feat(pixelfed): add ansible role

2023-07-14 12:29:33 +02:00
40 changed files with 562 additions and 654 deletions
--- a/README.md
+++ b/README.md
@ -9,18 +9,12 @@ available.
 ## Roles
 - [`fediwall`](roles/fediwall/README.md): deployment of [Fediwall](https://fediwall.social),
  a media wall for mastodon inspired by mastowall.
 - [`gotosocial`](roles/gotosocial/README.md): deployment of [GoToSocial.org](https://gotosocial.org/),
  an ActivityPub social network server, in a docker container.
 - [`mastodon`](roles/mastodon/README.md): deployment using a container based
  setup, able to use webfinger delegation.
 - [`sharkey`](roles/sharkey/README.md): deployment of sharkey, a misskey-
  fork with full mastodon API compatability.
 ## License
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License
--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,22 +1,15 @@
 namespace: finallycoffee
 name: fediverse
-version: 0.2.0
+version: 0.0.1
 readme: README.md
 authors:
- transcaffeine <transcaffeine@finally.coffee>
+- Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
-description: Deploying fediverse software, mostly ActivityPub based
+description: Various ansible roles for deploying fediverse software
 dependencies:
-  "community.docker": "^4.0.0"
+  "community.docker": "^1.10.0"
-  "community.general": "^10.6.0"
+license:
-license_file: LICENSE.md
+- CNPLv7+
 build_ignore:
 - '*.tar.gz'
-repository: https://git.finally.coffee/finallycoffee/fediverse
+repository: https://git.finallycoffee.eu/finallycoffee.eu/fediverse
-issues: https://codeberg.org/finallycoffee/ansible-collection-fediverse/issues
+issues: https://git.finallycoffee.eu/finallycoffee.eu/fediverse/issues
 tags:
  - activitypub
  - fediverse
  - fediwall
  - sharkey
  - gotosocial
  - mastodon
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@ -1,3 +0,0 @@
 ---
 requires_ansible: ">=2.15"
--- a/playbooks/fediwall.yml
+++ b/playbooks/fediwall.yml
@ -1,6 +0,0 @@
 ---
 - name: Install and configure fediwall
  hosts: "{{ fediwall_hosts | default('fediwall') }}"
  become: "{{ fediwall_become | default(false) }}"
  roles:
    - role: fediwall
--- a/playbooks/sharkey.yml
+++ b/playbooks/sharkey.yml
@ -1,6 +0,0 @@
 ---
 - name: Deploy sharkey
  hosts: "{{ sharkey_hosts | default('sharkey') }}"
  become: "{{ sharkey_become | default(false) }}"
  roles:
    - role: finallycoffee.fediverse.sharkey
--- a/roles/fediwall/README.md
+++ b/roles/fediwall/README.md
@ -1,4 +0,0 @@
 # `finallycoffee.fediverse.fediwall` ansible role
 Ansible role for [`fediwall`](https://fediwall.social) deployment.
--- a/roles/fediwall/defaults/main/config.yml
+++ b/roles/fediwall/defaults/main/config.yml
@ -1,50 +0,0 @@
 ---
 fediwall_config_servers:
  - mastodon.social
 fediwall_config_tags:
  - cats
 fediwall_config_accounts: []
 fediwall_config_load_public: false
 fediwall_config_load_federated: false
 fediwall_config_load_trends: false
 fediwall_config_languages: []
 fediwall_config_bad_words: []
 fediwall_config_hide_sensitive: true
 fediwall_config_hide_bots: true
 fediwall_config_hide_replies: true
 fediwall_config_hide_boosts: false
 fediwall_config_limit: 20
 fediwall_config_interval: 10
 fediwall_config_title: "Fediwall"
 fediwall_config_theme: "auto"
 fediwall_config_show_infobar: true
 fediwall_config_show_text: true
 fediwall_config_show_media: true
 fediwall_config_play_videos: true
 fediwall_default_config:
  servers: "{{ fediwall_config_servers }}"
  tags: "{{ fediwall_config_tags }}"
  accounts: "{{ fediwall_config_accounts }}"
  loadPublic: "{{ fediwall_config_load_public }}"
  loadFederated: "{{ fediwall_config_load_federated }}"
  loadTrends: "{{ fediwall_config_load_trends }}"
  languages: "{{ fediwall_config_languages }}"
  badWords: "{{ fediwall_config_bad_words }}"
  hideSensitive: "{{ fediwall_config_hide_sensitive }}"
  hideBots: "{{ fediwall_config_hide_bots }}"
  hideReplies: "{{ fediwall_config_hide_replies }}"
  hideBoosts: "{{ fediwall_config_hide_boosts }}"
  limit: "{{ fediwall_config_limit }}"
  interval: "{{ fediwall_config_interval }}"
  title: "{{ fediwall_config_title }}"
  theme: "{{ fediwall_config_theme }}"
  showInfobar: "{{ fediwall_config_show_infobar }}"
  showText: "{{ fediwall_config_show_text }}"
  showMedia: "{{ fediwall_config_show_media }}"
  playVideos: "{{ fediwall_config_play_videos }}"
 fediwall_config: {}
 fediwall_final_config: >-2
  {{ fediwall_default_config | default({}, true)
    | combine(fediwall_config | default({}, true)) }}
--- a/roles/fediwall/defaults/main/container.yml
+++ b/roles/fediwall/defaults/main/container.yml
@ -1,45 +0,0 @@
 ---
 fediwall_container_name: fediwall
 fediwall_container_image_registry: ghcr.io
 fediwall_container_image_namespace: defnull
 fediwall_container_image_name: fediwall
 fediwall_container_image_repository: >-2
  {{
    [
      fediwall_container_image_registry | default([], true),
      fediwall_container_image_namespace | default([], true),
      fediwall_container_image_name
    ] | flatten | join('/')
  }}
 fediwall_container_image_tag: ~
 fediwall_container_image_source: pull
 fediwall_container_image_force_source: >-2
  {{ fediwall_container_image_tag | default(false, true) | bool }}
 fediwall_container_image: >-2
  {{
    [
      fediwall_container_image_repository,
      fediwall_container_image_tag | default(fediwall_version, true)
    ] | join(':')
  }}
 fediwall_container_env: ~
 fediwall_container_user: ~
 fediwall_container_ports: ~
 fediwall_container_labels: ~
 fediwall_container_volumes: []
 fediwall_container_networks: ~
 fediwall_container_network_mode: ~
 fediwall_container_dns_servers: ~
 fediwall_container_etc_hosts: ~
 fediwall_container_memory: ~
 fediwall_container_memory_swap: ~
 fediwall_container_memory_reservation: ~
 fediwall_container_restart_policy: "on-failure"
 fediwall_container_config_file: "/usr/share/nginx/html/wall-config.json"
 fediwall_container_base_volumes:
  - "{{ fediwall_config_file }}:{{ fediwall_container_config_file }}:ro"
 fediwall_container_final_volumes: >-2
  {{ fediwall_container_base_volumes + fediwall_container_volumes }}
 fediwall_container_state: >-2
  {{ (fediwall_state == 'present') | ternary('started', 'absent') }}
--- a/roles/fediwall/defaults/main/main.yml
+++ b/roles/fediwall/defaults/main/main.yml
@ -1,8 +0,0 @@
 ---
 fediwall_user: fediwall
 fediwall_version: "1.4.0"
 fediwall_config_file: "/etc/fediwall/config.json"
 fediwall_config_file_path: "{{ fediwall_config_file | dirname }}"
 fediwall_state: "present"
 fediwall_deployment_method: "docker"
--- a/roles/fediwall/tasks/deploy-docker.yml
+++ b/roles/fediwall/tasks/deploy-docker.yml
@ -1,26 +0,0 @@
 ---
 - name: Ensure container image '{{ fediwall_container_image }}' is {{ fediwall_state }}
  community.docker.docker_image:
    name: "{{ fediwall_container_image }}"
    state: "{{ fediwall_state }}"
    source: "{{ fediwall_container_image_source }}"
    force_source: "{{ fediwall_container_image_force_source }}"
 - name: Ensure container '{{ fediwall_container_name }}' is {{ fediwall_container_state }}
  community.docker.docker_container:
    name: "{{ fediwall_container_name }}"
    image: "{{ fediwall_container_image }}"
    env: "{{ fediwall_container_env | default(omit, true) }}"
    user: "{{ fediwall_container_user | default(omit, true) }}"
    ports: "{{ fediwall_container_ports | default(omit, true) }}"
    labels: "{{ fediwall_container_labels | default(omit, true) }}"
    volumes: "{{ fediwall_container_final_volumes | default(omit, true) }}"
    networks: "{{ fediwall_container_networks | default(omit, true) }}"
    network_mode: "{{ fediwall_container_network_mode | default(omit, true) }}"
    dns_servers: "{{ fediwall_container_dns_servers | default(omit, true) }}"
    etc_hosts: "{{ fediwall_container_etc_hosts | default(omit, true) }}"
    memory: "{{ fediwall_container_memory | default(omit, true) }}"
    memory_swap: "{{ fediwall_container_memory_swap | default(omit, true) }}"
    memory_reservation: "{{ fediwall_container_memory_reservation | default(omit, true) }}"
    restart_policy: "{{ fediwall_container_restart_policy }}"
    state: "{{ fediwall_container_state }}"
--- a/roles/fediwall/tasks/main.yml
+++ b/roles/fediwall/tasks/main.yml
@ -1,43 +0,0 @@
 ---
 - name: Ensure 'fediwall_state' is valid
  ansible.builtin.fail:
    msg: >-2
      Unsupported state '{{ fediwall_state }}'. Supported
      states are {{ fediwall_states | map(quote) | join(', ') }}
  when: fediwall_state not in fediwall_states
 - name: Ensure 'fediwall_deployment_method' is valid
  ansible.builtin.fail:
    msg: >-2
      Unsupported deployment method '{{ fediwall_deployment_method }}'.
