From f6a6afc70a1ad7061aa3d823d676f2c6ec1c5841 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 2 May 2023 17:13:13 +0200
Subject: [PATCH] add mastodon stack

---
 ansible/inventory/host_vars/manager.yml    |   1 +
 ansible/playbooks/stacks.yml               |   1 +
 ansible/roles/mastodon/docker-stack.yml.j2 | 122 ++++++++++++++++++++
 ansible/roles/mastodon/mastodon.env        | 126 +++++++++++++++++++++
 ansible/roles/mastodon/tasks/main.yml      |  20 ++++
 ansible/roles/mastodon/vars/main.yml       |  16 +++
 6 files changed, 286 insertions(+)
 create mode 100644 ansible/roles/mastodon/docker-stack.yml.j2
 create mode 100644 ansible/roles/mastodon/mastodon.env
 create mode 100644 ansible/roles/mastodon/tasks/main.yml
 create mode 100644 ansible/roles/mastodon/vars/main.yml

diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml
index adf1119..267239e 100644
--- a/ansible/inventory/host_vars/manager.yml
+++ b/ansible/inventory/host_vars/manager.yml
@@ -8,6 +8,7 @@ docker_node_labels:
       syncthing: "true"
       seafile: "true"
       radicale: "true"
+      mastodon: "true"
 
 data_directories:
   - 'traefik'
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
index 42624d9..5de5b05 100644
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@@ -7,3 +7,4 @@
     - {role: forgejo, tags: forgejo}
     - {role: seafile, tags: seafile}
     - {role: radicale, tags: radicale}
+    - {role: mastodon, tags: mastodon}
diff --git a/ansible/roles/mastodon/docker-stack.yml.j2 b/ansible/roles/mastodon/docker-stack.yml.j2
new file mode 100644
index 0000000..20c6486
--- /dev/null
+++ b/ansible/roles/mastodon/docker-stack.yml.j2
@@ -0,0 +1,122 @@
+# vi: ft=yaml
+version: '3'
+
+networks:
+  traefik:
+    external: true
+  mastodon:
+
+volumes:
+  cache:
+
+services:
+  db:
+    image: postgres:14-alpine
+    networks:
+      - mastodon
+    healthcheck:
+      test: ['CMD', 'pg_isready', '-U', 'postgres']
+    volumes:
+      - type: bind
+        source: /mnt/data/mastodon/postgres14
+        target: /var/lib/postgresql/data
+    environment:
+      - 'POSTGRES_HOST_AUTH_METHOD=trust'
+      - 'POSTGRES_PASSWORD={{ mastodon_postgres_password }}'
+      - 'POSTGRES_DB=mastodon_production'
+      - 'POSTGRES_USER=mastodon'
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.mastodon == true"
+  redis:
+    image: redis:7-alpine
+    networks:
+      - mastodon
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+    volumes:
+      - type: bind
+        source: /mnt/data/mastodon/redis
+        target: /data
+    environment:
+      - 'REDIS_PASSWORD={{ mastodon_redis_password }}'
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.mastodon == true"
+  web:
+    image: tootsuite/mastodon:v3.5.3
+    env_file: /srv/mastodon/mastodon.env
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
+    networks:
+      - mastodon
+      - traefik
+    healthcheck:
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
+    depends_on:
+      - db
+      - redis
+    volumes:
+      - type: bind
+        source: /mnt/data/mastodon/public/system
+        target: /mastodon/public/system
+      - cache:/mastodon/public/system/cache
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.mastodon == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.mastodon.entrypoints=websecure
+        - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
+        - traefik.http.routers.mastodon.tls=true
+        - traefik.http.routers.mastodon.tls.certresolver=letsencrypt
+        - traefik.http.services.mastodon.loadbalancer.server.port=3000
+        - traefik.http.routers.mastodon.service=mastodon
+        - traefik.docker.network=traefik
+
+  streaming:
+    image: tootsuite/mastodon:v3.5.3
+    env_file: /srv/mastodon/mastodon.env
+    command: node ./streaming
+    networks:
+      - mastodon
+      - traefik
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
+    depends_on:
+      - db
+      - redis
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.mastodon == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.mastodon-streaming.entrypoints=websecure
+        - "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
+        - traefik.http.routers.mastodon-streaming.service=mastodon-streaming
