diff --git a/tasks/main.yml b/tasks/main.yml index 3c8f233..1786356 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,129 @@ --- # tasks file for ansible-role-mastodon +- name: Check if namespace exists + kubernetes.core.k8s_info: + api_version: v1 + kind: Namespace + name: mastodon + register: namespace_info + ignore_errors: yes + +- name: Set create_admin_user variable + set_fact: + create_admin_user: "{{ namespace_info.resources | length == 0 }}" + +- name: Deploy Mastodon + kubernetes.core.helm: + name: mastodon + chart_ref: bitnami/mastodon + release_namespace: mastodon + create_namespace: true + timeout: 600s + values: + metrics: + enabled: true + initJob: + migrateAndCreateAdmin: + createAdmin: "{{ create_admin_user }}" + precompileAssets: + resources: + requests: + cpu: 0m + memory: 0Mi + limits: + cpu: 1.5 + memory: 8192Mi + adminUser: mastodon_admin + adminEmail: mastodon_admin@eom.dev + adminPassword: "{{ mastodon_admin_password }}" + otpSecret: "{{ mastodon_otp_secret }}" + secretKeyBase: "{{ mastodon_secret_key_base }}" + vapidPrivateKey: "{{ mastodon_vapid_private_key }}" + vapidPublicKey: "{{ mastodon_vapid_public_key }}" + activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}" + activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}" + activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}" + useSecureWebSocket: true + extraConfig: + LDAP_ENABLED: "true" + LDAP_HOST: openldap.openldap.svc.cluster.local + LDAP_PORT: "389" + LDAP_METHOD: plain + LDAP_BASE: dc=eom,dc=dev + LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev + LDAP_PASSWORD: "{{ openldap_readonly_password }}" + LDAP_UID: uid + LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev)) + LDAP_MAIL: mail + OIDC_ENABLED: "true" + OIDC_DISPLAY_NAME: Google + OIDC_ISSUER: https://accounts.google.com + OIDC_DISCOVERY: "true" + OIDC_SCOPE: openid,profile,email + OIDC_UID_FIELD: + OIDC_CLIENT_ID: "{{ mastodon_google_oidc_client_id }}" + OIDC_CLIENT_SECRET: "{{ mastodon_google_oidc_client_secret }}" + OIDC_REDIRECT_URI: https://mastodon.eom.dev/auth/auth/openid_connect/callback + S3_HOSTNAME: minio.eom.dev + S3_BUCKET: mastodon + AWS_ACCESS_KEY_ID: "{{ mastodon_minio_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ mastodon_minio_secret_key }}" + localDomain: mastodon.eom.dev + smtp: + server: postfix.eom.dev + port: 587 + from_address: mastodon@eom.dev + domain: postfix.eom.dev + reply_to: mastodon@eom.dev + delivery_method: smtp + tls: true + auth_method: starttls + login: mastodon + password: "{{ mastodon_admin_password }}" + persistence: + enabled: true + size: 2Ti + redis: + enabled: true + auth: + password: "{{ mastodon_admin_password }}" + postgresql: + enabled: true + auth: + username: mastodon + password: "{{ mastodon_admin_password }}" + database: mastodon + primary: + persistence: + enabled: true + size: 2Ti + elasticsearch: + enabled: true + master: + persistence: + size: 2Ti + data: + persistence: + size: 2Ti + minio: + enabled: false + externalS3: + host: minio.eom.dev + accessKeyId: "{{ mastodon_minio_access_key }}" + accessKeySecret: "{{ mastodon_minio_secret_key }}" + apache: + service: + type: ClusterIP + ports: + http: 80 + ingress: + enabled: true + hostname: mastodon.eom.dev + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: ca-issuer + tls: + - hosts: + - mastodon.eom.dev + secretName: mastodon-tls +