Add option to manage redis or not

.fixtures.yml

@@ -0,0 +1,6 @@
+# This file can be used to install module dependencies for unit testing
+# See https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures for details
+---
+fixtures:
+  forge_modules:
+#     stdlib: "puppetlabs/stdlib"

.gitattributes

@@ -0,0 +1,5 @@
+*.rb eol=lf
+*.erb eol=lf
+*.pp eol=lf
+*.sh eol=lf
+*.epp eol=lf

.gitignore

@@ -0,0 +1,28 @@
+.git/
+.*.sw[op]
+.metadata
+.yardoc
+.yardwarns
+*.iml
+/.bundle/
+/.idea/
+/.vagrant/
+/coverage/
+/bin/
+/doc/
+/Gemfile.local
+/Gemfile.lock
+/junit/
+/log/
+/pkg/
+/spec/fixtures/manifests/
+/spec/fixtures/modules/*
+/tmp/
+/vendor/
+/convert_report.txt
+/update_report.txt
+.DS_Store
+.project
+.envrc
+/inventory.yaml
+/spec/fixtures/litmus_inventory.yaml

.pdkignore

@@ -0,0 +1,43 @@
+.git/
+.*.sw[op]
+.metadata
+.yardoc
+.yardwarns
+*.iml
+/.bundle/
+/.idea/
+/.vagrant/
+/coverage/
+/bin/
+/doc/
+/Gemfile.local
+/Gemfile.lock
+/junit/
+/log/
+/pkg/
+/spec/fixtures/manifests/
+/spec/fixtures/modules/*
+/tmp/
+/vendor/
+/convert_report.txt
+/update_report.txt
+.DS_Store
+.project
+.envrc
+/inventory.yaml
+/spec/fixtures/litmus_inventory.yaml
+/.fixtures.yml
+/Gemfile
+/.gitattributes
+/.gitignore
+/.pdkignore
+/.puppet-lint.rc
+/Rakefile
+/rakelib/
+/.rspec
+/..yml
+/.yardopts
+/spec/
+/.vscode/
+/.sync.yml
+/.devcontainer/