+        - traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
+        - traefik.docker.network=traefik
+  sidekiq:
+    image: tootsuite/mastodon:v3.5.3
+    env_file: /srv/mastodon/mastodon.env
+    command: bundle exec sidekiq
+    depends_on:
+      - db
+      - redis
+    networks:
+      - mastodon
+    volumes:
+      - type: bind
+        source: /mnt/data/mastodon/public/system
+        target: /mastodon/public/system
+      - cache:/mastodon/public/system/cache
+    healthcheck:
+      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.mastodon == true"
diff --git a/ansible/roles/mastodon/mastodon.env b/ansible/roles/mastodon/mastodon.env
new file mode 100644
index 0000000..87e296e
--- /dev/null
+++ b/ansible/roles/mastodon/mastodon.env
@@ -0,0 +1,126 @@
+$ANSIBLE_VAULT;1.1;AES256
+66373333363835643061643565323065346266346663376133633966383863656531336664656237
+3231356236346361393262616662303931633463363932640a356363363834396338653331353230
+34353937313866363332376263346638663430353232343563616530323762386639343632633563
+6665613863343864340a633434636136303163393833376663343464656231623237623864336538
+62356537306330626338316536653464616662333963313736663036313735306666366237396430
+37663739313432613564313434383961313231393134626665383238633861666632343738383032
+35613363353264653731333637633464366263373162373531313438363762383062633363313636
+31623032356566386631336362656634353432373132313461353664316365613232373763623836
+66306430373033656563316661336539613162353662343266613537316432623465666138333334
+37373239656433393564333236393339656165623137316561623935396139373935333963326431
+37333261336132633964656239623738613833383462356135363761366564393164616530363436
+66323162643466363839626237313638336639343636616536303339643839366261303934373766
+39653264333036323334663634366165343438303132393737393461663038383037616536326161
+64666534623462363534636633353630666665376138386664653037323164643364373431313136
+35643337353961396333653264646139383264393736366332643331656635663362323537323462
+32383030643433306136386463663862313362383264633335613563663531323065646563363161
+62313539303266386238363561373634363336643635366164626564623033613366353937383230
+36373165643834353733656563663333653839663631373330373733633938333263366333313336
+65373733376434373630323339316131363765663166313039336262666265333266366236363932
+30383163643830623334386532636236393664613064376633633061363539623661333361353565
+30363064666635306130366165313535613236616366383630323930336230646461643362346532
+36663464383333323866373439363436346534306365653462663437646561363335303635623838
+66653338366433326330386462326539316235666233383333366330626630663934313836386333
+34626134376463336164666335333565353132333530646632323531643731316436316333333261
+38343033333862343965336434333131636333386336393266306437623032323266333564386431
+62323733346239343136663933393134366161363532646331373066643834346238633433663535
+37353666333530613138373932343661653165373161393533326137643936623133373765346434
+39633532663236636434336461653433626637323931303833313437373264363439343264623438
+35396636656266623831316633643837363931366231396537333633313831623865626331616633
+66386265633037373131313039306431373134303131666239373335356133656430353862656432
+61323439303336356632383962343236303135363931636534393238636136663834363439386461
+39386462303135313637666535336565643439373961373336396237636431623537653932353330
+32653038396665326539366135343439316335656331653165376339613630333331313430386664
+32616431653461636164373437383864653265396461656330613335636532386133386336616631
+30643466633635613131653361393735303735633138623663626234633434343831653138656335
+61346139303438333562633964396334303063336530336434643031633265666137666230313732
+63366133383463336565393464306330343733636439326362366364303539636139633437373861
+63643431313830643164613661353231313665333765363032333739353731353334636336363065
+30316536303561326330626637393538373838313833393038643132643535333132373032383937
+35363833393063663865323630346665393236366464613861326666313337613334626139663037
+65343563343464336130643764333031643432343736643065653335303536373637346134373834
+31636366376232376262633235643762333665613163623066396138623133656334356538636266
+36353466303234303331326632646634343262336135643533353234326532643464356538663934
