From 865e2f05621fc10f3d332d3840707997c0b94abf Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Mon, 12 Jun 2023 21:02:22 -0400
Subject: add mastodon role

---
 roles/mastodon/tasks/database.yml |  23 ++++++++
 roles/mastodon/tasks/freeipa.yml  |   8 +++
 roles/mastodon/tasks/main.yml     | 121 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 152 insertions(+)
 create mode 100644 roles/mastodon/tasks/database.yml
 create mode 100644 roles/mastodon/tasks/freeipa.yml
 create mode 100644 roles/mastodon/tasks/main.yml

(limited to 'roles/mastodon/tasks')

diff --git a/roles/mastodon/tasks/database.yml b/roles/mastodon/tasks/database.yml
new file mode 100644
index 0000000..37f6dcd
--- /dev/null
+++ b/roles/mastodon/tasks/database.yml
@@ -0,0 +1,23 @@
+- name: create database user
+  postgresql_user:
+    name: '{{ mastodon_db_user }}'
+    password: '{{ mastodon_db_password }}'
+    role_attr_flags: CREATEDB
+    state: present
+  environment:
+    PGOPTIONS: "-c password_encryption=scram-sha-256"
+  delegate_to: "{{ postgresql_inventory_host }}"
+  become: yes
+  become_user: postgres
+  register: mastodon_db_user
+
+- name: create database schema
+  command:
+    chdir: '{{ mastodon_install_dir }}'
+    cmd: 'bundle exec rake db:setup'
+  environment:
+    RAILS_ENV: production
+    SAFETY_ASSURED: 1
+  become: yes
+  become_user: '{{ mastodon_user }}'
+  when: mastodon_db_user.changed
diff --git a/roles/mastodon/tasks/freeipa.yml b/roles/mastodon/tasks/freeipa.yml
new file mode 100644
index 0000000..ee68b13
--- /dev/null
+++ b/roles/mastodon/tasks/freeipa.yml
@@ -0,0 +1,8 @@
+- name: create access group
+  ipagroup:
+    ipaadmin_principal: '{{ ipa_user }}'
+    ipaadmin_password: '{{ ipa_pass }}'
+    name: '{{ mastodon_access_group }}'
+    nonposix: yes
+    state: present
+  run_once: yes
diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml
new file mode 100644
index 0000000..7ff23dd
--- /dev/null
+++ b/roles/mastodon/tasks/main.yml
@@ -0,0 +1,121 @@
+- name: install packages
+  dnf:
+    name: '{{ mastodon_packages }}'
+    state: present
+
+- name: add local user
+  user:
+    name: '{{ mastodon_user }}'
+    system: yes
+    home: '{{ mastodon_home }}'
+    shell: /sbin/nologin
+    create_home: no
+
+- import_tasks: freeipa.yml
+
+- name: create home directory
+  file:
+    path: '{{ mastodon_home }}'
+    owner: '{{ mastodon_user }}'
+    group: '{{ mastodon_user }}'
+    mode: 0755
+    state: directory
+
+- name: clone repo
+  git:
+    repo: '{{ mastodon_git_repo }}'
+    dest: '{{ mastodon_install_dir }}'
+    version: 'v{{ mastodon_version }}'
+    update: yes
+    force: yes
+  become: yes
+  become_user: '{{ mastodon_user }}'
+  register: mastodon_git
+
+- name: set selinux context on writeable directories
+  sefcontext:
+    target: '{{ mastodon_webroot }}(/.*)?'
+    setype: httpd_sys_content_t
+    state: present
+  register: mastodon_webroot_sefcontext
+  tags: selinux
+
+- name: apply selinux context to writeable directories
+  command: 'restorecon -R {{ mastodon_webroot }}'
+  when: mastodon_webroot_sefcontext.changed
+  tags: selinux
+
+- name: build mastodon
+  command:
+    chdir: '{{ mastodon_install_dir }}'
+    cmd: '{{ item }}'
+  loop:
+    - "bundle config deployment 'true'"
+    - "bundle config without 'development test'"
+    - 'bundle install -j{{ ansible_processor_vcpus }}'
+    - yarn install --pure-lockfile
+  become: yes
+  become_user: '{{ mastodon_user }}'
+  notify: restart mastodon
+  when: mastodon_git.changed
+
+- name: generate .env.production
+  template:
+    src: '{{ mastodon_install_dir[1:] }}/.env.production.j2'
+    dest: '{{ mastodon_install_dir }}/.env.production'
+    owner: '{{ mastodon_user }}'
+    group: '{{ mastodon_user }}'
+    mode: 0600
+  notify: restart mastodon
+
+- import_tasks: database.yml
+
+- name: precompile assets
+  command:
+    chdir: '{{ mastodon_install_dir }}'
+    cmd: 'bundle exec rake assets:precompile'
+  environment:
+    NODE_OPTIONS: --openssl-legacy-provider
+    RAILS_ENV: production
+  become: yes
+  become_user: '{{ mastodon_user }}'
+  when: mastodon_git.changed
+
+- name: create systemd units
+  template:
+    src: etc/systemd/system/{{ item }}.j2
+    dest: /etc/systemd/system/{{ item }}
+  loop:
+    - mastodon-sidekiq.service
+    - mastodon-streaming.service
+    - mastodon-web.service
+    - mastodon-cleanup.service
+    - mastodon-cleanup.timer
+  register: mastodon_systemd_units
+  notify: restart mastodon
+
+- name: reload systemd daemons
+  systemd:
+    daemon_reload: yes
+  when: mastodon_systemd_units.changed
+
+- name: start mastodon
+  systemd:
+    name: '{{ item }}'
+    enabled: yes
+    state: started
+  loop:
+    - mastodon-sidekiq.service
+    - mastodon-streaming.service
+    - mastodon-web.service
+    - mastodon-cleanup.timer
+
+- name: configure registrations
+  command:
+    chdir: '{{ mastodon_install_dir }}'
+    cmd: './bin/tootctl settings registrations {{ mastodon_registrations }}'
+  environment:
+    RAILS_ENV: production
+  become: yes
+  become_user: '{{ mastodon_user }}'
+  changed_when: no
-- 
cgit