feat(pixelfed): add ansible role

README.md

@@ -9,18 +9,12 @@ available.
 
 ## Roles
 
-- [`fediwall`](roles/fediwall/README.md): deployment of [Fediwall](https://fediwall.social),
-  a media wall for mastodon inspired by mastowall.
-
 - [`gotosocial`](roles/gotosocial/README.md): deployment of [GoToSocial.org](https://gotosocial.org/),
   an ActivityPub social network server, in a docker container.
 
 - [`mastodon`](roles/mastodon/README.md): deployment using a container based
   setup, able to use webfinger delegation.
 
-- [`sharkey`](roles/sharkey/README.md): deployment of sharkey, a misskey-
-  fork with full mastodon API compatability.
-
 ## License
 
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

galaxy.yml

@@ -1,22 +1,15 @@
 namespace: finallycoffee
 name: fediverse
-version: 0.1.2
+version: 0.0.1
 readme: README.md
 authors:
-- transcaffeine <transcaffeine@finally.coffee>
-description: Deploying fediverse software, mostly ActivityPub based
+- Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
+description: Various ansible roles for deploying fediverse software
 dependencies:
-  "community.docker": "^4.0.0"
-  "community.general": "^10.6.0"
-license_file: LICENSE.md
+  "community.docker": "^1.10.0"
+license:
+- CNPLv7+
 build_ignore:
 - '*.tar.gz'
-repository: https://git.finally.coffee/finallycoffee/fediverse
-issues: https://codeberg.org/finallycoffee/ansible-collection-fediverse/issues
-tags:
-  - activitypub
-  - fediverse
-  - fediwall
-  - sharkey
-  - gotosocial
-  - mastodon
+repository: https://git.finallycoffee.eu/finallycoffee.eu/fediverse
+issues: https://git.finallycoffee.eu/finallycoffee.eu/fediverse/issues

meta/runtime.yml

@@ -1,3 +0,0 @@
----
-
-requires_ansible: ">=2.15"

playbooks/fediwall.yml

@@ -1,6 +0,0 @@
----
-- name: Install and configure fediwall
-  hosts: "{{ fediwall_hosts | default('fediwall') }}"
-  become: "{{ fediwall_become | default(false) }}"
-  roles:
-    - role: fediwall

playbooks/sharkey.yml

@@ -1,6 +0,0 @@
----
-- name: Deploy sharkey
-  hosts: "{{ sharkey_hosts | default('sharkey') }}"
-  become: "{{ sharkey_become | default(false) }}"
-  roles:
-    - role: finallycoffee.fediverse.sharkey

roles/fediwall/README.md

@@ -1,4 +0,0 @@
-# `finallycoffee.fediverse.fediwall` ansible role
-
-Ansible role for [`fediwall`](https://fediwall.social) deployment.
-

roles/fediwall/defaults/main/config.yml

@@ -1,50 +0,0 @@
----
-fediwall_config_servers:
-  - mastodon.social
-fediwall_config_tags:
-  - cats
-fediwall_config_accounts: []
-fediwall_config_load_public: false
-fediwall_config_load_federated: false
-fediwall_config_load_trends: false
-fediwall_config_languages: []
-fediwall_config_bad_words: []
-fediwall_config_hide_sensitive: true
-fediwall_config_hide_bots: true
-fediwall_config_hide_replies: true
-fediwall_config_hide_boosts: false
-fediwall_config_limit: 20
-fediwall_config_interval: 10
-fediwall_config_title: "Fediwall"
-fediwall_config_theme: "auto"
-fediwall_config_show_infobar: true
-fediwall_config_show_text: true
-fediwall_config_show_media: true
-fediwall_config_play_videos: true
-
-fediwall_default_config:
-  servers: "{{ fediwall_config_servers }}"
-  tags: "{{ fediwall_config_tags }}"
-  accounts: "{{ fediwall_config_accounts }}"
-  loadPublic: "{{ fediwall_config_load_public }}"
-  loadFederated: "{{ fediwall_config_load_federated }}"
-  loadTrends: "{{ fediwall_config_load_trends }}"
-  languages: "{{ fediwall_config_languages }}"
-  badWords: "{{ fediwall_config_bad_words }}"
-  hideSensitive: "{{ fediwall_config_hide_sensitive }}"
-  hideBots: "{{ fediwall_config_hide_bots }}"
-  hideReplies: "{{ fediwall_config_hide_replies }}"
-  hideBoosts: "{{ fediwall_config_hide_boosts }}"
-  limit: "{{ fediwall_config_limit }}"
-  interval: "{{ fediwall_config_interval }}"
-  title: "{{ fediwall_config_title }}"
-  theme: "{{ fediwall_config_theme }}"
-  showInfobar: "{{ fediwall_config_show_infobar }}"
-  showText: "{{ fediwall_config_show_text }}"
-  showMedia: "{{ fediwall_config_show_media }}"
-  playVideos: "{{ fediwall_config_play_videos }}"
-
-fediwall_config: {}
-fediwall_final_config: >-2
-  {{ fediwall_default_config | default({}, true)
-    | combine(fediwall_config | default({}, true)) }}

roles/fediwall/defaults/main/container.yml

@@ -1,45 +0,0 @@
----
-fediwall_container_name: fediwall
-fediwall_container_image_registry: ghcr.io
-fediwall_container_image_namespace: defnull
-fediwall_container_image_name: fediwall
-fediwall_container_image_repository: >-2
-  {{
-    [
-      fediwall_container_image_registry | default([], true),
-      fediwall_container_image_namespace | default([], true),
-      fediwall_container_image_name
-    ] | flatten | join('/')
-  }}
-fediwall_container_image_tag: ~
-fediwall_container_image_source: pull
-fediwall_container_image_force_source: >-2
-  {{ fediwall_container_image_tag | default(false, true) | bool }}
-fediwall_container_image: >-2
-  {{
-    [
-      fediwall_container_image_repository,
-      fediwall_container_image_tag | default(fediwall_version, true)
-    ] | join(':')
-  }}
-fediwall_container_env: ~
-fediwall_container_user: ~
-fediwall_container_ports: ~
-fediwall_container_labels: ~
-fediwall_container_volumes: []
-fediwall_container_networks: ~
-fediwall_container_network_mode: ~
-fediwall_container_dns_servers: ~
-fediwall_container_etc_hosts: ~
-fediwall_container_memory: ~
-fediwall_container_memory_swap: ~
-fediwall_container_memory_reservation: ~
-fediwall_container_restart_policy: "on-failure"
-
-fediwall_container_config_file: "/usr/share/nginx/html/wall-config.json"
-fediwall_container_base_volumes:
-  - "{{ fediwall_config_file }}:{{ fediwall_container_config_file }}:ro"
-fediwall_container_final_volumes: >-2
-  {{ fediwall_container_base_volumes + fediwall_container_volumes }}
-fediwall_container_state: >-2
-  {{ (fediwall_state == 'present') | ternary('started', 'absent') }}

roles/fediwall/defaults/main/main.yml

@@ -1,8 +0,0 @@
----
-fediwall_user: fediwall
-fediwall_version: "1.4.0"
-fediwall_config_file: "/etc/fediwall/config.json"
-fediwall_config_file_path: "{{ fediwall_config_file | dirname }}"
-
-fediwall_state: "present"
-fediwall_deployment_method: "docker"

