adelgado/ansible-role-mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-mastodon/tasks/bare/mastodon-postflight.yml

146 lines
5.2 KiB
YAML
Raw Permalink Normal View History

adapt code from mastodon-ansible
2022-11-19 10:10:57 +01:00
- name: Bundle install
shell: "~/.rbenv/shims/bundle config set --local deployment 'true' && ~/.rbenv/shims/bundle config set --local without 'test' && ~/.rbenv/shims/bundle config set --local with 'development' && ~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN)"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
- name: Yarn install
command: yarn install --pure-lockfile
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
- name: Install systemd sidekiq Service Files
template:
src: ../files/systemd/mastodon-sidekiq.service.j2
dest: /etc/systemd/system/mastodon-sidekiq.service
become: true
become_user: root
- name: Install systemd web Service Files
template:
src: ../files/systemd/mastodon-web.service.j2
dest: /etc/systemd/system/mastodon-web.service
become: true
become_user: root
- name: Install systemd streaming Service Files
template:
src: ../files/systemd/mastodon-streaming.service.j2
dest: /etc/systemd/system/mastodon-streaming.service
become: true
become_user: root
- name: Media cleanup cronjob
cron:
name: "media cleanup"
minute: "15"
hour: "1"
job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove'''
- stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production
register: production_config
- name: Generate SECRET_KEY_BASE secret
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake secret"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
register: secret_key_base
when: not production_config.stat.exists
- name: Generate OTP_SECRET secret
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake secret"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
register: otp_secret
when: not production_config.stat.exists
- name: "Generate VAPID key pair into {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp"
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake mastodon:webpush:generate_vapid_key > {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | head -1 | cut -c 19-"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when: not production_config.stat.exists
- name: Get VAPID_PRIVATE_KEY secret
shell: "cat {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | head -1 | cut -c 19-"
register: vapid_private_key
when: not production_config.stat.exists
- name: Get VAPID_PUBLIC_KEY secret
shell: "cat {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | tail -1 | cut -c 18-"
register: vapid_public_key
when: not production_config.stat.exists
- name: Ensure that the file used for vapid keypair generation is removed.
ansible.builtin.file:
path: "{{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp"
state: absent
- name: Install Production env file
template:
src: files/mastodon/env.production.j2
dest: "{{ mastodon_home }}/{{ mastodon_path }}/.env.production"
when: not production_config.stat.exists
- name: Create database
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:setup"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
environment:
SAFETY_ASSURED: 1
when: not production_config.stat.exists
- name: Migrate database
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when: production_config.stat.exists
- name: Ensure that we have correct file permissions with owner being the user and NGINX being the group
become: true
become_user: root
file:
path: "{{ mastodon_home }}/{{ mastodon_path }}"
owner: "{{ mastodon_user }}"
group: "nginx"
recurse: true
when:
- ansible_os_family == "RedHat"
- name: Ensure that we have correct file permissions with owner being the user and www-data being the group
become: true
become_user: root
file:
path: "{{ mastodon_home }}/{{ mastodon_path }}"
owner: "{{ mastodon_user }}"
group: "www-data"
recurse: true
when:
- ansible_os_family == "Debian"
#https://github.com/nodejs/node/issues/40455
#It's possible that this is a bug with ruby 3.0.3 and gets fixed with Mastodon 4.0.0
- name: Precompile assets with Legacy OpenSSL provider for RHEL9
shell: "NODE_OPTIONS=--openssl-legacy-provider RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when:
- ansible_os_family == "RedHat"
- ansible_facts['distribution_major_version'] == "9"
- name: Precompile assets
shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
args:
chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
when: not (ansible_os_family == "RedHat" and ansible_facts['distribution_major_version'] == "9")
#We are installing new .env file, checking if .env file exists no longer required
# when: production_config.stat.exists
- name: "Start and enable Mastodon services"
become: true
#Workaround for "Interactive authentication required" issue
become_user: root
service: "name={{ item }} state=started enabled=yes"
with_items:
- mastodon-web.service
- mastodon-streaming.service
- mastodon-sidekiq.service
Reference in a new issue Copy permalink