      upported deployment methods are {{ fediwall_deployment_methods | join(', ') }}
  when: fediwall_deployment_method not in fediwall_deployment_methods
 - name: Ensure user '{{ fediwall_user }}' is {{ fediwall_state }}
  ansible.builtin.user:
    name: "{{ fediwall_user }}"
    state: "{{ fediwall_state }}"
    system: "{{ fediwall_user_system | default(true, true) }}"
    create_home: "{{ fediwall_user_system | default(false, true) }}"
 - name: Ensure configuration folder '{{ fediwall_config_file_path }}' is {{ fediwall_state }}
  ansible.builtin.file:
    path: "{{ fediwall_config_file_path }}"
    state: directory
  when: fediwall_state == 'present'
 - name: Ensure configuration in '{{ fediwall_config_file }}' is {{ fediwall_state }}
  ansible.builtin.copy:
    content: "{{ fediwall_final_config | to_nice_json(indent=2) }}"
    dest: "{{ fediwall_config_file }}"
    state: "{{ fediwall_state }}"
 - name: Ensure configuration folder is {{ fediwall_state }}
  ansible.builtin.file:
    path: "{{ fediwall_config_file_path }}"
    state: absent
  when: fediwall_state == 'absent'
 - name: Deploy using {{ fediwall_deployment_method }}
  ansible.builtin.include_tasks:
    file: "deploy-{{ fediwall_deployment_method }}.yml"
--- a/roles/fediwall/vars/main.yml
+++ b/roles/fediwall/vars/main.yml
@ -1,6 +0,0 @@
 ---
 fediwall_states:
  - "present"
  - "absent"
 fediwall_deployment_methods:
  - "docker"
--- a/roles/gotosocial/README.md
+++ b/roles/gotosocial/README.md
@ -1,18 +1,8 @@
 # `finallycoffee.fediverse.gotosocial` ansible role
 ## Configuration
 The server name can be set using `gotosocial_config_host`, with `gotosocial_config_account_domain` being available when webfinger delegation is used:
 ```yaml
 gotosocial_config_host: gotosocial.example.org
 gotosocial_config_account_domain: example.org
 ```
 ### Database
 The database can be configured using the `gotosocial_config_db_[address|port|user|password|database]` variables. the `[...]_type` defaults to `postgres`.
 ### Built-in LetsEncrypt client
 To use the built-in letsencrypt client, set `gotosocial_config_letsencrypt_enabled: true`.
@ -32,15 +22,3 @@ but with multiple acme clients all performing HTTP-01 challenges, you need to ma
 overwrite `gotosocial_container_ports` to fit your needs.
 ### Advanced configuration
 #### OIDC
 OIDC can be configured using `gotosocial_config_oidc_*` variables, disabled by default. A minimal configuration could look like this:
 ```yaml
 gotosocial_config_oidc_enabled: true
 gotosocial_config_oidc_idp_name: "My fancy name for the configured IdP"
 gotosocial_config_oidc_issuer: http://issuer/url
 gotosocial_config_oidc_client_id: my_client_id
 gotosocial_config_oidc_client_secret: my_client_secret
 ```
--- a/roles/gotosocial/defaults/main.yml
+++ b/roles/gotosocial/defaults/main.yml
@ -1,6 +1,7 @@
 ---
 gotosocial_user: "gotosocial"
-gotosocial_version: "0.19.0"
+gotosocial_version: 0.3.8
 gotosocial_base_path: "/opt/gotosocial"
 gotosocial_config_path: "{{ gotosocial_base_path }}/config"
 gotosocial_template_path: "{{ gotosocial_base_path }}/templates"
@ -39,13 +40,10 @@ gotosocial_config_web_asset_base_dir: "{{ gotosocial_asset_path }}"
 # instance privacy
 gotosocial_config_instance_expose_peers: false
-gotosocial_config_instance_expose_suspended: false
+gotosocial_config_expose_suspended: false
 gotosocial_config_instance_expose_public_timeline: false
 gotosocial_config_instance_deliver_to_shared_inboxes: true
 gotosocial_config_instance_inject_mastodon_version: false
 # account config
-gotosocial_config_accounts_registration_open: true
+gotosocial_config_acounts_registration_open: true
 gotosocial_config_accounts_approval_required: true
 gotosocial_config_accounts_reason_required: true
@ -84,8 +82,6 @@ gotosocial_config_oidc_scopes:
  - openid
  - email
  - profile
 gotosocial_config_oidc_link_existing: false
 gotosocial_config_oidc_admin_groups: []
 # smtp config
 gotosocial_config_smtp_host: ~
@ -93,7 +89,6 @@ gotosocial_config_smtp_port: ~
 gotosocial_config_smtp_username: ~
 gotosocial_config_smtp_password: ~
 gotosocial_config_smtp_from: ~
 gotosocial_config_smtp_disclose_recipients: false
 # syslog config
 gotosocial_config_syslog_enabled: false
--- a/roles/gotosocial/meta/main.yml
+++ b/roles/gotosocial/meta/main.yml
@ -1,14 +0,0 @@
 ---
 allow_duplicates: true
 dependencies: []
 galaxy_info:
  role_name: gotosocial
  description: >-2
    Deploy GoToSocial, a lightweight, customizable and safety-focused
    activitypub server written in golang.
