffee.fediverse.sharkey

roles/sharkey/README.md

@@ -0,0 +1,11 @@
+# `finallycoffee.fediverse.sharkey` ansible role
+
+## Configuration
+
+## Behind a proxy
+
+The ansible role itself will respect system proxies (in the env var `HTTP_PROXY`/`https_proxy`).
+
+To use this role with a registry like Artifactory or Nexus3,
+set `sharkey_repo_server` to your registry server with full
+protocol, hostname, port. For example `sharkey_repo_server: "https://my.orgs.registry.local:8443/sharkey-internet-proxy/"`

roles/sharkey/defaults/main/compose.yml

@@ -0,0 +1,39 @@
+---
+sharkey_compose_state: "{{ sharkey_state }}"
+sharkey_compose_project_name: "sharkey"
+sharkey_compose_project_src: "{{ sharkey_config_dir }}"
+sharkey_compose_upstream_file: "{{ sharkey_compose_project_src }}/compose.upstream.yml"
+sharkey_compose_file: "{{ sharkey_compose_project_src }}/compose.yml"
+sharkey_compose_build: >-2
+  {{ (sharkey_container_image_source == 'pull') | ternary('never', 'policy') }}
+
+sharkey_compose_redis_dir: "{{ sharkey_data_dir }}/redis"
+sharkey_compose_database_dir: "{{ sharkey_data_dir }}/postgres"
+
+sharkey_repo_server: "https://activitypub.software"
+sharkey_repo_path: "Transfem-org/Sharkey"
+sharkey_repo_tag: "{{ sharkey_version }}"
+sharkey_compose_file_url: >-2
+  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/compose_example.yml?ref_type=tags
+sharkey_compose_file_overrides:
+  services:
+    web:
+      image: "{{ sharkey_container_image }}"
+      volumes:
+        - "{{ sharkey_file_dir }}:/sharkey/files:rw"
+        - "{{ sharkey_config_file }}:/sharkey/.config/default.yaml:ro"
+        - "{{ sharkey_container_env_file }}:/sharkey/.config/docker.env:ro"
+    db:
+      env_file: "{{ sharkey_container_env_file }}"
+      volumes:
+        - "{{ sharkey_compose_database_dir }}:/var/lib/postgresql/data:rw"
+    redis:
+      volumes: 
+        - "{{ sharkey_compose_redis_dir }}:/data:rw" 
+  # override net segment?
+sharkey_compose_file_contents: >-2
+  {{
+    (sharkey_compose_upstream_file_contents['content'] | b64decode | from_yaml)
+    | combine(sharkey_compose_file_overrides, recursive=True)
+    | to_nice_yaml(indent=4)
+  }}

roles/sharkey/defaults/main/config.yml

@@ -0,0 +1,30 @@
+---
+sharkey_config_url: ~
+sharkey_config_setup_password: ~
+sharkey_config_postgres_user: misskey
+sharkey_config_postgres_password: "insecure_please_change_me!"
+sharkey_config_postgres_db: misskey
+sharkey_config_postgres_host: db
+sharkey_config_postgres_port: 5432
+sharkey_config_postgres_db_url: >-2
+  postgres://{{ sharkey_config_postgres_user }}:{{ sharkey_config_postgres_password }}@{{ sharkey_config_postgres_host }}:{{ sharkey_config_postgres_port }}/{{ sharkey_config_postgres_db }}
+
+sharkey_config: ~
+sharkey_config_file_overrides:
+  url: "{{ sharkey_config_url }}"
+  db:
+    host: "{{ sharkey_config_postgres_host }}"
+    db: "{{ sharkey_config_postgres_db }}"
+    user: "{{ sharkey_config_postgres_user }}"
+    pass: "{{ sharkey_config_postgres_password }}"
+sharkey_config_file_contents: >-2
+  {{
+    (sharkey_config_upstream_file_contents['content'] | b64decode | from_yaml)
+    | combine(sharkey_config_file_overrides, recursive=True)
+    | combine(sharkey_config | default({}, true), recursive=True)
+    | to_nice_yaml(indent=4)
+  }}
+sharkey_config_upstream_file: "{{ sharkey_config_dir }}/config.upstream.yaml"
+sharkey_config_file: "{{ sharkey_config_dir }}/default.yaml"
+sharkey_config_upstream_file_url: >-2
+  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/.config/docker_example.yml?ref=tags