roles/fediwall/tasks/deploy-docker.yml

@@ -1,26 +0,0 @@
----
-- name: Ensure container image '{{ fediwall_container_image }}' is {{ fediwall_state }}
-  community.docker.docker_image:
-    name: "{{ fediwall_container_image }}"
-    state: "{{ fediwall_state }}"
-    source: "{{ fediwall_container_image_source }}"
-    force_source: "{{ fediwall_container_image_force_source }}"
-
-- name: Ensure container '{{ fediwall_container_name }}' is {{ fediwall_container_state }}
-  community.docker.docker_container:
-    name: "{{ fediwall_container_name }}"
-    image: "{{ fediwall_container_image }}"
-    env: "{{ fediwall_container_env | default(omit, true) }}"
-    user: "{{ fediwall_container_user | default(omit, true) }}"
-    ports: "{{ fediwall_container_ports | default(omit, true) }}"
-    labels: "{{ fediwall_container_labels | default(omit, true) }}"
-    volumes: "{{ fediwall_container_final_volumes | default(omit, true) }}"
-    networks: "{{ fediwall_container_networks | default(omit, true) }}"
-    network_mode: "{{ fediwall_container_network_mode | default(omit, true) }}"
-    dns_servers: "{{ fediwall_container_dns_servers | default(omit, true) }}"
-    etc_hosts: "{{ fediwall_container_etc_hosts | default(omit, true) }}"
-    memory: "{{ fediwall_container_memory | default(omit, true) }}"
-    memory_swap: "{{ fediwall_container_memory_swap | default(omit, true) }}"
-    memory_reservation: "{{ fediwall_container_memory_reservation | default(omit, true) }}"
-    restart_policy: "{{ fediwall_container_restart_policy }}"
-    state: "{{ fediwall_container_state }}"

roles/fediwall/tasks/main.yml

@@ -1,43 +0,0 @@
----
-- name: Ensure 'fediwall_state' is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Unsupported state '{{ fediwall_state }}'. Supported
-      states are {{ fediwall_states | map(quote) | join(', ') }}
-  when: fediwall_state not in fediwall_states
-
-- name: Ensure 'fediwall_deployment_method' is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Unsupported deployment method '{{ fediwall_deployment_method }}'.
-      upported deployment methods are {{ fediwall_deployment_methods | join(', ') }}
-  when: fediwall_deployment_method not in fediwall_deployment_methods
-
-- name: Ensure user '{{ fediwall_user }}' is {{ fediwall_state }}
-  ansible.builtin.user:
-    name: "{{ fediwall_user }}"
-    state: "{{ fediwall_state }}"
-    system: "{{ fediwall_user_system | default(true, true) }}"
-    create_home: "{{ fediwall_user_system | default(false, true) }}"
-
-- name: Ensure configuration folder '{{ fediwall_config_file_path }}' is {{ fediwall_state }}
-  ansible.builtin.file:
-    path: "{{ fediwall_config_file_path }}"
-    state: directory
-  when: fediwall_state == 'present'
-
-- name: Ensure configuration in '{{ fediwall_config_file }}' is {{ fediwall_state }}
-  ansible.builtin.copy:
-    content: "{{ fediwall_final_config | to_nice_json(indent=2) }}"
-    dest: "{{ fediwall_config_file }}"
-    state: "{{ fediwall_state }}"
-
-- name: Ensure configuration folder is {{ fediwall_state }}
-  ansible.builtin.file:
-    path: "{{ fediwall_config_file_path }}"
-    state: absent
-  when: fediwall_state == 'absent'
-
-- name: Deploy using {{ fediwall_deployment_method }}
-  ansible.builtin.include_tasks:
-    file: "deploy-{{ fediwall_deployment_method }}.yml"

roles/fediwall/vars/main.yml

@@ -1,6 +0,0 @@
----
-fediwall_states:
-  - "present"
-  - "absent"
-fediwall_deployment_methods:
-  - "docker"

roles/gotosocial/README.md

@@ -1,18 +1,8 @@
 # `finallycoffee.fediverse.gotosocial` ansible role
 
+
 ## Configuration
 
-The server name can be set using `gotosocial_config_host`, with `gotosocial_config_account_domain` being available when webfinger delegation is used:
-
-```yaml
-gotosocial_config_host: gotosocial.example.org
-gotosocial_config_account_domain: example.org
-```
-
-### Database
-
-The database can be configured using the `gotosocial_config_db_[address|port|user|password|database]` variables. the `[...]_type` defaults to `postgres`.
-
 ### Built-in LetsEncrypt client
 
 To use the built-in letsencrypt client, set `gotosocial_config_letsencrypt_enabled: true`.
@@ -32,15 +22,3 @@ but with multiple acme clients all performing HTTP-01 challenges, you need to ma
 overwrite `gotosocial_container_ports` to fit your needs.
 
 ### Advanced configuration
-
-#### OIDC
-
-OIDC can be configured using `gotosocial_config_oidc_*` variables, disabled by default. A minimal configuration could look like this:
-
-```yaml
-gotosocial_config_oidc_enabled: true
-gotosocial_config_oidc_idp_name: "My fancy name for the configured IdP"
-gotosocial_config_oidc_issuer: http://issuer/url
-gotosocial_config_oidc_client_id: my_client_id
-gotosocial_config_oidc_client_secret: my_client_secret
-```

roles/gotosocial/defaults/main.yml

@@ -1,6 +1,7 @@
 ---
+
 gotosocial_user: "gotosocial"
-gotosocial_version: "0.19.0"
+gotosocial_version: 0.3.8
 gotosocial_base_path: "/opt/gotosocial"
 gotosocial_config_path: "{{ gotosocial_base_path }}/config"
 gotosocial_template_path: "{{ gotosocial_base_path }}/templates"
@@ -39,13 +40,10 @@ gotosocial_config_web_asset_base_dir: "{{ gotosocial_asset_path }}"
 
 # instance privacy
 gotosocial_config_instance_expose_peers: false
-gotosocial_config_instance_expose_suspended: false
-gotosocial_config_instance_expose_public_timeline: false
-gotosocial_config_instance_deliver_to_shared_inboxes: true
-gotosocial_config_instance_inject_mastodon_version: false
+gotosocial_config_expose_suspended: false
 
 # account config
-gotosocial_config_accounts_registration_open: true
+gotosocial_config_acounts_registration_open: true
 gotosocial_config_accounts_approval_required: true
 gotosocial_config_accounts_reason_required: true
 
@@ -84,8 +82,6 @@ gotosocial_config_oidc_scopes:
   - openid
   - email
   - profile
-gotosocial_config_oidc_link_existing: false
-gotosocial_config_oidc_admin_groups: []
 
 # smtp config
 gotosocial_config_smtp_host: ~
@@ -93,7 +89,6 @@ gotosocial_config_smtp_port: ~
 gotosocial_config_smtp_username: ~
 gotosocial_config_smtp_password: ~
 gotosocial_config_smtp_from: ~
-gotosocial_config_smtp_disclose_recipients: false
 
