130 lines
4.1 KiB
YAML
130 lines
4.1 KiB
YAML
---
|
|
# tasks file for ansible-role-mastodon
|
|
- name: Check if namespace exists
|
|
kubernetes.core.k8s_info:
|
|
api_version: v1
|
|
kind: Namespace
|
|
name: mastodon
|
|
register: namespace_info
|
|
ignore_errors: yes
|
|
|
|
- name: Set create_admin_user variable
|
|
set_fact:
|
|
create_admin_user: "{{ namespace_info.resources | length == 0 }}"
|
|
|
|
- name: Deploy Mastodon
|
|
kubernetes.core.helm:
|
|
name: mastodon
|
|
chart_ref: bitnami/mastodon
|
|
release_namespace: mastodon
|
|
create_namespace: true
|
|
timeout: 600s
|
|
values:
|
|
metrics:
|
|
enabled: true
|
|
initJob:
|
|
migrateAndCreateAdmin:
|
|
createAdmin: "{{ create_admin_user }}"
|
|
precompileAssets:
|
|
resources:
|
|
requests:
|
|
cpu: 0m
|
|
memory: 0Mi
|
|
limits:
|
|
cpu: 1.5
|
|
memory: 8192Mi
|
|
adminUser: mastodon_admin
|
|
adminEmail: mastodon_admin@eom.dev
|
|
adminPassword: "{{ mastodon_admin_password }}"
|
|
otpSecret: "{{ mastodon_otp_secret }}"
|
|
secretKeyBase: "{{ mastodon_secret_key_base }}"
|
|
vapidPrivateKey: "{{ mastodon_vapid_private_key }}"
|
|
vapidPublicKey: "{{ mastodon_vapid_public_key }}"
|
|
activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}"
|
|
activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}"
|
|
activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}"
|
|
useSecureWebSocket: true
|
|
extraConfig:
|
|
LDAP_ENABLED: "true"
|
|
LDAP_HOST: openldap.openldap.svc.cluster.local
|
|
LDAP_PORT: "389"
|
|
LDAP_METHOD: plain
|
|
LDAP_BASE: dc=eom,dc=dev
|
|
LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev
|
|
LDAP_PASSWORD: "{{ openldap_readonly_password }}"
|
|
LDAP_UID: uid
|
|
LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev))
|
|
LDAP_MAIL: mail
|
|
OIDC_ENABLED: "true"
|
|
OIDC_DISPLAY_NAME: Google
|
|
OIDC_ISSUER: https://accounts.google.com
|
|
OIDC_DISCOVERY: "true"
|
|
OIDC_SCOPE: openid,profile,email
|
|
OIDC_UID_FIELD:
|
|
OIDC_CLIENT_ID: "{{ mastodon_google_oidc_client_id }}"
|
|
OIDC_CLIENT_SECRET: "{{ mastodon_google_oidc_client_secret }}"
|
|
OIDC_REDIRECT_URI: https://mastodon.eom.dev/auth/auth/openid_connect/callback
|
|
S3_HOSTNAME: minio.eom.dev
|
|
S3_BUCKET: mastodon
|
|
AWS_ACCESS_KEY_ID: "{{ mastodon_minio_access_key }}"
|
|
AWS_SECRET_ACCESS_KEY: "{{ mastodon_minio_secret_key }}"
|
|
localDomain: mastodon.eom.dev
|
|
smtp:
|
|
server: postfix.eom.dev
|
|
port: 587
|
|
from_address: mastodon@eom.dev
|
|
domain: postfix.eom.dev
|
|
reply_to: mastodon@eom.dev
|
|
delivery_method: smtp
|
|
tls: true
|
|
auth_method: starttls
|
|
login: mastodon
|
|
password: "{{ mastodon_admin_password }}"
|
|
persistence:
|
|
enabled: true
|
|
size: 2Ti
|
|
redis:
|
|
enabled: true
|
|
auth:
|
|
password: "{{ mastodon_admin_password }}"
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
username: mastodon
|
|
password: "{{ mastodon_admin_password }}"
|
|
database: mastodon
|
|
primary:
|
|
persistence:
|
|
enabled: true
|
|
size: 2Ti
|
|
elasticsearch:
|
|
enabled: true
|
|
master:
|
|
persistence:
|
|
size: 2Ti
|
|
data:
|
|
persistence:
|
|
size: 2Ti
|
|
minio:
|
|
enabled: false
|
|
externalS3:
|
|
host: minio.eom.dev
|
|
accessKeyId: "{{ mastodon_minio_access_key }}"
|
|
accessKeySecret: "{{ mastodon_minio_secret_key }}"
|
|
apache:
|
|
service:
|
|
type: ClusterIP
|
|
ports:
|
|
http: 80
|
|
ingress:
|
|
enabled: true
|
|
hostname: mastodon.eom.dev
|
|
annotations:
|
|
kubernetes.io/ingress.class: nginx
|
|
cert-manager.io/cluster-issuer: ca-issuer
|
|
tls:
|
|
- hosts:
|
|
- mastodon.eom.dev
|
|
secretName: mastodon-tls
|
|
|