Compare commits

...

2 Commits

5 changed files with 283 additions and 0 deletions

View File

@ -0,0 +1,24 @@
# `finallycoffee.fediverse.gotosocial` ansible role
## Configuration
### Built-in LetsEncrypt client
To use the built-in letsencrypt client, set `gotosocial_config_letsencrypt_enabled: true`.
You are required to fill in a valid administrative email address into
`gotosocial_config_letsencrypt_email_address`.
The port letsencrypt will listen on defaults to `80` and can be set using
`gotosocial_config_letsencrypt_port` (if f.ex. the container lacks the permission
to bind to ports < 1024). Note that when `gotosocial_config_letsencrypt_enabled` is
`true`, the `gotosocial_config_letsencrypt_port` will by default be mapped to
_host_ port 80 on all interfaces!
This is fine when this is the only ACME client and allows easily changing
`gotosocial_config_letsencrypt_port` without breaking any functionality,
but with multiple acme clients all performing HTTP-01 challenges, you need to manually
overwrite `gotosocial_container_ports` to fit your needs.
### Advanced configuration

View File

@ -0,0 +1,129 @@
---
gotosocial_user: "gotosocial"
gotosocial_version: 0.3.6
gotosocial_base_path: "/opt/gotosocial"
gotosocial_config_path: "{{ gotosocial_base_path }}/config"
gotosocial_template_path: "{{ gotosocial_base_path }}/templates"
gotosocial_asset_path: "{{ gotosocial_base_path }}/assets"
gotosocial_storage_path: "{{ gotosocial_base_path }}/storage"
gotosocial_cert_path: "{{ gotosocial_base_path }}/certificates"
gotosocial_config_file: "{{ gotosocial_config_path }}/config.yaml"
gotosocial_config: >-
{{ gotosocial_default_config
| combine(gotosocial_extra_config | default({}), recursive=True) }}
gotosocial_config_log_level: info
gotosocial_config_log_db_queries: false
gotosocial_config_host: social.example.party
gotosocial_config_account_domain: ~
# listening / revproxy configuration
gotosocial_config_protocol: https
gotosocial_config_bind_address: 127.0.0.1
gotosocial_config_port: 8080
gotosocial_config_trusted_proxies: []
# database configuration
gotosocial_config_db_type: postgres
gotosocial_config_db_address: ~
gotosocial_config_db_port: ~
gotosocial_config_db_user: ~
gotosocial_config_db_password: ~
gotosocial_config_db_database: gotosocial
gotosocial_config_db_tls_mode: enable
gotosocial_config_db_tls_ca_cert:
gotosocial_config_web_template_base_dir: "{{ gotosocial_template_path }}"
gotosocial_config_web_asset_base_dir: "{{ gotosocial_asset_path }}"
# instance privacy
gotosocial_config_instance_expose_peers: false
gotosocial_config_expose_suspended: false
# account config
gotosocial_config_acounts_registration_open: true
gotosocial_config_accounts_approval_required: true
gotosocial_config_accounts_reason_required: true
# media config
gotosocial_config_media_image_max_size_bytes: 2097152 #2MB
gotosocial_config_media_video_max_size_bytes: 10485760 #10MB
gotosocial_config_media_description_min_chars: 0
gotosocial_config_media_description_max_chars: 1000
gotosocial_config_media_remote_cache_days: 30
# storage for media etc
gotosocial_config_storage_backend: local
gotosocial_config_storage_local_base_path: "{{ gotosocial_storage_path }}"
# status config
gotosocial_config_statuses_max_chars: 5000
gotosocial_config_statuses_cw_max_chars: 100
gotosocial_config_statuses_poll_max_options: 6
gotosocial_config_statuses_poll_option_max_chars: 50
gotosocial_config_statuses_media_max_files: 30
# letsencrypt config
gotosocial_config_letsencrypt_enabled: false
gotosocial_config_letsencrypt_port: 80
gotosocial_config_letsencrypt_cert_dir: "{{ gotosocial_cert_path }}"
gotosocial_config_letsencrypt_email_address: ~
# oidc config
gotosocial_config_oidc_enabled: false
gotosocial_config_oidc_idp_name: ~
gotosocial_config_oidc_skip_verification: false
gotosocial_config_oidc_issuer: ~
gotosocial_config_oidc_client_id: ~
gotosocial_config_oidc_client_secret: ~
gotosocial_config_oidc_scopes:
- openid
- email
- profile
# smtp config
gotosocial_config_smtp_host: ~
gotosocial_config_smtp_port: ~
gotosocial_config_smtp_username: ~
gotosocial_config_smtp_password: ~
gotosocial_config_smtp_from: ~
# syslog config
gotosocial_config_syslog_enabled: false
gotosocial_config_syslog_protocol: udp
gotosocial_config_syslog_address: "localhost:514"
# advanced config:
gotosocial_config_advanced_cookies_samesite: lax
# container defaults
gotosocial_container_name: gotosocial
gotosocial_container_image_name: docker.io/superseriousbusiness/gotosocial
gotosocial_container_image_tag: ~
gotosocial_container_image: >-2
{{ gotosocial_container_image_name }}:{{ gotoscial_container_image_tag
| default(gotosocial_version) }}
gotosocial_container_volumes: >-2
{{ gotosocial_container_default_volumes
+ gotosocial_container_extra_volumes }}
gotosocial_container_default_volumes:
- "{{ gotosocial_config_file }}:/gotosocial/config.yaml:ro"
- "{{ gotosocial_storage_path }}:/gotosocial/storage:z"
gotosocial_container_extra_volumes: []
gotosocial_container_env: {}
gotosocial_container_labels: {}
gotosocial_container_user: "{{ gotosocial_user }}"
gotosocial_container_etc_hosts: ~
gotosocial_container_networks: ~
gotosocial_container_purge_networks: false
gotosocial_container_restart_policy: unless-stopped
gotosocial_container_entrypoint:
- "/gotosocial/gotosocial"
- "--config-path"
- "config.yaml"
- "server"
- "start"

