feat(gotosocial): add ansible role for deployment using docker

2022-07-03 17:55:13 +02:00 · 2022-07-03 17:55:13 +02:00 · e28cad6552
commit e28cad6552
parent accd829e91
5 changed files with 272 additions and 0 deletions
--- a/roles/gotosocial/README.md
+++ b/roles/gotosocial/README.md
@ -0,0 +1,24 @@
+# `finallycoffee.fediverse.gotosocial` ansible role
+
+
+## Configuration
+
+### Built-in LetsEncrypt client
+
+To use the built-in letsencrypt client, set `gotosocial_config_letsencrypt_enabled: true`.
+
+You are required to fill in a valid administrative email address into
+`gotosocial_config_letsencrypt_email_address`.
+
+The port letsencrypt will listen on defaults to `80` and can be set using
+`gotosocial_config_letsencrypt_port` (if f.ex. the container lacks the permission
+to bind to ports < 1024). Note that when `gotosocial_config_letsencrypt_enabled` is
+`true`, the `gotosocial_config_letsencrypt_port` will by default be mapped to
+_host_ port 80 on all interfaces!
+
+This is fine when this is the only ACME client and allows easily changing
+`gotosocial_config_letsencrypt_port` without breaking any functionality,
+but with multiple acme clients all performing HTTP-01 challenges, you need to manually
+overwrite `gotosocial_container_ports` to fit your needs.
+
+### Advanced configuration
--- a/roles/gotosocial/defaults/main.yml
+++ b/roles/gotosocial/defaults/main.yml
@ -0,0 +1,120 @@
+---
+
+gotosocial_user: "gotosocial"
+gotosocial_version: 0.3.6
+gotosocial_base_path: "/opt/gotosocial"
+gotosocial_config_path: "{{ gotosocial_base_path }}/config"
+gotosocial_template_path: "{{ gotosocial_base_path }}/templates"
+gotosocial_asset_path: "{{ gotosocial_base_path }}/assets"
+gotosocial_storage_path: "{{ gotosocial_base_path }}/storage"
+gotosocial_config_file: "{{ gotosocial_config_path }}/config.yaml"
+
+gotosocial_config: >-
+  {{ gotosocial_default_config
+  | combine(gotosocial_extra_config, recursive=True) }}
+
+gotosocial_config_log_level: info
+gotosocial_config_log_db_queries: false
+gotosocial_config_host: social.example.party
+gotosocial_config_account_domain: ~
+
+# listening / revproxy configuration
+gotosocial_config_protocol: https
+gotosocial_config_bind_address: 127.0.0.1
+gotosocial_config_port: 8080
+gotosocial_config_trusted_proxies: []
+
+# database configuration
+gotosocial_config_db_type: postgres
+gotosocial_config_db_address: ~
+gotosocial_config_db_port: ~
+gotosocial_config_db_user: ~
+gotosocial_config_db_password: ~
+gotosocial_config_db_database: gotosocial
+gotosocial_config_db_tls_mode: enable
+gotosocial_config_db_tls_ca_cert:
+
+gotosocial_config_web_template_base_dir: "{{ gotosocial_template_path }}"
+gotosocial_config_web_asset_base_dir: "{{ gotosocial_asset_path }}"
+
+# instance privacy
+gotosocial_config_instance_expose_peers: false
+gotosocial_config_expose_suspended: false
+
+# account config
+gotosocial_config_acounts_registration_open: true
+gotosocial_config_accounts_approval_required: true
+gotosocial_config_accounts_reason_required: true
+
+# media config
+gotosocial_config_media_image_max_size_bytes: 2097152 #2MB
+gotosocial_config_media_video_max_size_bytes: 10485760 #10MB
+gotosocial_config_media_description_min_chars: 0
+gotosocial_config_media_description_max_chars: 1000
+gotosocial_config_media_remote_cache_days: 30
+
+# storage for media etc
+gotosocial_config_storage_backend: local
+gotosocial_config_storage_local_base_path: "{{ gotosocial_storage_path }}"
+
+# status config
+gotosocial_config_statuses_max_chars: 5000
+gotosocial_config_statuses_cw_max_chars: 100
+gotosocial_config_statuses_poll_max_options: 6
+gotosocial_config_statuses_poll_option_max_chars: 50
+gotosocial_config_statuses_media_max_files: 30
+
+# letsencrypt config
+gotosocial_config_letsencrypt_enabled: false
+gotosocial_config_letsencrypt_port: 80
+gotosocial_config_letsencrypt_cert_dir: "{{ gotosocial_cert_path }}"
+gotosocial_config_letsencrypt_email_address: ~
+
