ansible-role-eom/tasks/mastodon.yaml

---
# tasks file for mastodon
- name: Deploy Mastodon
  kubernetes.core.helm:
    name: mastodon
    chart_ref: bitnami/mastodon
    release_namespace: mastodon
    create_namespace: true
    timeout: 600s
    values:
      metrics:
        enabled: true
      initJob:
        precompileAssets:
          resources:
            requests:
              cpu: 0m
              memory: 0Mi
            limits:
              cpu: 1.5
              memory: 3072Mi
      adminUser: mastodon
      adminEmail: mastodon@postfix.eom.dev
      adminPassword: "{{ mastodon_admin_password }}"
      extraConfig:
        LDAP_ENABLED: "true"
        LDAP_HOST: openldap.openldap.svc.cluster.local
        LDAP_PORT: "389"
        LDAP_METHOD: plain
        LDAP_BASE: dc=eom,dc=dev
        LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev
        LDAP_PASSWORD: "{{ openldap_readonly_password }}"
        LDAP_UID: uid
        LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{username})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev))
        LDAP_MAIL: mail
      enableS3: false
      localDomain: mastodon.eom.dev
      smtp:
        server: postfix.eom.dev
        port: 587
        from_address: mastodon@postfix.eom.dev
        domain: postfix.eom.dev
        reply_to: mastodon@postfix.eom.dev
        delivery_method: smtp
        tls: true
        auth_method: starttls
        login: mastodon
        password: "{{ mastodon_admin_password }}"
      persistence:
        enabled: true
        size: 8Ti
      redis:
        enabled: true
        auth:
          password: "{{ redis_auth_password }}"
      postgresql:
        enabled: false
      externalDatabase:
        host: postgresql-postgresql-ha-pgpool.postgresql.svc.cluster.local
        user: mastodon
        password: "{{ mastodon_admin_password }}"
        database: mastodon
        port: 5432
      elasticsearch:
        enabled: false
      externalElasticsearch:
        host: elasticsearch.elasticsearch.svc.cluster.local
        port: 9200
      minio:
        enabled: false
      apache:
        service:
          type: ClusterIP 
          ports:
            http: 80
        ingress:
          enabled: true
          hostname: mastodon.eom.dev
          annotations:
            kubernetes.io/ingress.class: nginx
            cert-manager.io/cluster-issuer: ca-issuer
          tls:
            - hosts:
              - mastodon.eom.dev
              secretName: mastodon-tls