View File

@ -0,0 +1,8 @@
---
- name: Restart gotosocial
listen: restart-gotosocial
docker_container:
name: "{{ gotosocial_container_name }}"
state: started
restart: true

View File

@ -0,0 +1,63 @@
---
- name: Ensure user {{ gotosocial_user }} is present
user:
name: "{{ gotosocial_user }}"
system: true
state: present
register: gotosocial_user_info
- name: Ensure host directories for mounts are present
file:
path: "{{ path.name }}"
state: directory
owner: >-
{{ path.owner | default(gotosocial_user_info.uid | default(gotosocial_user)) }}
group: >-
{{ path.group | default(gotosocial_user_info.group | default(gotosocial_user)) }}
mode: "{{ path.mode | default('0750') }}"
loop:
- name: "{{ gotosocial_base_path }}"
- name: "{{ gotosocial_config_path }}"
- name: "{{ gotosocial_storage_path }}"
mode: '0770'
loop_control:
loop_var: path
label: "{{ path.name }}"
- name: Ensure configuration is up to date
copy:
content: "{{ gotosocial_config | to_nice_yaml(indent=2, width=10000) }}"
dest: "{{ gotosocial_config_file }}"
owner: "{{ gotosocial_user_info.uid | default(gotosocial_user) }}"
group: "{{ gotosocial_user_info.group | default(gotosocial_user) }}"
mode: 0640
notify: restart-gotosocial
- name: Ensure container image is available
docker_image:
name: "{{ gotosocial_container_image }}"
state: present
source: pull
force_source: >-
{{ gotosocial_container_image_force_pull
| default(gotoscial_container_image_tag | default(true, true)) }}
register: gotosocial_container_image_pull_status
until: gotosocial_container_image_pull_status is succeeded
retries: 5
delay: 3
- name: Ensure gotosocial container named {{ gotosocial_container_name }} is running
docker_container:
name: "{{ gotosocial_container_name }}"
image: "{{ gotosocial_container_image }}"
volumes: "{{ gotosocial_container_volumes }}"
env: "{{ gotosocial_container_env | default(omit, True) }}"
ports: "{{ gotosocial_container_ports | default(omit, True) }}"
labels: "{{ gotosocial_container_labels | default(omit, True) }}"
networks: "{{ gotosocial_container_networks | default(omit, True) }}"
etc_hosts: "{{ gotosocial_container_etc_hosts | default(omit, True) }}"
purge_networks: "{{ gotosocial_container_purge_networks | default(False, True) }}"
restart_policy: "{{ gotosocial_container_restart_policy }}"
entrypoint: "{{ gotosocial_container_entrypoint }}"
state: started

