From 34f7d80c129d554fc53b8f9abad1ba239282f715 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 14 Jul 2023 13:51:08 +0200
Subject: [PATCH] save redis database on nfs

---
 ansible/inventory/group_vars/all.yml       |  2 ++
 ansible/roles/mastodon/docker-stack.yml.j2 | 40 ++++++++++++++++++----
 ansible/roles/mastodon/vars/main.yml       | 10 ------
 3 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml
index e92e364..f8d3639 100644
--- a/ansible/inventory/group_vars/all.yml
+++ b/ansible/inventory/group_vars/all.yml
@@ -24,6 +24,8 @@ nfs_shares:
     path: /mnt/data/seafile/db
   - name: mastodon_system
     path: /mnt/data/mastodon/system
+  - name: mastodon_redis
+    path: /mnt/data/mastodon/redis
   - name: forgejo
     path: /mnt/data/forgejo
   - name: overleaf
diff --git a/ansible/roles/mastodon/docker-stack.yml.j2 b/ansible/roles/mastodon/docker-stack.yml.j2
index 0c146dc..294d019 100644
--- a/ansible/roles/mastodon/docker-stack.yml.j2
+++ b/ansible/roles/mastodon/docker-stack.yml.j2
@@ -12,15 +12,38 @@ volumes:
       type: "nfs"
       o: "addr=192.168.30.10,nolock,soft,rw"
       device: ":/mnt/data/mastodon/system"
+  redis:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/mastodon/redis"
 
 services:
+  redis:
+    image: redis:7-alpine
+    networks:
+      mastodon:
+        aliases:
+          - redis
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+    volumes:
+      - type: volume
+        source: redis
+        target: /data
+        volume:
+          nocopy: true
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.mastodon == true"
+
   web:
     image: tootsuite/mastodon:v4.1
     environment:
       - 'OTP_SECRET={{ otp_secret }}'
       - 'SECRET_KEY_BASE={{ secret_key_base }}'
-      - 'REDIS_HOST=thecloud.dmz'
-      - 'REDIS_PASSWORD={{ mastodon_redis_password }}'
+      - 'REDIS_HOST=redis'
       - 'DB_HOST=192.168.30.10'
       - 'DB_USER=mastodon'
       - 'DB_NAME=mastodon'
@@ -61,13 +84,14 @@ services:
         - traefik.http.services.mastodon.loadbalancer.server.port=3000
         - traefik.http.routers.mastodon.service=mastodon
         - traefik.docker.network=traefik
+    depends_on:
+      - redis
 
   streaming:
     image: tootsuite/mastodon:v4.1
     command: node ./streaming
     environment:
-      - 'REDIS_HOST=thecloud.dmz'
-      - 'REDIS_PASSWORD={{ mastodon_redis_password }}'
+      - 'REDIS_HOST=redis'
       - 'LOCAL_DOMAIN=social.pizzapim.nl'
       - 'DB_HOST=192.168.30.10'
       - 'DB_USER=mastodon'
@@ -92,14 +116,16 @@ services:
         - traefik.http.routers.mastodon-streaming.tls=true
         - traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt
         - traefik.docker.network=traefik
+    depends_on:
+      - redis
+
   sidekiq:
     image: tootsuite/mastodon:v4.1
     command: bundle exec sidekiq
     environment:
       - 'OTP_SECRET={{ otp_secret }}'
       - 'SECRET_KEY_BASE={{ secret_key_base }}'
-      - 'REDIS_HOST=thecloud.dmz'
-      - 'REDIS_PASSWORD={{ mastodon_redis_password }}'
+      - 'REDIS_HOST=redis'
       - 'DB_HOST=192.168.30.10'
       - 'DB_USER=mastodon'
       - 'DB_NAME=mastodon'
@@ -121,3 +147,5 @@ services:
       placement:
         constraints:
           - "node.labels.mastodon == true"
+    depends_on:
+      - redis
diff --git a/ansible/roles/mastodon/vars/main.yml b/ansible/roles/mastodon/vars/main.yml
index 2ccf7a9..eed2d71 100644
--- a/ansible/roles/mastodon/vars/main.yml
+++ b/ansible/roles/mastodon/vars/main.yml
@@ -6,16 +6,6 @@ mastodon_postgres_password: !vault |
   3532316632613062310a343566393237363364613931353062636537663864383839623930383836
   32613634616335616462336261303632646266326663383166366236643438616538626263343835
   6539616439636364626466333163316164633631616132623665
-mastodon_redis_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  32333531626630353438343331373139363731303264373336653162303431663231376565376662
-  3332383365313462373030383462653266656338623035390a646437653364366638653764613766
-  32346135353230343631643661653935366635666263383233626133623432643938633064346431
-  6162646335313965310a653831393364316530623331366166373032383063303237396266613335
-  31313537623161653731313736386539393830363566353234643263393761353061363839616131
-  66346561323062333933373635626463313731643666643462653964666439383264326166383466
-  36646338653139626234653339386637373639633931616365633536616230613239656664333832
-  61346132353364323330
 otp_secret: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   33303436663063313039636335623937343530323636346363306234333135306138653337313034