-
-
Notifications
You must be signed in to change notification settings - Fork 60
/
mastodon-postflight.yml
167 lines (145 loc) · 5.71 KB
/
mastodon-postflight.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
- name: Bundle install
shell: "
~/.rbenv/shims/bundle config set --local deployment 'true' && \
~/.rbenv/shims/bundle config set --local without 'test' && \
~/.rbenv/shims/bundle config set --local with 'development' && \
~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN)
"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
- name: Yarn install
command: yarn install --pure-lockfile
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
- name: Install systemd sidekiq Service Files
template:
src: ../files/systemd/mastodon-sidekiq.service.j2
dest: /etc/systemd/system/mastodon-sidekiq.service
become: true
become_user: root
- name: Install systemd web Service Files
template:
src: ../files/systemd/mastodon-web.service.j2
dest: /etc/systemd/system/mastodon-web.service
become: true
become_user: root
- name: Install systemd streaming Service Files
template:
src: ../files/systemd/mastodon-streaming.service.j2
dest: /etc/systemd/system/mastodon-streaming.service
become: true
become_user: root
- name: Media cleanup cronjob
cron:
name: "media cleanup"
minute: "15"
hour: "1"
job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove'''
- stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production
register: production_config
- name: Generate SECRET_KEY_BASE secret
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake secret"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
register: secret_key_base
when: not production_config.stat.exists
- name: Generate OTP_SECRET secret
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake secret"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
register: otp_secret
when: not production_config.stat.exists
- name: "Generate VAPID key pair into {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp"
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake mastodon:webpush:generate_vapid_key > {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | head -1 | cut -c 19-"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when: not production_config.stat.exists
- name: Get VAPID_PRIVATE_KEY secret
shell: "cat {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | head -1 | cut -c 19-"
register: vapid_private_key
when: not production_config.stat.exists
- name: Get VAPID_PUBLIC_KEY secret
shell: "cat {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | tail -1 | cut -c 18-"
register: vapid_public_key
when: not production_config.stat.exists
- name: Ensure that the file used for vapid keypair generation is removed.
ansible.builtin.file:
path: "{{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp"
state: absent
- name: Install Production env file
template:
src: files/mastodon/env.production.j2
dest: "{{ mastodon_home }}/{{ mastodon_path }}/.env.production"
when: not production_config.stat.exists
- name: Create database
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:setup"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
environment:
SAFETY_ASSURED: 1
when: not production_config.stat.exists
- name: Migrate database
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when: production_config.stat.exists
- name: Ensure that we have correct file permissions with owner being the user and NGINX being the group
become: yes
become_user: root
file:
path: "{{ mastodon_home }}/{{ mastodon_path }}"
owner: "{{ mastodon_user }}"
group: "nginx"
recurse: yes
when:
- ansible_os_family == "RedHat"
- name: Ensure that we have correct file permissions with owner being the user and www-data being the group
become: yes
become_user: root
file:
path: "{{ mastodon_home }}/{{ mastodon_path }}"
owner: "{{ mastodon_user }}"
group: "www-data"
recurse: yes
when:
- ansible_os_family == "Debian"
- name: Ensure that we have correct selinux context permissions for RedHat systems
become: yes
become_user: root
community.general.sefcontext:
target: '{{ mastodon_home }}/{{ mastodon_path }}/public(/.*)?'
setype: httpd_sys_content_t
state: present
when:
- ansible_os_family == "RedHat"
- name: restore selinux condition on RedHat systems
become: yes
become_user: root
ansible.builtin.command: restorecon -irv {{ mastodon_home }}/{{ mastodon_path }}/public
when:
- ansible_os_family == "RedHat"
#https://github.com/nodejs/node/issues/40455
#It's possible that this is a bug with ruby 3.0.3 and gets fixed with Mastodon 4.0.0
- name: Precompile assets with Legacy OpenSSL provider for RHEL9
shell: "NODE_OPTIONS=--openssl-legacy-provider RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when:
- ansible_os_family == "RedHat"
- ansible_facts['distribution_major_version'] == "9"
- name: Precompile assets
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when: not ((ansible_os_family == "RedHat" ) and ansible_facts['distribution_major_version'] == "9")
#We are installing new .env file, checking if .env file exists no longer required
# when: production_config.stat.exists
- name: "Start and enable Mastodon services"
become: yes
#Workaround for "Interactive authentication required" issue
become_user: root
service: "name={{ item }} state=started enabled=yes"
with_items:
- mastodon-web.service
- mastodon-streaming.service
- mastodon-sidekiq.service