+# oidc config
+gotosocial_config_oidc_enabled: false
+gotosocial_config_oidc_idp_name: ~
+gotosocial_config_oidc_skip_verification: false
+gotosocial_config_oidc_issuer: ~
+gotosocial_config_oidc_client_id: ~
+gotosocial_config_oidc_client_secret: ~
+gotosocial_config_oidc_scopes:
+  - openid
+  - email
+  - profile
+
+# smtp config
+gotosocial_config_smtp_host: ~
+gotosocial_config_smtp_port: ~
+gotosocial_config_smtp_username: ~
+gotosocial_config_smtp_password: ~
+gotosocial_config_smtp_from: ~
+
+# syslog config
+gotosocial_config_syslog_enabled: false
+gotosocial_config_syslog_protocol: udp
+gotosocial_config_syslog_address: "localhost:514"
+
+# advanced config:
+gotosocial_config_advanced_cookies_samesite: lax
+
+# container defaults
+gotosocial_container_name: gotosocial
+gotosocial_container_image_name: docker.io/superseriousbusiness/gotosocial
+gotosocial_container_image_tag: ~
+gotosocial_container_image: >-2
+  {{ gotosocial_container_image_name }}:{{ gotoscial_container_image_tag
+  | default(gotosocial_version) }}
+gotosocial_container_volumes: >-2
+  {{ gotosocial_container_default_volumes
+  + gotosocial_container_extra_volumes }}
+gotosocial_container_default_volumes:
+  - "{{ gotosocial_storage_path }}:/gotosocial/storage:z"
+gotosocial_container_extra_volumes: []
+
+gotosocial_container_env: {}
+gotosocial_container_labels: {}
+gotosocial_container_user: "{{ gotosocial_user }}"
+gotosocial_container_etc_hosts: ~
+gotosocial_container_networks: ~
+gotosocial_container_purge_networks: false
+gotosocial_container_restart_policy: unless_stopped
--- a/roles/gotosocial/handlers/main.yml
+++ b/roles/gotosocial/handlers/main.yml
@ -0,0 +1,8 @@
+---
+
+- name: Restart gotosocial
+  listen: restart-gotosocial
+  docker_container:
+    name: "{{ gotosocial_container_name }}"
+    state: started
+    restart: true
--- a/roles/gotosocial/tasks/main.yml
+++ b/roles/gotosocial/tasks/main.yml
@ -0,0 +1,62 @@
+---
+
+- name: Ensure user {{ gotosocial_user }} is present
+  user:
+    name: "{{ gotosocial_user }}"
+    system: true
+    state: present
+  register: gotosocial_user_info
+
+- name: Ensure host directories for mounts are present
+  file:
+    path: "{{ path.name }}"
+    state: directory
+    owner: >-
+      {{ path.owner | default(gotosocial_user_info.uid | default(gotosocial_user)) }}
+    group: >-
+      {{ path.group | default(gotosocial_user_info.group | default(gotosocial_user)) }}
+    mode: "{{ path.mode | default('0750') }}"
+  loop:
+    - name: "{{ gotosocial_base_path }}"
+    - name: "{{ gotosocial_config_path }}"
+    - name: "{{ gotosocial_storage_path }}"
+      mode: '0770'
+  loop_control:
+    loop_var: path
+    label: "{{ path.name }}"
+
+- name: Ensure configuration is up to date
+  copy:
+    content: "{{ gotosocial_config | to_nice_yaml(indent=2, max_with=10000) }}"
+    dest: "{{ gotosocial_config_file }}"
+    owner: "{{ gotosocial_user_info.uid | default(gotosocial_user) }}"
+    group: "{{ gotosocial_user_info.group | default(gotosocial_user) }}"
+    mode: 0640
+  notify: restart-gotosocial
+
+- name: Ensure container image is available
+  docker_image:
+    image: "{{ gotosocial_container_image }}"
+    state: present
+    source: pull
+    force_source: >-
+      {{ gotosocial_container_image_force_pull
+      | default(gotoscial_container_image_tag | default(true, true)) }}
+  register: gotosocial_container_image_pull_status
+  until: gotosocial_container_image_pull_status is succeeded
+  retries: 5
+  delay: 3
+
+- name: Ensure gotosocial container named {{ gotosocial_container_name }} is running
+  docker_container:
+    name: "{{ gotosocial_container_name }}"
+    image: "{{ gotosocial_container_image }}"
+    volumes: "{{ gotosocial_container_volumes }}"
+    env: "{{ gotosocial_container_env | default(omit, True) }}"
+    ports: "{{ gotosocial_container_ports | default(omit, True) }}"
+    labels: "{{ gotosocial_container_labels | default(omit, True }}"