  galaxy_tags:
    - gotosocial
    - gts
    - docker
    - activitypub
    - fediverse
--- a/roles/gotosocial/vars/main.yml
+++ b/roles/gotosocial/vars/main.yml
@ -20,11 +20,8 @@ gotosocial_default_config:
  db-tls-ca-cert: "{{ gotosocial_config_db_tls_ca_cert }}"
  web-template-base-dir: "{{ gotosocial_config_web_template_base_dir }}"
  web-asset-base-dir: "{{ gotosocial_config_web_asset_base_dir }}"
-  instance-expose-peers: "{{ gotosocial_config_instance_expose_peers }}"
+  instance-expose-peer: "{{ gotosocial_config_instance_expose_peers }}"
-  instance-expose-suspended: "{{ gotosocial_config_instance_expose_suspended }}"
+  instance-expose-suspended: "{{ gotosocial_config_expose_suspended }}"
  instance-expose-public-timeline: "{{ gotosocial_config_instance_expose_public_timeline }}"
  instance-deliver-to-shared-inboxes: "{{ gotosocial_config_instance_deliver_to_shared_inboxes }}"
  instance-inject-mastodon-version: "{{ gotosocial_config_instance_inject_mastodon_version }}"
  accounts-registration-open: "{{ gotosocial_config_acounts_registration_open }}"
  accounts-approval-required: "{{ gotosocial_config_accounts_approval_required }}"
  accounts-reason-required: "{{ gotosocial_config_accounts_reason_required }}"
@ -51,14 +48,11 @@ gotosocial_default_config:
  oidc-client-id: "{{ gotosocial_config_oidc_client_id }}"
  oidc-client-secret: "{{ gotosocial_config_oidc_client_secret }}"
  oidc-scopes: "{{ gotosocial_config_oidc_scopes }}"
  oidc-link-existing: "{{ gotosocial_config_oidc_link_existing }}"
  oidc-admin-groups: "{{ gotosocial_config_oidc_admin_groups }}"
  smtp-host: "{{ gotosocial_config_smtp_host }}"
  smtp-port: "{{ gotosocial_config_smtp_port }}"
  smtp-username: "{{ gotosocial_config_smtp_username }}"
  smtp-password: "{{ gotosocial_config_smtp_password }}"
  smtp-from: "{{ gotosocial_config_smtp_from }}"
  smtp-disclose-recipients: "{{ gotosocial_config_smtp_disclose_recipients }}"
  syslog-enabled: "{{ gotosocial_config_syslog_enabled }}"
  syslog-protocol: "{{ gotosocial_config_syslog_protocol }}"
  syslog-address: "{{ gotosocial_config_syslog_address }}"
--- a/roles/mastodon/defaults/main.yml
+++ b/roles/mastodon/defaults/main.yml
@ -1,9 +1,10 @@
 ---
 mastodon_user: mastodon
 mastodon_base_path: /opt/mastodon
 mastodon_domain: ~
 mastodon_web_domain: ~
-mastodon_version: "4.3.9"
+mastodon_version: 3.5.1
 mastodon_git_upstream_url: "https://github.com/mastodon/mastodon.git"
 mastodon_data_path: "{{ mastodon_base_path }}/data"
--- a/roles/mastodon/meta/main.yml
+++ b/roles/mastodon/meta/main.yml
@ -1,12 +0,0 @@
 ---
 allow_duplicates: true
 dependencies: []
 galaxy_info:
  role_name: mastodon
  description: >-2
    Deploy Mastodon, a social network server based on activity pub, built with ruby and nodejs
  galaxy_tags:
    - mastodon
    - activitypub
    - fediverse
    - docker
--- a/roles/pixelfed/defaults/main.yml
+++ b/roles/pixelfed/defaults/main.yml
@ -0,0 +1,143 @@
 ---
 pixelfed_user: pixelfed
 pixelfed_version: 0.11.2
 pixelfed_base_path: /opt/pixelfed
 pixelfed_deployment_method: docker_selfbuilt
 # user to run pixelfed as
 pixelfed_run_user: "{{ pixelfed_user_stat.uid | default(pixelfed_user) }}"
 pixelfed_run_group: "{{ pixelfed_user_stat.group | default(pixelfed_user) }}"
 # container settings
 pixelfed_container_name: pixelfed
 pixelfed_container_image_name: pixelfed
 pixelfed_container_image_tag: ~
 pixelfed_container_image: "{{ pixelfed_container_image_name }}:{{ pixelfed_container_image_tag | default('v' + pixelfed_version, True) }}"
 pixelfed_container_image_local_build: true
 pixelfed_container_ports: []
 pixelfed_container_networks: []
 pixelfed_container_extra_volumes: []
 pixelfed_container_extra_labels: {}
 pixelfed_container_extra_env: {}
 pixelfed_container_restart_policy: unless-stopped
 pixelfed_worker_container_name: "{{ pixelfed_container_name }}-worker"
 # host filesystem paths
 pixelfed_config_path: "{{ pixelfed_base_path }}/config"
 pixelfed_storage_path: "{{ pixelfed_base_path }}/storage"
 pixelfed_source_path: "{{ pixelfed_base_path }}/source"
 pixelfed_app_paths:
  - path: "{{ pixelfed_base_path }}"
    mode: "0750"
  - path: "{{ pixelfed_config_path }}"
    mode: "0750"
  - path: "{{ pixelfed_storage_path }}"
    mode: "0750"
  - path: "{{ pixelfed_source_path }}"
    mode: "0750"
 pixelfed_config_app_key: ~
 pixelfed_config_app_name: "Pixelfed"
 pixelfed_config_app_env: production
 pixelfed_config_app_debug: false
 pixelfed_config_app_url: "https://{{ pixelfed_config_app_url }}"
 pixelfed_config_app_domain: ~ # my.pixelfed.domain
 pixelfed_config_admin_domain: "{{ pixelfed_config_app_domain }}"
 pixelfed_config_session_domain: "{{ pixelfed_config_app_domain }}"
 pixelfed_config_open_registration: true
 pixelfed_config_enforce_email_verification: false
 pixelfed_config_pf_max_users: 1000
 pixelfed_config_oauth_enabled: true
 pixelfed_config_app_timezone: UTC
 pixelfed_config_app_locale: en
 pixelfed_config_limit_account_size: true
 pixelfed_config_max_account_size: 1000000
 pixelfed_config_max_photo_size: 15000
 pixelfed_config_max_avatar_size: 2000
 pixelfed_config_max_caption_length: 500
 pixelfed_config_max_bio_length: 125
 pixelfed_config_max_name_length: 30
 pixelfed_config_max_album_length: 4
 pixelfed_config_image_quality: 80
 pixelfed_config_pf_optimize_images: true
 pixelfed_config_pf_optimize_videos: true
 pixelfed_config_admin_env_editor: false
 pixelfed_config_account_deletion: true
 pixelfed_config_account_delete_after: false
 pixelfed_config_max_links_per_post: 0
 pixelfed_config_instance_description: ~
 pixelfed_config_instance_public_hashtags: false
 pixelfed_config_instance_contact_email: ~