 # syslog config
 gotosocial_config_syslog_enabled: false

roles/gotosocial/meta/main.yml

@@ -1,14 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: gotosocial
-  description: >-2
-    Deploy GoToSocial, a lightweight, customizable and safety-focused
-    activitypub server written in golang.
-  galaxy_tags:
-    - gotosocial
-    - gts
-    - docker
-    - activitypub
-    - fediverse

roles/gotosocial/vars/main.yml

@@ -20,11 +20,8 @@ gotosocial_default_config:
   db-tls-ca-cert: "{{ gotosocial_config_db_tls_ca_cert }}"
   web-template-base-dir: "{{ gotosocial_config_web_template_base_dir }}"
   web-asset-base-dir: "{{ gotosocial_config_web_asset_base_dir }}"
-  instance-expose-peers: "{{ gotosocial_config_instance_expose_peers }}"
-  instance-expose-suspended: "{{ gotosocial_config_instance_expose_suspended }}"
-  instance-expose-public-timeline: "{{ gotosocial_config_instance_expose_public_timeline }}"
-  instance-deliver-to-shared-inboxes: "{{ gotosocial_config_instance_deliver_to_shared_inboxes }}"
-  instance-inject-mastodon-version: "{{ gotosocial_config_instance_inject_mastodon_version }}"
+  instance-expose-peer: "{{ gotosocial_config_instance_expose_peers }}"
+  instance-expose-suspended: "{{ gotosocial_config_expose_suspended }}"
   accounts-registration-open: "{{ gotosocial_config_acounts_registration_open }}"
   accounts-approval-required: "{{ gotosocial_config_accounts_approval_required }}"
   accounts-reason-required: "{{ gotosocial_config_accounts_reason_required }}"
@@ -51,14 +48,11 @@ gotosocial_default_config:
   oidc-client-id: "{{ gotosocial_config_oidc_client_id }}"
   oidc-client-secret: "{{ gotosocial_config_oidc_client_secret }}"
   oidc-scopes: "{{ gotosocial_config_oidc_scopes }}"
-  oidc-link-existing: "{{ gotosocial_config_oidc_link_existing }}"
-  oidc-admin-groups: "{{ gotosocial_config_oidc_admin_groups }}"
   smtp-host: "{{ gotosocial_config_smtp_host }}"
   smtp-port: "{{ gotosocial_config_smtp_port }}"
   smtp-username: "{{ gotosocial_config_smtp_username }}"
   smtp-password: "{{ gotosocial_config_smtp_password }}"
   smtp-from: "{{ gotosocial_config_smtp_from }}"
-  smtp-disclose-recipients: "{{ gotosocial_config_smtp_disclose_recipients }}"
   syslog-enabled: "{{ gotosocial_config_syslog_enabled }}"
   syslog-protocol: "{{ gotosocial_config_syslog_protocol }}"
   syslog-address: "{{ gotosocial_config_syslog_address }}"

roles/mastodon/defaults/main.yml

@@ -1,9 +1,10 @@
 ---
+
 mastodon_user: mastodon
 mastodon_base_path: /opt/mastodon
 mastodon_domain: ~
 mastodon_web_domain: ~
-mastodon_version: "4.3.9"
+mastodon_version: 3.5.1
 mastodon_git_upstream_url: "https://github.com/mastodon/mastodon.git"
 
 mastodon_data_path: "{{ mastodon_base_path }}/data"

roles/mastodon/meta/main.yml

@@ -1,12 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: mastodon
-  description: >-2
-    Deploy Mastodon, a social network server based on activity pub, built with ruby and nodejs
-  galaxy_tags:
-    - mastodon
-    - activitypub
-    - fediverse
-    - docker

roles/pixelfed/defaults/main.yml

@@ -0,0 +1,143 @@
+---
+
+pixelfed_user: pixelfed
+pixelfed_version: 0.11.2
+pixelfed_base_path: /opt/pixelfed
+
+pixelfed_deployment_method: docker_selfbuilt
+
+# user to run pixelfed as
+pixelfed_run_user: "{{ pixelfed_user_stat.uid | default(pixelfed_user) }}"
+pixelfed_run_group: "{{ pixelfed_user_stat.group | default(pixelfed_user) }}"
+
+# container settings
+pixelfed_container_name: pixelfed
+pixelfed_container_image_name: pixelfed
+pixelfed_container_image_tag: ~
+pixelfed_container_image: "{{ pixelfed_container_image_name }}:{{ pixelfed_container_image_tag | default('v' + pixelfed_version, True) }}"
+pixelfed_container_image_local_build: true
+pixelfed_container_ports: []
+pixelfed_container_networks: []
+pixelfed_container_extra_volumes: []
+pixelfed_container_extra_labels: {}
+pixelfed_container_extra_env: {}
+pixelfed_container_restart_policy: unless-stopped
+pixelfed_worker_container_name: "{{ pixelfed_container_name }}-worker"
+
+# host filesystem paths
+pixelfed_config_path: "{{ pixelfed_base_path }}/config"
+pixelfed_storage_path: "{{ pixelfed_base_path }}/storage"
+pixelfed_source_path: "{{ pixelfed_base_path }}/source"
+
+pixelfed_app_paths:
+  - path: "{{ pixelfed_base_path }}"
+    mode: "0750"
+  - path: "{{ pixelfed_config_path }}"
+    mode: "0750"
+  - path: "{{ pixelfed_storage_path }}"
+    mode: "0750"
+  - path: "{{ pixelfed_source_path }}"
+    mode: "0750"
+
+pixelfed_config_app_key: ~
+pixelfed_config_app_name: "Pixelfed"
+pixelfed_config_app_env: production
+pixelfed_config_app_debug: false
+pixelfed_config_app_url: "https://{{ pixelfed_config_app_url }}"
+pixelfed_config_app_domain: ~ # my.pixelfed.domain
+pixelfed_config_admin_domain: "{{ pixelfed_config_app_domain }}"
+pixelfed_config_session_domain: "{{ pixelfed_config_app_domain }}"
+
+pixelfed_config_open_registration: true
+pixelfed_config_enforce_email_verification: false
+pixelfed_config_pf_max_users: 1000
+pixelfed_config_oauth_enabled: true
+
+pixelfed_config_app_timezone: UTC
+pixelfed_config_app_locale: en
+
+pixelfed_config_limit_account_size: true
+pixelfed_config_max_account_size: 1000000
+pixelfed_config_max_photo_size: 15000
+pixelfed_config_max_avatar_size: 2000
+pixelfed_config_max_caption_length: 500
+pixelfed_config_max_bio_length: 125
+pixelfed_config_max_name_length: 30
+pixelfed_config_max_album_length: 4
+pixelfed_config_image_quality: 80
+pixelfed_config_pf_optimize_images: true
+pixelfed_config_pf_optimize_videos: true
+pixelfed_config_admin_env_editor: false
+pixelfed_config_account_deletion: true
+pixelfed_config_account_delete_after: false
+pixelfed_config_max_links_per_post: 0
+
+pixelfed_config_instance_description: ~
+pixelfed_config_instance_public_hashtags: false
+pixelfed_config_instance_contact_email: ~
+pixelfed_config_instance_public_local_timetime: false
+pixelfed_config_banned_usernames: ~
+pixelfed_config_stories_enabled: false
+pixelfed_config_restricted_instance: false
+
+pixelfed_config_mail_driver: log
+pixelfed_config_mail_host: ~
+pixelfed_config_mail_port: 25
+pixelfed_config_mail_from_address: "pixelfed@{{ pixelfed_config_app_domain }}"
+pixelfed_config_mail_from_name: "{{ pixelfed_config_app_name }}"
+pixelfed_config_mail_username: null
+pixelfed_config_mail_password: null
+pixelfed_config_mail_encryption: null
+
+pixelfed_config_db_connection: pgsql
+pixelfed_config_db_host: postgres
+pixelfed_config_db_port: 5432
+pixelfed_config_db_username: pixelfed
+pixelfed_config_db_password: ~
+pixelfed_config_db_database: pixelfed
+
+pixelfed_config_redis_client: phpredis
+pixelfed_config_redis_scheme: tcp
+pixelfed_config_redis_host: redis
+pixelfed_config_redis_password: ~
+pixelfed_config_redis_port: 6379
+pixelfed_config_redis_database: 0
+
+pixelfed_config_exp_lc: false
+pixelfed_config_exp_rec: false
+pixelfed_config_exp_loops: false
+
+pixelfed_config_activity_pub: false
+pixelfed_config_ap_remote_follow: false
+pixelfed_config_ap_shared_inbox: false
+pixelfed_config_ap_inbox: false
+pixelfed_config_ap_outbox: false
+pixelfed_config_atom_feeds: true
+pixelfed_config_nodeinfo: true
+pixelfed_config_webfinger: true
+
+pixelfed_config_filesystem_driver: local
+pixelfed_config_filesystem_cloud: s3
+pixelfed_config_pf_enable_cloud: false
+pixelfed_config_aws_access_key_id: ~
+pixelfed_config_aws_secret_access_key: ~
+pixelfed_config_aws_default_region: ~
+pixelfed_config_aws_bucket: ~
+pixelfed_config_aws_url: ~
+pixelfed_config_aws_endpont: ~
+pixelfed_config_aws_use_path_style_endpoint: false
+
+pixelfed_config_horizon_darkmode: false
+pixelfed_config_pf_costar_enabled: false
+pixelfed_config_media_exif_database: false
+pixelfed_config_log_channel: stderr
+pixelfed_config_image_driver: imagick
+
+pixelfed_config_broadcast_driver: log
+pixelfed_config_cache_driver: redis
+pixelfed_config_restrict_html_types: true
+pixelfed_config_queue_driver: redis
+pixelfed_config_session_driver: redis
+pixelfed_config_trust_proxies: "*"
+pixelfed_config_passport_private_key: ~
+pixelfed_config_passport_public_key: ~