.puppet-lint.rc

@@ -0,0 +1 @@
+--relative

.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

.rubocop.yml

@@ -0,0 +1,723 @@
+---
+require:
+- rubocop-performance
+- rubocop-rspec
+AllCops:
+  DisplayCopNames: true
+  TargetRubyVersion: '2.6'
+  Include:
+  - "**/*.rb"
+  Exclude:
+  - bin/*
+  - ".vendor/**/*"
+  - "**/Gemfile"
+  - "**/Rakefile"
+  - pkg/**/*
+  - spec/fixtures/**/*
+  - vendor/**/*
+  - "**/Puppetfile"
+  - "**/Vagrantfile"
+  - "**/Guardfile"
+Layout/LineLength:
+  Description: People have wide screens, use them.
+  Max: 200
+RSpec/BeforeAfterAll:
+  Description: Beware of using after(:all) as it may cause state to leak between tests.
+    A necessary evil in acceptance testing.
+  Exclude:
+  - spec/acceptance/**/*.rb
+RSpec/HookArgument:
+  Description: Prefer explicit :each argument, matching existing module's style
+  EnforcedStyle: each
+RSpec/DescribeSymbol:
+  Exclude:
+  - spec/unit/facter/**/*.rb
+Style/BlockDelimiters:
+  Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
+    be consistent then.
+  EnforcedStyle: braces_for_chaining
+Style/ClassAndModuleChildren:
+  Description: Compact style reduces the required amount of indentation.
+  EnforcedStyle: compact
+Style/EmptyElse:
+  Description: Enforce against empty else clauses, but allow `nil` for clarity.
+  EnforcedStyle: empty
+Style/FormatString:
+  Description: Following the main puppet project's style, prefer the % format format.
+  EnforcedStyle: percent
+Style/FormatStringToken:
+  Description: Following the main puppet project's style, prefer the simpler template
+    tokens over annotated ones.
+  EnforcedStyle: template
+Style/Lambda:
+  Description: Prefer the keyword for easier discoverability.
+  EnforcedStyle: literal
+Style/RegexpLiteral:
+  Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168
+  EnforcedStyle: percent_r
+Style/TernaryParentheses:
+  Description: Checks for use of parentheses around ternary conditions. Enforce parentheses
+    on complex expressions for better readability, but seriously consider breaking
+    it up.
+  EnforcedStyle: require_parentheses_when_complex
+Style/TrailingCommaInArguments:
+  Description: Prefer always trailing comma on multiline argument lists. This makes
+    diffs, and re-ordering nicer.
+  EnforcedStyleForMultiline: comma
+Style/TrailingCommaInArrayLiteral:
+  Description: Prefer always trailing comma on multiline literals. This makes diffs,
+    and re-ordering nicer.
+  EnforcedStyleForMultiline: comma
+Style/SymbolArray:
+  Description: Using percent style obscures symbolic intent of array's contents.
+  EnforcedStyle: brackets
+RSpec/MessageSpies:
+  EnforcedStyle: receive
+Style/Documentation:
+  Exclude:
+  - lib/puppet/parser/functions/**/*
+  - spec/**/*
+Style/WordArray:
+  EnforcedStyle: brackets
+Performance/AncestorsInclude:
+  Enabled: true
+Performance/BigDecimalWithNumericArgument:
+  Enabled: true
+Performance/BlockGivenWithExplicitBlock:
+  Enabled: true
+Performance/CaseWhenSplat:
+  Enabled: true
+Performance/ConstantRegexp:
+  Enabled: true
+Performance/MethodObjectAsBlock:
+  Enabled: true
+Performance/RedundantSortBlock:
+  Enabled: true
+Performance/RedundantStringChars:
+  Enabled: true
+Performance/ReverseFirst:
+  Enabled: true
+Performance/SortReverse:
+  Enabled: true
+Performance/Squeeze:
+  Enabled: true
+Performance/StringInclude:
+  Enabled: true
+Performance/Sum:
+  Enabled: true
+Style/CollectionMethods:
+  Enabled: true
+Style/MethodCalledOnDoEndBlock:
+  Enabled: true
+Style/StringMethods:
+  Enabled: true
+Bundler/GemFilename:
+  Enabled: false
+Bundler/InsecureProtocolSource:
+  Enabled: false
+Capybara/CurrentPathExpectation:
+  Enabled: false
+Capybara/VisibilityMatcher:
+  Enabled: false
+Gemspec/DuplicatedAssignment:
+  Enabled: false
+Gemspec/OrderedDependencies:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+Gemspec/RubyVersionGlobalsUsage:
+  Enabled: false
+Layout/ArgumentAlignment:
+  Enabled: false
+Layout/BeginEndAlignment:
+  Enabled: false
+Layout/ClosingHeredocIndentation:
+  Enabled: false
+Layout/EmptyComment:
+  Enabled: false
+Layout/EmptyLineAfterGuardClause:
+  Enabled: false
+Layout/EmptyLinesAroundArguments:
+  Enabled: false
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: false
+Layout/EndOfLine:
+  Enabled: false
+Layout/FirstArgumentIndentation:
+  Enabled: false
+Layout/HashAlignment:
+  Enabled: false
+Layout/HeredocIndentation:
+  Enabled: false
+Layout/LeadingEmptyLines:
+  Enabled: false
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: false
+Layout/SpaceInsideArrayLiteralBrackets:
+  Enabled: false
+Layout/SpaceInsideReferenceBrackets:
+  Enabled: false
+Lint/BigDecimalNew:
+  Enabled: false
+Lint/BooleanSymbol:
+  Enabled: false
+Lint/ConstantDefinitionInBlock:
+  Enabled: false
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: false
+Lint/DisjunctiveAssignmentInConstructor:
+  Enabled: false
+Lint/DuplicateElsifCondition:
+  Enabled: false
+Lint/DuplicateRequire:
+  Enabled: false
+Lint/DuplicateRescueException:
+  Enabled: false
+Lint/EmptyConditionalBody:
+  Enabled: false
+Lint/EmptyFile:
+  Enabled: false
+Lint/ErbNewArguments:
+  Enabled: false
+Lint/FloatComparison:
+  Enabled: false
+Lint/HashCompareByIdentity:
+  Enabled: false
+Lint/IdentityComparison:
+  Enabled: false
+Lint/InterpolationCheck:
+  Enabled: false
+Lint/MissingCopEnableDirective:
+  Enabled: false
+Lint/MixedRegexpCaptureTypes:
+  Enabled: false
+Lint/NestedPercentLiteral:
+  Enabled: false
+Lint/NonDeterministicRequireOrder:
+  Enabled: false
+Lint/OrderedMagicComments:
+  Enabled: false
+Lint/OutOfRangeRegexpRef:
+  Enabled: false
+Lint/RaiseException:
+  Enabled: false
+Lint/RedundantCopEnableDirective:
+  Enabled: false
+Lint/RedundantRequireStatement:
+  Enabled: false
+Lint/RedundantSafeNavigation:
+  Enabled: false
+Lint/RedundantWithIndex:
+  Enabled: false
+Lint/RedundantWithObject:
+  Enabled: false
+Lint/RegexpAsCondition:
+  Enabled: false
+Lint/ReturnInVoidContext:
+  Enabled: false
+Lint/SafeNavigationConsistency:
+  Enabled: false
+Lint/SafeNavigationWithEmpty:
+  Enabled: false
+Lint/SelfAssignment:
+  Enabled: false
+Lint/SendWithMixinArgument:
+  Enabled: false
+Lint/ShadowedArgument:
+  Enabled: false
+Lint/StructNewOverride:
+  Enabled: false
+Lint/ToJSON:
+  Enabled: false
+Lint/TopLevelReturnWithArgument:
+  Enabled: false
+Lint/TrailingCommaInAttributeDeclaration:
+  Enabled: false
+Lint/UnreachableLoop:
+  Enabled: false
+Lint/UriEscapeUnescape:
+  Enabled: false
+Lint/UriRegexp:
+  Enabled: false
+Lint/UselessMethodDefinition:
+  Enabled: false
+Lint/UselessTimes:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false
+Metrics/BlockLength:
+  Enabled: false
+Metrics/BlockNesting:
+  Enabled: false
+Metrics/ClassLength:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/ModuleLength:
+  Enabled: false
+Metrics/ParameterLists:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+Migration/DepartmentName:
+  Enabled: false
+Naming/AccessorMethodName:
+  Enabled: false
+Naming/BlockParameterName:
+  Enabled: false
+Naming/HeredocDelimiterCase:
+  Enabled: false
+Naming/HeredocDelimiterNaming:
+  Enabled: false
+Naming/MemoizedInstanceVariableName:
+  Enabled: false
+Naming/MethodParameterName:
+  Enabled: false
+Naming/RescuedExceptionsVariableName:
+  Enabled: false
+Naming/VariableNumber:
+  Enabled: false
+Performance/BindCall:
+  Enabled: false
+Performance/DeletePrefix:
+  Enabled: false
+Performance/DeleteSuffix:
+  Enabled: false
+Performance/InefficientHashSearch:
+  Enabled: false
+Performance/UnfreezeString:
+  Enabled: false
+Performance/UriDefaultParser:
+  Enabled: false
+RSpec/Be:
+  Enabled: false
+RSpec/Capybara/FeatureMethods:
+  Enabled: false
+RSpec/ContainExactly:
+  Enabled: false
+RSpec/ContextMethod:
+  Enabled: false
+RSpec/ContextWording:
+  Enabled: false
+RSpec/DescribeClass:
+  Enabled: false
+RSpec/EmptyHook:
+  Enabled: false
+RSpec/EmptyLineAfterExample:
+  Enabled: false
+RSpec/EmptyLineAfterExampleGroup:
+  Enabled: false
+RSpec/EmptyLineAfterHook:
+  Enabled: false
+RSpec/ExampleLength:
+  Enabled: false
+RSpec/ExampleWithoutDescription:
+  Enabled: false
+RSpec/ExpectChange:
+  Enabled: false
+RSpec/ExpectInHook:
+  Enabled: false
+RSpec/FactoryBot/AttributeDefinedStatically:
+  Enabled: false
+RSpec/FactoryBot/CreateList:
+  Enabled: false
+RSpec/FactoryBot/FactoryClassName:
+  Enabled: false
+RSpec/HooksBeforeExamples:
+  Enabled: false
+RSpec/ImplicitBlockExpectation:
+  Enabled: false
+RSpec/ImplicitSubject:
+  Enabled: false
+RSpec/LeakyConstantDeclaration:
+  Enabled: false
+RSpec/LetBeforeExamples:
+  Enabled: false
+RSpec/MatchArray:
+  Enabled: false