 pixelfed_config_instance_public_local_timetime: false
 pixelfed_config_banned_usernames: ~
 pixelfed_config_stories_enabled: false
 pixelfed_config_restricted_instance: false
 pixelfed_config_mail_driver: log
 pixelfed_config_mail_host: ~
 pixelfed_config_mail_port: 25
 pixelfed_config_mail_from_address: "pixelfed@{{ pixelfed_config_app_domain }}"
 pixelfed_config_mail_from_name: "{{ pixelfed_config_app_name }}"
 pixelfed_config_mail_username: null
 pixelfed_config_mail_password: null
 pixelfed_config_mail_encryption: null
 pixelfed_config_db_connection: pgsql
 pixelfed_config_db_host: postgres
 pixelfed_config_db_port: 5432
 pixelfed_config_db_username: pixelfed
 pixelfed_config_db_password: ~
 pixelfed_config_db_database: pixelfed
 pixelfed_config_redis_client: phpredis
 pixelfed_config_redis_scheme: tcp
 pixelfed_config_redis_host: redis
 pixelfed_config_redis_password: ~
 pixelfed_config_redis_port: 6379
 pixelfed_config_redis_database: 0
 pixelfed_config_exp_lc: false
 pixelfed_config_exp_rec: false
 pixelfed_config_exp_loops: false
 pixelfed_config_activity_pub: false
 pixelfed_config_ap_remote_follow: false
 pixelfed_config_ap_shared_inbox: false
 pixelfed_config_ap_inbox: false
 pixelfed_config_ap_outbox: false
 pixelfed_config_atom_feeds: true
 pixelfed_config_nodeinfo: true
 pixelfed_config_webfinger: true
 pixelfed_config_filesystem_driver: local
 pixelfed_config_filesystem_cloud: s3
 pixelfed_config_pf_enable_cloud: false
 pixelfed_config_aws_access_key_id: ~
 pixelfed_config_aws_secret_access_key: ~
 pixelfed_config_aws_default_region: ~
 pixelfed_config_aws_bucket: ~
 pixelfed_config_aws_url: ~
 pixelfed_config_aws_endpont: ~
 pixelfed_config_aws_use_path_style_endpoint: false
 pixelfed_config_horizon_darkmode: false
 pixelfed_config_pf_costar_enabled: false
 pixelfed_config_media_exif_database: false
 pixelfed_config_log_channel: stderr
 pixelfed_config_image_driver: imagick
 pixelfed_config_broadcast_driver: log
 pixelfed_config_cache_driver: redis
 pixelfed_config_restrict_html_types: true
 pixelfed_config_queue_driver: redis
 pixelfed_config_session_driver: redis
 pixelfed_config_trust_proxies: "*"
 pixelfed_config_passport_private_key: ~
 pixelfed_config_passport_public_key: ~
--- a/roles/pixelfed/handlers/main.yml
+++ b/roles/pixelfed/handlers/main.yml
@ -0,0 +1,17 @@
 ---
 - name: Restart pixelfed (docker)
  docker_container:
    name: "{{ pixelfed_container_name }}"
    state: started
    restart: yes
  when: 'docker' in pixelfed_deployment_method
  listen: restart-pixelfed
 - name: Restart pixelfed worker (docker)
  docker_container:
    name: "{{ pixelfed_worker_container_name }}"
    state: started
    restart: yes
  when: 'docker' in pixelfed_deployment_method
  listen: restart-pixelfed
--- a/roles/pixelfed/tasks/docker-deploy.yml
+++ b/roles/pixelfed/tasks/docker-deploy.yml
@ -0,0 +1,28 @@
 ---
 - name: Ensure docker container '{{ pixelfed_container_name }}' is running
  docker_container:
    name: "{{ pixelfed_container_name }}"
    image: "{{ pixelfed_container_image }}"
    env: "{{ pixelfed_container_env }}"
    env_file: "{{ pixelfed_config_path }}/env"
    labels: "{{ pixelfed_container_labels }}"
    volumes: "{{ pixelfed_container_volumes }}"
    ports: "{{ pixelfed_container_ports | default(omit, True) }}"
    networks: "{{ pixelfed_container_networks | default(omit, True) }}"
    purge_networks: "{{ pixelfed_container_purge_networks|default(False) }}"
    restart_policy: "{{ pixelfed_container_restart_policy }}"
    state: started
 - name: Ensure docker container '{{ pixelfed_worker_container_name }}' is running
  docker_container:
    name: "{{ pixelfed_worker_container_name }}"
    image: "{{ pixelfed_container_image }}"
    env: "{{ pixelfed_container_env }}"
    env_file: "{{ pixelfed_config_path }}/env"
    volumes: "{{ pixelfed_container_volumes }}"
    networks: "{{ pixelfed_container_networks | default(omit, True) }}"
    purge_networks: "{{ pixelfed_container_purge_networks|default(False) }}"
    restart_policy: "{{ pixelfed_container_restart_policy }}"
    command: "gosu www-data php artisan horizon"
    state: started
--- a/roles/pixelfed/tasks/docker-image.yml
+++ b/roles/pixelfed/tasks/docker-image.yml
@ -0,0 +1,28 @@
 ---
 - name: Ensure docker container image is pulled
  docker_image:
    name: "{{ pixelfed_container_image }}"
    state: present
    source: pull
    force_source: "{{ true if docker_container_image_tag else false }}"
  when: not pixelfed_container_image_local_build
 - name: Ensure upstream git repository is cloned to source folder
  git:
    repo: "{{ pixelfed_source_upstream_git_repo }}"
    dest: "{{ pixelfed_source_path }}"
    update: yes
    clone: yes
  when: pixelfed_container_image_local_build
 - name: Build docker container image '{{ pixelfed_container_image }}' locally
  docker_image:
    name: "{{ pixelfed_container_image_name }}"
    tag: "{{ pixelfed_container_image_tag | default('v' + pixelfed_version) }}"
    state: present
    source: build
    build:
      dockerfile: "contrib/docker/Dockerfile.apache"
      path: "{{ pixelfed_source_path }}"
  when: pixelfed_container_image_local_build
--- a/roles/pixelfed/tasks/main.yml
+++ b/roles/pixelfed/tasks/main.yml
@ -0,0 +1,48 @@
 ---
 - name: Ensure user '{{ pixelfed_user }}' for pixelfed is created
  user:
    name: "{{ pixelfed_user }}"
    state: present
    system: true
  register: pixelfed_user_stat
 - name: Ensure file system paths exist for persisting data
  file:
    path: "{{ dir.path }}"
    state: directory
    owner: "{{ dir.user | default(pixelfed_run_user) }}"
    group: "{{ dir.group | default(pixelfed_run_group) }}"
    mode: "{{ dir.mode }}"