+63366237383136343035386331323232633066343263353534386635343238613637656232623266
+39666638353938393936636133386234633064303439333633303136326333396233366231653166
+37646131313064343338316264396563376334343535326161656664633934316137616533363134
+30393133666461656266393530636538313038346530386238666132346133363930333130356439
+34306339616263663930363939623531613233373135656465373030663938313333616231613862
+36366632333238376439666339363932646335656139346635393233343766343432363962323430
+35613462663631643533363135376665363061633866306665653537303736353338306164303433
+34373438616138303234336638653963386566663464346262643838373030323235326162656536
+33326130633863626463393335643630363166373564326433663633393837333832663236353233
+30313364393935393961623663383337383964666263363433663434646161316264386635616565
+36613961343733376636373336383634346134366330616464636430333236396533623663326261
+63666539303735363135636336643139366139306163336330383334396165346363646565323634
+65396535356439366162663135646238643930643935316531323561633266323965336236376162
+36356533356465303635646632303663373432333037343035313834623364356438336661653065
+33383037663766323830623365336435356563333131376264393432626337636435626332633766
+31646133646161623138613839316131383338383161643331353934336366343562656435336335
+30653938306431396665356237623165303564613231386236363465623030316265633932636138
+31313434346133613561636163656166666532393838303432656266343239373336643236323864
+64633566343032663866343930346330396436376432343232393338656334633764656365343733
+65623632343930303035643035646337313139383830333664636537306331323330663536636364
+65393332326130643234653939653037623531636439383464343133323234373961323934326462
+38636133356339613339383237383833366364663635313835613763623738663164663866393034
+31326638623938626432353631303763633066326538666365376461653365323937303265353362
+38303232626531633064383139646261373530363631316436636665623633353538653132656239
+39346464633530613332383138386363613131303530643835613736363966613063383939663434
+65326338363662643034373662633735656138313838623937663135643534353135653539333765
+61396362643565323261313666376362656631666566306130363365616536376631636139356662
+39313766663265343764393031303934303633363437396530396539636436323864393434343736
+62343066623736626461353634653938353666376433636161303235356430633938636366333862
+61333364353431663665643232373136373733633334303831643566356565396535396437383036
+33316639386566643636373034626237393533666137376135396163633961386438633339333466
+35323265326635653866353365646434626234616335653262663766633038636537356331326563
+34316438663962313232653366613036333936663531323362383637653530376639643936303263
+31373637633166333230313732613738623362663838663139336531363362626463643135313064
+34653130613566613536356533633564663031613562363430646331653239363666303463303933
+37366237613538636233323630393139636462653239643736623133623336613938623865613135
+66326431373831636166303438623239646364343639303237623864663064383933353963643966
+63666562323563386465326337656434316538656437646165623466393735656162383339636565
+38656564383437363935623564633137363662383536626263336437353166613637633837356237
+61353734313836623931623333643138336538613136323831343935333532303463363834373461
+35376133616165663438646266653532393065396230613635656264376663336133316463663164
+63376666323532613032363565626439656464366662613737303565366332356334343134363163
+64373039316664333436373265656337326638353661383663303962353865616439626239653634
+63343362363733346230643736323130623764643364366637316433353431366530633163356665
+33306166303632333231376535323734313262636432393839656630303138326264303065626139
+61623731663630373264646165373462616635326338333465646339633630653066656363653036
+62346264303163663634653965386262353233336630633233623733643164646436323861383833
+33386266656466623563643134333662383130343862396433346366373837643066616464316230
+39326265383261333835613635383730663837656136643666323833313534663365643662643863
+63386438316561306661636134633636313866663436393639333831323761303034323831616639
+31383463346536393133636336376236633963313962643432623065653765326631343964386138
+32383531363062616661653264653462613836636531366233326464646534316664366537356439