+RSpec/MissingExampleGroupArgument:
+  Enabled: false
+RSpec/MultipleExpectations:
+  Enabled: false
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+RSpec/MultipleSubjects:
+  Enabled: false
+RSpec/NestedGroups:
+  Enabled: false
+RSpec/PredicateMatcher:
+  Enabled: false
+RSpec/ReceiveCounts:
+  Enabled: false
+RSpec/ReceiveNever:
+  Enabled: false
+RSpec/RepeatedExampleGroupBody:
+  Enabled: false
+RSpec/RepeatedExampleGroupDescription:
+  Enabled: false
+RSpec/RepeatedIncludeExample:
+  Enabled: false
+RSpec/ReturnFromStub:
+  Enabled: false
+RSpec/SharedExamples:
+  Enabled: false
+RSpec/StubbedMock:
+  Enabled: false
+RSpec/UnspecifiedException:
+  Enabled: false
+RSpec/VariableDefinition:
+  Enabled: false
+RSpec/VoidExpect:
+  Enabled: false
+RSpec/Yield:
+  Enabled: false
+Security/Open:
+  Enabled: false
+Style/AccessModifierDeclarations:
+  Enabled: false
+Style/AccessorGrouping:
+  Enabled: false
+Style/BisectedAttrAccessor:
+  Enabled: false
+Style/CaseLikeIf:
+  Enabled: false
+Style/ClassEqualityComparison:
+  Enabled: false
+Style/ColonMethodDefinition:
+  Enabled: false
+Style/CombinableLoops:
+  Enabled: false
+Style/CommentedKeyword:
+  Enabled: false
+Style/Dir:
+  Enabled: false
+Style/DoubleCopDisableDirective:
+  Enabled: false
+Style/EmptyBlockParameter:
+  Enabled: false
+Style/EmptyLambdaParameter:
+  Enabled: false
+Style/Encoding:
+  Enabled: false
+Style/EvalWithLocation:
+  Enabled: false
+Style/ExpandPathArguments:
+  Enabled: false
+Style/ExplicitBlockArgument:
+  Enabled: false
+Style/ExponentialNotation:
+  Enabled: false
+Style/FloatDivision:
+  Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Style/GlobalStdStream:
+  Enabled: false
+Style/HashAsLastArrayItem:
+  Enabled: false
+Style/HashLikeCase:
+  Enabled: false
+Style/HashTransformKeys:
+  Enabled: false
+Style/HashTransformValues:
+  Enabled: false
+Style/IfUnlessModifier:
+  Enabled: false
+Style/KeywordParametersOrder:
+  Enabled: false
+Style/MinMax:
+  Enabled: false
+Style/MixinUsage:
+  Enabled: false
+Style/MultilineWhenThen:
+  Enabled: false
+Style/NegatedUnless:
+  Enabled: false
+Style/NumericPredicate:
+  Enabled: false
+Style/OptionalBooleanParameter:
+  Enabled: false
+Style/OrAssignment:
+  Enabled: false
+Style/RandomWithOffset:
+  Enabled: false
+Style/RedundantAssignment:
+  Enabled: false
+Style/RedundantCondition:
+  Enabled: false
+Style/RedundantConditional:
+  Enabled: false
+Style/RedundantFetchBlock:
+  Enabled: false
+Style/RedundantFileExtensionInRequire:
+  Enabled: false
+Style/RedundantRegexpCharacterClass:
+  Enabled: false
+Style/RedundantRegexpEscape:
+  Enabled: false
+Style/RedundantSelfAssignment:
+  Enabled: false
+Style/RedundantSort:
+  Enabled: false
+Style/RescueStandardError:
+  Enabled: false
+Style/SingleArgumentDig:
+  Enabled: false
+Style/SlicingWithRange:
+  Enabled: false
+Style/SoleNestedConditional:
+  Enabled: false
+Style/StderrPuts:
+  Enabled: false
+Style/StringConcatenation:
+  Enabled: false
+Style/Strip:
+  Enabled: false
+Style/SymbolProc:
+  Enabled: false
+Style/TrailingBodyOnClass:
+  Enabled: false
+Style/TrailingBodyOnMethodDefinition:
+  Enabled: false
+Style/TrailingBodyOnModule:
+  Enabled: false
+Style/TrailingCommaInHashLiteral:
+  Enabled: false
+Style/TrailingMethodEndStatement:
+  Enabled: false
+Style/UnpackFirst:
+  Enabled: false
+Capybara/MatchStyle:
+  Enabled: false
+Capybara/NegationMatcher:
+  Enabled: false
+Capybara/SpecificActions:
+  Enabled: false
+Capybara/SpecificFinders:
+  Enabled: false
+Capybara/SpecificMatcher:
+  Enabled: false
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: false
+Gemspec/DevelopmentDependencies:
+  Enabled: false
+Gemspec/RequireMFA:
+  Enabled: false
+Layout/LineContinuationLeadingSpace:
+  Enabled: false
+Layout/LineContinuationSpacing:
+  Enabled: false
+Layout/LineEndStringConcatenationIndentation:
+  Enabled: false
+Layout/SpaceBeforeBrackets:
+  Enabled: false
+Lint/AmbiguousAssignment:
+  Enabled: false
+Lint/AmbiguousOperatorPrecedence:
+  Enabled: false
+Lint/AmbiguousRange:
+  Enabled: false
+Lint/ConstantOverwrittenInRescue:
+  Enabled: false
+Lint/DeprecatedConstants:
+  Enabled: false
+Lint/DuplicateBranch:
+  Enabled: false
+Lint/DuplicateMagicComment:
+  Enabled: false
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: false
+Lint/EmptyBlock:
+  Enabled: false
+Lint/EmptyClass:
+  Enabled: false
+Lint/EmptyInPattern:
+  Enabled: false
+Lint/IncompatibleIoSelectWithFiberScheduler:
+  Enabled: false
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: false
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: false
+Lint/NonAtomicFileOperation:
+  Enabled: false
+Lint/NumberedParameterAssignment:
+  Enabled: false
+Lint/OrAssignmentToConstant:
+  Enabled: false
+Lint/RedundantDirGlobSort:
+  Enabled: false
+Lint/RefinementImportMethods:
+  Enabled: false
+Lint/RequireRangeParentheses:
+  Enabled: false
+Lint/RequireRelativeSelfPath:
+  Enabled: false
+Lint/SymbolConversion:
+  Enabled: false
+Lint/ToEnumArguments:
+  Enabled: false
+Lint/TripleQuotes:
+  Enabled: false
+Lint/UnexpectedBlockArity:
+  Enabled: false
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: false
+Lint/UselessRescue:
+  Enabled: false
+Lint/UselessRuby2Keywords:
+  Enabled: false
+Metrics/CollectionLiteralLength:
+  Enabled: false
+Naming/BlockForwarding:
+  Enabled: false
+Performance/CollectionLiteralInLoop:
+  Enabled: false
+Performance/ConcurrentMonotonicTime:
+  Enabled: false
+Performance/MapCompact:
+  Enabled: false
+Performance/RedundantEqualityComparisonBlock:
+  Enabled: false
+Performance/RedundantSplitRegexpArgument:
+  Enabled: false
+Performance/StringIdentifierArgument:
+  Enabled: false
+RSpec/BeEq:
+  Enabled: false
+RSpec/BeNil:
+  Enabled: false
+RSpec/ChangeByZero:
+  Enabled: false
+RSpec/ClassCheck:
+  Enabled: false
+RSpec/DuplicatedMetadata:
+  Enabled: false
+RSpec/ExcessiveDocstringSpacing:
+  Enabled: false
+RSpec/FactoryBot/ConsistentParenthesesStyle:
+  Enabled: false
+RSpec/FactoryBot/FactoryNameStyle:
+  Enabled: false
+RSpec/FactoryBot/SyntaxMethods:
+  Enabled: false
+RSpec/IdenticalEqualityAssertion:
+  Enabled: false
+RSpec/NoExpectationExample:
+  Enabled: false
+RSpec/PendingWithoutReason:
+  Enabled: false
+RSpec/Rails/AvoidSetupHook:
+  Enabled: false
+RSpec/Rails/HaveHttpStatus:
+  Enabled: false
+RSpec/Rails/InferredSpecType:
+  Enabled: false
+RSpec/Rails/MinitestAssertions:
+  Enabled: false
+RSpec/Rails/TravelAround:
+  Enabled: false
+RSpec/RedundantAround:
+  Enabled: false
+RSpec/SkipBlockInsideExample:
+  Enabled: false
+RSpec/SortMetadata:
+  Enabled: false
+RSpec/SubjectDeclaration:
+  Enabled: false
+RSpec/VerifiedDoubleReference:
+  Enabled: false
+Security/CompoundHash:
+  Enabled: false
+Security/IoMethods:
+  Enabled: false
+Style/ArgumentsForwarding:
+  Enabled: false
+Style/ArrayIntersect:
+  Enabled: false
+Style/CollectionCompact:
+  Enabled: false
+Style/ComparableClamp:
+  Enabled: false
+Style/ConcatArrayLiterals:
+  Enabled: false
+Style/DirEmpty:
+  Enabled: false
+Style/DocumentDynamicEvalDefinition:
+  Enabled: false
+Style/EmptyHeredoc:
+  Enabled: false
+Style/EndlessMethod:
+  Enabled: false
+Style/EnvHome:
+  Enabled: false
+Style/FetchEnvVar:
+  Enabled: false
+Style/FileEmpty:
+  Enabled: false
+Style/FileRead:
+  Enabled: false
+Style/FileWrite:
+  Enabled: false
+Style/HashConversion:
+  Enabled: false
+Style/HashExcept:
+  Enabled: false
+Style/IfWithBooleanLiteralBranches:
+  Enabled: false
+Style/InPatternThen:
+  Enabled: false
+Style/MagicCommentFormat:
+  Enabled: false
+Style/MapCompactWithConditionalBlock:
+  Enabled: false
+Style/MapToHash:
+  Enabled: false
+Style/MapToSet:
+  Enabled: false
+Style/MinMaxComparison:
+  Enabled: false
+Style/MultilineInPatternThen:
+  Enabled: false
+Style/NegatedIfElseCondition:
+  Enabled: false
+Style/NestedFileDirname:
+  Enabled: false
+Style/NilLambda:
+  Enabled: false
+Style/NumberedParameters:
+  Enabled: false
+Style/NumberedParametersLimit:
+  Enabled: false
+Style/ObjectThen:
+  Enabled: false
+Style/OpenStructUse:
+  Enabled: false
+Style/OperatorMethodCall:
+  Enabled: false
+Style/QuotedSymbols:
+  Enabled: false
+Style/RedundantArgument:
+  Enabled: false
+Style/RedundantConstantBase:
+  Enabled: false
+Style/RedundantDoubleSplatHashBraces:
+  Enabled: false
+Style/RedundantEach:
+  Enabled: false
+Style/RedundantHeredocDelimiterQuotes:
+  Enabled: false
+Style/RedundantInitialize:
+  Enabled: false
+Style/RedundantSelfAssignmentBranch:
+  Enabled: false
+Style/RedundantStringEscape:
+  Enabled: false
+Style/SelectByRegexp:
+  Enabled: false
+Style/StringChars:
+  Enabled: false
+Style/SwapValues:
+  Enabled: false