roles/sharkey/defaults/main/container.yml

@@ -0,0 +1,47 @@
+---
+sharkey_container_name: sharkey
+sharkey_container_image_registry: "registry.activitypub.software"
+sharkey_container_iamge_namespace: "transfem-org"
+sharkey_container_image_name: "sharkey"
+sharkey_container_image_repository: >-2
+  {{
+    [
+      sharkey_container_image_registry | default([], true),
+      sharkey_container_iamge_namespace | default([], true),
+      sharkey_container_image_name
+    ] | flatten | join('/')
+  }}
+sharkey_container_image_tag: ~
+sharkey_container_image_source: pull
+sharkey_container_image_force_source: >-2
+  {{ sharkey_container_image_tag | default(false, true) | bool }}
+sharkey_container_image: >-2
+  {{
+    [
+      sharkey_container_image_repository,
+      sharkey_container_image_tag | default(sharkey_version, true)
+    ] | join(':')
+  }}
+sharkey_container_default_env:
+  MISSKEY_URL: "{{ sharkey_config_url }}"
+  POSTGRES_USER: "{{ sharkey_config_postgres_user }}"
+  POSTGRES_PASSWORD: "{{ sharkey_config_postgres_password }}"
+  POSTGRES_DB: "{{ sharkey_config_postgres_db }}"
+  DATABASE_URL: >-2
+    {{
+      (sharkey_config_postgres_user | default(false, true))
+      | ternary(sharkey_config_postgres_db_url, '')
+    }}
+sharkey_container_env: ~
+sharkey_container_merged_env: >-2
+  {{
+    sharkey_container_default_env | default({}, true)
+    | combine(sharkey_container_env | default({}, true), recursive=True)
+  }}
+sharkey_container_env_file_contents: |2
+  {% for entry in sharkey_container_merged_env | dict2items %}
+  {% if entry['value'] is string and entry['value'] | length > 0 %}
+  {{ entry['key'] }}={{ entry['value'] }}
+  {% endif %}
+  {% endfor %}
+sharkey_container_env_file: "{{ sharkey_config_dir }}/docker.env"

roles/sharkey/defaults/main/main.yml

@@ -0,0 +1,9 @@
+---
+sharkey_user: sharkey
+sharkey_version: "2025.4.3"
+sharkey_config_dir: "/etc/sharkey"
+sharkey_data_dir: "/var/lib/sharkey"
+sharkey_file_dir: "{{ sharkey_data_dir }}/files"
+
+sharkey_state: present
+sharkey_deployment_method: "docker-compose"

roles/sharkey/defaults/main/user.yml

@@ -0,0 +1,10 @@
+---
+sharkey_user_system: true
+sharkey_user_create_home: false
+sharkey_user_groups: ~
+sharkey_user_append_groups: >-2
+  {{ sharkey_user_groups | default(omit, true) }}
+sharkey_user_uid: >-2
+  {{ sharkey_user_info.uid | default(sharkey_user) }}
+sharkey_user_gid: >-2
+  {{ sharkey_user_info.group | default(sharkey_user) }}

roles/sharkey/tasks/check.yml

@@ -0,0 +1,14 @@
+---
+- name: Ensure 'sharkey_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported sharkey_state '{{ sharkey_state }}'.
+      Supported values are {{ sharkey_states | join(', ') }}
+  when: sharkey_state not in sharkey_states
+
+- name: Ensure 'sharkey_deployment_method' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported sharkey_deployment_method '{{ sharkey_deployment_method }}.
+      Supported values are {{ sharkey_deployment_methods | join(', ') }}
+  when: sharkey_deployment_method not in sharkey_deployment_methods

roles/sharkey/tasks/configure-docker-compose.yml

@@ -0,0 +1,35 @@
+---
+- name: Ensure directories for compose services are {{ sharkey_state }}
+  ansible.builtin.file:
+    name: "{{ file.path }}"
+    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0750"
+  loop:
+    - path: "{{ sharkey_compose_redis_dir }}"
+    - path: "{{ sharkey_compose_database_dir }}"
+  loop_control:
+    loop_var: file
+    label: "{{ file.path }}"
+
+- name: Ensure compose files are downloaded
+  ansible.builtin.get_url:
+    url: "{{ sharkey_compose_file_url }}"
+    dest: "{{ sharkey_compose_upstream_file }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0444"
+
+- name: Read compose file contents
+  ansible.builtin.slurp:
+    src: "{{ sharkey_compose_upstream_file }}"
+  register: sharkey_compose_upstream_file_contents
+
+- name: Ensure modified compose file is written
+  ansible.builtin.copy:
+    content: "{{ sharkey_compose_file_contents }}"
+    dest: "{{ sharkey_compose_file }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0644"

