role mastodon added

roles/mastodon/tasks/system_setup/letsencrypt.yml

@@ -0,0 +1,31 @@
+---
+- stat: path=/etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem
+  register: letsencrypt_cert
+
+- name: Copy letsencrypt nginx config
+  template: 
+    src: ../files/nginx/letsencrypt.conf.j2
+    dest: /etc/nginx/sites-available/mastodon.conf
+  when: not letsencrypt_cert.stat.exists
+  
+- name: Symlink enabled site
+  file:
+    src: "/etc/nginx/sites-available/mastodon.conf"
+    dest: "/etc/nginx/sites-enabled/mastodon.conf"
+    state: link
+  when: not letsencrypt_cert.stat.exists
+
+- name: Reload nginx
+  command: "systemctl reload nginx"
+
+- name: Install letsencrypt cert
+  command: letsencrypt certonly -n --webroot -d {{ mastodon_host }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host }}" --agree-tos && systemctl reload nginx
+  when: not letsencrypt_cert.stat.exists
+
+- name: Letsencrypt Job
+  cron:
+    name: "letsencrypt renew"
+    minute: "15"
+    hour: "0"
+    job: "letsencrypt renew && service nginx reload"
+

roles/mastodon/tasks/system_setup/mastodon.yml

@@ -0,0 +1,100 @@
+- name: Clone mastodon
+  git:
+    repo: "https://github.com/mastodon/mastodon.git"
+    dest: "{{ mastodon_home }}/{{mastodon_path}}"
+    clone: true
+
+# - name: Update to latest version
+#   shell: "git fetch; git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)"
+#   args:
+#     chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
+
+- name: Bundle install
+  shell: |
+    ~/.rbenv/shims/bundle config set --local deployment 'true' && \
+    ~/.rbenv/shims/bundle config set --local without 'test' && \
+    ~/.rbenv/shims/bundle config set --local with 'development' && \
+    ~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN)
+  args:
+    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
+
+- name: Yarn install
+  command: yarn install --pure-lockfile
+  args:
+    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
+
+- name: Install systemd sidekiq Service Files
+  template:
+    src: mastodon-sidekiq.service.j2
+    dest: /etc/systemd/system/mastodon-sidekiq.service
+  become: true
+  become_user: root
+
+- name: Install systemd web Service Files
+  template:
+    src: mastodon-web.service.j2
+    dest: /etc/systemd/system/mastodon-web.service
+  become: true
+  become_user: root
+
+- name: Install systemd streaming Service Files
+  template:
+    src: mastodon-streaming.service.j2
+    dest: /etc/systemd/system/mastodon-streaming.service
+  become: true
+  become_user: root
+
+- name: Media cleanup cronjob
+  cron:
+    name: "media cleanup"
+    minute: "15"
+    hour: "1"
+    job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove'''
+
+- stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production
+  register: production_config
+
+- name: Migrate database
+  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate"
+  args:
+    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
+  when: production_config.stat.exists
+
+- name: Precompile assets
+  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
+  args:
+    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
+  when: production_config.stat.exists
+
+- name: Enable mastodon-web
+  command: systemctl enable mastodon-web.service
+  become: true
+  become_user: root
+
+- name: Enable mastodon-streaming
+  command: systemctl enable mastodon-streaming.service
+  become: true
+  become_user: root
+
+- name: Enable mastodon-sidekiq
+  command: systemctl enable mastodon-sidekiq.service
+  become: true
+  become_user: root
+
+- name: Restart mastodon-web
+  command: systemctl restart mastodon-web.service
+  when: production_config.stat.exists
+  become: true
+  become_user: root
+
+- name: Restart mastodon-streaming
+  command: systemctl restart mastodon-streaming.service
+  when: production_config.stat.exists
+  become: true
+  become_user: root
+
+- name: Restart mastodon-sidekiq
+  command: systemctl restart mastodon-sidekiq.service
+  when: production_config.stat.exists
+  become: true
+  become_user: root

roles/mastodon/tasks/system_setup/nginx.yml

@@ -0,0 +1,18 @@
+---
+
+- name: mastodon | Copy nginx config
+  template: 
+    src: ../files/nginx/mastodon.conf.j2
+    dest: /etc/nginx/sites-available/mastodon.conf
+  when:
+    - mastodon_host is defined
+  notify: restart_nginx
+  
+- name: mastodon | Symlink enabled site
+  file:
+    src: "/etc/nginx/sites-available/mastodon.conf"
+    dest: "/etc/nginx/sites-enabled/mastodon.conf"
+    state: link
+  when:
+    - mastodon_host is defined
+  notify: restart_nginx

roles/mastodon/tasks/system_setup/packages.yml

@@ -0,0 +1,16 @@
+---
+
+- name: mastodon | Install packages
+  package:
+    name: "{{ item.package }}"
+    update_cache: yes
+    cache_valid_time: 3600
+    state: latest
+    install_recommends: no
+  with_items: "{{ packages }}"
+
+- name: mastodon | nodejs alternative
+  alternatives:
+    name: node
+    link: /usr/bin/node
+    path: /usr/bin/nodejs