roles/pixelfed/handlers/main.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Restart pixelfed (docker)
+  docker_container:
+    name: "{{ pixelfed_container_name }}"
+    state: started
+    restart: yes
+  when: 'docker' in pixelfed_deployment_method
+  listen: restart-pixelfed
+
+- name: Restart pixelfed worker (docker)
+  docker_container:
+    name: "{{ pixelfed_worker_container_name }}"
+    state: started
+    restart: yes
+  when: 'docker' in pixelfed_deployment_method
+  listen: restart-pixelfed

roles/pixelfed/tasks/docker-deploy.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Ensure docker container '{{ pixelfed_container_name }}' is running
+  docker_container:
+    name: "{{ pixelfed_container_name }}"
+    image: "{{ pixelfed_container_image }}"
+    env: "{{ pixelfed_container_env }}"
+    env_file: "{{ pixelfed_config_path }}/env"
+    labels: "{{ pixelfed_container_labels }}"
+    volumes: "{{ pixelfed_container_volumes }}"
+    ports: "{{ pixelfed_container_ports | default(omit, True) }}"
+    networks: "{{ pixelfed_container_networks | default(omit, True) }}"
+    purge_networks: "{{ pixelfed_container_purge_networks|default(False) }}"
+    restart_policy: "{{ pixelfed_container_restart_policy }}"
+    state: started
+
+- name: Ensure docker container '{{ pixelfed_worker_container_name }}' is running
+  docker_container:
+    name: "{{ pixelfed_worker_container_name }}"
+    image: "{{ pixelfed_container_image }}"
+    env: "{{ pixelfed_container_env }}"
+    env_file: "{{ pixelfed_config_path }}/env"
+    volumes: "{{ pixelfed_container_volumes }}"
+    networks: "{{ pixelfed_container_networks | default(omit, True) }}"
+    purge_networks: "{{ pixelfed_container_purge_networks|default(False) }}"
+    restart_policy: "{{ pixelfed_container_restart_policy }}"
+    command: "gosu www-data php artisan horizon"
+    state: started

roles/pixelfed/tasks/docker-image.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Ensure docker container image is pulled
+  docker_image:
+    name: "{{ pixelfed_container_image }}"
+    state: present
+    source: pull
+    force_source: "{{ true if docker_container_image_tag else false }}"
+  when: not pixelfed_container_image_local_build
+
+- name: Ensure upstream git repository is cloned to source folder
+  git:
+    repo: "{{ pixelfed_source_upstream_git_repo }}"
+    dest: "{{ pixelfed_source_path }}"
+    update: yes
+    clone: yes
+  when: pixelfed_container_image_local_build
+
+- name: Build docker container image '{{ pixelfed_container_image }}' locally
+  docker_image:
+    name: "{{ pixelfed_container_image_name }}"
+    tag: "{{ pixelfed_container_image_tag | default('v' + pixelfed_version) }}"
+    state: present
+    source: build
+    build:
+      dockerfile: "contrib/docker/Dockerfile.apache"
+      path: "{{ pixelfed_source_path }}"
+  when: pixelfed_container_image_local_build

roles/pixelfed/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Ensure user '{{ pixelfed_user }}' for pixelfed is created
+  user:
+    name: "{{ pixelfed_user }}"
+    state: present
+    system: true
+  register: pixelfed_user_stat
+
+- name: Ensure file system paths exist for persisting data
+  file:
+    path: "{{ dir.path }}"
+    state: directory
+    owner: "{{ dir.user | default(pixelfed_run_user) }}"
+    group: "{{ dir.group | default(pixelfed_run_group) }}"
+    mode: "{{ dir.mode }}"
+  loop: "{{ pixelfed_app_paths }}"
+  loop_control:
+    loop_var: dir
+    label: "{{ dir.path }}"
+
+- name: Ensure pixelfed configuration is templated
+  copy:
+    content: |+
+      {% for key in pixelfed_config | dict2items %}
+      {% if pixelfed_config[key] %}
+      {{ key }}={{ pixelfed_config[key] }}
+      {% endif %}
+      {% endfor %}
+    dest: "{{ pixelfed_config_path }}/env"
+    owner: "{{ pixelfed_run_user }}"
+    group: "{{ pixelfed_run_group }}"
+    mode: "0640"
+  notify: restart-pixelfed
+
+- name: Ensure docker container image is available
+  include_tasks:
+    file: docker-image.yml
+  when: 'docker' in pixelfed_deployment_method
+
+- name: Ensure pixelfed instance is started
+  block:
+    - name: Ensure pixelfed instance is started (docker)
+      include_tasks:
+        file: docker-deploy.yml
+      when: 'docker' in pixelfed_deployment_method
+
+

