feat(fediwall): add ansible role

README.md

@@ -9,6 +9,9 @@ available.
 
 ## Roles
 
+- [`fediwall`](roles/fediwall/README.md): deployment of [Fediwall](https://fediwall.social),
+  a media wall for mastodon inspired by mastowall.
+
 - [`gotosocial`](roles/gotosocial/README.md): deployment of [GoToSocial.org](https://gotosocial.org/),
   an ActivityPub social network server, in a docker container.
 

galaxy.yml

@@ -1,15 +1,17 @@
 namespace: finallycoffee
 name: fediverse
-version: 0.0.1
+version: 0.1.2
 readme: README.md
 authors:
-- Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
-description: Various ansible roles for deploying fediverse software
+- transcaffeine <transcaffeine@finally.coffee>
+description: Deploying fediverse software, mostly ActivityPub based
 dependencies:
-  "community.docker": "^1.10.0"
-license:
-- CNPLv7+
+  "community.docker": "^4.0.0"
+license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
-repository: https://git.finallycoffee.eu/finallycoffee.eu/fediverse
-issues: https://git.finallycoffee.eu/finallycoffee.eu/fediverse/issues
+repository: https://git.finally.coffee/finallycoffee/fediverse
+issues: https://codeberg.org/finallycoffee/ansible-collection-fediverse/issues
+tags:
+  - fediwall
+  - gotosocial

meta/runtime.yml

@@ -0,0 +1,3 @@
+---
+
+requires_ansible: ">=2.15"

playbooks/fediwall.yml

@@ -0,0 +1,6 @@
+---
+- name: Install and configure fediwall
+  hosts: "{{ fediwall_hosts | default('fediwall') }}"
+  become: "{{ fediwall_become | default(false) }}"
+  roles:
+    - role: fediwall

roles/fediwall/README.md

@@ -0,0 +1,4 @@
+# `finallycoffee.fediverse.fediwall` ansible role
+
+Ansible role for [`fediwall`](https://fediwall.social) deployment.
+

roles/fediwall/defaults/main/config.yml

@@ -0,0 +1,50 @@
+---
+fediwall_config_servers:
+  - mastodon.social
+fediwall_config_tags:
+  - cats
+fediwall_config_accounts: []
+fediwall_config_load_public: false
+fediwall_config_load_federated: false
+fediwall_config_load_trends: false
+fediwall_config_languages: []
+fediwall_config_bad_words: []
+fediwall_config_hide_sensitive: true
+fediwall_config_hide_bots: true
+fediwall_config_hide_replies: true
+fediwall_config_hide_boosts: false
+fediwall_config_limit: 20
+fediwall_config_interval: 10
+fediwall_config_title: "Fediwall"
+fediwall_config_theme: "auto"
+fediwall_config_show_infobar: true
+fediwall_config_show_text: true
+fediwall_config_show_media: true
+fediwall_config_play_videos: true
+
+fediwall_default_config:
+  servers: "{{ fediwall_config_servers }}"
+  tags: "{{ fediwall_config_tags }}"
+  accounts: "{{ fediwall_config_accounts }}"
+  loadPublic: "{{ fediwall_config_load_public }}"
+  loadFederated: "{{ fediwall_config_load_federated }}"
+  loadTrends: "{{ fediwall_config_load_trends }}"
+  languages: "{{ fediwall_config_languages }}"
+  badWords: "{{ fediwall_config_bad_words }}"
+  hideSensitive: "{{ fediwall_config_hide_sensitive }}"
+  hideBots: "{{ fediwall_config_hide_bots }}"
+  hideReplies: "{{ fediwall_config_hide_replies }}"
+  hideBoosts: "{{ fediwall_config_hide_boosts }}"
+  limit: "{{ fediwall_config_limit }}"
+  interval: "{{ fediwall_config_interval }}"
+  title: "{{ fediwall_config_title }}"
+  theme: "{{ fediwall_config_theme }}"
+  showInfobar: "{{ fediwall_config_show_infobar }}"
+  showText: "{{ fediwall_config_show_text }}"
+  showMedia: "{{ fediwall_config_show_media }}"
+  playVideos: "{{ fediwall_config_play_videos }}"
+
+fediwall_config: {}
+fediwall_final_config: >-2
+  {{ fediwall_default_config | default({}, true)
+    | combine(fediwall_config | default({}, true)) }}