.sync.yml

@@ -0,0 +1,8 @@
+# This file can be used to customize the files managed by PDK.
+#
+# See https://github.com/puppetlabs/pdk-templates/blob/main/README.md
+# for more information.
+#
+# See https://github.com/puppetlabs/pdk-templates/blob/main/config_defaults.yml
+# for the default values.
+--- {}

.vscode/extensions.json

@@ -0,0 +1,6 @@
+{
+  "recommendations": [
+    "puppet.puppet-vscode",
+    "rebornix.Ruby"
+  ]
+}

.yardopts

@@ -0,0 +1 @@
+--markup markdown

CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## Release 0.1.0
+
+**Features**
+
+**Bugfixes**
+
+**Known Issues**

Gemfile

@@ -0,0 +1,73 @@
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
+
+def location_for(place_or_version, fake_version = nil)
+  git_url_regex = %r{\A(?<url>(https?|git)[:@][^#]*)(#(?<branch>.*))?}
+  file_url_regex = %r{\Afile:\/\/(?<path>.*)}
+
+  if place_or_version && (git_url = place_or_version.match(git_url_regex))
+    [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
+  elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
+    ['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
+  else
+    [place_or_version, { require: false }]
+  end
+end
+
+group :development do
+  gem "json", '= 2.1.0',                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.3.0',                         require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.5.1',                         require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.6.1',                         require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.6.3',                         require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "racc", '~> 1.4.0',                        require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
+  gem "facterdb", '~> 1.18',                     require: false
+  gem "metadata-json-lint", '~> 3.0',            require: false
+  gem "puppetlabs_spec_helper", '~> 6.0',        require: false
+  gem "rspec-puppet-facts", '~> 2.0',            require: false
+  gem "codecov", '~> 0.2',                       require: false
+  gem "dependency_checker", '~> 1.0.0',          require: false
+  gem "parallel_tests", '= 3.12.1',              require: false
+  gem "pry", '~> 0.10',                          require: false
+  gem "simplecov-console", '~> 0.5',             require: false
+  gem "puppet-debugger", '~> 1.0',               require: false
+  gem "rubocop", '= 1.48.1',                     require: false
+  gem "rubocop-performance", '= 1.16.0',         require: false
+  gem "rubocop-rspec", '= 2.19.0',               require: false
+  gem "rb-readline", '= 0.5.5',                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
+end
+group :system_tests do
+  gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
+  gem "serverspec", '~> 2.41',   require: false
+end
+
+puppet_version = ENV['PUPPET_GEM_VERSION']
+facter_version = ENV['FACTER_GEM_VERSION']
+hiera_version = ENV['HIERA_GEM_VERSION']
+
+gems = {}
+
+gems['puppet'] = location_for(puppet_version)
+
+# If facter or hiera versions have been specified via the environment
+# variables
+
+gems['facter'] = location_for(facter_version) if facter_version
+gems['hiera'] = location_for(hiera_version) if hiera_version
+
+gems.each do |gem_name, gem_params|
+  gem gem_name, *gem_params
+end
+
+# Evaluate Gemfile.local and ~/.gemfile if they exist
+extra_gemfiles = [
+  "#{__FILE__}.local",
+  File.join(Dir.home, '.gemfile'),
+]
+
+extra_gemfiles.each do |gemfile|
+  if File.file?(gemfile) && File.readable?(gemfile)
+    eval(File.read(gemfile), binding)
+  end
+end
+# vim: syntax=ruby

README.md

@@ -1 +1,108 @@
-## puppet-mastodon
+# mastodon
+
+This module install and manage Mastodon, Redis and PostgreSQL servers.
+
+## Table of Contents
+
+1. [Description](#description)
+1. [Setup - The basics of getting started with mastodon](#setup)
+    * [What mastodon affects](#what-mastodon-affects)
+    * [Setup requirements](#setup-requirements)
+    * [Beginning with mastodon](#beginning-with-mastodon)
+1. [Usage - Configuration options and additional functionality](#usage)
+1. [Limitations - OS compatibility, etc.](#limitations)
+1. [Development - Guide for contributing to the module](#development)
+
+## Description
+
+Mastodon https://joinmastodon.org/ is a decrentralized social network using the ActivityPub protocol to federate.
+This module install and configure it with the required components (PostgreSQL and Redis).
+
+## Setup
+
+### What mastodon affects
+
+This module will install PostgreSQL and Redis server.
+
+### Setup Requirements
+
+You will need a host name registered in DNS.
+
+### Beginning with mastodon
+
+You need to generate these secrets:
+- mastodon::db_password
+- mastodon::secret_key_base
+- mastodon::otp_secret
+- mastodon::vapid_private_key
+- mastodon::vapid_public_key
+
+## Usage
+
+In your Puppetfile include:
+
+```ruby
+mod 'mastodon',
+    :git => 'https://codeberg.org/adelgado/puppet-mastodon.git',
+    :branch => 'production'
+```
+
+Hiera data to set up the instance:
+```yaml
+classes:
+  - mastodon
+
+mastodon::hostname: mastodon.example.org
+mastodon::db_host: /var/run/postgresql
+mastodon::db_port: 5432
+mastodon::db_name: mastodon
+mastodon::db_user: mastodon
+mastodon::users:
+  - username: my_custom_admin
+    email: admin@example.org
+    confirmed: true
+    role: Owner
+mastodon::config:
+  SINGLE_USER_MODE: false
+  REDIS_HOST: 127.0.0.1
+  SMTP_SERVER: 127.0.0.1
+  SMTP_PORT: 25
+  SMTP_AUTH_METHOD: none
+  SMTP_OPENSSL_VERIFY_MODE: none
+  SMTP_ENABLE_STARTTLS: auto
+  SMTP_FROM_ADDRESS: 'Mastodon <notifications@example.org>'
+```
+
+And some secrets in eyaml (you can do a first run that fails and
+then run ```RAILS_ENV=production bundle exec rake mastodon:setup``` to create this secrets).
+
+```yaml
+mastodon::db_password: >
+  ENC[PKCS7,]
+
+mastodon::secret_key_base: >
+  ENC[PKCS7,]
+
+mastodon::otp_secret: >
+  ENC[PKCS7,]
+
+mastodon::vapid_private_key: >
+  ENC[PKCS7,]
+
+mastodon::vapid_public_key: >
+  ENC[PKCS7,]
+```
+
+## Updating your instance
+
+The module deploys a script to do updates. But many updates required extra
+steps that are not included in the script, so use it at your own risk.
+This script requires a Github token with access to read public repositories.
+
+## Limitations
+
+Tested in Ubuntu
+
+## Development
+
+## Release Notes/Contributors/Etc.

Rakefile

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require 'bundler'
+require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-syntax/tasks/puppet-syntax'
+require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
+require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
+
+def changelog_user
+  return unless Rake.application.top_level_tasks.include? "changelog"
+  returnVal = nil || JSON.load(File.read('metadata.json'))['author']
+  raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
+  puts "GitHubChangelogGenerator user:#{returnVal}"
+  returnVal
+end
+
+def changelog_project
+  return unless Rake.application.top_level_tasks.include? "changelog"
+
+  returnVal = nil
+  returnVal ||= begin
+    metadata_source = JSON.load(File.read('metadata.json'))['source']
+    metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
+
+    metadata_source_match && metadata_source_match[1]
+  end
+
+  raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
+
+  puts "GitHubChangelogGenerator project:#{returnVal}"
+  returnVal
+end
+
+def changelog_future_release
+  return unless Rake.application.top_level_tasks.include? "changelog"
+  returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
+  raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
+  puts "GitHubChangelogGenerator future_release:#{returnVal}"
+  returnVal
+end
+
+PuppetLint.configuration.send('disable_relative')
+
+
+if Gem.loaded_specs.key? 'github_changelog_generator'
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
+    config.user = "#{changelog_user}"
+    config.project = "#{changelog_project}"
+    config.future_release = "#{changelog_future_release}"
+    config.exclude_labels = ['maintenance']
+    config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
+    config.add_pr_wo_labels = true
+    config.issues = false
+    config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
+    config.configure_sections = {
+      "Changed" => {
+        "prefix" => "### Changed",
+        "labels" => ["backwards-incompatible"],
+      },
+      "Added" => {
+        "prefix" => "### Added",
+        "labels" => ["enhancement", "feature"],
+      },
+      "Fixed" => {
+        "prefix" => "### Fixed",
+        "labels" => ["bug", "documentation", "bugfix"],
+      },
+    }
+  end
+else
+  desc 'Generate a Changelog from GitHub'
+  task :changelog do
+    raise <<EOM
+The changelog tasks depends on recent features of the github_changelog_generator gem.
+Please manually add it to your .sync.yml for now, and run `pdk update`:
+---
+Gemfile:
+  optional:
+    ':development':
+      - gem: 'github_changelog_generator'
+        version: '~> 1.15'
+        condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
+EOM
+  end
+end
+