roles/pixelfed/templates/env.docker.j2

@@ -0,0 +1,148 @@
+## Crypto
+APP_KEY=
+
+## General Settings
+APP_NAME="Pixelfed Prod"
+APP_ENV=production
+APP_DEBUG=false
+APP_URL=https://real.domain
+APP_DOMAIN="real.domain"
+ADMIN_DOMAIN="real.domain"
+SESSION_DOMAIN="real.domain"
+
+OPEN_REGISTRATION=true
+ENFORCE_EMAIL_VERIFICATION=false
+PF_MAX_USERS=1000
+OAUTH_ENABLED=true
+
+APP_TIMEZONE=UTC
+APP_LOCALE=en
+
+## Pixelfed Tweaks
+LIMIT_ACCOUNT_SIZE=true
+MAX_ACCOUNT_SIZE=1000000
+MAX_PHOTO_SIZE=15000
+MAX_AVATAR_SIZE=2000
+MAX_CAPTION_LENGTH=500
+MAX_BIO_LENGTH=125
+MAX_NAME_LENGTH=30
+MAX_ALBUM_LENGTH=4
+IMAGE_QUALITY=80
+PF_OPTIMIZE_IMAGES=true
+PF_OPTIMIZE_VIDEOS=true
+ADMIN_ENV_EDITOR=false
+ACCOUNT_DELETION=true
+ACCOUNT_DELETE_AFTER=false
+MAX_LINKS_PER_POST=0
+
+## Instance
+#INSTANCE_DESCRIPTION=
+INSTANCE_PUBLIC_HASHTAGS=false
+#INSTANCE_CONTACT_EMAIL=
+INSTANCE_PUBLIC_LOCAL_TIMELINE=false
+#BANNED_USERNAMES=
+STORIES_ENABLED=false
+RESTRICTED_INSTANCE=false
+
+## Mail
+MAIL_DRIVER=log
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_FROM_ADDRESS="pixelfed@example.com"
+MAIL_FROM_NAME="Pixelfed"
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+
+## Databases (MySQL)
+DB_CONNECTION=mysql
+DB_DATABASE=pixelfed_prod
+DB_HOST=db
+DB_PASSWORD=pixelfed_db_pass
+DB_PORT=3306
+DB_USERNAME=pixelfed
+# pass the same values to the db itself
+MYSQL_DATABASE=pixelfed_prod
+MYSQL_PASSWORD=pixelfed_db_pass
+MYSQL_RANDOM_ROOT_PASSWORD=true
+MYSQL_USER=pixelfed
+
+## Databases (Postgres)
+#DB_CONNECTION=pgsql
+#DB_HOST=postgres
+#DB_PORT=5432
+#DB_DATABASE=pixelfed
+#DB_USERNAME=postgres
+#DB_PASSWORD=postgres
+
+## Cache (Redis)
+REDIS_CLIENT=phpredis
+REDIS_SCHEME=tcp
+REDIS_HOST=redis
+REDIS_PASSWORD=redis_password
+REDIS_PORT=6379
+REDIS_DATABASE=0
+
+## EXPERIMENTS 
+EXP_LC=false
+EXP_REC=false
+EXP_LOOPS=false
+
+## ActivityPub Federation
+ACTIVITY_PUB=false
+AP_REMOTE_FOLLOW=false
+AP_SHAREDINBOX=false
+AP_INBOX=false
+AP_OUTBOX=false
+ATOM_FEEDS=true
+NODEINFO=true
+WEBFINGER=true
+
+## S3
+FILESYSTEM_DRIVER=local
+FILESYSTEM_CLOUD=s3
+PF_ENABLE_CLOUD=false
+#AWS_ACCESS_KEY_ID=
+#AWS_SECRET_ACCESS_KEY=
+#AWS_DEFAULT_REGION=
+#AWS_BUCKET=
+#AWS_URL=
+#AWS_ENDPOINT=
+#AWS_USE_PATH_STYLE_ENDPOINT=false
+
+## Horizon
+HORIZON_DARKMODE=false
+
+## COSTAR - Confirm Object Sentiment Transform and Reduce
+PF_COSTAR_ENABLED=false
+
+# Media
+MEDIA_EXIF_DATABASE=false
+
+## Logging
+LOG_CHANNEL=stderr
+
+## Image
+IMAGE_DRIVER=imagick
+
+## Broadcasting
+BROADCAST_DRIVER=log  # log driver for local development
+
+## Cache
+CACHE_DRIVER=redis
+
+## Purify
+RESTRICT_HTML_TYPES=true
+
+## Queue
+QUEUE_DRIVER=redis
+
+## Session
+SESSION_DRIVER=redis
+
+## Trusted Proxy
+TRUST_PROXIES="*"
+
+## Passport
+#PASSPORT_PRIVATE_KEY=
+#PASSPORT_PUBLIC_KEY=

