ansible-role-pixelfed/tasks/main.yml

#SPDX-License-Identifier: MIT-0
---
# tasks file for ansible-role-pixelfed
- name: Add Small Hack repo
  kubernetes.core.helm_repository:
    name: small-hack-pixelfed
    repo_url: https://small-hack.github.io/pixelfed-chart
  register: repo

- name: Update Helm repos
  command: helm repo update
  when: repo.changed

- name: Deploy Pixelfed
  kubernetes.core.helm:
    name: pixelfed
    chart_ref: https://gitea.eom.dev/DevOps/helm-pixelfed/releases/download/v1.0.0/helm-pixelfed-v1.0.0.tar.gz
    release_namespace: pixelfed
    create_namespace: true
    values:
      image:
        repository: mattlqx/docker-pixelfed
        tag: v0.12.7-nginx
      ingress:
        enabled: true
        annotations: 
          cert-manager.io/cluster-issuer: ca-issuer
        className: "nginx"
        hosts:
          - host: pixelfed.eom.dev
            paths:
              - path: /
                pathType: ImplementationSpecific
        tls:
          - secretName: pixelfed-tls
            hosts:
              - pixelfed.eom.dev
      autoscaling:
        enabled: false
        minReplicas: 1
        maxReplicas: 100
        targetCPUUtilizationPercentage: 80
      valkey:
        enabled: true
        image:
          repository: bitnamilegacy/valkey
        fullnameOverride: "valkey"
        global:
          storageClass: "r720-nfs-client"
          security:
            allowInsecureImages: true
          valkey:
            password: "{{ pixelfed_valkey_password }}"
        auth:
          enabled: true
          existingSecret: ""
          existingSecretPasswordKey: "password"
      postgresql:
        enabled: true
        image:
          repository: bitnamilegacy/postgresql
        fullnameOverride: "postgresql"
        global:
          storageClass: "nfs-client"
          security:
            allowInsecureImages: true
        volumePermissions:
          enabled: false
      phpConfigs: {}
        # www.conf: |-
        #   [www]
        #   user = www-data
        #   group = www-data
        #   security.limit_extensions = .php .css .js .html
        #   pm = dynamic
        #   pm.max_children = 350
        #   pm.start_servers = 100
        #   pm.min_spare_servers = 100
        #   pm.max_spare_servers = 280
      persistence:
        enabled: true
        storageClassName: "nfs-client"
        storage: 2Ti
        accessModes:
          - ReadWriteOnce
      pixelfed:
        db:
          connection: pgsql
          apply_new_migrations_automatically: false
        filesystem:
          # -- Many applications store files both locally and in the cloud.
          # For this reason, you may specify a default “cloud” driver here.
          # This driver will be bound as the Cloud disk implementation in the container.
          cloud: "s3"
          driver: "local"
        covid:
          enable_label: false
        banned_usernames: ""
        media_delete_local_after_cloud: true
        timezone: "america/new_york"
        app:
          key: "{{ pixelfed_app_key }}"
          name: "Pixelfed"
          env: "production"
          url: "https://pixelfed.eom.dev"
          locale: "en"
          domain: "pixelfed.eom.dev"
        laravel:
          log_channel: stack
          log_level: "debug"
        open_registration: true
        enforce_email_verification: true
        min_password_length: 14
        account_deletion: true
        oauth_enabled: true
        stories_enabled: true
        custom_emoji: false
        custom_emoji_max_size: 2000000
        media_types: "image/jpeg,image/png,image/gif"
        enable_config_cache: true
        image_quality: 100
        max_account_size: 1000000
        max_photo_size: 15000
        max_avatar_size: 2000
        max_caption_length: 1000
        max_bio_length: 256
        max_name_length: 32
        max_album_length: 6
        force_https_urls: true
        exp_loops: false
        image_driver: "gd"
        instance:
          description: "Pixelfed on eom.dev"
          discover_public: true
          public_hashtags: true
          contact_form: false
          contact_email: ""
          contact_max_per_day: 1
          profile_embeds: true
          post_embeds: true
          cur_reg: false
          show_peers: false
          reports:
            email_enabled: false
            email_addresses: []
            email_autospam: false
          landing:
            show_directory: true
            show_explore: true
        pf:
          hide_nsfw_on_public_feeds: false
          local_avatar_to_cloud: true
          admin_invites_enabled: true
          max_user_blocks: 50
          max_user_mutes: 50
          max_domain_blocks: 50
          enable_cloud: true
          max_users: 1000
          enforce_max_users: 2000
          optimize_images: true
          optimize_videos: true
          max_collection_length: 100
        activity_pub:
          enabled: true
          remote_follow: true
          inbox: true
          outbox: true
          sharedinbox: true
          logger_enabled: true
        atom_feeds: "true"
        nodeinfo: "true"
        webfinger: "true"
        mail:
          driver: smtp
          host: postfix.eom.dev
          port: 587
          username: "pixelfed"
          password: "{{ pixelfed_admin_password }}"
          encryption: "tls"
          from_address: "pixelfed@eom.dev"
          from_name: "Pixelfed"
        s3:
          url: "https://minio.eom.dev"
          endpoint: "minio.eom.dev"
          bucket: "pixelfed"
          region: "us-east-1"
          access_key_id: "{{ pixelfed_minio_access_key }}"
          secret_access_key: "{{ pixelfed_minio_secret_key }}"
          use_path_style_endpoint: true