roles/sharkey/tasks/configure-docker.yml

@@ -0,0 +1,8 @@
+---
+- name: Ensure sharkey docker environment is templated
+  ansible.builtin.copy:
+    content: "{{ sharkey_container_env_file_contents }}"
+    dest: "{{ sharkey_container_env_file }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0640"

roles/sharkey/tasks/configure.yml

@@ -0,0 +1,64 @@
+---
+- name: Ensure sharkey user '{{ sharkey_user }}' is {{ sharkey_state }}
+  ansible.builtin.user:
+    name: "{{ sharkey_user }}"
+    state: "{{ sharkey_state }}"
+    system: "{{ sharkey_user_system }}"
+    create_home: "{{ sharkey_user_create_home }}"
+    groups: "{{ sharkey_user_groups }}"
+    append: "{{ sharkey_user_append_groups }}"
+  register: sharkey_user_info
+
+- name: Ensure sharkey config directory '{{ sharkey_config_dir }}' is {{ sharkey_state }}
+  ansible.builtin.file:
+    path: "{{ sharkey_config_dir }}"
+    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0750"
+
+- name: Ensure sharkey data directory '{{ sharkey_data_dir }}' is {{ sharkey_state }}
+  ansible.builtin.file:
+    path: "{{ sharkey_data_dir }}"
+    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0750"
+
+- name: Ensure sharkey file directory '{{ sharkey_file_dir }}' is {{ sharkey_state }}
+  ansible.builtin.file:
+    path: "{{ sharkey_file_dir }}"
+    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0750"
+
+- name: Ensure sharkey upstream config file is present
+  ansible.builtin.get_url:
+    url: "{{ sharkey_config_upstream_file_url }}"
+    dest: "{{ sharkey_config_upstream_file }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0440"
+
+- name: Read upstream sharkey config file
+  ansible.builtin.slurp:
+    src: "{{ sharkey_config_upstream_file }}"
+  register: sharkey_config_upstream_file_contents
+
+- name: Ensure sharkey configuration file is {{ sharkey_state }}
+  ansible.builtin.copy:
+    content: "{{ sharkey_config_file_contents }}"
+    dest: "{{ sharkey_config_file }}"
+    owner: "{{ sharkey_user_uid }}"
+    group: "{{ sharkey_user_gid }}"
+    mode: "0640"
+
+- name: Run configure steps for deployment using containers
+  ansible.builtin.include_tasks:
+    file: "configure-docker.yml"
+  when: sharkey_deployment_method in ['docker-compose']
+
+- name: Configure for {{ sharkey_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "configure-{{ sharkey_deployment_method }}.yml"

roles/sharkey/tasks/deploy-docker-compose.yml

@@ -0,0 +1,14 @@
+---
+- name: Ensure sharkey container image '{{ sharkey_container_image }}' is {{ sharkey_state }}
+  community.docker.docker_image:
+    name: "{{ sharkey_container_image }}"
+    state: "{{ sharkey_state }}"
+    source: "{{ sharkey_container_image_source }}"
+    force_source: "{{ sharkey_container_image_force_source }}"
+
+- name: Ensure docker compose project is {{ sharkey_compose_state }}
+  community.docker.docker_compose_v2:
+    project_name: "{{ sharkey_compose_project_name }}"
+    project_src: "{{ sharkey_compose_project_src }}"
+    state: "{{ sharkey_compose_state }}"
+    build: "{{ sharkey_compose_build }}"

roles/sharkey/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Check role prerequisites
+  ansible.builtin.include_tasks:
+    file: check.yml
+
+- name: Run common configuration tasks
+  ansible.builtin.include_tasks:
+    file: configure.yml
+
+- name: Deploy using {{ sharkey_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ sharkey_deployment_method }}.yml"

roles/sharkey/vars/main.yml

@@ -0,0 +1,6 @@
+---
+sharkey_states:
+  - present
+  - absent
+sharkey_deployment_methods:
+  - "docker-compose"