roles/pixelfed/vars/main.yml

@@ -0,0 +1,133 @@
+---
+
+pixelfed_container_base_volumes:
+  - "{{ pixelfed_storage_path }}:/var/www/storage:z"
+  - "{{ pixelfed_config_path/env:/var/www/.env:ro"
+
+pixelfed_container_base_env: {}
+
+pixelfed_container_base_labels:
+  VERSION: "{{ pixelfed_version }}"
+
+pixelfed_container_volumes: "{{ pixelfed_container_base_volumes + pixelfed_container_extra_volumes }}"
+pixelfed_container_labels: "{{ pixelfed_container_base_labels + pixelfed_container_extra_labels }}"
+pixelfed_container_env: "{{ pixelfed_container_base_env + pixelfed_container_extra_env }}"
+
+pixelfed_source_upstream_git_repo: "https://github.com/pixelfed/pixelfed.git"
+
+pixelfed_supported_deployment_methods:
+  - docker_selfbuilt
+  - docker_pulled
+
+
+# pixelfed app config
+pixelfed_config:
+  APP_KEY: "{{ pixelfed_config_app_key }}"
+  APP_NAME: "{{ pixelfed_config_app_name }}"
+  APP_ENV: "{{ pixelfed_config_app_env }}"
+  APP_DEBUG: "{{ pixelfed_config_app_debug }}"
+  APP_URL: "{{ pixelfed_config_app_url }}"
+  APP_DOMAIN: "{{ pixelfed_config_app_domain }}"
+  ADMIN_DOMAIN: "{{ pixelfed_config_app_admin_domain }}"
+  SESSION_DOMAIN: "{{ pixelfed_config_session_domain }}"
+
+  OPEN_REGISTRATION: "{{ pixelfed_config_open_registration }}"
+  ENFORCE_EMAIL_VERIFICATION: "{{ pixelfed_config_enforce_email_verification }}"
+  PF_MAX_USERS: "{{ pixelfed_config_pf_max_users }}"
+  OAUTH_ENABLED: "{{ pixelfed_config_oauth_enabled }}"
+
+  APP_TIMEZONE: "{{ pixelfed_config_app_timezone }}"
+  APP_LOCALE: "{{ pixelfed_config_all_locale }}"
+
+  LIMIT_ACCOUNT_SIZE: "{{ pixelfed_config_limit_account_size }}"
+  MAX_ACCOUNT_SIZE: "{{ pixelfed_config_max_account_size }}"
+  MAX_PHOTO_SIZE: "{{ pixelfed_config_ }}"
+  MAX_AVATAR_SIZE: "{{ pixelfed_config_ }}"
+  MAX_CAPTION_LENGTH: "{{ pixelfed_config_ }}"
+  MAX_BIO_LENGTH:  "{{ pixelfed_config_ }}"
+  MAX_NAME_LENGTH:  "{{ pixelfed_config_ }}"
+  MAX_ALBUM_LENGTH:  "{{ pixelfed_config_ }}"
+  IMAGE_QUALITY:  "{{ pixelfed_config_ }}"
+  PF_OPTIMIZE_IMAGES:  "{{ pixelfed_config_ }}"
+  PF_OPTIMIZE_VIDEOS:  "{{ pixelfed_config_ }}"
+  ADMIN_ENV_EDITOR:  "{{ pixelfed_config_ }}"
+  ACCOUNT_DELETION:  "{{ pixelfed_config_ }}"
+  ACCOUNT_DELETE_AFTER:  "{{ pixelfed_config_ }}"
+  MAX_LINKS_PER_POST:    "{{ pixelfed_config_ }}"
+
+  INSTANCE_DESCRIPTION: "{{ pixelfed_config_instance_description }}"
+  INSTANCE_PUBLIC_HASHTAGS: "{{ pixelfed_config_instance_public_hashtags }}"
+  INSTANCE_CONTACT_EMAIL: "{{ pixelfed_config_instance_contact_email }}"
+  INSTANCE_PUBLIC_LOCAL_TIMELINE: "{{ pixelfed_config_instance_public_local_timeline }}"
+  BANNED_USERNAMES: "{{ pixelfed_config_banned_usernames }}"
+  STORIES_ENABLED: "{{ pixelfed_config_stories_enabled }}"
+  RESTRICTED_INSTANCE: "{{ pixelfed_config_restricted_instance }}"
+  
+  ## Mail
+  MAIL_DRIVER: "{{ pixelfed_config_mail_driver }}"
+  MAIL_HOST: "{{ pixelfed_config_mail_host }}"
+  MAIL_PORT: "{{ pixelfed_config_mail_port }}"
+  MAIL_FROM_ADDRESS: "{{ pixelfed_config_mail_from_address }}"
+  MAIL_FROM_NAME: "{{ pixelfed_config_mail_from_name }}"
+  MAIL_USERNAME: "{{ pixelfed_config_mail_username }}"
+  MAIL_PASSWORD: "{{ pixelfed_config_mail_password }}"
+  MAIL_ENCRYPTION: "{{ pixelfed_config_mail_encryption }}"
+  
+  ## Databases (MySQL)
+  DB_CONNECTION: "{{ pixelfed_config_db_connection }}"
+  DB_DATABASE: "{{ pixelfed_config_db_database }}"
+  DB_HOST: "{{ pixelfed_config_db_host }}"
+  DB_PASSWORD: "{{ pixelfed_config_db_password }}"
+  DB_PORT: "{{ pixelfed_config_db_port }}"
+  DB_USERNAME: "{{ pixelfed_config_db_username }}"
+ 
+  ## Cache (Redis)
+  REDIS_CLIENT: "{{ pixelfed_config_redis_client }}"
+  REDIS_SCHEME: "{{ pixelfed_config_redis_scheme }}"
+  REDIS_HOST: "{{ pixelfed_config_redis_host }}"
+  REDIS_PASSWORD: "{{ pixelfed_config_redis_password }}"
+  REDIS_PORT: "{{ pixelfed_config_redis_port }}"
+  REDIS_DATABASE: "{{ pixelfed_config_redis_database }}"
+  
+  ## EXPERIMENTS 
+  EXP_LC: "{{ pixelfed_config_exp_lc }}"
+  EXP_REC: "{{ pixelfed_config_exp_rec }}"
+  EXP_LOOPS: "{{ pixelfed_config_exp_loops }}"
+  
+  ## ActivityPub Federation
+  ACTIVITY_PUB: "{{ pixelfed_config_activity_pub }}"
+  AP_REMOTE_FOLLOW: "{{ pixelfed_config_ap_remote_follow }}"
+  AP_SHAREDINBOX: "{{ pixelfed_config_ap_sharedinbox }}"
+  AP_INBOX: "{{ pixelfed_config_ap_inbox }}"
+  AP_OUTBOX: "{{ pixelfed_config_ap_outbox }}"
+  ATOM_FEEDS: "{{ pixelfed_config_atom_feeds }}"
+  NODEINFO: "{{ pixelfed_config_nodeinfo }}"
+  WEBFINGER: "{{ pixelfed_config_webfinger }}"
+  
+  ## S3
+  FILESYSTEM_DRIVER: "{{ pixelfed_config_filesystem_driver }}"
+  FILESYSTEM_CLOUD: "{{ pixelfed_config_filesystem_cloud }}"
+  PF_ENABLE_CLOUD: "{{ pixelfed_config_pf_enable_cloud }}"
+  AWS_ACCESS_KEY_ID: "{{ pixelfed_config_aws_access_key_id }}"
+  AWS_SECRET_ACCESS_KEY: "{{ pixelfed_config_aws_secret_access_key }}"
+  AWS_DEFAULT_REGION: "{{ pixelfed_config_aws_default_region }}"
+  AWS_BUCKET: "{{ pixelfed_config_aws_bucket }}"
+  AWS_URL: "{{ pixelfed_config_aws_url }}"
+  AWS_ENDPOINT: "{{ pixelfed_config_aws_endpoint }}"
+  AWS_USE_PATH_STYLE_ENDPOINT: "{{ pixelfed_config_aws_use_path_style_endpoint }}"
+  
+  HORIZON_DARKMODE: "{{ pixelfed_config_horizon_darkmode }}"
+  PF_COSTAR_ENABLED: "{{ pixelfed_config_pf_costar_enabled }}"
+  MEDIA_EXIF_DATABASE: "{{ pixelfed_config_media_exif_database }}"
+  LOG_CHANNEL: "{{ pixelfed_config_log_channel }}"
+  IMAGE_DRIVER: "{{ pixelfed_config_image_driver }}"
+  
+  BROADCAST_DRIVER: "{{ pixelfed_config_ }}"
+  CACHE_DRIVER: "{{ pixelfed_config_cache_driver }}"
+  RESTRICT_HTML_TYPES: "{{ 'true' pixelfed_config_restrict_html_types else 'false' }}"
+  QUEUE_DRIVER: "{{ pixelfed_config_queue_driver }}"
+  SESSION_DRIVER: "{{ pixelfed_config_session_driver }}"
+  TRUST_PROXIES: "{{ pixelfed_config_trust_proxies }}"
+  PASSPORT_PRIVATE_KEY: "{{ pixelfed_config_passport_private_key }}"
+  PASSPORT_PUBLIC_KEY: "{{ pixelfed_config_passport_public_key }}"
+

roles/sharkey/README.md

@@ -1,44 +0,0 @@
-# `finallycoffee.fediverse.sharkey` ansible role
-
-## Configuration
-
-Set the required `sharkey_config_url` variable to the domain you want sharkey to run on.
-
-To extend/modify the sharkey configuration file (upstream: `default.yml`),
-set your (structed) configuration in `sharkey_config` and it will be merged
-over the upstream config file and the role built-in configuration.
-
-### Docker compose
-
-To extend/modify the compose project file (`compose.yml`), populate `sharkey_compose_file_overrides`.
-Take care when overriding `sharkey_compose_file_role_overrides`, as this can
-break the functionality of the ansible role.
-
-## Behind a proxy
-
-The ansible role itself will respect system proxies (in the env var `HTTP_PROXY`/`https_proxy`).
-
-To use this role with a registry like Artifactory or Nexus3,
-set `sharkey_repo_server` to your registry server with full
-protocol, hostname, port. For example `sharkey_repo_server: "https://my.orgs.registry.local:8443/sharkey-internet-proxy/"`
-
-## Stopping
-
-### Docker compose
-
-Set `sharkey_compose_state: "stopped"` to ensure all containers in the compose
-project are stopped. This has the same effect as `docker compose stop`. Set
-`sharkey_compose_state: "absent"` to not only stop all containers, but remove
-them, the docker networks associated with the project etc. This is equivalent
-to `docker compose down`.
-
-> [!WARNING]
-> Do not confuse `sharkey_compose_state` with `sharkey_state`!
-
-## Deprovisioning
-
-Set `sharkey_state: "absent"` to remove sharkey from the target, including
-*all* application data, configuration files, container images.
-
-> [!CAUTION]
-> This removes all (user) data irrecoverably with no backup.