roles/fediwall/defaults/main/container.yml

@@ -0,0 +1,45 @@
+---
+fediwall_container_name: fediwall
+fediwall_container_image_registry: ghcr.io
+fediwall_container_image_namespace: defnull
+fediwall_container_image_name: fediwall
+fediwall_container_image_repository: >-2
+  {{
+    [
+      fediwall_container_image_registry | default([], true),
+      fediwall_container_image_namespace | default([], true),
+      fediwall_container_image_name
+    ] | flatten | join('/')
+  }}
+fediwall_container_image_tag: ~
+fediwall_container_image_source: pull
+fediwall_container_image_force_source: >-2
+  {{ fediwall_container_image_tag | default(false, true) | bool }}
+fediwall_container_image: >-2
+  {{
+    [
+      fediwall_container_image_repository,
+      fediwall_container_image_tag | default(fediwall_version, true)
+    ] | join(':')
+  }}
+fediwall_container_env: ~
+fediwall_container_user: ~
+fediwall_container_ports: ~
+fediwall_container_labels: ~
+fediwall_container_volumes: []
+fediwall_container_networks: ~
+fediwall_container_network_mode: ~
+fediwall_container_dns_servers: ~
+fediwall_container_etc_hosts: ~
+fediwall_container_memory: ~
+fediwall_container_memory_swap: ~
+fediwall_container_memory_reservation: ~
+fediwall_container_restart_policy: "on-failure"
+
+fediwall_container_config_file: "/usr/share/nginx/html/wall-config.json"
+fediwall_container_base_volumes:
+  - "{{ fediwall_config_file }}:{{ fediwall_container_config_file }}:ro"
+fediwall_container_final_volumes: >-2
+  {{ fediwall_container_base_volumes + fediwall_container_volumes }}
+fediwall_container_state: >-2
+  {{ (fediwall_state == 'present') | ternary('started', 'absent') }}

roles/fediwall/defaults/main/main.yml

@@ -0,0 +1,8 @@
+---
+fediwall_user: fediwall
+fediwall_version: "1.4.0"
+fediwall_config_file: "/etc/fediwall/config.json"
+fediwall_config_file_path: "{{ fediwall_config_file | dirname }}"
+
+fediwall_state: "present"
+fediwall_deployment_method: "docker"

roles/fediwall/tasks/deploy-docker.yml

@@ -0,0 +1,26 @@
+---
+- name: Ensure container image '{{ fediwall_container_image }}' is {{ fediwall_state }}
+  community.docker.docker_image:
+    name: "{{ fediwall_container_image }}"
+    state: "{{ fediwall_state }}"
+    source: "{{ fediwall_container_image_source }}"
+    force_source: "{{ fediwall_container_image_force_source }}"
+
+- name: Ensure container '{{ fediwall_container_name }}' is {{ fediwall_container_state }}
+  community.docker.docker_container:
+    name: "{{ fediwall_container_name }}"
+    image: "{{ fediwall_container_image }}"
+    env: "{{ fediwall_container_env | default(omit, true) }}"
+    user: "{{ fediwall_container_user | default(omit, true) }}"
+    ports: "{{ fediwall_container_ports | default(omit, true) }}"
+    labels: "{{ fediwall_container_labels | default(omit, true) }}"
+    volumes: "{{ fediwall_container_final_volumes | default(omit, true) }}"
+    networks: "{{ fediwall_container_networks | default(omit, true) }}"
+    network_mode: "{{ fediwall_container_network_mode | default(omit, true) }}"
+    dns_servers: "{{ fediwall_container_dns_servers | default(omit, true) }}"
+    etc_hosts: "{{ fediwall_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ fediwall_container_memory | default(omit, true) }}"
+    memory_swap: "{{ fediwall_container_memory_swap | default(omit, true) }}"
+    memory_reservation: "{{ fediwall_container_memory_reservation | default(omit, true) }}"
+    restart_policy: "{{ fediwall_container_restart_policy }}"
+    state: "{{ fediwall_container_state }}"

