ansible-role-mastodon/tasks/bare/mastodon-postflight.yml

- name: Bundle install
  shell: "~/.rbenv/shims/bundle config set --local deployment 'true' && ~/.rbenv/shims/bundle config set --local without 'test' && ~/.rbenv/shims/bundle config set --local with 'development' && ~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN)"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"

- name: Yarn install
  command: yarn install --pure-lockfile
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"

- name: Install systemd sidekiq Service Files
  template:
    src: ../files/systemd/mastodon-sidekiq.service.j2
    dest: /etc/systemd/system/mastodon-sidekiq.service
  become: true
  become_user: root

- name: Install systemd web Service Files
  template:
    src: ../files/systemd/mastodon-web.service.j2
    dest: /etc/systemd/system/mastodon-web.service
  become: true
  become_user: root

- name: Install systemd streaming Service Files
  template:
    src: ../files/systemd/mastodon-streaming.service.j2
    dest: /etc/systemd/system/mastodon-streaming.service
  become: true
  become_user: root

- name: Media cleanup cronjob
  cron:
    name: "media cleanup"
    minute: "15"
    hour: "1"
    job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove'''

- stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production
  register: production_config

- name: Generate SECRET_KEY_BASE secret
  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake secret"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  register: secret_key_base
  when: not production_config.stat.exists

- name: Generate OTP_SECRET secret
  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake secret"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  register: otp_secret
  when: not production_config.stat.exists

- name: "Generate VAPID key pair into {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp"
  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rake mastodon:webpush:generate_vapid_key > {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | head -1 | cut -c 19-"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  when: not production_config.stat.exists

- name: Get VAPID_PRIVATE_KEY secret
  shell: "cat {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | head -1 | cut -c 19-"
  register: vapid_private_key
  when: not production_config.stat.exists

- name: Get VAPID_PUBLIC_KEY secret
  shell: "cat {{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp | tail -1 | cut -c 18-"
  register: vapid_public_key
  when: not production_config.stat.exists

- name: Ensure that the file used for vapid keypair generation is removed.
  ansible.builtin.file:
    path: "{{ mastodon_home }}/{{ mastodon_path }}/vapid.tmp"
    state: absent

- name: Install Production env file
  template:
    src: files/mastodon/env.production.j2
    dest: "{{ mastodon_home }}/{{ mastodon_path }}/.env.production"
  when: not production_config.stat.exists

- name: Create database
  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:setup"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  environment:
    SAFETY_ASSURED: 1
  when: not production_config.stat.exists

- name: Migrate database
  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  when: production_config.stat.exists

- name: Ensure that we have correct file permissions with owner being the user and NGINX being the group
  become: true
  become_user: root
  file:
    path: "{{ mastodon_home }}/{{ mastodon_path }}"
    owner: "{{ mastodon_user }}"
    group: "nginx"
    recurse: true
  when:
    - ansible_os_family == "RedHat"

- name: Ensure that we have correct file permissions with owner being the user and www-data being the group
  become: true
  become_user: root
  file:
    path: "{{ mastodon_home }}/{{ mastodon_path }}"
    owner: "{{ mastodon_user }}"
    group: "www-data"
    recurse: true
  when:
    - ansible_os_family == "Debian"

#https://github.com/nodejs/node/issues/40455
#It's possible that this is a bug with ruby 3.0.3 and gets fixed with Mastodon 4.0.0
- name: Precompile assets with Legacy OpenSSL provider for RHEL9
  shell: "NODE_OPTIONS=--openssl-legacy-provider RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  when: 
  - ansible_os_family == "RedHat"
  - ansible_facts['distribution_major_version'] == "9"

- name: Precompile assets
  shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile"
  args:
    chdir: "{{ mastodon_home }}/{{ mastodon_path }}"
  when: not (ansible_os_family == "RedHat" and ansible_facts['distribution_major_version'] == "9")
#We are installing new .env file, checking if .env file exists no longer required
#  when: production_config.stat.exists

- name: "Start and enable Mastodon services"
  become: true
  #Workaround for "Interactive authentication required" issue
  become_user: root
  service: "name={{ item }} state=started enabled=yes"
  with_items:
  - mastodon-web.service
  - mastodon-streaming.service
  - mastodon-sidekiq.service