  loop: "{{ pixelfed_app_paths }}"
  loop_control:
    loop_var: dir
    label: "{{ dir.path }}"
 - name: Ensure pixelfed configuration is templated
  copy:
    content: |+
      {% for key in pixelfed_config | dict2items %}
      {% if pixelfed_config[key] %}
      {{ key }}={{ pixelfed_config[key] }}
      {% endif %}
      {% endfor %}
    dest: "{{ pixelfed_config_path }}/env"
    owner: "{{ pixelfed_run_user }}"
    group: "{{ pixelfed_run_group }}"
    mode: "0640"
  notify: restart-pixelfed
 - name: Ensure docker container image is available
  include_tasks:
    file: docker-image.yml
  when: 'docker' in pixelfed_deployment_method
 - name: Ensure pixelfed instance is started
  block:
    - name: Ensure pixelfed instance is started (docker)
      include_tasks:
        file: docker-deploy.yml
      when: 'docker' in pixelfed_deployment_method
--- a/roles/pixelfed/templates/env.docker.j2
+++ b/roles/pixelfed/templates/env.docker.j2
@ -0,0 +1,148 @@
 ## Crypto
 APP_KEY=
 ## General Settings
 APP_NAME="Pixelfed Prod"
 APP_ENV=production
 APP_DEBUG=false
 APP_URL=https://real.domain
 APP_DOMAIN="real.domain"
 ADMIN_DOMAIN="real.domain"
 SESSION_DOMAIN="real.domain"
 OPEN_REGISTRATION=true
 ENFORCE_EMAIL_VERIFICATION=false
 PF_MAX_USERS=1000
 OAUTH_ENABLED=true
 APP_TIMEZONE=UTC
 APP_LOCALE=en
 ## Pixelfed Tweaks
 LIMIT_ACCOUNT_SIZE=true
 MAX_ACCOUNT_SIZE=1000000
 MAX_PHOTO_SIZE=15000
 MAX_AVATAR_SIZE=2000
 MAX_CAPTION_LENGTH=500
 MAX_BIO_LENGTH=125
 MAX_NAME_LENGTH=30
 MAX_ALBUM_LENGTH=4
 IMAGE_QUALITY=80
 PF_OPTIMIZE_IMAGES=true
 PF_OPTIMIZE_VIDEOS=true
 ADMIN_ENV_EDITOR=false
 ACCOUNT_DELETION=true
 ACCOUNT_DELETE_AFTER=false
 MAX_LINKS_PER_POST=0
 ## Instance
 #INSTANCE_DESCRIPTION=
 INSTANCE_PUBLIC_HASHTAGS=false
 #INSTANCE_CONTACT_EMAIL=
 INSTANCE_PUBLIC_LOCAL_TIMELINE=false
 #BANNED_USERNAMES=
 STORIES_ENABLED=false
 RESTRICTED_INSTANCE=false
 ## Mail
 MAIL_DRIVER=log
 MAIL_HOST=smtp.mailtrap.io
 MAIL_PORT=2525
 MAIL_FROM_ADDRESS="pixelfed@example.com"
 MAIL_FROM_NAME="Pixelfed"
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 ## Databases (MySQL)
 DB_CONNECTION=mysql
 DB_DATABASE=pixelfed_prod
 DB_HOST=db
 DB_PASSWORD=pixelfed_db_pass
 DB_PORT=3306
 DB_USERNAME=pixelfed
 # pass the same values to the db itself
 MYSQL_DATABASE=pixelfed_prod
 MYSQL_PASSWORD=pixelfed_db_pass
 MYSQL_RANDOM_ROOT_PASSWORD=true
 MYSQL_USER=pixelfed
 ## Databases (Postgres)
 #DB_CONNECTION=pgsql
 #DB_HOST=postgres
 #DB_PORT=5432
 #DB_DATABASE=pixelfed
 #DB_USERNAME=postgres
 #DB_PASSWORD=postgres
 ## Cache (Redis)
 REDIS_CLIENT=phpredis
 REDIS_SCHEME=tcp
 REDIS_HOST=redis
 REDIS_PASSWORD=redis_password
 REDIS_PORT=6379
 REDIS_DATABASE=0
 ## EXPERIMENTS 
 EXP_LC=false
 EXP_REC=false
 EXP_LOOPS=false
 ## ActivityPub Federation
 ACTIVITY_PUB=false
 AP_REMOTE_FOLLOW=false
 AP_SHAREDINBOX=false
 AP_INBOX=false
 AP_OUTBOX=false
 ATOM_FEEDS=true
 NODEINFO=true
 WEBFINGER=true
 ## S3
 FILESYSTEM_DRIVER=local
 FILESYSTEM_CLOUD=s3
 PF_ENABLE_CLOUD=false
 #AWS_ACCESS_KEY_ID=
 #AWS_SECRET_ACCESS_KEY=
 #AWS_DEFAULT_REGION=
 #AWS_BUCKET=
 #AWS_URL=
 #AWS_ENDPOINT=
 #AWS_USE_PATH_STYLE_ENDPOINT=false
 ## Horizon
 HORIZON_DARKMODE=false
 ## COSTAR - Confirm Object Sentiment Transform and Reduce
 PF_COSTAR_ENABLED=false
 # Media
 MEDIA_EXIF_DATABASE=false
 ## Logging
 LOG_CHANNEL=stderr
 ## Image
 IMAGE_DRIVER=imagick
 ## Broadcasting
 BROADCAST_DRIVER=log  # log driver for local development
 ## Cache
 CACHE_DRIVER=redis
 ## Purify
 RESTRICT_HTML_TYPES=true
 ## Queue
 QUEUE_DRIVER=redis
 ## Session
 SESSION_DRIVER=redis
 ## Trusted Proxy
 TRUST_PROXIES="*"
 ## Passport
 #PASSPORT_PRIVATE_KEY=
 #PASSPORT_PUBLIC_KEY=
--- a/roles/pixelfed/templates/main.yml
+++ b/roles/pixelfed/templates/main.yml
--- a/roles/pixelfed/vars/main.yml
+++ b/roles/pixelfed/vars/main.yml
@ -0,0 +1,133 @@
 ---
 pixelfed_container_base_volumes:
  - "{{ pixelfed_storage_path }}:/var/www/storage:z"
  - "{{ pixelfed_config_path/env:/var/www/.env:ro"
 pixelfed_container_base_env: {}
 pixelfed_container_base_labels:
  VERSION: "{{ pixelfed_version }}"
 pixelfed_container_volumes: "{{ pixelfed_container_base_volumes + pixelfed_container_extra_volumes }}"
 pixelfed_container_labels: "{{ pixelfed_container_base_labels + pixelfed_container_extra_labels }}"
 pixelfed_container_env: "{{ pixelfed_container_base_env + pixelfed_container_extra_env }}"
 pixelfed_source_upstream_git_repo: "https://github.com/pixelfed/pixelfed.git"
 pixelfed_supported_deployment_methods:
  - docker_selfbuilt
  - docker_pulled
 # pixelfed app config
 pixelfed_config:
  APP_KEY: "{{ pixelfed_config_app_key }}"
  APP_NAME: "{{ pixelfed_config_app_name }}"
  APP_ENV: "{{ pixelfed_config_app_env }}"
  APP_DEBUG: "{{ pixelfed_config_app_debug }}"
  APP_URL: "{{ pixelfed_config_app_url }}"
  APP_DOMAIN: "{{ pixelfed_config_app_domain }}"
  ADMIN_DOMAIN: "{{ pixelfed_config_app_admin_domain }}"
  SESSION_DOMAIN: "{{ pixelfed_config_session_domain }}"
  OPEN_REGISTRATION: "{{ pixelfed_config_open_registration }}"
  ENFORCE_EMAIL_VERIFICATION: "{{ pixelfed_config_enforce_email_verification }}"
  PF_MAX_USERS: "{{ pixelfed_config_pf_max_users }}"
  OAUTH_ENABLED: "{{ pixelfed_config_oauth_enabled }}"
  APP_TIMEZONE: "{{ pixelfed_config_app_timezone }}"
  APP_LOCALE: "{{ pixelfed_config_all_locale }}"
  LIMIT_ACCOUNT_SIZE: "{{ pixelfed_config_limit_account_size }}"
  MAX_ACCOUNT_SIZE: "{{ pixelfed_config_max_account_size }}"
  MAX_PHOTO_SIZE: "{{ pixelfed_config_ }}"
  MAX_AVATAR_SIZE: "{{ pixelfed_config_ }}"
  MAX_CAPTION_LENGTH: "{{ pixelfed_config_ }}"
  MAX_BIO_LENGTH:  "{{ pixelfed_config_ }}"
  MAX_NAME_LENGTH:  "{{ pixelfed_config_ }}"
  MAX_ALBUM_LENGTH:  "{{ pixelfed_config_ }}"