roles/fediwall/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+- name: Ensure 'fediwall_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ fediwall_state }}'. Supported
+      states are {{ fediwall_states | map(quote) | join(', ') }}
+  when: fediwall_state not in fediwall_states
+
+- name: Ensure 'fediwall_deployment_method' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ fediwall_deployment_method }}'.
+      upported deployment methods are {{ fediwall_deployment_methods | join(', ') }}
+  when: fediwall_deployment_method not in fediwall_deployment_methods
+
+- name: Ensure user '{{ fediwall_user }}' is {{ fediwall_state }}
+  ansible.builtin.user:
+    name: "{{ fediwall_user }}"
+    state: "{{ fediwall_state }}"
+    system: "{{ fediwall_user_system | default(true, true) }}"
+    create_home: "{{ fediwall_user_system | default(false, true) }}"
+
+- name: Ensure configuration folder '{{ fediwall_config_file_path }}' is {{ fediwall_state }}
+  ansible.builtin.file:
+    path: "{{ fediwall_config_file_path }}"
+    state: directory
+  when: fediwall_state == 'present'
+
+- name: Ensure configuration in '{{ fediwall_config_file }}' is {{ fediwall_state }}
+  ansible.builtin.copy:
+    content: "{{ fediwall_final_config | to_nice_json(indent=2) }}"
+    dest: "{{ fediwall_config_file }}"
+    state: "{{ fediwall_state }}"
+
+- name: Ensure configuration folder is {{ fediwall_state }}
+  ansible.builtin.file:
+    path: "{{ fediwall_config_file_path }}"
+    state: absent
+  when: fediwall_state == 'absent'
+
+- name: Deploy using {{ fediwall_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ fediwall_deployment_method }}.yml"

roles/fediwall/vars/main.yml

@@ -0,0 +1,6 @@
+---
+fediwall_states:
+  - "present"
+  - "absent"
+fediwall_deployment_methods:
+  - "docker"

roles/gotosocial/README.md

@@ -1,8 +1,18 @@
 # `finallycoffee.fediverse.gotosocial` ansible role
 
-
 ## Configuration
 
+The server name can be set using `gotosocial_config_host`, with `gotosocial_config_account_domain` being available when webfinger delegation is used:
+
+```yaml
+gotosocial_config_host: gotosocial.example.org
+gotosocial_config_account_domain: example.org
+```
+
+### Database
+
+The database can be configured using the `gotosocial_config_db_[address|port|user|password|database]` variables. the `[...]_type` defaults to `postgres`.
+
 ### Built-in LetsEncrypt client
 
 To use the built-in letsencrypt client, set `gotosocial_config_letsencrypt_enabled: true`.
@@ -22,3 +32,15 @@ but with multiple acme clients all performing HTTP-01 challenges, you need to ma
 overwrite `gotosocial_container_ports` to fit your needs.
 
 ### Advanced configuration
+
+#### OIDC
+
+OIDC can be configured using `gotosocial_config_oidc_*` variables, disabled by default. A minimal configuration could look like this:
+
+```yaml
+gotosocial_config_oidc_enabled: true
+gotosocial_config_oidc_idp_name: "My fancy name for the configured IdP"
+gotosocial_config_oidc_issuer: http://issuer/url
+gotosocial_config_oidc_client_id: my_client_id
+gotosocial_config_oidc_client_secret: my_client_secret
+```

roles/gotosocial/defaults/main.yml

@@ -1,7 +1,6 @@
 ---
-
 gotosocial_user: "gotosocial"
-gotosocial_version: 0.3.8
+gotosocial_version: "0.19.0"
 gotosocial_base_path: "/opt/gotosocial"
 gotosocial_config_path: "{{ gotosocial_base_path }}/config"
 gotosocial_template_path: "{{ gotosocial_base_path }}/templates"
@@ -40,10 +39,13 @@ gotosocial_config_web_asset_base_dir: "{{ gotosocial_asset_path }}"
 