data/common.yaml

@@ -0,0 +1 @@
+--- {}

files/update_mastodon.sh

@@ -0,0 +1,176 @@
+#!/bin/bash
+set -euo pipefail
+tag=latest
+dummy=false
+no_backup=false
+reinstall=false
+token=""
+DEBUG=false
+organization=mastodon
+repository=mastodon
+
+function usage() {
+    echo "Usage:"
+    echo "$(basename "${0}") [-t|--tag <TAG>] [-T|--token <GITHUB_TOKEN>] [-d|--debug]"
+    echo ""
+    echo "  -d|--debug           Show more debug information."
+    echo "  -t|--tag <TAG>       Release tag or 'latest' (default)."
+    echo "  -T|--token <TOKEN>   Github token with read access to public repositories."
+    echo "  -D|--dummy|--dry-run Run in Dry-mode without actually updating but showing the commands to execute."
+    echo "  -r|--reinstall       Allow to reinstall the same tag."
+    echo "  -n|--no-backup       Don't do a backup of the database before the upgrade."
+    echo "  -o|--organization    Repository organization."
+    echo "  -R|--repository      Repository in the organization."
+}
+
+while [ $# -gt 0 ]
+do
+    case "${1}" in
+        "-h"|"-?"|"--help")
+            shift
+            usage
+            exit 0
+            ;;
+        "-d"|"--debug")
+            shift
+            export DEBUG=true
+            ;;
+        "-t"|"--tag")
+            shift
+            tag="${1}"
+            shift
+            ;;
+        "-T"|"--token")
+            shift
+            token="${1}"
+            shift
+            ;;
+        '-D'|'--dummy'|'--dry-run')
+            shift
+            dummy=true
+            ;;
+        '-n'|'--no-backup')
+            shift
+            no_backup=true
+            ;;
+        '-r'|'--reinstall')
+            shift
+            reinstall=true
+            ;;
+        '-o'|'--organization')
+            shift
+            organization="${1}"
+            shift
+            ;;
+        '-R'|'--repository')
+            shift
+            repository="${1}"
+            shift
+            ;;
+        *)
+        message "Unknown parameter '$1'" p
+        shift
+        ;;
+    esac
+done
+
+if [ -z "${token}" ]; then
+    auth_params=""
+else
+    auth_params=(-H "Authorization: Bearer ${token}")
+fi
+if [ "${tag}" == "latest" ]; then
+    tag=$(curl -L -s -H "Accept: application/vnd.github+json" "${auth_params[@]}" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/repos/${organization}/${repository}/releases/latest" | jq '.tag_name' | sed 's/"//g')
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Latest tag is '${tag}'"
+    fi
+else
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Looking for tag '${tag}'..."
+    fi
+    next_page="https://api.github.com/repos/${organization}/${repository}/releases"
+    releases_file=$(mktemp /tmp/tmp.XXXX)
+    while [ -z "${next_page}" ]
+    do
+        tmpfile=$(mktemp /tmp/tmp.XXXXX)
+        releases=$(curl -L -v -H "Accept: application/vnd.github+json" "${auth_params[@]}"  -H "X-GitHub-Api-Version: 2022-11-28" "${next_page}" | jq '.[]|.tag_name' 2> "${tmpfile}")
+        echo "${releases}" >> "${releases_file}"
+        next_page=$(grep '< link: ' "${tmpfile}" | sed 's/< link: //g' | sed 's/, /\n/g' | grep 'rel="next"' | grep -o 'https://[^>]*')
+    done
+    if ! pgrep "${tag}" "${releases_file}"; then
+        printf "The tag '%s' is not part of the releases:\n%s" "${tag}" "${releases}"
+        exit 1
+    fi
+fi
+
+mastodon_home="$(grep "^mastodon:" /etc/passwd | awk 'BEGIN {FS=":"} {print($6)}')"
+if [ ! -d "${mastodon_home}" ]; then
+    printf "The home for the user mastodon '%s', doesn't exist." "${mastodon_home}"
+    exit 2
+fi
+
+if [ "${DEBUG}" == "true" ]; then
+    echo "Changing to Mastodon's home directory '${mastodon_home}'..."
+fi
+cd "${mastodon_home}/live" || exit 3
+# shellcheck disable=SC1091
+source "${mastodon_home}/.profile"
+current_tag=$(git name-rev --name-only HEAD | awk 'BEGIN {FS="/"} {print($2)}')
+if [ "${current_tag}" != "${tag}" ] || [ "${reinstall}" ]; then
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Fetching from repository..."
+    fi
+    if [ "${dummy}" == "true" ]; then
+        echo sudo -u mastodon git fetch
+    else
+        sudo -u mastodon git fetch
+    fi
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Changing to reference '${tag}'..."
+    fi
+    if [ "${dummy}" == "true" ]; then
+        echo sudo -u mastodon git checkout "${tag}"
+    else
+        sudo -u mastodon git checkout "${tag}"
+    fi
+    if [ "${no_backup}" == "false" ]; then
+        current_date=$(date +%Y-%m-%d-%H-%M-%S)
+        mkdir -p /var/backups/postgres
+        backup_file="/var/backups/postgres/pgdump_pre_update_mastodon_to_${tag}_${current_date}.sql.gz"
+        if [ "${dummy}" == "true" ]; then
+            echo "sudo -u postgres pg_dump mastodon | gzip -c > \"${backup_file}\""
+        else
+            if [ "${DEBUG}" == "true" ]; then
+                echo "Creating a backup of the database in '${backup_file}'..."
+            fi
+            sudo -u postgres pg_dump mastodon | gzip -c > "${backup_file}"
+        fi
+    fi
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Running bundle install..."
+    fi
+    if [ "${dummy}" == "true" ]; then
+        echo sudo -u mastodon "${mastodon_home}/.rbenv/shims/bundle" install
+    else
+        sudo -u mastodon "${mastodon_home}/.rbenv/shims/bundle" install --redownload
+    fi
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Running yarm install..."
+    fi
+    if [ "${dummy}" == "true" ]; then
+        echo sudo -u mastodon "${mastodon_home}/live/bin/yarn" install --frozen-lockfile
+    else
+        sudo -u mastodon "${mastodon_home}/live/bin/yarn" install --frozen-lockfile
+    fi
+    if [ "${DEBUG}" == "true" ]; then
+        echo "Restarting Mastodon services..."
+    fi
+    if [ "${dummy}" == "true" ]; then
+        echo sudo systemctl restart mastodon-sidekiq.service mastodon-web.service mastodon-streaming mastodon-streaming@4000.service
+    else
+        sudo systemctl restart mastodon-sidekiq.service mastodon-web.service mastodon-streaming mastodon-streaming@4000.service
+    fi
+else
+    echo "Current branch is already '${tag}'"
+    exit 0
+fi

hiera.yaml

@@ -0,0 +1,21 @@
+---
+version: 5
+
+defaults:  # Used for any hierarchy level that omits these keys.
+  datadir: data         # This path is relative to hiera.yaml's directory.
+  data_hash: yaml_data  # Use the built-in YAML backend.
+
+hierarchy:
+  - name: "osfamily/major release"
+    paths:
+        # Used to distinguish between Debian and Ubuntu
+      - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
+      - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
+        # Used for Solaris
+      - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
+  - name: "osfamily"
+    paths:
+      - "os/%{facts.os.name}.yaml"
+      - "os/%{facts.os.family}.yaml"
+  - name: 'common'
+    path: 'common.yaml'