roles/mastodon/tasks/system_setup/prepare_database.yml

@@ -0,0 +1,47 @@
+- name: mastodon | postgres | Create database {{ mastodon_db }}
+  postgresql_db:
+    name: mastodon | postgres | "{{ mastodon_db }}"
+    login_host: "{{ mastodon_db_login_host }}"
+    login_password: "{{ mastodon_db_login_password }}"
+    login_user: "{{ mastodon_db_login_user }}"
+    port: "{{ mastodon_db_port }}"
+  register: create_remote_db
+  when:
+    - mastodon_db_login_user is defined
+    - mastodon_db_login_host is defined
+    - mastodon_db_login_password is defined
+    - mastodon_db_port is defined
+
+- name: mastodon | postgres | Create database user {{ mastodon_db_user }}
+  postgresql_user:
+    db: "{{ mastodon_db }}"
+    name: mastodon | postgres | "{{ mastodon_db_user }}"
+    password: "{{ mastodon_db_password }}"
+    login_host: "{{ mastodon_db_login_host }}"
+    login_password: "{{ mastodon_db_login_password }}"
+    login_user: "{{ mastodon_db_login_user }}"
+    port: "{{ mastodon_db_port }}"
+    role_attr_flags: CREATEDB
+  register: create_remote_db_user
+  when:
+    - mastodon_db_login_user is defined
+    - mastodon_db_login_host is defined
+    - mastodon_db_login_password is defined
+    - mastodon_db_port is defined
+
+- name: mastodon | postgres | Create database {{ mastodon_db }}
+  postgresql_db:
+    name: mastodon | postgres | "{{ mastodon_db }}"
+    login_unix_socket: "{{ mastodon_db_login_unix_socket }}"
+  register: create_local_db
+  when: create_remote_db is skipped
+
+- name: mastodon | postgres | Create database user {{ mastodon_db_user }}
+  postgresql_user:
+    db: "{{ mastodon_db }}"
+    name: mastodon | postgres | "{{ mastodon_db_user }}"
+    password: "{{ mastodon_db_password }}"
+    encrypted: yes
+    login_unix_socket: "{{ mastodon_db_login_unix_socket }}"
+    role_attr_flags: CREATEDB
+  when: create_remote_db_user is skipped

roles/mastodon/tasks/system_setup/prepare_packagemanager.yml

@@ -0,0 +1,22 @@
+- name: mastodon | package manager | get nodejs prepare script
+  
+- name: mastodon | package manager | add gpg keys
+  apt_key:
+    id: "{{ item.id }}"
+    url: "{{ item.url }}"
+    state: present
+  loop:
+    - { id: "72ECF46A56B4AD39C907BBB71646B01B86E50310", url: "https://dl.yarnpkg.com/debian/pubkey.gpg" }
+    - { id: "9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280", url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" } 
+
+- name: mastodon | package manager | add repos
+  apt_repository:
+    repo: "{{ item.repo }}"
+    state: present
+    mode: 0644 # not required. The octal mode for newly created files in sources.list.d
+    update_cache: no
+    validate_certs: yes # not required. If C(no), SSL certificates for the target repo will not be validated. This should only be used on personally controlled sites using self-signed certificates.
+    filename: "{{ item.filename }}"
+  loop:
+    - { repo: "deb https://dl.yarnpkg.com/debian/ stable main", filename: "yarn"}
+    - { repo: "deb https://deb.nodesource.com/node_{{ node_major_version }}.x {{ ansible_lsb.codename }} main", filename: "nodejs"}

roles/mastodon/tasks/system_setup/ruby.yml

@@ -0,0 +1,57 @@
+---
+- name: mastodon | Clone rbenv
+  git:
+    repo: "https://github.com/rbenv/rbenv.git"
+    dest: "~/.rbenv"
+    clone: true
+    version: "{{ rbenv_version }}"
+
+- name: mastodon | Clone ruby-build
+  git:
+    repo: "https://github.com/rbenv/ruby-build.git"
+    dest: "~/.rbenv/plugins/ruby-build"
+    clone: true
+    version: "{{ ruby_build_version }}"
+  register: ruby_build
+
+- name: mastodon | Configure rbenv
+  command: ./configure
+  args:
+    chdir: "~/.rbenv/src"
+  register: rbenv_configure
+
+- name: mastodon | Build rbenv
+  command: make
+  args:
+    chdir: "~/.rbenv/src"
+  when: rbenv_configure is succeeded
+
+- name: mastodon | Update profile settings
+  copy:
+    dest: "~/.bashrc"
+    content: |
+      export PATH="~/.rbenv/bin:${PATH}"
+      eval "$(rbenv init -)"
+- name: mastodon | Check if the Ruby version is already installed
+  shell: "~/.rbenv/bin/rbenv versions | grep -q {{ ruby_version }}"
+  register: ruby_installed
+  ignore_errors: yes
+  check_mode: no
+
+- name: mastodon | Install Ruby {{ ruby_version }}
+  shell: "~/.rbenv/bin/rbenv install {{ ruby_version }}"
+  args:
+    executable: /bin/bash
+  when: ruby_installed is failed
+
+- name: mastodon | Set the default Ruby version to {{ ruby_version }}
+  shell: "~/.rbenv/bin/rbenv global {{ ruby_version }}"
+  args:
+    executable: /bin/bash
+  register: default_ruby_version
+
+- name: mastodon | Install bundler
+  shell: 'export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; gem install bundler:{{ bundler_version }}'
+  args:
+    executable: /bin/bash
+  when: default_ruby_version is succeeded

roles/mastodon/tasks/system_setup/user.yml

@@ -0,0 +1,6 @@
+- name: mastodon | create mastodon user
+  user:
+    name: "{{ mastodon_user }}"
+    createhome: true
+    shell: /bin/bash
+    home: "{{ mastodon_home }}"