Migrate tasks/main.yaml from ansible-role-eom

2025-07-01 09:46:53 -04:00 · 2025-07-01 09:46:53 -04:00 · 42dcd5f8ea
commit 42dcd5f8ea
parent 55ce3d4a28
1 changed files with 127 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,2 +1,129 @@
 ---
 # tasks file for ansible-role-mastodon
+- name: Check if namespace exists
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Namespace
+    name: mastodon
+  register: namespace_info
+  ignore_errors: yes
+
+- name: Set create_admin_user variable
+  set_fact:
+    create_admin_user: "{{ namespace_info.resources | length == 0 }}"
+
+- name: Deploy Mastodon
+  kubernetes.core.helm:
+    name: mastodon
+    chart_ref: bitnami/mastodon
+    release_namespace: mastodon
+    create_namespace: true
+    timeout: 600s
+    values:
+      metrics:
+        enabled: true
+      initJob:
+        migrateAndCreateAdmin:
+          createAdmin: "{{ create_admin_user }}"
+        precompileAssets:
+          resources:
+            requests:
+              cpu: 0m
+              memory: 0Mi
+            limits:
+              cpu: 1.5
+              memory: 8192Mi
+      adminUser: mastodon_admin
+      adminEmail: mastodon_admin@eom.dev
+      adminPassword: "{{ mastodon_admin_password }}"
+      otpSecret: "{{ mastodon_otp_secret }}"
+      secretKeyBase: "{{ mastodon_secret_key_base }}"
+      vapidPrivateKey: "{{ mastodon_vapid_private_key }}"
+      vapidPublicKey: "{{ mastodon_vapid_public_key }}"
+      activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}"
+      activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}"
+      activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}"
+      useSecureWebSocket: true
+      extraConfig:
+        LDAP_ENABLED: "true"
+        LDAP_HOST: openldap.openldap.svc.cluster.local
+        LDAP_PORT: "389"
+        LDAP_METHOD: plain
+        LDAP_BASE: dc=eom,dc=dev
+        LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev
+        LDAP_PASSWORD: "{{ openldap_readonly_password }}"
+        LDAP_UID: uid
+        LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev))
+        LDAP_MAIL: mail
+        OIDC_ENABLED: "true"
+        OIDC_DISPLAY_NAME: Google
+        OIDC_ISSUER: https://accounts.google.com
+        OIDC_DISCOVERY: "true"
+        OIDC_SCOPE: openid,profile,email
+        OIDC_UID_FIELD:
+        OIDC_CLIENT_ID: "{{ mastodon_google_oidc_client_id }}"
+        OIDC_CLIENT_SECRET: "{{ mastodon_google_oidc_client_secret }}"
+        OIDC_REDIRECT_URI: https://mastodon.eom.dev/auth/auth/openid_connect/callback
+        S3_HOSTNAME: minio.eom.dev
+        S3_BUCKET: mastodon
+        AWS_ACCESS_KEY_ID: "{{ mastodon_minio_access_key }}"
+        AWS_SECRET_ACCESS_KEY: "{{ mastodon_minio_secret_key }}"
+      localDomain: mastodon.eom.dev
+      smtp:
+        server: postfix.eom.dev
+        port: 587
+        from_address: mastodon@eom.dev
+        domain: postfix.eom.dev
+        reply_to: mastodon@eom.dev
+        delivery_method: smtp
+        tls: true
+        auth_method: starttls
+        login: mastodon
+        password: "{{ mastodon_admin_password }}"
+      persistence:
+        enabled: true
+        size: 2Ti
+      redis:
+        enabled: true
+        auth:
+          password: "{{ mastodon_admin_password }}"
+      postgresql:
+        enabled: true
+        auth:
+          username: mastodon
+          password: "{{ mastodon_admin_password }}"
+          database: mastodon
+        primary:
+          persistence:
+            enabled: true
+            size: 2Ti
+      elasticsearch:
+        enabled: true
+        master:
+          persistence:
+            size: 2Ti
+        data:
+          persistence:
+            size: 2Ti
+      minio:
+        enabled: false
+      externalS3:
+        host: minio.eom.dev
+        accessKeyId: "{{ mastodon_minio_access_key }}"
+        accessKeySecret: "{{ mastodon_minio_secret_key }}"
+      apache:
+        service:
+          type: ClusterIP
+          ports:
+            http: 80
+        ingress:
+          enabled: true
+          hostname: mastodon.eom.dev
+          annotations:
+            kubernetes.io/ingress.class: nginx
+            cert-manager.io/cluster-issuer: ca-issuer
+          tls:
+            - hosts:
+              - mastodon.eom.dev
+              secretName: mastodon-tls
+