add mastodon role

author: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-06-12 21:02:22 -0400
committer: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-06-12 21:02:22 -0400
commit: 865e2f05621fc10f3d332d3840707997c0b94abf (patch)
tree: b5f0c85951175b813996991298501c6afb012824 /inventory-example
parent: 78fd379d33bd6853123c02a76c97ca382aa24be9 (diff)
download: selfhosted-865e2f05621fc10f3d332d3840707997c0b94abf.tar.gz
selfhosted-865e2f05621fc10f3d332d3840707997c0b94abf.zip
8 files changed, 29 insertions, 0 deletions
diff --git a/inventory-example/10-hosts b/inventory-example/10-hosts
index 90e1acf..43306d6 100644
--- a/inventory-example/10-hosts
+++ b/inventory-example/10-hosts
@@ -36,6 +36,7 @@ dmz-xmpp1       ip=10.10.19.5   cname=xmpp
 dmz-turn1       ip=10.10.19.6   cname=turn
 dmz-git1        ip=10.10.19.13
 dmz-matrix1     ip=10.10.19.14                   cores=4  ram=8g   disk=256g
+dmz-mastodon1   ip=10.10.19.15                   cores=4  ram=4g   disk=256g
 dmz-asterisk1   ip=10.10.14.10  cname=asterisk   cores=4
 
 [unmanaged]
diff --git a/inventory-example/20-by-hostname.yml b/inventory-example/20-by-hostname.yml
index db1ba15..de5f253 100644
--- a/inventory-example/20-by-hostname.yml
+++ b/inventory-example/20-by-hostname.yml
@@ -42,3 +42,4 @@ groups:
   turn_servers:              inventory_hostname is match('(dmz-)?turn[0-9]')
   asterisk_servers:          inventory_hostname is match('(dmz-)?asterisk[0-9]')
   matrix_servers:            inventory_hostname is match('(dmz-)?matrix[0-9]')
+  mastodon_servers:          inventory_hostname is match('(dmz-)?mastodon[0-9]')
diff --git a/inventory-example/group_vars/all/firefox.yml b/inventory-example/group_vars/all/firefox.yml
index 07d227b..36d7b1f 100644
--- a/inventory-example/group_vars/all/firefox.yml
+++ b/inventory-example/group_vars/all/firefox.yml
@@ -49,6 +49,8 @@ firefox_managed_bookmarks:
     url: 'https://invidious.{{ domain }}'
   - name: Jellyfin
     url: 'https://jellyfin.{{ domain }}'
+  - name: Mastodon
+    url: 'https://mastodon.{{ domain }}'
   - name: Matrix
     url: 'https://matrix.{{ domain }}'
   - name: Nagios
diff --git a/inventory-example/group_vars/all/freeipa.yml b/inventory-example/group_vars/all/freeipa.yml
index 15b7259..5026212 100644
--- a/inventory-example/group_vars/all/freeipa.yml
+++ b/inventory-example/group_vars/all/freeipa.yml
@@ -131,6 +131,9 @@ freeipa_groups:
   - name: role-matrix-access
     group: doefamily
 
+  - name: role-mastodon-access
+    group: doefamily
+
 freeipa_hbac_rules:
   - name: sysadmins_ssh_and_console_to_all
     description: allow sysadmins to ssh to all hosts
diff --git a/inventory-example/group_vars/all/mastodon.yml b/inventory-example/group_vars/all/mastodon.yml
new file mode 100644
index 0000000..932d51d
--- /dev/null
+++ b/inventory-example/group_vars/all/mastodon.yml
@@ -0,0 +1,13 @@
+mastodon_domain: example.com
+mastodon_web_domain: mastodon.example.com
+mastodon_db_name: mastodon
+mastodon_db_user: s-mastodon
+mastodon_db_password: '{{ vault_mastodon_db_password }}'
+mastodon_sysaccount_password: '{{ vault_mastodon_sysaccount_password }}'
+mastodon_login_cidrs:
+  - '{{ vlans.trusted.cidr }}'
+
+mastodon_secret_key_base: '{{ vault_mastodon_secret_key_base }}'
+mastodon_otp_secret: '{{ vault_mastodon_otp_secret }}'
+mastodon_vapid_private_key: '{{ vault_mastodon_vapid_private_key }}'
+mastodon_vapid_public_key: changeme
diff --git a/inventory-example/group_vars/all/nsd.yml b/inventory-example/group_vars/all/nsd.yml
index d40351b..2c21a70 100644
--- a/inventory-example/group_vars/all/nsd.yml
+++ b/inventory-example/group_vars/all/nsd.yml
@@ -35,6 +35,7 @@ nsd_zones:
       turn1       IN  A      203.0.113.58
       pbx1        IN  A      203.0.113.59
       matrix      IN  A      203.0.113.60
+      mastodon    IN  A      203.0.113.61
       www         IN  CNAME  www1
       xmpp        IN  CNAME  xmpp1
       conference  IN  CNAME  xmpp1
diff --git a/inventory-example/group_vars/all/postgres.yml b/inventory-example/group_vars/all/postgres.yml
index be90568..b38f4c0 100644
--- a/inventory-example/group_vars/all/postgres.yml
+++ b/inventory-example/group_vars/all/postgres.yml
@@ -2,3 +2,4 @@ postgresql_host: postgres.{{ domain }}
 postgresql_inventory_host: "{{ postgresql_host.split('.')[0] }}"
 postgresql_password_users:
   - '{{ invidious_db_user }}'
+  - '{{ mastodon_db_user }}'
diff --git a/inventory-example/group_vars/all/vault.yml b/inventory-example/group_vars/all/vault.yml
index 58b597a..18b57bb 100644
--- a/inventory-example/group_vars/all/vault.yml
+++ b/inventory-example/group_vars/all/vault.yml
@@ -65,6 +65,13 @@ vault_invidious_hmac_key: changeme
 vault_jellyfin_sysaccount_password: changeme
 
 
+# mastodon
+vault_mastodon_sysaccount_password: changeme
+vault_mastodon_secret_key_base: changeme
+vault_mastodon_otp_secret: changeme
+vault_mastodon_vapid_private_key: changeme
+
+
 # mediawiki
 vault_mediawiki_admin_password: changeme
 vault_mediawiki_upgrade_key: changeme
author	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-06-12 21:02:22 -0400
committer	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-06-12 21:02:22 -0400
commit	865e2f05621fc10f3d332d3840707997c0b94abf (patch)
tree	b5f0c85951175b813996991298501c6afb012824 /inventory-example
parent	78fd379d33bd6853123c02a76c97ca382aa24be9 (diff)
download	selfhosted-865e2f05621fc10f3d332d3840707997c0b94abf.tar.gz selfhosted-865e2f05621fc10f3d332d3840707997c0b94abf.zip