+37633466313465383362366261373936363765353735646231323561363635663933356562386361
+37613230306638636435643630623136376264353038613265353234313938386162323938613165
+35613262613362303637666466316461373435633037633963623834663232623736636634356334
+39323466313936313963616135393263623162333032666430343235643763343862336434663238
+32393439313665363535343530383133636634623035656265646164366234336432383865653566
+36383763616161383265323361643761343361653134353232643334633739643335376331353765
+37343664636137656434313137663464303864356261313532333663623431303734316132346563
+32303838376633666330656564336532346532306633396138393061656436323564353762326164
+32356137643036646662333065396463633230363437663362363661346662326231653364376232
+37386661653736633434356161373532343030363062316161643634626530306335326661303532
+34363462363932353130633964623462396163313965343837666333613932636531383762323234
+34653337613138373361336165613164333765373539393035373736653233383363613730383339
+38613161323035343664393637383163356633346132613035336639643036383231343939616533
+34353633323764366664646338303766643863366662616663346237356230383433386130313665
+33663339383830663366346261393461353465303762393534646562316331386239646365303961
+31393237663533363933656238623138316432396132356663643132313431663962393434633136
+61376634343939383566633834386531613365313531343738623965663637653266343431303736
+33343837303334663130306365386337323430336230303839663062333164383064656637303562
+64376430343765366332646562626233333631363161366561666531663961633966656536656262
+38396538353561626639353261646434376133643561613566343534363766626639616432386233
+36306136383031323538386336613039393130333132343433316633363031313264313233326638
+37633032306238376162633236353536656663383761653938333239376662326336343132333136
+62353439366135653934646561643434366466383632343836383262666430613265633936353638
+30306232386534323366633164386630343562336438343937363062393365626333356632663535
+64373234356163616165393736323236623530306462353737376134643161336331343733323463
+32303337346330653833343838366263323862613534376133646437643162333433636262663233
+32306639313065396538393939633565386131303761373735303665656434663261336539303939
+31323065353437393333323937363665396332363763313066303961303633623137643565643432
+39386165323137636231663634643935643838616531633738623537363063633631336130323130
+3863
diff --git a/ansible/roles/mastodon/tasks/main.yml b/ansible/roles/mastodon/tasks/main.yml
new file mode 100644
index 0000000..1b3871f
--- /dev/null
+++ b/ansible/roles/mastodon/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Create working directory
+  file:
+    path: /srv/mastodon
+    state: directory
+
+- name: Copy env file
+  copy:
+    src: "{{ role_path }}/mastodon.env"
+    dest: /srv/mastodon/mastodon.env
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/mastodon/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: mastodon
+    compose:
+      - /srv/mastodon/docker-stack.yml
diff --git a/ansible/roles/mastodon/vars/main.yml b/ansible/roles/mastodon/vars/main.yml
new file mode 100644
index 0000000..698d7eb
--- /dev/null
+++ b/ansible/roles/mastodon/vars/main.yml
@@ -0,0 +1,16 @@
+mastodon_postgres_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34643131323762373635383736636432643161646130373565333432323337646435656233383131
+  3066353734373938353162656335666536323265643162620a663562303636383737393061396331
+  30353538326333393031373736363933666636383866373763303237376561333061323131303062
+  3532316632613062310a343566393237363364613931353062636537663864383839623930383836
+  32613634616335616462336261303632646266326663383166366236643438616538626263343835
+  6539616439636364626466333163316164633631616132623665
+mastodon_redis_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35643365666261333939303162366366393933613034306438323031393763343065613034366331
+  3537383364313562623234363465363937613736616536360a323664306562653337616534313737
+  62343433333033376363386333663632663965373963386432316136376563383763623631326133
+  3430346364303334380a613932336534346437346539623864306233626265336663343565303866
+  33393665633236653536383636616537396432366532366438316135303437313736336536336264
+  3366643332306236376466386630666230366235333662663161