  IMAGE_QUALITY:  "{{ pixelfed_config_ }}"
  PF_OPTIMIZE_IMAGES:  "{{ pixelfed_config_ }}"
  PF_OPTIMIZE_VIDEOS:  "{{ pixelfed_config_ }}"
  ADMIN_ENV_EDITOR:  "{{ pixelfed_config_ }}"
  ACCOUNT_DELETION:  "{{ pixelfed_config_ }}"
  ACCOUNT_DELETE_AFTER:  "{{ pixelfed_config_ }}"
  MAX_LINKS_PER_POST:    "{{ pixelfed_config_ }}"
  INSTANCE_DESCRIPTION: "{{ pixelfed_config_instance_description }}"
  INSTANCE_PUBLIC_HASHTAGS: "{{ pixelfed_config_instance_public_hashtags }}"
  INSTANCE_CONTACT_EMAIL: "{{ pixelfed_config_instance_contact_email }}"
  INSTANCE_PUBLIC_LOCAL_TIMELINE: "{{ pixelfed_config_instance_public_local_timeline }}"
  BANNED_USERNAMES: "{{ pixelfed_config_banned_usernames }}"
  STORIES_ENABLED: "{{ pixelfed_config_stories_enabled }}"
  RESTRICTED_INSTANCE: "{{ pixelfed_config_restricted_instance }}"
  ## Mail
  MAIL_DRIVER: "{{ pixelfed_config_mail_driver }}"
  MAIL_HOST: "{{ pixelfed_config_mail_host }}"
  MAIL_PORT: "{{ pixelfed_config_mail_port }}"
  MAIL_FROM_ADDRESS: "{{ pixelfed_config_mail_from_address }}"
  MAIL_FROM_NAME: "{{ pixelfed_config_mail_from_name }}"
  MAIL_USERNAME: "{{ pixelfed_config_mail_username }}"
  MAIL_PASSWORD: "{{ pixelfed_config_mail_password }}"
  MAIL_ENCRYPTION: "{{ pixelfed_config_mail_encryption }}"
  ## Databases (MySQL)
  DB_CONNECTION: "{{ pixelfed_config_db_connection }}"
  DB_DATABASE: "{{ pixelfed_config_db_database }}"
  DB_HOST: "{{ pixelfed_config_db_host }}"
  DB_PASSWORD: "{{ pixelfed_config_db_password }}"
  DB_PORT: "{{ pixelfed_config_db_port }}"
  DB_USERNAME: "{{ pixelfed_config_db_username }}"
  ## Cache (Redis)
  REDIS_CLIENT: "{{ pixelfed_config_redis_client }}"
  REDIS_SCHEME: "{{ pixelfed_config_redis_scheme }}"
  REDIS_HOST: "{{ pixelfed_config_redis_host }}"
  REDIS_PASSWORD: "{{ pixelfed_config_redis_password }}"
  REDIS_PORT: "{{ pixelfed_config_redis_port }}"
  REDIS_DATABASE: "{{ pixelfed_config_redis_database }}"
  ## EXPERIMENTS 
  EXP_LC: "{{ pixelfed_config_exp_lc }}"
  EXP_REC: "{{ pixelfed_config_exp_rec }}"
  EXP_LOOPS: "{{ pixelfed_config_exp_loops }}"
  ## ActivityPub Federation
  ACTIVITY_PUB: "{{ pixelfed_config_activity_pub }}"
  AP_REMOTE_FOLLOW: "{{ pixelfed_config_ap_remote_follow }}"
  AP_SHAREDINBOX: "{{ pixelfed_config_ap_sharedinbox }}"
  AP_INBOX: "{{ pixelfed_config_ap_inbox }}"
  AP_OUTBOX: "{{ pixelfed_config_ap_outbox }}"
  ATOM_FEEDS: "{{ pixelfed_config_atom_feeds }}"
  NODEINFO: "{{ pixelfed_config_nodeinfo }}"
  WEBFINGER: "{{ pixelfed_config_webfinger }}"
  ## S3
  FILESYSTEM_DRIVER: "{{ pixelfed_config_filesystem_driver }}"
  FILESYSTEM_CLOUD: "{{ pixelfed_config_filesystem_cloud }}"
  PF_ENABLE_CLOUD: "{{ pixelfed_config_pf_enable_cloud }}"
  AWS_ACCESS_KEY_ID: "{{ pixelfed_config_aws_access_key_id }}"
  AWS_SECRET_ACCESS_KEY: "{{ pixelfed_config_aws_secret_access_key }}"
  AWS_DEFAULT_REGION: "{{ pixelfed_config_aws_default_region }}"
  AWS_BUCKET: "{{ pixelfed_config_aws_bucket }}"
  AWS_URL: "{{ pixelfed_config_aws_url }}"
  AWS_ENDPOINT: "{{ pixelfed_config_aws_endpoint }}"
  AWS_USE_PATH_STYLE_ENDPOINT: "{{ pixelfed_config_aws_use_path_style_endpoint }}"
  HORIZON_DARKMODE: "{{ pixelfed_config_horizon_darkmode }}"
  PF_COSTAR_ENABLED: "{{ pixelfed_config_pf_costar_enabled }}"
  MEDIA_EXIF_DATABASE: "{{ pixelfed_config_media_exif_database }}"
  LOG_CHANNEL: "{{ pixelfed_config_log_channel }}"
  IMAGE_DRIVER: "{{ pixelfed_config_image_driver }}"
  BROADCAST_DRIVER: "{{ pixelfed_config_ }}"
  CACHE_DRIVER: "{{ pixelfed_config_cache_driver }}"
  RESTRICT_HTML_TYPES: "{{ 'true' pixelfed_config_restrict_html_types else 'false' }}"
  QUEUE_DRIVER: "{{ pixelfed_config_queue_driver }}"
  SESSION_DRIVER: "{{ pixelfed_config_session_driver }}"
  TRUST_PROXIES: "{{ pixelfed_config_trust_proxies }}"
  PASSPORT_PRIVATE_KEY: "{{ pixelfed_config_passport_private_key }}"
  PASSPORT_PUBLIC_KEY: "{{ pixelfed_config_passport_public_key }}"
--- a/roles/sharkey/README.md
+++ b/roles/sharkey/README.md
@ -1,44 +0,0 @@
 # `finallycoffee.fediverse.sharkey` ansible role
 ## Configuration
 Set the required `sharkey_config_url` variable to the domain you want sharkey to run on.
 To extend/modify the sharkey configuration file (upstream: `default.yml`),
 set your (structed) configuration in `sharkey_config` and it will be merged
 over the upstream config file and the role built-in configuration.
 ### Docker compose
 To extend/modify the compose project file (`compose.yml`), populate `sharkey_compose_file_overrides`.
 Take care when overriding `sharkey_compose_file_role_overrides`, as this can
 break the functionality of the ansible role.
 ## Behind a proxy
 The ansible role itself will respect system proxies (in the env var `HTTP_PROXY`/`https_proxy`).
 To use this role with a registry like Artifactory or Nexus3,
 set `sharkey_repo_server` to your registry server with full
 protocol, hostname, port. For example `sharkey_repo_server: "https://my.orgs.registry.local:8443/sharkey-internet-proxy/"`
 ## Stopping
 ### Docker compose
 Set `sharkey_compose_state: "stopped"` to ensure all containers in the compose
 project are stopped. This has the same effect as `docker compose stop`. Set
 `sharkey_compose_state: "absent"` to not only stop all containers, but remove
 them, the docker networks associated with the project etc. This is equivalent
 to `docker compose down`.
 > [!WARNING]
 > Do not confuse `sharkey_compose_state` with `sharkey_state`!
 ## Deprovisioning
 Set `sharkey_state: "absent"` to remove sharkey from the target, including
 *all* application data, configuration files, container images.
 > [!CAUTION]
 > This removes all (user) data irrecoverably with no backup.