manifests/init.pp

@@ -0,0 +1,615 @@
+# Class to install a Mastodon instance
+#
+# [*ensure*]
+#   String defining if is present or absent
+#
+# [*hostname*]
+#   String with the full qualified hostname of the instance. There must be a DNS record for it.
+#
+# [*mastodon_home*]
+#   String path to Mastodon user home directory. Default /opt/mastodon
+#
+# [*mastodon_version*]
+#   String with Mastodon version (code tag) to install. Default: v4.2.5
+#
+# [*mastodon_user*]
+#   String with the system user name for mastodon. Default: mastodon
+#
+# [*mastodon_group*]
+#   String with the system group name for mastodon. Default: mastodon
+#
+# [*ruby_version*]
+#   String with the ruby version to use. Default: 3.2.3
+#
+# [*config*]
+#   Hash with the configuration to store in .env.production
+#
+# [*db_host*]
+#   String with database host name or socket.
+#
+# [*db_name*]
+#   String with database name.
+#
+# [*db_user*]
+# String with database user name.
+#
+# [*db_password*]
+#   String with database user password.
+#
+# [*db_port*]
+#   Integer with database port.
+#
+# [*secret_key_base*]
+#   String with secret key base.
+#
+# [*otp_secret*]
+#   String with OTP (One-Time-Password) secret.
+#
+# [*vapid_private_key*]
+#   String with VAPID private key
+#
+# [*vapid_public_key*]
+#   String with VAPID public key
+#
+# [*users*]
+#   List of hashes with users information.
+#
+# [*cert_admin_mail*]
+#   Email to provide to Let's Encrypt in exchange for SSL certificates
+#
+# [*nodejs_version*]
+#   String with nodejs version to install. Default 16.x
+#
+# [*manage_updater_task*]
+#   Boolean indicating if this class should manage a scheduled
+#   task (Systemd Timer unit) to update Mastodon automatically.
+#   Requires a github token with read access to public repos.
+#
+# [*github_token*]
+#   String with the Github token with read access to public repos.
+#   WARNING! This token will be in plain text in the System unit
+#   definition, so restrict it to only read public repos.
+#
+# [*media_retention_days*]
+#   Integer with the number of days to keep media attachments. Default 7.
+#
+# [*cards_retention_days*]
+#   Integer with the number of days to keep preview cards. Default 180.
+#
+class mastodon (
+  String $ensure = 'present',
+  String $hostname = 'mastodon.example.org',
+  String $mastodon_home = '/opt/mastodon',
+  String $db_host = '/var/run/postgresql',
+  String $db_name = 'mastodon',
+  String $db_user = 'mastodon',
+  String $db_password = 'S3cr3TP4ssw0rd',
+  Integer $db_port = 5432,
+  String $mastodon_version = 'v4.2.7',
+  String $ruby_version = '3.2.3',
+  String $mastodon_user = 'mastodon',
+  String $mastodon_group = 'mastodon',
+  String $secret_key_base = 'S3cr3tK3i',
+  String $otp_secret = '0tpS3cr3t',
+  String $vapid_private_key = 'S3cr3tK3i',
+  String $vapid_public_key = 'S3cr3tK3i',
+  String $nodejs_version = '16.x',
+  Hash $config = {
+    'LOCAL_DOMAIN' => 'example.com',
+    'REDIS_HOST' => '127.0.0.1',
+    'REDIS_PORT' => 6379,
+    'ES_ENABLED' => 'false',
+    'ES_HOST' => 'localhost',
+    'ES_PORT' => 9200,
+    'ES_USER' => 'elastic',
+    'ES_PASS' => 'password',
+    'SMTP_SERVER' => '',
+    'SMTP_PORT' => 587,
+    'SMTP_LOGIN' => '',
+    'SMTP_PASSWORD' => '',
+    'SMTP_FROM_ADDRESS' => 'notifications@example.com',
+    'S3_ENABLED' => 'false',
+    'S3_BUCKET' => 'files.example.com',
+    'AWS_ACCESS_KEY_ID' => '',
+    'AWS_SECRET_ACCESS_KEY' => '',
+    'S3_ALIAS_HOST' => 'files.example.com',
+    'IP_RETENTION_PERIOD' => 31556952,
+    'SESSION_RETENTION_PERIOD' => 31556952,
+  },
+  Array $users = [],
+  String $cert_admin_mail = 'cert-admin@example.org',
+  Boolean $manage_updater_task = false,
+  String $github_token = '',
+  Integer $media_retention_days = 7,
+  Integer $cards_retention_days = 180,
+  Boolean $manage_redis = true,
+) {
+  case $ensure {
+    default: {
+      $package_ensure = 'installed'
+      $directory_ensure = 'directory'
+      $link_ensure = 'link'
+      $service_ensure = 'running'
+      $file_ensure = 'present'
+    }
+    /^(absent|delete|uninstall|remove|unregister)$/: {
+      $package_ensure = 'absent'
+      $directory_ensure = 'absent'
+      $link_ensure = 'absent'
+      $file_ensure = 'absent'
+      $service_ensure = 'stopped'
+      $cron_ensure = 'absent'
+    }
+  }
+  $packages = [
+    'apt-transport-https',
+    'autoconf',
+    'bison',
+    'build-essential',
+    'ca-certificates',
+    'ffmpeg',
+    'file',
+    'g++',
+    'gcc',
+    'git-core',
+    'gnupg',
+    'imagemagick',
+    'libffi-dev',
+    'libgdbm-dev',
+    'libicu-dev',
+    'libidn11-dev',
+    'libjemalloc-dev',
+    'libncurses5-dev',
+    'libpq-dev',
+    'libprotobuf-dev',
+    'libreadline6-dev',
+    'libssl-dev',
+    'libxml2-dev',
+    'libxslt1-dev',
+    'libyaml-dev',
+    'lsb-release',
+    # 'nginx',
+    'pkg-config',
+    # 'postgresql-contrib',
+    'protobuf-compiler',
+    # 'redis-tools',
+    'wget',
+    'zlib1g-dev',
+  ]
+  $packages.each | $package | {
+    if (!defined(Package[$package])) {
+      package { $package:
+        ensure => $package_ensure,
+      }
+    }
+  }
+  file { '/usr/local/bin/update_mastodon.sh':
+    ensure => $ensure,
+    mode   => '0750',
+    source => 'puppet:///modules/mastodon/update_mastodon.sh',
+  }
+  class { 'nodejs':
+    repo_url_suffix => $nodejs_version,
+  }
+  class { 'postgresql::server':
+  }
+  if ($manage_redis) {
+    include redis
+  }
+  exec { 'enable_corepack':
+    command => '/usr/bin/corepack enable',
+    creates => '/usr/bin/yarn',
+    require => Class['nodejs'],
+  }
+  exec { 'yarn_classic':
+    command => '/usr/bin/yarn set version classic',
+    creates => '/root/.yarnrc',
+    require => Exec['enable_corepack'],
+  }
+  group { $mastodon_group: }
+  user { $mastodon_user:
+    gid        => $mastodon_group,
+    home       => $mastodon_home,
+    managehome => true,
+    system     => true,
+    require    => Group[$mastodon_group],
+  }
+  vcsrepo { 'rbenv':
+    ensure   => $ensure,
+    path     => "${mastodon_home}/.rbenv",
+    source   => 'https://github.com/rbenv/rbenv.git',
+    provider => 'git',
+    depth    => '1',
+    owner    => $mastodon_user,
+    group    => $mastodon_group,
+    require  => User[$mastodon_user],
+  }
+  exec { 'configure_rbenv':
+    command => "${mastodon_home}/.rbenv/src/configure",
+    user    => $mastodon_user,
+    cwd     => "${mastodon_home}/.rbenv/",
+    creates => "${mastodon_home}/.rbenv/src/Makefile",
+    require => Vcsrepo['rbenv'],
+  }
+  exec { 'make_rbenv':
+    command => '/usr/bin/make -C src',
+    user    => $mastodon_user,
+    cwd     => "${mastodon_home}/.rbenv/",
+    creates => "${mastodon_home}/.rbenv/libexec/rbenv",
+    require => Exec['configure_rbenv'],
+  }
+  file_line { 'mastodon_path':
+    path    => "${mastodon_home}/.bashrc",
+    line    => 'export PATH="$HOME/.rbenv/bin:$PATH"',
+    match   => '^export PATH="$HOME/.rbenv',
+    require => Vcsrepo['rbenv'],
+  }
+  file_line { 'mastodon_rbenv_init':
+    path    => "${mastodon_home}/.bashrc",
+    line    => 'eval "$(rbenv init -)"',
+    match   => '^eval "$(rbenv init -)"',
+    require => Vcsrepo['rbenv'],
+  }
+  vcsrepo { 'ruby_build':
+    ensure   => $ensure,
+    path     => "${mastodon_home}/.rbenv/plugins/ruby-build",
+    source   => 'https://github.com/rbenv/ruby-build.git',
+    provider => 'git',
+    depth    => '1',
+    owner    => $mastodon_user,
+    group    => $mastodon_group,
+    require  => Vcsrepo['rbenv'],
+  }
+  if ($db_password != '') {
+    postgresql::server::db { $db_name:
+      user     => $db_user,
+      password => postgresql::postgresql_password($db_user, $db_password),
+      grant    => 'ALL',
+    }
+  } else {
+    postgresql::server::db { $db_name:
+      user  => $db_user,
+      grant => 'ALL',
+    }
+  }
+  postgresql::server::database_grant { "${db_user}_${db_name}" :
+    privilege => 'ALL',
+    db        => $db_name,
+    role      => $db_user,
+  }
+  vcsrepo { 'mastodon_code':
+    path     => "${mastodon_home}/live",
+    source   => 'https://github.com/mastodon/mastodon.git',
+    revision => $mastodon_version,
+    provider => 'git',
+    depth    => '1',
+    owner    => $mastodon_user,
+    group    => $mastodon_group,
+    require  => User[$mastodon_user],
+  }
+  file { '/usr/local/bin/install_mastodon.sh':
+    ensure  => $ensure,
+    content => template('mastodon/install_mastodon.sh.erb'),
+    mode    => '0750',
+    owner   => $mastodon_user,
+    group   => 'root',
+    require => [
+      Vcsrepo['mastodon_code'],
+      Postgresql::Server::Db[$db_name],
+      Vcsrepo['ruby_build'],
+    ],
+  }
+  exec { 'install_mastodon':
+    command     => '/usr/local/bin/install_mastodon.sh',
+    user        => $mastodon_user,
+    group       => $mastodon_group,
+    environment => [
+      "HOME=${mastodon_home}",
+      'LANG=C.UTF-8',
+      "USER=${mastodon_user}",
+    ],
+    creates     => "${mastodon_home}/.mastodon_install",
+    path        => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+    timeout     => 0,
+    require     => File['/usr/local/bin/install_mastodon.sh'],
+  }
+  $built_config = {
+    'LOCAL_DOMAIN'    => $hostname,
+    'DB_PASS'         => $db_password,
+    'DB_USER'         => $db_user,
+    'DB_NAME'         => $db_name,
+    'DB_PORT'         => $db_port,
+    'DB_HOST'         => $db_host,
+    'SECRET_KEY_BASE' => $secret_key_base,
+    'OTP_SECRET'      => $otp_secret,
+  }
+  $real_config = $config + $built_config
+  file { "${mastodon_home}/live/.env.production":
+    ensure  => $ensure,
+    content => template('mastodon/env.production.erb'),
+    mode    => '0640',
+    owner   => $mastodon_user,
+    group   => $mastodon_group,
+    require => [
+      Vcsrepo['mastodon_code'],
