--- # tasks file for ansible-role-mastodon - name: Check if namespace exists kubernetes.core.k8s_info: api_version: v1 kind: Namespace name: mastodon register: namespace_info ignore_errors: yes - name: Set create_admin_user variable set_fact: create_admin_user: "{{ namespace_info.resources | length == 0 }}" - name: Deploy Mastodon kubernetes.core.helm: name: mastodon chart_ref: bitnami/mastodon release_namespace: mastodon create_namespace: true timeout: 600s values: metrics: enabled: true initJob: migrateAndCreateAdmin: createAdmin: "{{ create_admin_user }}" precompileAssets: resources: requests: cpu: 0m memory: 0Mi limits: cpu: 1.5 memory: 8192Mi adminUser: mastodon_admin adminEmail: mastodon_admin@eom.dev adminPassword: "{{ mastodon_admin_password }}" otpSecret: "{{ mastodon_otp_secret }}" secretKeyBase: "{{ mastodon_secret_key_base }}" vapidPrivateKey: "{{ mastodon_vapid_private_key }}" vapidPublicKey: "{{ mastodon_vapid_public_key }}" activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}" activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}" activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}" useSecureWebSocket: true s3AliasHost: minio.eom.dev/mastodon extraConfig: LDAP_ENABLED: "true" LDAP_HOST: openldap.openldap.svc.cluster.local LDAP_PORT: "389" LDAP_METHOD: plain LDAP_BASE: dc=eom,dc=dev LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev LDAP_PASSWORD: "{{ openldap_readonly_password }}" LDAP_UID: uid LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev)) LDAP_MAIL: mail OIDC_ENABLED: "true" OIDC_DISPLAY_NAME: Google OIDC_ISSUER: https://accounts.google.com OIDC_DISCOVERY: "true" OIDC_SCOPE: openid,profile,email OIDC_UID_FIELD: OIDC_CLIENT_ID: "{{ mastodon_google_oidc_client_id }}" OIDC_CLIENT_SECRET: "{{ mastodon_google_oidc_client_secret }}" OIDC_REDIRECT_URI: https://mastodon.eom.dev/auth/auth/openid_connect/callback AWS_ACCESS_KEY_ID: "{{ mastodon_minio_access_key }}" AWS_SECRET_ACCESS_KEY: "{{ mastodon_minio_secret_key }}" localDomain: mastodon.eom.dev smtp: server: postfix.eom.dev port: 587 from_address: mastodon@eom.dev domain: postfix.eom.dev reply_to: mastodon@eom.dev delivery_method: smtp tls: true auth_method: starttls login: mastodon password: "{{ mastodon_admin_password }}" persistence: enabled: true size: 2Ti redis: enabled: true auth: password: "{{ mastodon_admin_password }}" postgresql: enabled: true auth: username: mastodon password: "{{ mastodon_admin_password }}" database: mastodon primary: persistence: enabled: true size: 2Ti elasticsearch: enabled: true master: persistence: size: 2Ti data: persistence: size: 2Ti minio: enabled: false externalS3: host: minio.eom.dev accessKeyId: "{{ mastodon_minio_access_key }}" accessKeySecret: "{{ mastodon_minio_secret_key }}" apache: service: type: ClusterIP ports: http: 80 ingress: enabled: true hostname: mastodon.eom.dev annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: ca-issuer tls: - hosts: - mastodon.eom.dev secretName: mastodon-tls