infrastructure/roles/mastodon/tasks/main.yml

---
# Tasks file for the mastodon role

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
# Copyright (C) 2020       Alexander Wellbrock
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

- name: Update default SELinux contexts
  community.general.sefcontext:
    target: '{{ item }}(/.*)?'
    setype: "container_file_t"
    state: present
  with_items:
    - "{{ mastodon_database_location }}"
    - "{{ mastodon_public_location }}"
    - "{{ mastodon_redis_location }}"
    - "{{ mastodon_elastic_location }}"
    - "{{ mastodon_nginx_location }}"
  become: true

- name: Create install directory
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: '0700'
    owner: 'root'
    group: 'root'
  with_items:
    - "{{ mastodon_install_location }}"
  become: true

- name: Create data directories
  ansible.builtin.file:  # noqa risky-file-permissions # Container manages permissions on its own
    path: "{{ item }}"
    state: directory
    setype: "container_file_t"
  with_items:
    - "{{ mastodon_database_location }}"
    - "{{ mastodon_public_location }}"
    - "{{ mastodon_redis_location }}"
    - "{{ mastodon_elastic_location }}"
    - "{{ mastodon_nginx_location }}"
  become: true

- name: Create public data directory
  ansible.builtin.file:
    path: "{{ mastodon_public_location }}/system"
    mode: '0755'
    owner: '991'
    group: '991'
    state: directory
    setype: "container_file_t"
  become: true

- name: Deploy nginx proxy config file
  ansible.builtin.template:
    src: "default.conf"
    dest: "{{ mastodon_nginx_location }}/default.conf"
    mode: '0600'
    owner: 'root'
    group: 'root'
  become: true

- name: Check if migration is needed
  ansible.builtin.command: "grep -q 'tootsuite/mastodon:{{ mastodon_image_version }}' '{{ mastodon_install_location }}/docker-compose.yml'"
  register: mastodon_version_fact
  ignore_errors: true
  changed_when: mastodon_version_fact.rc > 0
  failed_when: false
  become: true
  notify: ["Pull mastodon image", "Stop mastodon for upgrade"]

- name: Immediately run / flush Ansible handlers
  ansible.builtin.meta: "flush_handlers"

- name: Deploy config
  ansible.builtin.template:
    src: ".env.production"
    dest: "{{ mastodon_install_location }}/.env.production"
    mode: '0600'
    owner: 'root'
    group: 'root'
  tags:
    - mastodon
  become: true

- name: Deploy docker-compose.yml
  ansible.builtin.template:
    src: "docker-compose.yml"
    dest: "{{ mastodon_install_location }}/docker-compose.yml"
    mode: '0600'
    owner: 'root'
    group: 'root'
    validate: docker-compose -f %s config -q
  tags:
    - mastodon
  become: true

- name: Migrate database
  ansible.builtin.command: "docker-compose run --rm web rails db:migrate"
  args:
    chdir: "{{ mastodon_install_location }}"
  when:
    # noqa no-handler
    - mastodon_version_fact is changed
  tags:
    - docker
    - mastodon
  become: true
  environment:
    PYTHONPATH: ""

- name: Clear cache
  ansible.builtin.command: docker-compose run --rm web bin/tootctl cache clear
  args:
    chdir: "{{ mastodon_install_location }}"
  when:
    # noqa no-handler
    - mastodon_version_fact is changed
  tags:
    - docker
    - mastodon
  become: true
  environment:
    PYTHONPATH: ""

- name: Compose mastodon
  community.docker.docker_compose:
    state: present
    project_src: "{{ mastodon_install_location }}"
    pull: true
    remove_orphans: true
  tags:
    - docker
    - mastodon
  become: true
Initial commit 2020-08-10 01:37:13 +02:00			`---`
			`# Tasks file for the mastodon role`

			`# Infrastructure`
			`# Ansible instructions to deploy the infrastructure`
			`# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern`
			`# Copyright (C) 2020 Alexander Wellbrock`
			`# Copyright (C) 2020 Saibotk`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, version 3 of the License.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`- name: Update default SELinux contexts`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`community.general.sefcontext:`
Initial commit 2020-08-10 01:37:13 +02:00			`target: '{{ item }}(/.*)?'`
			`setype: "container_file_t"`
			`state: present`
			`with_items:`
			`- "{{ mastodon_database_location }}"`
			`- "{{ mastodon_public_location }}"`
			`- "{{ mastodon_redis_location }}"`
			`- "{{ mastodon_elastic_location }}"`
			`- "{{ mastodon_nginx_location }}"`
			`become: true`

			`- name: Create install directory`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.file:`
Initial commit 2020-08-10 01:37:13 +02:00			`path: "{{ item }}"`
			`state: directory`
mastodon: Adjust directory permissions This patch reduces the permissions on the install directory to just the root user and also fixes the ansible-lint issue by specifying the `mode`. For all container mounted volumes, the ansible-lint rule is disabled, as the container takes care of the permissions etc. 2020-09-26 21:36:25 +02:00			`mode: '0700'`
			`owner: 'root'`
			`group: 'root'`
Initial commit 2020-08-10 01:37:13 +02:00			`with_items:`
			`- "{{ mastodon_install_location }}"`
			`become: true`

			`- name: Create data directories`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.file: # noqa risky-file-permissions # Container manages permissions on its own`
Initial commit 2020-08-10 01:37:13 +02:00			`path: "{{ item }}"`
			`state: directory`
			`setype: "container_file_t"`
			`with_items:`
			`- "{{ mastodon_database_location }}"`
			`- "{{ mastodon_public_location }}"`
			`- "{{ mastodon_redis_location }}"`
			`- "{{ mastodon_elastic_location }}"`
			`- "{{ mastodon_nginx_location }}"`
			`become: true`

