From e28cad6552866ef51d82cf7f03275269db7b240b Mon Sep 17 00:00:00 2001 From: Johanna Dorothea Reichmann Date: Sun, 3 Jul 2022 17:55:13 +0200 Subject: [PATCH] feat(gotosocial): add ansible role for deployment using docker --- roles/gotosocial/README.md | 24 ++++++ roles/gotosocial/defaults/main.yml | 120 +++++++++++++++++++++++++++++ roles/gotosocial/handlers/main.yml | 8 ++ roles/gotosocial/tasks/main.yml | 62 +++++++++++++++ roles/gotosocial/vars.yml | 58 ++++++++++++++ 5 files changed, 272 insertions(+) create mode 100644 roles/gotosocial/README.md create mode 100644 roles/gotosocial/defaults/main.yml create mode 100644 roles/gotosocial/handlers/main.yml create mode 100644 roles/gotosocial/tasks/main.yml create mode 100644 roles/gotosocial/vars.yml diff --git a/roles/gotosocial/README.md b/roles/gotosocial/README.md new file mode 100644 index 0000000..92d50ce --- /dev/null +++ b/roles/gotosocial/README.md @@ -0,0 +1,24 @@ +# `finallycoffee.fediverse.gotosocial` ansible role + + +## Configuration + +### Built-in LetsEncrypt client + +To use the built-in letsencrypt client, set `gotosocial_config_letsencrypt_enabled: true`. + +You are required to fill in a valid administrative email address into +`gotosocial_config_letsencrypt_email_address`. + +The port letsencrypt will listen on defaults to `80` and can be set using +`gotosocial_config_letsencrypt_port` (if f.ex. the container lacks the permission +to bind to ports < 1024). Note that when `gotosocial_config_letsencrypt_enabled` is +`true`, the `gotosocial_config_letsencrypt_port` will by default be mapped to +_host_ port 80 on all interfaces! + +This is fine when this is the only ACME client and allows easily changing +`gotosocial_config_letsencrypt_port` without breaking any functionality, +but with multiple acme clients all performing HTTP-01 challenges, you need to manually +overwrite `gotosocial_container_ports` to fit your needs. + +### Advanced configuration diff --git a/roles/gotosocial/defaults/main.yml b/roles/gotosocial/defaults/main.yml new file mode 100644 index 0000000..b5adf98 --- /dev/null +++ b/roles/gotosocial/defaults/main.yml @@ -0,0 +1,120 @@ +--- + +gotosocial_user: "gotosocial" +gotosocial_version: 0.3.6 +gotosocial_base_path: "/opt/gotosocial" +gotosocial_config_path: "{{ gotosocial_base_path }}/config" +gotosocial_template_path: "{{ gotosocial_base_path }}/templates" +gotosocial_asset_path: "{{ gotosocial_base_path }}/assets" +gotosocial_storage_path: "{{ gotosocial_base_path }}/storage" +gotosocial_config_file: "{{ gotosocial_config_path }}/config.yaml" + +gotosocial_config: >- + {{ gotosocial_default_config + | combine(gotosocial_extra_config, recursive=True) }} + +gotosocial_config_log_level: info +gotosocial_config_log_db_queries: false +gotosocial_config_host: social.example.party +gotosocial_config_account_domain: ~ + +# listening / revproxy configuration +gotosocial_config_protocol: https +gotosocial_config_bind_address: 127.0.0.1 +gotosocial_config_port: 8080 +gotosocial_config_trusted_proxies: [] + +# database configuration +gotosocial_config_db_type: postgres +gotosocial_config_db_address: ~ +gotosocial_config_db_port: ~ +gotosocial_config_db_user: ~ +gotosocial_config_db_password: ~ +gotosocial_config_db_database: gotosocial +gotosocial_config_db_tls_mode: enable +gotosocial_config_db_tls_ca_cert: + +gotosocial_config_web_template_base_dir: "{{ gotosocial_template_path }}" +gotosocial_config_web_asset_base_dir: "{{ gotosocial_asset_path }}" + +# instance privacy +gotosocial_config_instance_expose_peers: false +gotosocial_config_expose_suspended: false + +# account config +gotosocial_config_acounts_registration_open: true +gotosocial_config_accounts_approval_required: true +gotosocial_config_accounts_reason_required: true + +# media config +gotosocial_config_media_image_max_size_bytes: 2097152 #2MB +gotosocial_config_media_video_max_size_bytes: 10485760 #10MB +gotosocial_config_media_description_min_chars: 0 +gotosocial_config_media_description_max_chars: 1000 +gotosocial_config_media_remote_cache_days: 30 + +# storage for media etc +gotosocial_config_storage_backend: local +gotosocial_config_storage_local_base_path: "{{ gotosocial_storage_path }}" + +# status config +gotosocial_config_statuses_max_chars: 5000 +gotosocial_config_statuses_cw_max_chars: 100 +gotosocial_config_statuses_poll_max_options: 6 +gotosocial_config_statuses_poll_option_max_chars: 50 +gotosocial_config_statuses_media_max_files: 30 + +# letsencrypt config +gotosocial_config_letsencrypt_enabled: false +gotosocial_config_letsencrypt_port: 80 +gotosocial_config_letsencrypt_cert_dir: "{{ gotosocial_cert_path }}" +gotosocial_config_letsencrypt_email_address: ~ + +# oidc config +gotosocial_config_oidc_enabled: false +gotosocial_config_oidc_idp_name: ~ +gotosocial_config_oidc_skip_verification: false +gotosocial_config_oidc_issuer: ~ +gotosocial_config_oidc_client_id: ~ +gotosocial_config_oidc_client_secret: ~ +gotosocial_config_oidc_scopes: + - openid + - email + - profile + +# smtp config +gotosocial_config_smtp_host: ~ +gotosocial_config_smtp_port: ~ +gotosocial_config_smtp_username: ~ +gotosocial_config_smtp_password: ~ +gotosocial_config_smtp_from: ~ + +# syslog config +gotosocial_config_syslog_enabled: false +gotosocial_config_syslog_protocol: udp +gotosocial_config_syslog_address: "localhost:514" + +# advanced config: +gotosocial_config_advanced_cookies_samesite: lax + +# container defaults +gotosocial_container_name: gotosocial +gotosocial_container_image_name: docker.io/superseriousbusiness/gotosocial +gotosocial_container_image_tag: ~ +gotosocial_container_image: >-2 + {{ gotosocial_container_image_name }}:{{ gotoscial_container_image_tag + | default(gotosocial_version) }} +gotosocial_container_volumes: >-2 + {{ gotosocial_container_default_volumes + + gotosocial_container_extra_volumes }} +gotosocial_container_default_volumes: + - "{{ gotosocial_storage_path }}:/gotosocial/storage:z" +gotosocial_container_extra_volumes: [] + +gotosocial_container_env: {} +gotosocial_container_labels: {} +gotosocial_container_user: "{{ gotosocial_user }}" +gotosocial_container_etc_hosts: ~ +gotosocial_container_networks: ~ +gotosocial_container_purge_networks: false +gotosocial_container_restart_policy: unless_stopped diff --git a/roles/gotosocial/handlers/main.yml b/roles/gotosocial/handlers/main.yml new file mode 100644 index 0000000..6f92ee2 --- /dev/null +++ b/roles/gotosocial/handlers/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Restart gotosocial + listen: restart-gotosocial + docker_container: + name: "{{ gotosocial_container_name }}" + state: started + restart: true diff --git a/roles/gotosocial/tasks/main.yml b/roles/gotosocial/tasks/main.yml new file mode 100644 index 0000000..2a3802d --- /dev/null +++ b/roles/gotosocial/tasks/main.yml @@ -0,0 +1,62 @@ +--- + +- name: Ensure user {{ gotosocial_user }} is present + user: + name: "{{ gotosocial_user }}" + system: true + state: present + register: gotosocial_user_info + +- name: Ensure host directories for mounts are present + file: + path: "{{ path.name }}" + state: directory + owner: >- + {{ path.owner | default(gotosocial_user_info.uid | default(gotosocial_user)) }} + group: >- + {{ path.group | default(gotosocial_user_info.group | default(gotosocial_user)) }} + mode: "{{ path.mode | default('0750') }}" + loop: + - name: "{{ gotosocial_base_path }}" + - name: "{{ gotosocial_config_path }}" + - name: "{{ gotosocial_storage_path }}" + mode: '0770' + loop_control: + loop_var: path + label: "{{ path.name }}" + +- name: Ensure configuration is up to date + copy: + content: "{{ gotosocial_config | to_nice_yaml(indent=2, max_with=10000) }}" + dest: "{{ gotosocial_config_file }}" + owner: "{{ gotosocial_user_info.uid | default(gotosocial_user) }}" + group: "{{ gotosocial_user_info.group | default(gotosocial_user) }}" + mode: 0640 + notify: restart-gotosocial + +- name: Ensure container image is available + docker_image: + image: "{{ gotosocial_container_image }}" + state: present + source: pull + force_source: >- + {{ gotosocial_container_image_force_pull + | default(gotoscial_container_image_tag | default(true, true)) }} + register: gotosocial_container_image_pull_status + until: gotosocial_container_image_pull_status is succeeded + retries: 5 + delay: 3 + +- name: Ensure gotosocial container named {{ gotosocial_container_name }} is running + docker_container: + name: "{{ gotosocial_container_name }}" + image: "{{ gotosocial_container_image }}" + volumes: "{{ gotosocial_container_volumes }}" + env: "{{ gotosocial_container_env | default(omit, True) }}" + ports: "{{ gotosocial_container_ports | default(omit, True) }}" + labels: "{{ gotosocial_container_labels | default(omit, True }}" + networks: "{{ gotosocial_container_networks | default(omit, True) }}" + etc_hosts: "{{ gotosocial_container_etc_hosts | default(omit, True) }}" + purge_networks: "{{ gotosocial_container_purge_networks | default(False, True) }}" + restart_policy: "{{ gotosocial_container_restart_policy }}" + state: started diff --git a/roles/gotosocial/vars.yml b/roles/gotosocial/vars.yml new file mode 100644 index 0000000..45fa474 --- /dev/null +++ b/roles/gotosocial/vars.yml @@ -0,0 +1,58 @@ +--- + +gotosocial_default_config: + log-level: "{{ gotosocial_config_log_level }}" + log-db-queries: "{{ gotosocial_config_log_db_queries }}" + application-name: gotosocial + host: "{{ gotosocial_config_host }}" + account-domain: "{{ gotosocial_config_account_domain }}" + protocol: "{{ gotosocial_config_protocol }}" + bind-address: "{{ gotosocial_config_bind_address }}" + port: "{{ gotosocial_config_port }}" + trusted-proxies: "{{ gotosocial_config_trusted_proxies }}" + db-type: "{{ gotosocial_config_db_type }}" + db-port: "{{ gotosocial_config_db_port }}" + db-user: "{{ gotosocial_config_db_user }}" + db-password: "{{ gotosocial_config_db_password }}" + db-database: "{{ gotosocial_config_db_database }}" + db-tls-mode: "{{ gotosocial_config_db_tls_mode }}" + db-tls-ca-cert: "{{ gotosocial_config_db_tls_ca_cert }}" + web-template-base-dir: "{{ gotosocial_config_web_template_base_dir }}" + web-asset-base-dir: "{{ gotosocial_config_web_asset_base_dir }}" + instance-expose-peer: "{{ gotosocial_config_instance_expose_peers }}" + instance-expose-suspended: "{{ gotosocial_config_expose_suspended }}" + accounts-registration-open: "{{ gotosocial_config_acounts_registration_open }}" + accounts-approval-required: "{{ gotosocial_config_accounts_approval_required }}" + accounts-reason-required: "{{ gotosocial_config_accounts_reason_required }}" + media-image-max-size: "{{ gotosocial_config_media_image_max_size_bytes }}" + media-video-max-size: "{{ gotosocial_config_media_video_max_size_bytes }}" + media-description-min-chars: "{{ gotosocial_config_media_description_min_chars }}" + media-description-max-chars: "{{ gotosocial_config_media_description_max_chars }}" + media-remote-cache-days: "{{ gotosocial_config_media_remote_cache_days }}" + storage-backend: "{{ gotosocial_config_storage_backend }}" + storage-local-base-path: "{{ gotosocial_config_storage_local_base_path }}" + statuses-max-chars: "{{ gotosocial_config_statuses_max_chars }}" + statuses-cw-max-chars: "{{ gotosocial_config_statuses_cw_max_chars }}" + statuses-poll-max-options: "{{ gotosocial_config_statuses_poll_max_options }}" + statuses-poll-option-max-chars: "{{ gotosocial_config_statuses_poll_option_max_chars }}" + statuses-media-max-files: "{{ gotosocial_config_statuses_media_max_files }}" + letsencrypt-enabled: "{{ gotosocial_config_letsencrypt_enabled }}" + letsencrypt-port: "{{ gotosocial_config_letsencrypt_port }}" + letsencrypt-cert-dir: "{{ gotosocial_config_letsencrypt_cert_dir }}" + letsencrypt-email-address: "{{ gotosocial_config_letsencrypt_email_address }}" + oidc-enabled: "{{ gotosocial_config_oidc_enabled }}" + oidc-idp-name: "{{ gotosocial_config_oidc_idp_name }}" + oidc-skip-verification: "{{ gotosocial_config_oidc_skip_verification }}" + oidc-issuer: "{{ gotosocial_config_oidc_issuer }}" + oidc-client-id: "{{ gotosocial_config_oidc_client_id }}" + oidc-client-secret: "{{ gotosocial_config_oidc_client_secret }}" + oidc-scopes: "{{ gotosocial_config_oidc_scopes }}" + smtp-host: "{{ gotosocial_config_smtp_host }}" + smtp-port: "{{ gotosocial_config_smtp_port }}" + smtp-username: "{{ gotosocial_config_smtp_username }}" + smtp-password: "{{ gotosocial_config_smtp_password }}" + smtp-from: "{{ gotosocial_config_smtp_from }}" + syslog-enabled: "{{ gotosocial_config_syslog_enabled }}" + syslog-protocol: "{{ gotosocial_config_syslog_protocol }}" + syslog-address: "{{ gotosocial_config_syslog_address }}" + advanced-cookies-samesite: "{{ gotosocial_config_advanced_cookies_samesite }}"