Allow playbook to be run for updates as well as install. #9
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
# This role copies over the user-edited .env.production,
|
||||||
|
# and runs the database setup
|
||||||
|
|
||||||
|
- name: Generate PAPERCLIP_SECRET and register it
|
||||||
|
shell: cd /home/mastodon/live && bundle exec rake secret
|
||||||
|
register: PAPERCLIP_SECRET
|
||||||
|
environment:
|
||||||
|
RAILS_ENV: production
|
||||||
|
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
become: true
|
||||||
|
become_user: mastodon
|
||||||
|
- name: Generate SECRET_KEY_BASE and register it
|
||||||
|
shell: cd /home/mastodon/live && bundle exec rake secret
|
||||||
|
register: SECRET_KEY_BASE
|
||||||
|
environment:
|
||||||
|
RAILS_ENV: production
|
||||||
|
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
become: true
|
||||||
|
become_user: mastodon
|
||||||
|
- name: Generate OTP_SECRET and register it
|
||||||
|
shell: cd /home/mastodon/live && bundle exec rake secret
|
||||||
|
register: OTP_SECRET
|
||||||
|
environment:
|
||||||
|
RAILS_ENV: production
|
||||||
|
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
become: true
|
||||||
|
become_user: mastodon
|
||||||
|
- name: Generate VAPID keys and register it
|
||||||
|
shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key
|
||||||
|
register: VAPID_KEYS
|
||||||
|
environment:
|
||||||
|
RAILS_ENV: production
|
||||||
|
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
||||||
|
SECRET_KEY_BASE: '0'
|
||||||
|
OTP_SECRET: '{{ OTP_SECRET.stdout }}'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
become: true
|
||||||
|
become_user: mastodon
|
||||||
|
- name: Copy Mastodon .env.production
|
||||||
|
template:
|
||||||
|
src: .env.production
|
||||||
|
dest: /home/mastodon/live/.env.production
|
||||||
|
become: true
|
||||||
|
become_user: mastodon
|
||||||
|
- name: Run Mastodon database setup
|
||||||
|
shell: cd /home/mastodon/live && bundle exec rails db:setup
|
||||||
|
environment:
|
||||||
|
RAILS_ENV: production
|
||||||
|
SAFETY_ASSURED: 1
|
||||||
|
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
become: true
|
||||||
|
become_user: mastodon
|
|
@ -1,11 +1,13 @@
|
||||||
---
|
---
|
||||||
# This role copies over the user-edited .env.production, runs the database
|
# This role pre-compiles assets, starts Mastodon daemons,
|
||||||
# setup, pre-compiles assets, starts Mastodon daemons, adds media cleanup
|
# adds media cleanup cron job
|
||||||
# cron job
|
|
||||||
|
|
||||||
- name: Generate PAPERCLIP_SECRET and register it
|
- name: Run install tasks
|
||||||
shell: cd /home/mastodon/live && bundle exec rake secret
|
include_tasks: install.yml
|
||||||
register: PAPERCLIP_SECRET
|
when: install is defined
|
||||||
|
- name: Run Mastodon database migration
|
||||||
|
when: install is not defined
|
||||||
|
shell: cd /home/mastodon/live && bundle exec rails db:migrate
|
||||||
environment:
|
environment:
|
||||||
RAILS_ENV: production
|
RAILS_ENV: production
|
||||||
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
||||||
|
@ -13,44 +15,6 @@
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
become: true
|
become: true
|
||||||
become_user: mastodon
|
become_user: mastodon
|
||||||
- name: Generate SECRET_KEY_BASE and register it
|
|
||||||
shell: cd /home/mastodon/live && bundle exec rake secret
|
|
||||||
register: SECRET_KEY_BASE
|
|
||||||
environment:
|
|
||||||
RAILS_ENV: production
|
|
||||||
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
become: true
|
|
||||||
become_user: mastodon
|
|
||||||
- name: Generate OTP_SECRET and register it
|
|
||||||
shell: cd /home/mastodon/live && bundle exec rake secret
|
|
||||||
register: OTP_SECRET
|
|
||||||
environment:
|
|
||||||
RAILS_ENV: production
|
|
||||||
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
become: true
|
|
||||||
become_user: mastodon
|
|
||||||
- name: Generate VAPID keys and register it
|
|
||||||
shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key
|
|
||||||
register: VAPID_KEYS
|
|
||||||
environment:
|
|
||||||
RAILS_ENV: production
|
|
||||||
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
|
||||||
SECRET_KEY_BASE: '0'
|
|
||||||
OTP_SECRET: '{{ OTP_SECRET.stdout }}'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
become: true
|
|
||||||
become_user: mastodon
|
|
||||||
- name: Copy Mastodon .env.production
|
|
||||||
template:
|
|
||||||
src: .env.production
|
|
||||||
dest: /home/mastodon/live/.env.production
|
|
||||||
become: true
|
|
||||||
become_user: mastodon
|
|
||||||