+    ],
+  }
+  # RAILS_ENV=production rails db:setup
+  exec { 'db_setup':
+    command     => "${mastodon_home}/live/bin/rails db:setup > ${mastodon_home}/db_setup_done",
+    creates     => "${mastodon_home}/db_setup_done",
+    path        => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+    environment => [
+      'RAILS_ENV=production',
+    ],
+    user        => $mastodon_user,
+    group       => $mastodon_group,
+    cwd         => "${mastodon_home}/live",
+    timeout     => 0,
+    require     => File["${mastodon_home}/live/.env.production"],
+  }
+  # db:create
+  # RAILS_ENV=production rails assets:precompile
+  exec { 'assets_precompile':
+    command     => "${mastodon_home}/live/bin/rails assets:precompile > ${mastodon_home}/assets_precompile_done",
+    creates     => "${mastodon_home}/assets_precompile_done",
+    path        => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+    environment => [
+      'RAILS_ENV=production',
+    ],
+    user        => $mastodon_user,
+    group       => $mastodon_group,
+    cwd         => "${mastodon_home}/live",
+    timeout     => 0,
+    require     => File["${mastodon_home}/live/.env.production"],
+  }
+  if (!defined(Class['letsencrypt'])) {
+    class { 'letsencrypt':
+      email             => $cert_admin_mail,
+      renew_cron_ensure => 'present',
+    }
+  }
+  letsencrypt::certonly { $hostname:
+    domains            => [$hostname],
+    pre_hook_commands  => ['systemctl stop apache2'],
+    post_hook_commands => ['systemctl start apache2'],
+  }
+  apache::vhost { $hostname:
+    ensure                      => $ensure,
+    access_log_file             => $hostname,
+    add_listen                  => false,
+    error_log_file              => $hostname,
+    docroot                     => "${mastodon_home}/live/public",
+    manage_docroot              => false,
+    proxy_preserve_host         => true,
+    proxy_add_headers           => true,
+    port                        => 443,
+    priority                    => 15,
+    protocols                   => [
+      'h2',
+      'http/1.1',
+    ],
+    protocols_honor_order       => true,
+    proxy_requests              => false,
+    proxy_pass                  => [
+      { 'path' => '/500.html', 'url'  => '!' },
+      { 'path' => '/sw.js', 'url' => '!' },
+      { 'path' => '/robots.txt', 'url' => '!' },
+      { 'path' => '/manifest.json', 'url' => '!' },
+      { 'path' => '/browserconfig.xml', 'url' => '!' },
+      { 'path' => '/mask-icon.svg', 'url' => '!' },
+    ],
+    custom_fragment             => '
+        ServerSignature Off
+
+        ProxyPass /api/v1/streaming ws://localhost:4000
+        ProxyPassReverse /api/v1/streaming ws://localhost:4000
+        ProxyPass / http://localhost:3000/
+        ProxyPassReverse / http://localhost:3000/
+    ',
+    proxy_pass_match            => [
+      { 'path' => '^(/.*\.(png|ico)$)', 'url' => '!' },
+      { 'path' => '^/(assets|avatars|emoji|headers|packs|sounds|system)', 'url' => '!' },
+    ],
+    request_headers             => [
+      'set X-Forwarded-Proto "https"',
+    ],
+    headers                     => [
+      'always set Strict-Transport-Security "max-age=31536000"',
+      'always set Strict-Transport-Security "max-age=15552001; includeSubDomains"',
+    ],
+    directories                 => [
+      {
+        'path'     => '^/(assets|avatars|emoji|headers|packs|sounds|system)',
+        'provider' => 'locationmatch',
+        'headers'  => 'always set Cache-Control "public, max-age=31536000, immutable"',
+        'deny'     => 'from all',
+        'require'  => 'all granted',
+      },
+      {
+        'path'     => '/',
+        'provider' => 'location',
+        'require'  => 'all granted',
+      },
+    ],
+    error_documents             => [
+      { 'error_code' => '500', 'document' => '/500' },
+      { 'error_code' => '501', 'document' => '/501' },
+      { 'error_code' => '502', 'document' => '/502' },
+      { 'error_code' => '503', 'document' => '/503' },
+      { 'error_code' => '504', 'document' => '/504' },
+    ],
+    ssl                         => true,
+    ssl_cert                    => "/etc/letsencrypt/live/${hostname}/fullchain.pem",
+    ssl_cipher                  => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
+    ssl_honorcipherorder        => true,
+    ssl_protocol                => 'all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1',
+    ssl_key                     => "/etc/letsencrypt/live/${hostname}/privkey.pem",
+    ssl_proxy_check_peer_cn     => 'on',
+    ssl_proxy_check_peer_expire => 'on',
+    ssl_proxyengine             => true,
+    ssl_reload_on_change        => true,
+    allow_encoded_slashes       => 'on',
+    require                     => Class['letsencrypt'],
+  }
+  apache::vhost { "${hostname}_insecure":
+    ensure          => $ensure,
+    servername      => $hostname,
+    access_log_file => "${hostname}_insecure",
+    error_log_file  => "${hostname}_insecure",
+    add_listen      => false,
+    ip              => '0.0.0.0',
+    port            => 80,
+    docroot         => "${mastodon_home}/live/public",
+    redirect_status => 'permanent',
+    redirect_dest   => "https://${hostname}/",
+    custom_fragment => 'ServerSignature Off',
+  }
+  systemd::unit_file { 'mastodon-sidekiq.service':
+    ensure  => present,
+    content => template('mastodon/mastodon-sidekiq.service.erb'),
+    active  => true,
+    enable  => true,
+  }
+  systemd::unit_file { 'mastodon-streaming.service':
+    ensure  => present,
+    content => template('mastodon/mastodon-streaming.service.erb'),
+    active  => true,
+    enable  => true,
+  }
+  systemd::unit_file { 'mastodon-streaming@.service':
+    ensure  => present,
+    content => template('mastodon/mastodon-streaming@.service.erb'),
+#    active  => true,
+    enable  => true,
+  }
+  systemd::unit_file { 'mastodon-web.service':
+    ensure  => present,
+    content => template('mastodon/mastodon-web.service.erb'),
+    active  => true,
+    enable  => true,
+  }
+  $users.each | $user | {
+    if ($user['confirmed']) {
+      $confirmed = '--confirmed'
+    } else {
+      $confirmed = ''
+    }
+    exec { "create_user_${user['username']}":
+      command     => "${mastodon_home}/live/bin/tootctl accounts create '${user['username']}' --email '${user['email']}' ${confirmed} --role '${user['role']}' > '${mastodon_home}/create_user_${user['username']}'",
+      creates     => "${mastodon_home}/create_user_${user['username']}",
+      path        => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+      environment => [
+        'RAILS_ENV=production',
+      ],
+      user        => $mastodon_user,
+      group       => $mastodon_group,
+      cwd         => "${mastodon_home}/live",
+      timeout     => 0,
+      require     => File["${mastodon_home}/live/.env.production"],
+    }
+  }
+  # 
+  # Maintenance tasks
+  $_timer_remove_media = @("EOT")
+    [Unit]
+    Description=Mastodon - Remove old media
+
+    [Timer]
+    OnBootSec=24min
+    OnUnitActiveSec=1d
+    Unit=mastodon_remove_media.service
+
+    [Install]
+    WantedBy=timers.target
+    | EOT
+
+  $_service_remove_media = @("EOT")
+    [Service]
+    Type=simple
+    User=${mastodon_user}
+    WorkingDirectory=${mastodon_home}/live
+    Environment='RAILS_ENV=production' 'PATH=${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+    ExecStart=/opt/mastodon/live/bin/tootctl media remove --days ${media_retention_days}
+
+    [Unit]
+    OnFailure=status_email_antoniodelgado@%n.service
+    | EOT
+
+  systemd::timer { 'mastodon_remove_media.timer':
+    ensure          => present,
+    timer_content   => $_timer_remove_media,
+    service_unit    => 'mastodon_remove_media.service',
+    service_content => $_service_remove_media,
+    active          => true,
+    enable          => true,
+  }
+  $_timer_remove_cards = @("EOT")
+    [Unit]
+    Description=Mastodon - Remove old media
+
+    [Timer]
+    OnBootSec=24min
+    OnUnitActiveSec=1d
+    Unit=mastodon_remove_cards.service
+
+    [Install]
+    WantedBy=timers.target
+    | EOT
+
+  $_service_remove_cards = @("EOT")
+    [Service]
+    Type=simple
+    User=${mastodon_user}
+    WorkingDirectory=${mastodon_home}/live
+    Environment='RAILS_ENV=production' 'PATH=${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+    ExecStart=/opt/mastodon/live/bin/tootctl preview_cards remove --days ${cards_retention_days}
+
+    [Unit]
+    OnFailure=status_email_antoniodelgado@%n.service
+    | EOT
+
+  systemd::timer { 'mastodon_remove_cards.timer':
+    ensure          => present,
+    timer_content   => $_timer_remove_cards,
+    service_unit    => 'mastodon_remove_cards.service',
+    service_content => $_service_remove_cards,
+    active          => true,
+    enable          => true,
+  }
+
+  if ($manage_updater_task and $github_token != '') {
+    $_timer_updater = @("EOT")
+      [Unit]
+      Description=Mastodon - Updater
+
+      [Timer]
+      OnBootSec=24min
+      OnUnitActiveSec=1d
+      Unit=mastodon_updater.service
+
+      [Install]
+      WantedBy=timers.target
+      | EOT
+
+    $_service_updater = @("EOT")
+      [Service]
+      Type=simple
+      User=${mastodon_user}
+      WorkingDirectory=${mastodon_home}/live
+      ExecStart=/usr/local/bin/update_mastodon.sh --debug --token "${github_token}"
+
+      [Unit]
+      OnFailure=status_email_antoniodelgado@%n.service
+      | EOT
+
+    systemd::timer { 'mastodon_updater.timer':
+      ensure          => present,
+      timer_content   => $_timer_updater,
+      service_unit    => 'mastodon_updater.service',
+      service_content => $_service_updater,
+      active          => true,
+      enable          => true,
+    }
+  }
+}