View File

@ -0,0 +1,59 @@
---
gotosocial_default_config:
log-level: "{{ gotosocial_config_log_level }}"
log-db-queries: "{{ gotosocial_config_log_db_queries }}"
application-name: gotosocial
host: "{{ gotosocial_config_host }}"
account-domain: "{{ gotosocial_config_account_domain }}"
protocol: "{{ gotosocial_config_protocol }}"
bind-address: "{{ gotosocial_config_bind_address }}"
port: "{{ gotosocial_config_port }}"
trusted-proxies: "{{ gotosocial_config_trusted_proxies }}"
db-type: "{{ gotosocial_config_db_type }}"
db-address: "{{ gotosocial_config_db_address }}"
db-port: "{{ gotosocial_config_db_port }}"
db-user: "{{ gotosocial_config_db_user }}"
db-password: "{{ gotosocial_config_db_password }}"
db-database: "{{ gotosocial_config_db_database }}"
db-tls-mode: "{{ gotosocial_config_db_tls_mode }}"
db-tls-ca-cert: "{{ gotosocial_config_db_tls_ca_cert }}"
web-template-base-dir: "{{ gotosocial_config_web_template_base_dir }}"
web-asset-base-dir: "{{ gotosocial_config_web_asset_base_dir }}"
instance-expose-peer: "{{ gotosocial_config_instance_expose_peers }}"
instance-expose-suspended: "{{ gotosocial_config_expose_suspended }}"
accounts-registration-open: "{{ gotosocial_config_acounts_registration_open }}"
accounts-approval-required: "{{ gotosocial_config_accounts_approval_required }}"
accounts-reason-required: "{{ gotosocial_config_accounts_reason_required }}"
media-image-max-size: "{{ gotosocial_config_media_image_max_size_bytes }}"
media-video-max-size: "{{ gotosocial_config_media_video_max_size_bytes }}"
media-description-min-chars: "{{ gotosocial_config_media_description_min_chars }}"
media-description-max-chars: "{{ gotosocial_config_media_description_max_chars }}"
media-remote-cache-days: "{{ gotosocial_config_media_remote_cache_days }}"
storage-backend: "{{ gotosocial_config_storage_backend }}"
storage-local-base-path: "{{ gotosocial_config_storage_local_base_path }}"
statuses-max-chars: "{{ gotosocial_config_statuses_max_chars }}"
statuses-cw-max-chars: "{{ gotosocial_config_statuses_cw_max_chars }}"
statuses-poll-max-options: "{{ gotosocial_config_statuses_poll_max_options }}"
statuses-poll-option-max-chars: "{{ gotosocial_config_statuses_poll_option_max_chars }}"
statuses-media-max-files: "{{ gotosocial_config_statuses_media_max_files }}"
letsencrypt-enabled: "{{ gotosocial_config_letsencrypt_enabled }}"
letsencrypt-port: "{{ gotosocial_config_letsencrypt_port }}"
letsencrypt-cert-dir: "{{ gotosocial_config_letsencrypt_cert_dir }}"
letsencrypt-email-address: "{{ gotosocial_config_letsencrypt_email_address }}"
oidc-enabled: "{{ gotosocial_config_oidc_enabled }}"
oidc-idp-name: "{{ gotosocial_config_oidc_idp_name }}"
oidc-skip-verification: "{{ gotosocial_config_oidc_skip_verification }}"
oidc-issuer: "{{ gotosocial_config_oidc_issuer }}"
oidc-client-id: "{{ gotosocial_config_oidc_client_id }}"
oidc-client-secret: "{{ gotosocial_config_oidc_client_secret }}"
oidc-scopes: "{{ gotosocial_config_oidc_scopes }}"
smtp-host: "{{ gotosocial_config_smtp_host }}"
smtp-port: "{{ gotosocial_config_smtp_port }}"
smtp-username: "{{ gotosocial_config_smtp_username }}"
smtp-password: "{{ gotosocial_config_smtp_password }}"
smtp-from: "{{ gotosocial_config_smtp_from }}"
syslog-enabled: "{{ gotosocial_config_syslog_enabled }}"
syslog-protocol: "{{ gotosocial_config_syslog_protocol }}"
syslog-address: "{{ gotosocial_config_syslog_address }}"
advanced-cookies-samesite: "{{ gotosocial_config_advanced_cookies_samesite }}"