- name: Precompile Mastodon static assets
|
- name: Precompile Mastodon static assets
|
||||||
shell: cd /home/mastodon/live && bundle exec rails assets:precompile
|
shell: cd /home/mastodon/live && bundle exec rails assets:precompile
|
||||||
environment:
|
environment:
|
||||||
|
@ -60,16 +24,6 @@
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
become: true
|
become: true
|
||||||
become_user: mastodon
|
become_user: mastodon
|
||||||
- name: Run Mastodon database setup
|
|
||||||
shell: cd /home/mastodon/live && bundle exec rails db:setup
|
|
||||||
environment:
|
|
||||||
RAILS_ENV: production
|
|
||||||
SAFETY_ASSURED: 1
|
|
||||||
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
become: true
|
|
||||||
become_user: mastodon
|
|
||||||
- name: Add Mastodon media cache cleanup cronjob
|
- name: Add Mastodon media cache cleanup cronjob
|
||||||
cron:
|
cron:
|
||||||
name: "Mastodon media cache cleanup"
|
name: "Mastodon media cache cleanup"
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
# This role sets up a Let's Encrypt certificate for the
|
||||||
|
# Mastodon instance
|
||||||
|
|
||||||
|
- name: Stop nginx for now
|
||||||
|
service: name=nginx state=stopped
|
||||||
|
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
|
||||||
|
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
|
||||||
|
- name: Restart nginx
|
||||||
|
service: name=nginx state=started
|
||||||
|
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
|
||||||
|
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
|
# This role install nginx, configures it
|
||||||
# Mastodon instance
|
|
||||||
|
|
||||||
- name: Install nginx and certbot
|
- name: Install nginx and certbot
|
||||||
apt: name={{ item }} state=latest update_cache=yes
|
apt: name={{ item }} state=latest update_cache=yes
|
||||||
|
@ -20,16 +19,11 @@
|
||||||
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
||||||
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
|
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
|
||||||
state: link
|
state: link
|
||||||
- name: Stop nginx for now
|
|
||||||
service: name=nginx state=stopped
|
|
||||||
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
|
|
||||||
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
|
|
||||||
- name: Restart nginx
|
|
||||||
service: name=nginx state=started
|
|
||||||
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
|
|
||||||
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
|
|
||||||
- name: Copy and enable Let's Encrypt renew script
|
- name: Copy and enable Let's Encrypt renew script
|
||||||
copy:
|
copy:
|
||||||
src: letsencrypt-renew.sh
|
src: letsencrypt-renew.sh
|
||||||
dest: /etc/cron.daily/letsencrypt-renew.sh
|
dest: /etc/cron.daily/letsencrypt-renew.sh
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
- name: Run nginx install tasks
|
||||||
|
include_tasks: install.yml
|
||||||
|
when: install is defined
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
# This role deletes any existing PostgreSQL database
|
||||||
|
|
||||||
|
- name: Stop any Mastodon services that may be running to remove database locks
|
||||||
|
systemd: name={{ item }} state=stopped
|
||||||
|
with_items:
|
||||||
|
- mastodon-sidekiq
|
||||||
|
- mastodon-streaming
|
||||||
|
- mastodon-web
|
||||||
|
- name: Drop any existing database that may exist with the same name
|
||||||
|
postgresql_db:
|
||||||
|
name: "{{ DB_NAME }}"
|
||||||
|
state: absent
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
|
@ -8,12 +8,6 @@
|
||||||
- postgresql
|
- postgresql
|
||||||
- postgresql-contrib
|
- postgresql-contrib
|
||||||
- python-psycopg2
|
- python-psycopg2
|
||||||
- name: Stop any Mastodon services that may be running to remove database locks
|
|
||||||
systemd: name={{ item }} state=stopped
|
|
||||||
with_items:
|
|
||||||
- mastodon-sidekiq
|
|
||||||
- mastodon-streaming
|
|
||||||
- mastodon-web
|
|
||||||
- name: Add Mastodon PostgreSQL database user
|
- name: Add Mastodon PostgreSQL database user
|
||||||
postgresql_user:
|
postgresql_user:
|
||||||
name: mastodon
|
name: mastodon
|
||||||
|
@ -21,9 +15,6 @@
|
||||||
state: present
|
state: present
|
||||||
become: true
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
- name: Drop any existing database that may exist with the same name
|
- name: Run PostgreSQL install tasks
|
||||||
postgresql_db:
|
include_tasks: install.yml
|
||||||
name: "{{ DB_NAME }}"
|
when: install is defined
|
||||||
state: absent
|
|
||||||
become: true
|
|
||||||
become_user: postgres
|
|
||||||
|
|
Loading…
Reference in New Issue