--- a/roles/sharkey/defaults/main/compose.yml
+++ b/roles/sharkey/defaults/main/compose.yml
@ -1,41 +0,0 @@
 ---
 sharkey_compose_state: "{{ sharkey_state }}"
 sharkey_compose_project_name: "sharkey"
 sharkey_compose_project_src: "{{ sharkey_config_dir }}"
 sharkey_compose_upstream_file: "{{ sharkey_compose_project_src }}/compose.upstream.yml"
 sharkey_compose_file: "{{ sharkey_compose_project_src }}/compose.yml"
 sharkey_compose_build: >-2
  {{ (sharkey_container_image_source == 'pull') | ternary('never', 'policy') }}
 sharkey_compose_redis_dir: "{{ sharkey_data_dir }}/redis"
 sharkey_compose_database_dir: "{{ sharkey_data_dir }}/postgres"
 sharkey_repo_server: "https://activitypub.software"
 sharkey_repo_path: "Transfem-org/Sharkey"
 sharkey_repo_tag: "{{ sharkey_version }}"
 sharkey_compose_file_url: >-2
  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/compose_example.yml?ref_type=tags
 sharkey_compose_file_overrides: ~
 sharkey_compose_file_role_overrides:
  services:
    web:
      image: "{{ sharkey_container_image }}"
      volumes:
        - "{{ sharkey_file_dir }}:/sharkey/files:rw"
        - "{{ sharkey_config_file }}:/sharkey/.config/default.yaml:ro"
        - "{{ sharkey_container_env_file }}:/sharkey/.config/docker.env:ro"
    db:
      env_file: "{{ sharkey_container_env_file }}"
      volumes:
        - "{{ sharkey_compose_database_dir }}:/var/lib/postgresql/data:rw"
    redis:
      volumes: 
        - "{{ sharkey_compose_redis_dir }}:/data:rw" 
  # override net segment?
 sharkey_compose_file_contents: >-2
  {{
    (sharkey_compose_upstream_file_contents['content'] | b64decode | from_yaml)
    | combine(sharkey_compose_file_role_overrides, recursive=True)
    | combine(sharkey_compose_file_overrides | default({}, true), recursive=True)
    | to_nice_yaml(indent=4)
  }}
--- a/roles/sharkey/defaults/main/config.yml
+++ b/roles/sharkey/defaults/main/config.yml
@ -1,30 +0,0 @@
 ---
 sharkey_config_url: ~
 sharkey_config_setup_password: ~
 sharkey_config_postgres_user: misskey
 sharkey_config_postgres_password: "insecure_please_change_me!"
 sharkey_config_postgres_db: misskey
 sharkey_config_postgres_host: db
 sharkey_config_postgres_port: 5432
 sharkey_config_postgres_db_url: >-2
  postgres://{{ sharkey_config_postgres_user }}:{{ sharkey_config_postgres_password }}@{{ sharkey_config_postgres_host }}:{{ sharkey_config_postgres_port }}/{{ sharkey_config_postgres_db }}
 sharkey_config: ~
 sharkey_config_file_overrides:
  url: "{{ sharkey_config_url }}"
  db:
    host: "{{ sharkey_config_postgres_host }}"
    db: "{{ sharkey_config_postgres_db }}"
    user: "{{ sharkey_config_postgres_user }}"
    pass: "{{ sharkey_config_postgres_password }}"
 sharkey_config_file_contents: >-2
  {{
    (sharkey_config_upstream_file_contents['content'] | b64decode | from_yaml)
    | combine(sharkey_config_file_overrides, recursive=True)
    | combine(sharkey_config | default({}, true), recursive=True)
    | to_nice_yaml(indent=4)
  }}
 sharkey_config_upstream_file: "{{ sharkey_config_dir }}/config.upstream.yaml"
 sharkey_config_file: "{{ sharkey_config_dir }}/default.yaml"
 sharkey_config_upstream_file_url: >-2
  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/.config/docker_example.yml?ref=tags
--- a/roles/sharkey/defaults/main/container.yml
+++ b/roles/sharkey/defaults/main/container.yml
@ -1,47 +0,0 @@
 ---
 sharkey_container_name: sharkey
 sharkey_container_image_registry: "registry.activitypub.software"
 sharkey_container_iamge_namespace: "transfem-org"
 sharkey_container_image_name: "sharkey"
 sharkey_container_image_repository: >-2
  {{
    [
      sharkey_container_image_registry | default([], true),
      sharkey_container_iamge_namespace | default([], true),
      sharkey_container_image_name
    ] | flatten | join('/')
  }}
 sharkey_container_image_tag: ~
 sharkey_container_image_source: pull
 sharkey_container_image_force_source: >-2
  {{ sharkey_container_image_tag | default(false, true) | bool }}
 sharkey_container_image: >-2
  {{
    [
      sharkey_container_image_repository,
      sharkey_container_image_tag | default(sharkey_version, true)
    ] | join(':')
  }}
 sharkey_container_default_env:
  MISSKEY_URL: "{{ sharkey_config_url }}"
  POSTGRES_USER: "{{ sharkey_config_postgres_user }}"
  POSTGRES_PASSWORD: "{{ sharkey_config_postgres_password }}"
  POSTGRES_DB: "{{ sharkey_config_postgres_db }}"
  DATABASE_URL: >-2
    {{
      (sharkey_config_postgres_user | default(false, true))
      | ternary(sharkey_config_postgres_db_url, '')
    }}
 sharkey_container_env: ~
 sharkey_container_merged_env: >-2
  {{
    sharkey_container_default_env | default({}, true)
    | combine(sharkey_container_env | default({}, true), recursive=True)
  }}
 sharkey_container_env_file_contents: |2
  {% for entry in sharkey_container_merged_env | dict2items %}
  {% if entry['value'] is string and entry['value'] | length > 0 %}
  {{ entry['key'] }}={{ entry['value'] }}
  {% endif %}
  {% endfor %}
 sharkey_container_env_file: "{{ sharkey_config_dir }}/docker.env"
--- a/roles/sharkey/defaults/main/main.yml
+++ b/roles/sharkey/defaults/main/main.yml
@ -1,9 +0,0 @@
 ---
 sharkey_user: sharkey
 sharkey_version: "2025.4.3"
 sharkey_config_dir: "/etc/sharkey"
 sharkey_data_dir: "/var/lib/sharkey"
 sharkey_file_dir: "{{ sharkey_data_dir }}/files"
 sharkey_state: present
 sharkey_deployment_method: "docker-compose"
--- a/roles/sharkey/defaults/main/user.yml
+++ b/roles/sharkey/defaults/main/user.yml
@ -1,10 +0,0 @@
 ---
 sharkey_user_system: true
 sharkey_user_create_home: false
 sharkey_user_groups: ~
 sharkey_user_append_groups: >-2
  {{ sharkey_user_groups | default(omit, true) }}
 sharkey_user_uid: >-2
  {{ sharkey_user_info.uid | default(sharkey_user) }}
 sharkey_user_gid: >-2
  {{ sharkey_user_info.group | default(sharkey_user) }}
--- a/roles/sharkey/meta/main.yml
+++ b/roles/sharkey/meta/main.yml
@ -1,14 +0,0 @@
 ---
 allow_duplicates: true
 dependencies: []
 galaxy_info:
  role_name: sharkey
  description: >-2
    Deploy Sharkey, a fork of Misskey with full Mastodon-API support
  galaxy_tags:
    - sharkey
    - misskey
    - mastodon
    - docker
    - activitypub
    - fediverse
--- a/roles/sharkey/tasks/check.yml
+++ b/roles/sharkey/tasks/check.yml
@ -1,26 +0,0 @@
 ---
 - name: Ensure 'sharkey_state' is valid
  ansible.builtin.fail:
    msg: >-2
      Unsupported sharkey_state '{{ sharkey_state }}'.