roles/sharkey/defaults/main/compose.yml

@@ -1,41 +0,0 @@
----
-sharkey_compose_state: "{{ sharkey_state }}"
-sharkey_compose_project_name: "sharkey"
-sharkey_compose_project_src: "{{ sharkey_config_dir }}"
-sharkey_compose_upstream_file: "{{ sharkey_compose_project_src }}/compose.upstream.yml"
-sharkey_compose_file: "{{ sharkey_compose_project_src }}/compose.yml"
-sharkey_compose_build: >-2
-  {{ (sharkey_container_image_source == 'pull') | ternary('never', 'policy') }}
-
-sharkey_compose_redis_dir: "{{ sharkey_data_dir }}/redis"
-sharkey_compose_database_dir: "{{ sharkey_data_dir }}/postgres"
-
-sharkey_repo_server: "https://activitypub.software"
-sharkey_repo_path: "Transfem-org/Sharkey"
-sharkey_repo_tag: "{{ sharkey_version }}"
-sharkey_compose_file_url: >-2
-  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/compose_example.yml?ref_type=tags
-sharkey_compose_file_overrides: ~
-sharkey_compose_file_role_overrides:
-  services:
-    web:
-      image: "{{ sharkey_container_image }}"
-      volumes:
-        - "{{ sharkey_file_dir }}:/sharkey/files:rw"
-        - "{{ sharkey_config_file }}:/sharkey/.config/default.yaml:ro"
-        - "{{ sharkey_container_env_file }}:/sharkey/.config/docker.env:ro"
-    db:
-      env_file: "{{ sharkey_container_env_file }}"
-      volumes:
-        - "{{ sharkey_compose_database_dir }}:/var/lib/postgresql/data:rw"
-    redis:
-      volumes: 
-        - "{{ sharkey_compose_redis_dir }}:/data:rw" 
-  # override net segment?
-sharkey_compose_file_contents: >-2
-  {{
-    (sharkey_compose_upstream_file_contents['content'] | b64decode | from_yaml)
-    | combine(sharkey_compose_file_role_overrides, recursive=True)
-    | combine(sharkey_compose_file_overrides | default({}, true), recursive=True)
-    | to_nice_yaml(indent=4)
-  }}

roles/sharkey/defaults/main/config.yml

@@ -1,30 +0,0 @@
----
-sharkey_config_url: ~
-sharkey_config_setup_password: ~
-sharkey_config_postgres_user: misskey
-sharkey_config_postgres_password: "insecure_please_change_me!"
-sharkey_config_postgres_db: misskey
-sharkey_config_postgres_host: db
-sharkey_config_postgres_port: 5432
-sharkey_config_postgres_db_url: >-2
-  postgres://{{ sharkey_config_postgres_user }}:{{ sharkey_config_postgres_password }}@{{ sharkey_config_postgres_host }}:{{ sharkey_config_postgres_port }}/{{ sharkey_config_postgres_db }}
-
-sharkey_config: ~
-sharkey_config_file_overrides:
-  url: "{{ sharkey_config_url }}"
-  db:
-    host: "{{ sharkey_config_postgres_host }}"
-    db: "{{ sharkey_config_postgres_db }}"
-    user: "{{ sharkey_config_postgres_user }}"
-    pass: "{{ sharkey_config_postgres_password }}"
-sharkey_config_file_contents: >-2
-  {{
-    (sharkey_config_upstream_file_contents['content'] | b64decode | from_yaml)
-    | combine(sharkey_config_file_overrides, recursive=True)
-    | combine(sharkey_config | default({}, true), recursive=True)
-    | to_nice_yaml(indent=4)
-  }}
-sharkey_config_upstream_file: "{{ sharkey_config_dir }}/config.upstream.yaml"
-sharkey_config_file: "{{ sharkey_config_dir }}/default.yaml"
-sharkey_config_upstream_file_url: >-2
-  {{ sharkey_repo_server }}/{{ sharkey_repo_path }}/-/raw/{{ sharkey_version }}/.config/docker_example.yml?ref=tags

roles/sharkey/defaults/main/container.yml

@@ -1,47 +0,0 @@
----
-sharkey_container_name: sharkey
-sharkey_container_image_registry: "registry.activitypub.software"
-sharkey_container_iamge_namespace: "transfem-org"
-sharkey_container_image_name: "sharkey"
-sharkey_container_image_repository: >-2
-  {{
-    [
-      sharkey_container_image_registry | default([], true),
-      sharkey_container_iamge_namespace | default([], true),
-      sharkey_container_image_name
-    ] | flatten | join('/')
-  }}
-sharkey_container_image_tag: ~
-sharkey_container_image_source: pull
-sharkey_container_image_force_source: >-2
-  {{ sharkey_container_image_tag | default(false, true) | bool }}
-sharkey_container_image: >-2
-  {{
-    [
-      sharkey_container_image_repository,
-      sharkey_container_image_tag | default(sharkey_version, true)
-    ] | join(':')
-  }}
-sharkey_container_default_env:
-  MISSKEY_URL: "{{ sharkey_config_url }}"
-  POSTGRES_USER: "{{ sharkey_config_postgres_user }}"
-  POSTGRES_PASSWORD: "{{ sharkey_config_postgres_password }}"
-  POSTGRES_DB: "{{ sharkey_config_postgres_db }}"
-  DATABASE_URL: >-2
-    {{
-      (sharkey_config_postgres_user | default(false, true))
-      | ternary(sharkey_config_postgres_db_url, '')
-    }}
-sharkey_container_env: ~
-sharkey_container_merged_env: >-2
-  {{
-    sharkey_container_default_env | default({}, true)
-    | combine(sharkey_container_env | default({}, true), recursive=True)
-  }}
-sharkey_container_env_file_contents: |2
-  {% for entry in sharkey_container_merged_env | dict2items %}
-  {% if entry['value'] is string and entry['value'] | length > 0 %}
-  {{ entry['key'] }}={{ entry['value'] }}
-  {% endif %}
-  {% endfor %}
-sharkey_container_env_file: "{{ sharkey_config_dir }}/docker.env"

roles/sharkey/defaults/main/main.yml

@@ -1,9 +0,0 @@
----
-sharkey_user: sharkey
-sharkey_version: "2025.4.3"
-sharkey_config_dir: "/etc/sharkey"
-sharkey_data_dir: "/var/lib/sharkey"
-sharkey_file_dir: "{{ sharkey_data_dir }}/files"
-
-sharkey_state: present
-sharkey_deployment_method: "docker-compose"

roles/sharkey/defaults/main/user.yml

@@ -1,10 +0,0 @@
----
-sharkey_user_system: true
-sharkey_user_create_home: false
-sharkey_user_groups: ~
-sharkey_user_append_groups: >-2
-  {{ sharkey_user_groups | default(omit, true) }}
-sharkey_user_uid: >-2
-  {{ sharkey_user_info.uid | default(sharkey_user) }}
-sharkey_user_gid: >-2
-  {{ sharkey_user_info.group | default(sharkey_user) }}

roles/sharkey/meta/main.yml

@@ -1,14 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: sharkey
-  description: >-2
-    Deploy Sharkey, a fork of Misskey with full Mastodon-API support
-  galaxy_tags:
-    - sharkey
-    - misskey
-    - mastodon
-    - docker
-    - activitypub
-    - fediverse