 # instance privacy
 gotosocial_config_instance_expose_peers: false
-gotosocial_config_expose_suspended: false
+gotosocial_config_instance_expose_suspended: false
+gotosocial_config_instance_expose_public_timeline: false
+gotosocial_config_instance_deliver_to_shared_inboxes: true
+gotosocial_config_instance_inject_mastodon_version: false
 
 # account config
-gotosocial_config_acounts_registration_open: true
+gotosocial_config_accounts_registration_open: true
 gotosocial_config_accounts_approval_required: true
 gotosocial_config_accounts_reason_required: true
 
@@ -82,6 +84,8 @@ gotosocial_config_oidc_scopes:
   - openid
   - email
   - profile
+gotosocial_config_oidc_link_existing: false
+gotosocial_config_oidc_admin_groups: []
 
 # smtp config
 gotosocial_config_smtp_host: ~
@@ -89,6 +93,7 @@ gotosocial_config_smtp_port: ~
 gotosocial_config_smtp_username: ~
 gotosocial_config_smtp_password: ~
 gotosocial_config_smtp_from: ~
+gotosocial_config_smtp_disclose_recipients: false
 
 # syslog config
 gotosocial_config_syslog_enabled: false

roles/gotosocial/vars/main.yml

@@ -20,8 +20,11 @@ gotosocial_default_config:
   db-tls-ca-cert: "{{ gotosocial_config_db_tls_ca_cert }}"
   web-template-base-dir: "{{ gotosocial_config_web_template_base_dir }}"
   web-asset-base-dir: "{{ gotosocial_config_web_asset_base_dir }}"
-  instance-expose-peer: "{{ gotosocial_config_instance_expose_peers }}"
-  instance-expose-suspended: "{{ gotosocial_config_expose_suspended }}"
+  instance-expose-peers: "{{ gotosocial_config_instance_expose_peers }}"
+  instance-expose-suspended: "{{ gotosocial_config_instance_expose_suspended }}"
+  instance-expose-public-timeline: "{{ gotosocial_config_instance_expose_public_timeline }}"
+  instance-deliver-to-shared-inboxes: "{{ gotosocial_config_instance_deliver_to_shared_inboxes }}"
+  instance-inject-mastodon-version: "{{ gotosocial_config_instance_inject_mastodon_version }}"
   accounts-registration-open: "{{ gotosocial_config_acounts_registration_open }}"
   accounts-approval-required: "{{ gotosocial_config_accounts_approval_required }}"
   accounts-reason-required: "{{ gotosocial_config_accounts_reason_required }}"
@@ -48,11 +51,14 @@ gotosocial_default_config:
   oidc-client-id: "{{ gotosocial_config_oidc_client_id }}"
   oidc-client-secret: "{{ gotosocial_config_oidc_client_secret }}"
   oidc-scopes: "{{ gotosocial_config_oidc_scopes }}"
+  oidc-link-existing: "{{ gotosocial_config_oidc_link_existing }}"
+  oidc-admin-groups: "{{ gotosocial_config_oidc_admin_groups }}"
   smtp-host: "{{ gotosocial_config_smtp_host }}"
   smtp-port: "{{ gotosocial_config_smtp_port }}"
   smtp-username: "{{ gotosocial_config_smtp_username }}"
   smtp-password: "{{ gotosocial_config_smtp_password }}"
   smtp-from: "{{ gotosocial_config_smtp_from }}"
+  smtp-disclose-recipients: "{{ gotosocial_config_smtp_disclose_recipients }}"
   syslog-enabled: "{{ gotosocial_config_syslog_enabled }}"
   syslog-protocol: "{{ gotosocial_config_syslog_protocol }}"
   syslog-address: "{{ gotosocial_config_syslog_address }}"

roles/mastodon/defaults/main.yml

@@ -1,10 +1,9 @@
 ---
-
 mastodon_user: mastodon
 mastodon_base_path: /opt/mastodon
 mastodon_domain: ~
 mastodon_web_domain: ~
-mastodon_version: 3.5.1
+mastodon_version: "4.3.2"
 mastodon_git_upstream_url: "https://github.com/mastodon/mastodon.git"
 
 mastodon_data_path: "{{ mastodon_base_path }}/data"