packetcat
/
mastible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow playbook to be run for updates as well as install. #9

Merged
dracos merged 1 commits from allow-rerunning into master 2018-08-25 16:03:58 +00:00
Conversation 0 Commits 1 Files Changed 6 +104 -76
6 changed files with 104 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
roles/mastodon-config/tasks/install.yml Normal file
View File

@ -0,0 +1,62 @@
---
# This role copies over the user-edited .env.production,
# and runs the database setup
- name: Generate PAPERCLIP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: PAPERCLIP_SECRET
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate SECRET_KEY_BASE and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: SECRET_KEY_BASE
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate OTP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: OTP_SECRET
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate VAPID keys and register it
shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key
register: VAPID_KEYS
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
SECRET_KEY_BASE: '0'
OTP_SECRET: '{{ OTP_SECRET.stdout }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Copy Mastodon .env.production
template:
src: .env.production
dest: /home/mastodon/live/.env.production
become: true
become_user: mastodon
- name: Run Mastodon database setup
shell: cd /home/mastodon/live && bundle exec rails db:setup
environment:
RAILS_ENV: production
SAFETY_ASSURED: 1
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon

62
roles/mastodon-config/tasks/main.yml
View File

@ -1,11 +1,13 @@
--- ---
# This role copies over the user-edited .env.production, runs the database # This role pre-compiles assets, starts Mastodon daemons,
# setup, pre-compiles assets, starts Mastodon daemons, adds media cleanup # adds media cleanup cron job
# cron job
- name: Generate PAPERCLIP_SECRET and register it - name: Run install tasks
shell: cd /home/mastodon/live && bundle exec rake secret include_tasks: install.yml
register: PAPERCLIP_SECRET when: install is defined
- name: Run Mastodon database migration
when: install is not defined
shell: cd /home/mastodon/live && bundle exec rails db:migrate
environment: environment:
RAILS_ENV: production RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
@ -13,44 +15,6 @@
executable: /bin/bash executable: /bin/bash
become: true become: true
become_user: mastodon become_user: mastodon
- name: Generate SECRET_KEY_BASE and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: SECRET_KEY_BASE
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate OTP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: OTP_SECRET
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate VAPID keys and register it
shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key
register: VAPID_KEYS
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
SECRET_KEY_BASE: '0'
OTP_SECRET: '{{ OTP_SECRET.stdout }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Copy Mastodon .env.production
template:
src: .env.production
dest: /home/mastodon/live/.env.production
become: true
become_user: mastodon
- name: Precompile Mastodon static assets - name: Precompile Mastodon static assets
shell: cd /home/mastodon/live && bundle exec rails assets:precompile shell: cd /home/mastodon/live && bundle exec rails assets:precompile
environment: environment:
@ -60,16 +24,6 @@
executable: /bin/bash executable: /bin/bash
become: true become: true
become_user: mastodon become_user: mastodon
- name: Run Mastodon database setup
shell: cd /home/mastodon/live && bundle exec rails db:setup
environment:
RAILS_ENV: production
SAFETY_ASSURED: 1
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Add Mastodon media cache cleanup cronjob - name: Add Mastodon media cache cleanup cronjob
cron: cron:
name: "Mastodon media cache cleanup" name: "Mastodon media cache cleanup"

12
roles/mastodon-nginx/tasks/install.yml Normal file
View File

@ -0,0 +1,12 @@
---
# This role sets up a Let's Encrypt certificate for the
# Mastodon instance
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Restart nginx
service: name=nginx state=started
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"

14
roles/mastodon-nginx/tasks/main.yml
View File

@ -1,6 +1,5 @@
--- ---
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the # This role install nginx, configures it
# Mastodon instance
- name: Install nginx and certbot - name: Install nginx and certbot
apt: name={{ item }} state=latest update_cache=yes apt: name={{ item }} state=latest update_cache=yes
@ -20,16 +19,11 @@
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
state: link state: link
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Restart nginx
service: name=nginx state=started
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Copy and enable Let's Encrypt renew script - name: Copy and enable Let's Encrypt renew script
copy: copy:
src: letsencrypt-renew.sh src: letsencrypt-renew.sh
dest: /etc/cron.daily/letsencrypt-renew.sh dest: /etc/cron.daily/letsencrypt-renew.sh
mode: 0700 mode: 0700
- name: Run nginx install tasks
include_tasks: install.yml
when: install is defined

15
roles/mastodon-postgresql/tasks/install.yml Normal file
View File

@ -0,0 +1,15 @@
---
# This role deletes any existing PostgreSQL database
- name: Stop any Mastodon services that may be running to remove database locks
systemd: name={{ item }} state=stopped
with_items:
- mastodon-sidekiq
- mastodon-streaming
- mastodon-web
- name: Drop any existing database that may exist with the same name
postgresql_db:
name: "{{ DB_NAME }}"
state: absent
become: true
become_user: postgres

15
roles/mastodon-postgresql/tasks/main.yml
View File

@ -8,12 +8,6 @@
- postgresql - postgresql
- postgresql-contrib - postgresql-contrib
- python-psycopg2 - python-psycopg2
- name: Stop any Mastodon services that may be running to remove database locks
systemd: name={{ item }} state=stopped
with_items:
- mastodon-sidekiq
- mastodon-streaming
- mastodon-web
- name: Add Mastodon PostgreSQL database user - name: Add Mastodon PostgreSQL database user
postgresql_user: postgresql_user:
name: mastodon name: mastodon
@ -21,9 +15,6 @@
state: present state: present
become: true become: true
become_user: postgres become_user: postgres
- name: Drop any existing database that may exist with the same name - name: Run PostgreSQL install tasks
postgresql_db: include_tasks: install.yml
name: "{{ DB_NAME }}" when: install is defined
state: absent
become: true
become_user: postgres