      Supported values are {{ sharkey_states | join(', ') }}
  when: sharkey_state not in sharkey_states
 - name: Ensure 'sharkey_deployment_method' is valid
  ansible.builtin.fail:
    msg: >-2
      Unsupported sharkey_deployment_method '{{ sharkey_deployment_method }}.
      Supported values are {{ sharkey_deployment_methods | join(', ') }}
  when: sharkey_deployment_method not in sharkey_deployment_methods
 - name: Ensure 'sharkey_config_url' is valid
  ansible.builtin.fail:
    msg: >-2
      Variable 'sharkey_config_url' is not populated! This variable
      is mandatory to set when deploying sharkey.
  when:
    - sharkey_state == 'present'
    - >-2
        sharkey_config_url is not defined
          or ((sharkey_config_url | string) == 'None')
          or ((sharkey_config_url | string | length) == 0)
--- a/roles/sharkey/tasks/configure-docker-compose.yml
+++ b/roles/sharkey/tasks/configure-docker-compose.yml
@ -1,39 +0,0 @@
 ---
 - name: Ensure directories for compose services are {{ sharkey_state }}
  ansible.builtin.file:
    name: "{{ file.path }}"
    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
    owner: "{{ sharkey_user_uid }}"
    group: "{{ sharkey_user_gid }}"
    mode: "0750"
  loop:
    - path: "{{ sharkey_compose_redis_dir }}"
    - path: "{{ sharkey_compose_database_dir }}"
  loop_control:
    loop_var: file
    label: "{{ file.path }}"
 - name: Ensure final compose file is templated
  when: sharkey_state == 'present'
  block:
    # TODO: wronlgy reports changed in checkmode due to hash mismatches
    - name: Ensure compose files are downloaded
      ansible.builtin.get_url:
        url: "{{ sharkey_compose_file_url }}"
        dest: "{{ sharkey_compose_upstream_file }}"
        owner: "{{ sharkey_user_uid }}"
        group: "{{ sharkey_user_gid }}"
        mode: "0444"
    - name: Read compose file contents
      ansible.builtin.slurp:
        src: "{{ sharkey_compose_upstream_file }}"
      register: sharkey_compose_upstream_file_contents
    - name: Ensure modified compose file is written
      ansible.builtin.copy:
        content: "{{ sharkey_compose_file_contents }}"
        dest: "{{ sharkey_compose_file }}"
        owner: "{{ sharkey_user_uid }}"
        group: "{{ sharkey_user_gid }}"
        mode: "0644"
--- a/roles/sharkey/tasks/configure-docker.yml
+++ b/roles/sharkey/tasks/configure-docker.yml
@ -1,9 +0,0 @@
 ---
 - name: Ensure sharkey docker environment is templated
  ansible.builtin.copy:
    content: "{{ sharkey_container_env_file_contents }}"
    dest: "{{ sharkey_container_env_file }}"
    owner: "{{ sharkey_user_uid }}"
    group: "{{ sharkey_user_gid }}"
    mode: "0640"
  when: sharkey_state == 'present'
--- a/roles/sharkey/tasks/configure.yml
+++ b/roles/sharkey/tasks/configure.yml
@ -1,68 +0,0 @@
 ---
 - name: Ensure sharkey user '{{ sharkey_user }}' is {{ sharkey_state }}
  ansible.builtin.user:
    name: "{{ sharkey_user }}"
    state: "{{ sharkey_state }}"
    system: "{{ sharkey_user_system }}"
    create_home: "{{ sharkey_user_create_home }}"
    groups: "{{ sharkey_user_groups }}"
    append: "{{ sharkey_user_append_groups }}"
  register: sharkey_user_info
 - name: Ensure sharkey config directory '{{ sharkey_config_dir }}' is {{ sharkey_state }}
  ansible.builtin.file:
    path: "{{ sharkey_config_dir }}"
    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
    owner: "{{ sharkey_user_uid }}"
    group: "{{ sharkey_user_gid }}"
    mode: "0750"
 - name: Ensure sharkey data directory '{{ sharkey_data_dir }}' is {{ sharkey_state }}
  ansible.builtin.file:
    path: "{{ sharkey_data_dir }}"
    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
    owner: "{{ sharkey_user_uid }}"
    group: "{{ sharkey_user_gid }}"
    mode: "0750"
 - name: Ensure sharkey file directory '{{ sharkey_file_dir }}' is {{ sharkey_state }}
  ansible.builtin.file:
    path: "{{ sharkey_file_dir }}"
    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
    owner: "{{ sharkey_user_uid }}"
    group: "{{ sharkey_user_gid }}"
    mode: "0750"
 - name: Ensure sharkey config file '{{ sharkey_config_file }}' is {{ sharkey_state }}
  when: sharkey_state == 'present'
  block:
    # TODO: wrongly reports changed in checkmode due to different hashes
    - name: Ensure sharkey upstream config file is {{ sharkey_state }}
      ansible.builtin.get_url:
        url: "{{ sharkey_config_upstream_file_url }}"
        dest: "{{ sharkey_config_upstream_file }}"
        owner: "{{ sharkey_user_uid }}"
        group: "{{ sharkey_user_gid }}"
        mode: "0440"
    - name: Read upstream sharkey config file
      ansible.builtin.slurp:
        src: "{{ sharkey_config_upstream_file }}"
      register: sharkey_config_upstream_file_contents
    - name: Ensure sharkey configuration file is {{ sharkey_state }}
      ansible.builtin.copy:
        content: "{{ sharkey_config_file_contents }}"
        dest: "{{ sharkey_config_file }}"
        owner: "{{ sharkey_user_uid }}"
        group: "{{ sharkey_user_gid }}"
        mode: "0640"
 - name: Run configure steps for deployment using containers
  ansible.builtin.include_tasks:
    file: "configure-docker.yml"
  when: sharkey_deployment_method in ['docker-compose']
 - name: Configure for {{ sharkey_deployment_method }}
  ansible.builtin.include_tasks:
    file: "configure-{{ sharkey_deployment_method }}.yml"
--- a/roles/sharkey/tasks/deploy-docker-compose.yml
+++ b/roles/sharkey/tasks/deploy-docker-compose.yml
@ -1,14 +0,0 @@
 ---
 - name: Ensure sharkey container image '{{ sharkey_container_image }}' is {{ sharkey_state }}
  community.docker.docker_image:
    name: "{{ sharkey_container_image }}"
    state: "{{ sharkey_state }}"
    source: "{{ sharkey_container_image_source }}"
    force_source: "{{ sharkey_container_image_force_source }}"
 - name: Ensure docker compose project is {{ sharkey_compose_state }}
  community.docker.docker_compose_v2:
    project_name: "{{ sharkey_compose_project_name }}"
    project_src: "{{ sharkey_compose_project_src }}"
    state: "{{ sharkey_compose_state }}"
    build: "{{ sharkey_compose_build }}"
--- a/roles/sharkey/tasks/main.yml
+++ b/roles/sharkey/tasks/main.yml
@ -1,12 +0,0 @@
 ---
 - name: Check role prerequisites
  ansible.builtin.include_tasks:
    file: check.yml
 - name: Run common configuration tasks
  ansible.builtin.include_tasks:
    file: configure.yml
 - name: Deploy using {{ sharkey_deployment_method }}
  ansible.builtin.include_tasks:
    file: "deploy-{{ sharkey_deployment_method }}.yml"
--- a/roles/sharkey/vars/main.yml
+++ b/roles/sharkey/vars/main.yml
@ -1,6 +0,0 @@
 ---
 sharkey_states:
  - present
  - absent
 sharkey_deployment_methods:
  - "docker-compose"
		`@ -1,4 +0,0 @@`
			# `finallycoffee.fediverse.fediwall` ansible role

			Ansible role for [`fediwall`](https://fediwall.social) deployment.