			`- name: Create public data directory`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.file:`
Initial commit 2020-08-10 01:37:13 +02:00			`path: "{{ mastodon_public_location }}/system"`
mastodon: Adjust directory permissions This patch reduces the permissions on the install directory to just the root user and also fixes the ansible-lint issue by specifying the `mode`. For all container mounted volumes, the ansible-lint rule is disabled, as the container takes care of the permissions etc. 2020-09-26 21:36:25 +02:00			`mode: '0755'`
			`owner: '991'`
			`group: '991'`
Initial commit 2020-08-10 01:37:13 +02:00			`state: directory`
			`setype: "container_file_t"`
			`become: true`

			`- name: Deploy nginx proxy config file`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.template:`
Initial commit 2020-08-10 01:37:13 +02:00			`src: "default.conf"`
			`dest: "{{ mastodon_nginx_location }}/default.conf"`
			`mode: '0600'`
			`owner: 'root'`
			`group: 'root'`
			`become: true`

			`- name: Check if migration is needed`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.command: "grep -q 'tootsuite/mastodon:{{ mastodon_image_version }}' '{{ mastodon_install_location }}/docker-compose.yml'"`
Initial commit 2020-08-10 01:37:13 +02:00			`register: mastodon_version_fact`
Fix yamllint issues 2021-03-05 13:02:55 +01:00			`ignore_errors: true`
Initial commit 2020-08-10 01:37:13 +02:00			`changed_when: mastodon_version_fact.rc > 0`
			`failed_when: false`
			`become: true`
format: Satisfy ansible-lint This patch makes minor formatting adjustments & adds handlers to mastodon where appropriate to satisfy ansible-lint. 2021-09-14 01:45:22 +02:00			`notify: ["Pull mastodon image", "Stop mastodon for upgrade"]`
Initial commit 2020-08-10 01:37:13 +02:00
format: Satisfy ansible-lint This patch makes minor formatting adjustments & adds handlers to mastodon where appropriate to satisfy ansible-lint. 2021-09-14 01:45:22 +02:00			`- name: Immediately run / flush Ansible handlers`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.meta: "flush_handlers"`
Initial commit 2020-08-10 01:37:13 +02:00
			`- name: Deploy config`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.template:`
Initial commit 2020-08-10 01:37:13 +02:00			`src: ".env.production"`
			`dest: "{{ mastodon_install_location }}/.env.production"`
			`mode: '0600'`
			`owner: 'root'`
			`group: 'root'`
			`tags:`
			`- mastodon`
			`become: true`

			`- name: Deploy docker-compose.yml`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.template:`
Initial commit 2020-08-10 01:37:13 +02:00			`src: "docker-compose.yml"`
			`dest: "{{ mastodon_install_location }}/docker-compose.yml"`
			`mode: '0600'`
			`owner: 'root'`
			`group: 'root'`
Roles: Validate using the local docker-compose instead of python cmd This will make it easier to migrate to other systems that do not have python2 etc installed 2021-01-02 04:46:15 +01:00			`validate: docker-compose -f %s config -q`
Initial commit 2020-08-10 01:37:13 +02:00			`tags:`
			`- mastodon`
			`become: true`

			`- name: Migrate database`
ansible-lint: Fix various new issues 2022-11-02 21:57:13 +01:00			`ansible.builtin.command: "docker-compose run --rm web rails db:migrate"`
Initial commit 2020-08-10 01:37:13 +02:00			`args:`
			`chdir: "{{ mastodon_install_location }}"`
			`when:`
format: Satisfy ansible-lint This patch makes minor formatting adjustments & adds handlers to mastodon where appropriate to satisfy ansible-lint. 2021-09-14 01:45:22 +02:00			`# noqa no-handler`
Initial commit 2020-08-10 01:37:13 +02:00			`- mastodon_version_fact is changed`
			`tags:`
			`- docker`
			`- mastodon`
			`become: true`
			`environment:`
ansible-lint: Fix various new issues 2022-11-02 21:57:13 +01:00			`PYTHONPATH: ""`
Initial commit 2020-08-10 01:37:13 +02:00
			`- name: Clear cache`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`ansible.builtin.command: docker-compose run --rm web bin/tootctl cache clear`
Initial commit 2020-08-10 01:37:13 +02:00			`args:`
			`chdir: "{{ mastodon_install_location }}"`
			`when:`
format: Satisfy ansible-lint This patch makes minor formatting adjustments & adds handlers to mastodon where appropriate to satisfy ansible-lint. 2021-09-14 01:45:22 +02:00			`# noqa no-handler`
Initial commit 2020-08-10 01:37:13 +02:00			`- mastodon_version_fact is changed`
			`tags:`
			`- docker`
			`- mastodon`
			`become: true`
			`environment:`
ansible-lint: Fix various new issues 2022-11-02 21:57:13 +01:00			`PYTHONPATH: ""`
Initial commit 2020-08-10 01:37:13 +02:00
			`- name: Compose mastodon`
Use FQCN in all tasks 2022-08-13 17:50:54 +02:00			`community.docker.docker_compose:`
Initial commit 2020-08-10 01:37:13 +02:00			`state: present`
			`project_src: "{{ mastodon_install_location }}"`
Fix yamllint issues 2021-03-05 13:02:55 +01:00			`pull: true`
			`remove_orphans: true`
Initial commit 2020-08-10 01:37:13 +02:00			`tags:`
			`- docker`
			`- mastodon`
			`become: true`