--- # tasks file for mastodon - name: Deploy Mastodon kubernetes.core.helm: name: mastodon chart_ref: bitnami/mastodon release_namespace: mastodon create_namespace: true timeout: 600s values: metrics: enabled: true initJob: precompileAssets: resources: requests: cpu: 0m memory: 0Mi limits: cpu: 1.5 memory: 8192Mi adminUser: mastodon_admin adminEmail: mastodon_admin@postfix.eom.dev adminPassword: "{{ mastodon_admin_password }}" otpSecret: "{{ mastodon_otp_secret }}" secretKeyBase: "{{ mastodon_secret_key_base }}" vapidPrivateKey: "{{ mastodon_vapid_private_key }}" vapidPublicKey: "{{ mastodon_vapid_public_key }}" activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}" activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}" activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}" extraConfig: LDAP_ENABLED: "true" LDAP_HOST: openldap.openldap.svc.cluster.local LDAP_PORT: "389" LDAP_METHOD: plain LDAP_BASE: dc=eom,dc=dev LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev LDAP_PASSWORD: "{{ openldap_readonly_password }}" LDAP_UID: uid LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev)) LDAP_MAIL: mail localDomain: mastodon.eom.dev smtp: server: postfix.eom.dev port: 587 from_address: mastodon@postfix.eom.dev domain: postfix.eom.dev reply_to: mastodon@postfix.eom.dev delivery_method: smtp tls: true auth_method: starttls login: mastodon password: "{{ mastodon_admin_password }}" persistence: enabled: true size: 64Gi redis: enabled: true auth: password: "{{ mastodon_admin_password }}" postgresql: enabled: true auth: username: mastodon password: "{{ mastodon_admin_password }}" database: mastodon primary: persistence: enabled: true size: 2Ti elasticsearch: enabled: true master: persistence: size: 64Gi data: persistence: size: 512Gi minio: enabled: false externalS3: host: minio.eom.dev accessKeyId: mastodon accessKeySecret: "{{ mastodon_admin_password }}" bucket: mastodon apache: service: type: ClusterIP ports: http: 80 ingress: enabled: true hostname: mastodon.eom.dev annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: ca-issuer tls: - hosts: - mastodon.eom.dev secretName: mastodon-tls