adelgado/ansible-role-mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Handle secrets

Browse source
This commit is contained in:
Antonio J. Delgado 2022-11-19 20:06:51 +02:00
parent d074a4e459
commit 38cdcf3da9
2 changed files with 59 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
defaults/main.yml
View file

@ -2,8 +2,9 @@
redis_pass: "{{ vault_mastodon_redis_password }}" redis_pass: "{{ vault_mastodon_redis_password }}"
mastodon_secret_key_base: "{{ vault_mastodon_secret_key_base }}" mastodon_secret_key_base: "{{ vault_mastodon_secret_key_base }}"
mastodon_otp_secret: "{{ vault_mastodon_otp_secret }}" mastodon_otp_secret: "{{ vault_mastodon_otp_secret }}"
vapid_public_key: "{{ vault_vapid_public_key }}" mastodon_paperclip_secret: "{{ vault_mastodon_paperclip_secret }}"
vapid_private_key: "{{ vault_vapid_private_key }}" vapid_public_key: "{{ vault_mastodon_vapid_public_key }}"
vapid_private_key: "{{ vault_mastodon_vapid_private_key }}"
smtp_from_address: mastodon-admin@example.com smtp_from_address: mastodon-admin@example.com
smtp_server: mail.example.com smtp_server: mail.example.com
mastodon_host: mastodon.example.com mastodon_host: mastodon.example.com

57
tasks/docker/docker.yml
View file

@ -25,8 +25,63 @@
src: templates/env.j2 src: templates/env.j2
dest: "{{ mastodon_composer_folder }}/.env.production" dest: "{{ mastodon_composer_folder }}/.env.production"
- name: Ensure Mastodon container is composed - name: Build Mastodon container
community.docker.docker_compose: community.docker.docker_compose:
project_name: mastodon project_name: mastodon
project_src: "{{ mastodon_composer_folder }}/" project_src: "{{ mastodon_composer_folder }}/"
state: present state: present
- name: Generate secret key
shell: docker-compose run --rm web bundle exec rake secret
register: secret_key_cmd
when: mastodon_secret_key_base == ''
- name: Add secret key to Mastodon config
lineinfile:
path: "{{ mastodon_composer_folder }}/.env.production"
line: "SECRET_KEY_BASE={{ secret_key_cmd.stdout }}"
regexp: "^SECRET_KEY_BASE="
backup: yes
- name: Generate OTP secret key
shell: docker-compose run --rm web bundle exec rake secret
register: otp_key_cmd
when: mastodon_otp_secret == ''
- name: Add OTP key to Mastodon config
lineinfile:
path: "{{ mastodon_composer_folder }}/.env.production"
line: "OTP_SECRET={{ otp_key_cmd.stdout }}"
regexp: "^OTP_SECRET="
backup: yes
- name: Generate Paperclip secret key
shell: docker-compose run --rm web bundle exec rake secret
register: paperclip_key_cmd
when: mastodon_paperclip_secret == ''
- name: Add Paperclip key to Mastodon config
lineinfile:
path: "{{ mastodon_composer_folder }}/.env.production"
line: "PAPERCLIP_SECRET={{ paperclip_key_cmd.stdout }}"
regexp: "^PAPERCLIP_SECRET="
backup: yes
- name: Generate VAPID keypair
shell: docker-compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
register: vapid_key_cmd
when: vapid_public_key == ''
- name: Add Paperclip private key to Mastodon config
lineinfile:
path: "{{ mastodon_composer_folder }}/.env.production"
line: "{{ vapid_key_cmd.stdout_lines[0] }}"
regexp: "^VAPID_PRIVATE_KEY="
backup: yes
- name: Add Paperclip public key to Mastodon config
lineinfile:
path: "{{ mastodon_composer_folder }}/.env.production"
line: "{{ vapid_key_cmd.stdout_lines[1] }}"
regexp: "^VAPID_PUBLIC_KEY="
backup: yes