+    networks: "{{ gotosocial_container_networks | default(omit, True) }}"
+    etc_hosts: "{{ gotosocial_container_etc_hosts | default(omit, True) }}"
+    purge_networks: "{{ gotosocial_container_purge_networks | default(False, True) }}"
+    restart_policy: "{{ gotosocial_container_restart_policy }}"
+    state: started
--- a/roles/gotosocial/vars.yml
+++ b/roles/gotosocial/vars.yml
@ -0,0 +1,58 @@
+---
+
+gotosocial_default_config:
+  log-level: "{{ gotosocial_config_log_level }}"
+  log-db-queries: "{{ gotosocial_config_log_db_queries }}"
+  application-name: gotosocial
+  host: "{{ gotosocial_config_host }}"
+  account-domain: "{{ gotosocial_config_account_domain }}"
+  protocol: "{{ gotosocial_config_protocol }}"
+  bind-address: "{{ gotosocial_config_bind_address }}"
+  port: "{{ gotosocial_config_port }}"
+  trusted-proxies: "{{ gotosocial_config_trusted_proxies }}"
+  db-type: "{{ gotosocial_config_db_type }}"
+  db-port: "{{ gotosocial_config_db_port }}"
+  db-user: "{{ gotosocial_config_db_user }}"
+  db-password: "{{ gotosocial_config_db_password }}"
+  db-database: "{{ gotosocial_config_db_database }}"
+  db-tls-mode: "{{ gotosocial_config_db_tls_mode }}"
+  db-tls-ca-cert: "{{ gotosocial_config_db_tls_ca_cert }}"
+  web-template-base-dir: "{{ gotosocial_config_web_template_base_dir }}"
+  web-asset-base-dir: "{{ gotosocial_config_web_asset_base_dir }}"
+  instance-expose-peer: "{{ gotosocial_config_instance_expose_peers }}"
+  instance-expose-suspended: "{{ gotosocial_config_expose_suspended }}"
+  accounts-registration-open: "{{ gotosocial_config_acounts_registration_open }}"
+  accounts-approval-required: "{{ gotosocial_config_accounts_approval_required }}"
+  accounts-reason-required: "{{ gotosocial_config_accounts_reason_required }}"
+  media-image-max-size: "{{ gotosocial_config_media_image_max_size_bytes }}"
+  media-video-max-size: "{{ gotosocial_config_media_video_max_size_bytes }}"
+  media-description-min-chars: "{{ gotosocial_config_media_description_min_chars }}"
+  media-description-max-chars: "{{ gotosocial_config_media_description_max_chars }}"
+  media-remote-cache-days: "{{ gotosocial_config_media_remote_cache_days }}"
+  storage-backend: "{{ gotosocial_config_storage_backend }}"
+  storage-local-base-path: "{{ gotosocial_config_storage_local_base_path }}"
+  statuses-max-chars: "{{ gotosocial_config_statuses_max_chars }}"
+  statuses-cw-max-chars: "{{ gotosocial_config_statuses_cw_max_chars }}"
+  statuses-poll-max-options: "{{ gotosocial_config_statuses_poll_max_options }}"
+  statuses-poll-option-max-chars: "{{ gotosocial_config_statuses_poll_option_max_chars }}"
+  statuses-media-max-files: "{{ gotosocial_config_statuses_media_max_files }}"
+  letsencrypt-enabled: "{{ gotosocial_config_letsencrypt_enabled }}"
+  letsencrypt-port: "{{ gotosocial_config_letsencrypt_port }}"
+  letsencrypt-cert-dir: "{{ gotosocial_config_letsencrypt_cert_dir }}"
+  letsencrypt-email-address: "{{ gotosocial_config_letsencrypt_email_address }}"
+  oidc-enabled: "{{ gotosocial_config_oidc_enabled }}"
+  oidc-idp-name: "{{ gotosocial_config_oidc_idp_name }}"
+  oidc-skip-verification: "{{ gotosocial_config_oidc_skip_verification }}"
+  oidc-issuer: "{{ gotosocial_config_oidc_issuer }}"
+  oidc-client-id: "{{ gotosocial_config_oidc_client_id }}"
+  oidc-client-secret: "{{ gotosocial_config_oidc_client_secret }}"
+  oidc-scopes: "{{ gotosocial_config_oidc_scopes }}"
+  smtp-host: "{{ gotosocial_config_smtp_host }}"
+  smtp-port: "{{ gotosocial_config_smtp_port }}"
+  smtp-username: "{{ gotosocial_config_smtp_username }}"
+  smtp-password: "{{ gotosocial_config_smtp_password }}"
+  smtp-from: "{{ gotosocial_config_smtp_from }}"
+  syslog-enabled: "{{ gotosocial_config_syslog_enabled }}"
+  syslog-protocol: "{{ gotosocial_config_syslog_protocol }}"
+  syslog-address: "{{ gotosocial_config_syslog_address }}"
+  advanced-cookies-samesite: "{{ gotosocial_config_advanced_cookies_samesite }}"