roles/sharkey/tasks/check.yml

@@ -1,26 +0,0 @@
----
-- name: Ensure 'sharkey_state' is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Unsupported sharkey_state '{{ sharkey_state }}'.
-      Supported values are {{ sharkey_states | join(', ') }}
-  when: sharkey_state not in sharkey_states
-
-- name: Ensure 'sharkey_deployment_method' is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Unsupported sharkey_deployment_method '{{ sharkey_deployment_method }}.
-      Supported values are {{ sharkey_deployment_methods | join(', ') }}
-  when: sharkey_deployment_method not in sharkey_deployment_methods
-
-- name: Ensure 'sharkey_config_url' is valid
-  ansible.builtin.fail:
-    msg: >-2
-      Variable 'sharkey_config_url' is not populated! This variable
-      is mandatory to set when deploying sharkey.
-  when:
-    - sharkey_state == 'present'
-    - >-2
-        sharkey_config_url is not defined
-          or ((sharkey_config_url | string) == 'None')
-          or ((sharkey_config_url | string | length) == 0)

roles/sharkey/tasks/configure-docker-compose.yml

@@ -1,39 +0,0 @@
----
-- name: Ensure directories for compose services are {{ sharkey_state }}
-  ansible.builtin.file:
-    name: "{{ file.path }}"
-    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
-    owner: "{{ sharkey_user_uid }}"
-    group: "{{ sharkey_user_gid }}"
-    mode: "0750"
-  loop:
-    - path: "{{ sharkey_compose_redis_dir }}"
-    - path: "{{ sharkey_compose_database_dir }}"
-  loop_control:
-    loop_var: file
-    label: "{{ file.path }}"
-
-- name: Ensure final compose file is templated
-  when: sharkey_state == 'present'
-  block:
-    # TODO: wronlgy reports changed in checkmode due to hash mismatches
-    - name: Ensure compose files are downloaded
-      ansible.builtin.get_url:
-        url: "{{ sharkey_compose_file_url }}"
-        dest: "{{ sharkey_compose_upstream_file }}"
-        owner: "{{ sharkey_user_uid }}"
-        group: "{{ sharkey_user_gid }}"
-        mode: "0444"
-    
-    - name: Read compose file contents
-      ansible.builtin.slurp:
-        src: "{{ sharkey_compose_upstream_file }}"
-      register: sharkey_compose_upstream_file_contents
-    
-    - name: Ensure modified compose file is written
-      ansible.builtin.copy:
-        content: "{{ sharkey_compose_file_contents }}"
-        dest: "{{ sharkey_compose_file }}"
-        owner: "{{ sharkey_user_uid }}"
-        group: "{{ sharkey_user_gid }}"
-        mode: "0644"

roles/sharkey/tasks/configure-docker.yml

@@ -1,9 +0,0 @@
----
-- name: Ensure sharkey docker environment is templated
-  ansible.builtin.copy:
-    content: "{{ sharkey_container_env_file_contents }}"
-    dest: "{{ sharkey_container_env_file }}"
-    owner: "{{ sharkey_user_uid }}"
-    group: "{{ sharkey_user_gid }}"
-    mode: "0640"
-  when: sharkey_state == 'present'

roles/sharkey/tasks/configure.yml

@@ -1,68 +0,0 @@
----
-- name: Ensure sharkey user '{{ sharkey_user }}' is {{ sharkey_state }}
-  ansible.builtin.user:
-    name: "{{ sharkey_user }}"
-    state: "{{ sharkey_state }}"
-    system: "{{ sharkey_user_system }}"
-    create_home: "{{ sharkey_user_create_home }}"
-    groups: "{{ sharkey_user_groups }}"
-    append: "{{ sharkey_user_append_groups }}"
-  register: sharkey_user_info
-
-- name: Ensure sharkey config directory '{{ sharkey_config_dir }}' is {{ sharkey_state }}
-  ansible.builtin.file:
-    path: "{{ sharkey_config_dir }}"
-    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
-    owner: "{{ sharkey_user_uid }}"
-    group: "{{ sharkey_user_gid }}"
-    mode: "0750"
-
-- name: Ensure sharkey data directory '{{ sharkey_data_dir }}' is {{ sharkey_state }}
-  ansible.builtin.file:
-    path: "{{ sharkey_data_dir }}"
-    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
-    owner: "{{ sharkey_user_uid }}"
-    group: "{{ sharkey_user_gid }}"
-    mode: "0750"
-
-- name: Ensure sharkey file directory '{{ sharkey_file_dir }}' is {{ sharkey_state }}
-  ansible.builtin.file:
-    path: "{{ sharkey_file_dir }}"
-    state: "{{ (sharkey_state == 'present') | ternary('directory', 'absent') }}"
-    owner: "{{ sharkey_user_uid }}"
-    group: "{{ sharkey_user_gid }}"
-    mode: "0750"
-
-- name: Ensure sharkey config file '{{ sharkey_config_file }}' is {{ sharkey_state }}
-  when: sharkey_state == 'present'
-  block:
-    # TODO: wrongly reports changed in checkmode due to different hashes
-    - name: Ensure sharkey upstream config file is {{ sharkey_state }}
-      ansible.builtin.get_url:
-        url: "{{ sharkey_config_upstream_file_url }}"
-        dest: "{{ sharkey_config_upstream_file }}"
-        owner: "{{ sharkey_user_uid }}"
-        group: "{{ sharkey_user_gid }}"
-        mode: "0440"
-    
-    - name: Read upstream sharkey config file
-      ansible.builtin.slurp:
-        src: "{{ sharkey_config_upstream_file }}"
-      register: sharkey_config_upstream_file_contents
-    
-    - name: Ensure sharkey configuration file is {{ sharkey_state }}
-      ansible.builtin.copy:
-        content: "{{ sharkey_config_file_contents }}"
-        dest: "{{ sharkey_config_file }}"
-        owner: "{{ sharkey_user_uid }}"
-        group: "{{ sharkey_user_gid }}"
-        mode: "0640"
-
-- name: Run configure steps for deployment using containers
-  ansible.builtin.include_tasks:
-    file: "configure-docker.yml"
-  when: sharkey_deployment_method in ['docker-compose']
-
-- name: Configure for {{ sharkey_deployment_method }}
-  ansible.builtin.include_tasks:
-    file: "configure-{{ sharkey_deployment_method }}.yml"

roles/sharkey/tasks/deploy-docker-compose.yml

@@ -1,14 +0,0 @@
----
-- name: Ensure sharkey container image '{{ sharkey_container_image }}' is {{ sharkey_state }}
-  community.docker.docker_image:
-    name: "{{ sharkey_container_image }}"
-    state: "{{ sharkey_state }}"
-    source: "{{ sharkey_container_image_source }}"
-    force_source: "{{ sharkey_container_image_force_source }}"
-
-- name: Ensure docker compose project is {{ sharkey_compose_state }}
-  community.docker.docker_compose_v2:
-    project_name: "{{ sharkey_compose_project_name }}"
-    project_src: "{{ sharkey_compose_project_src }}"
-    state: "{{ sharkey_compose_state }}"
-    build: "{{ sharkey_compose_build }}"

roles/sharkey/tasks/main.yml

@@ -1,12 +0,0 @@
----
-- name: Check role prerequisites
-  ansible.builtin.include_tasks:
-    file: check.yml
-
-- name: Run common configuration tasks
-  ansible.builtin.include_tasks:
-    file: configure.yml
-
-- name: Deploy using {{ sharkey_deployment_method }}
-  ansible.builtin.include_tasks:
-    file: "deploy-{{ sharkey_deployment_method }}.yml"

roles/sharkey/vars/main.yml

@@ -1,6 +0,0 @@
----
-sharkey_states:
-  - present
-  - absent
-sharkey_deployment_methods:
-  - "docker-compose"