metadata.json

@@ -0,0 +1,55 @@
+{
+  "name": "antoniodelgado-mastodon",
+  "version": "0.1.0",
+  "author": "antoniodelgado",
+  "summary": "",
+  "license": "GPLv3",
+  "source": "",
+  "dependencies": [
+    {
+      "name": "puppet-nodejs",
+      "version_requirement": "10.0.0"
+    },
+    {
+      "name": "puppet-redis",
+      "version_requirement": "9.3.0"
+    },
+    {
+      "name": "puppetlabs-apache",
+      "version_requirement": "10.1.1"
+    },
+    {
+      "name": "puppetlabs-postgresql",
+      "version_requirement": "10.0.2"
+    },
+    {
+      "name": "puppetlabs-vcsrepo",
+      "version_requirement": "5.4.0"
+    },
+    {
+      "name": "puppet-systemd", 
+      "version_requirement": "4.0.1"
+    },
+    {
+      "name": "puppet-letsencrypt",
+      "version_requirement": "10.1.0"
+    }
+  ],
+  "operatingsystem_support": [
+    {
+      "operatingsystem": "Ubuntu",
+      "operatingsystemrelease": [
+        "20.04"
+      ]
+    }
+  ],
+  "requirements": [
+    {
+      "name": "puppet",
+      "version_requirement": ">= 7.24 < 9.0.0"
+    }
+  ],
+  "pdk-version": "3.0.0",
+  "template-url": "pdk-default#3.0.0",
+  "template-ref": "tags/3.0.0-0-g056e50d"
+}

spec/default_facts.yml

@@ -0,0 +1,8 @@
+# Use default_module_facts.yml for module specific facts.
+#
+# Facts specified here will override the values provided by rspec-puppet-facts.
+---
+ipaddress: "172.16.254.254"
+ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
+is_pe: false
+macaddress: "AA:AA:AA:AA:AA:AA"

spec/spec_helper.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+RSpec.configure do |c|
+  c.mock_with :rspec
+end
+
+require 'puppetlabs_spec_helper/module_spec_helper'
+require 'rspec-puppet-facts'
+
+require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
+
+include RspecPuppetFacts
+
+default_facts = {
+  puppetversion: Puppet.version,
+  facterversion: Facter.version,
+}
+
+default_fact_files = [
+  File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')),
+  File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')),
+]
+
+default_fact_files.each do |f|
+  next unless File.exist?(f) && File.readable?(f) && File.size?(f)
+
+  begin
+    default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+  rescue StandardError => e
+    RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
+  end
+end
+
+# read default_facts and merge them over what is provided by facterdb
+default_facts.each do |fact, value|
+  add_custom_fact fact, value
+end
+
+RSpec.configure do |c|
+  c.default_facts = default_facts
+  c.before :each do
+    # set to strictest setting for testing
+    # by default Puppet runs at warning level
+    Puppet.settings[:strict] = :warning
+    Puppet.settings[:strict_variables] = true
+  end
+  c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT']
+  c.after(:suite) do
+    RSpec::Puppet::Coverage.report!(0)
+  end
+
+  # Filter backtrace noise
+  backtrace_exclusion_patterns = [
+    %r{spec_helper},
+    %r{gems},
+  ]
+
+  if c.respond_to?(:backtrace_exclusion_patterns)
+    c.backtrace_exclusion_patterns = backtrace_exclusion_patterns
+  elsif c.respond_to?(:backtrace_clean_patterns)
+    c.backtrace_clean_patterns = backtrace_exclusion_patterns
+  end
+end
+
+# Ensures that a module is defined
+# @param module_name Name of the module
+def ensure_module_defined(module_name)
+  module_name.split('::').reduce(Object) do |last_module, next_module|
+    last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false)
+    last_module.const_get(next_module, false)
+  end
+end
+
+# 'spec_overrides' from sync.yml will appear below this line

templates/env.production.erb

@@ -0,0 +1,5 @@
+# This file was generated by Puppet
+
+<% @real_config.each_pair do |field, value| -%>
+<%= field %>=<%= value %>
+<% end -%>

templates/install_mastodon.sh.erb

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -euo pipefail
+
+if [ ! -e '<%= @mastodon_home %>/.mastodon_install' ]; then
+    cd '<%= @mastodon_home %>'
+    echo "Installing ruby..."
+    export PATH="<%= @mastodon_home %>/.rbenv/bin:$PATH"
+    eval "$(<%= @mastodon_home %>/.rbenv/bin/rbenv init -)"
+    if [ ! -e '<%= @mastodon_home %>/.rbenv/versions/<%= @ruby_version %>/bin/ruby' ]; then
+        RUBY_CONFIGURE_OPTS=--with-jemalloc '<%= @mastodon_home %>/.rbenv/bin/rbenv' install '<%= @ruby_version %>'
+    fi
+    '<%= @mastodon_home %>/.rbenv/bin/rbenv' global '<%= @ruby_version %>'
+    '<%= @mastodon_home %>/.rbenv/versions/<%= @ruby_version %>/bin/gem' install bundler --no-document
+    echo "Configuring bundle..."
+    cd '<%= @mastodon_home %>/live'
+    '<%= @mastodon_home %>/.rbenv/shims/bundle' config deployment 'true'
+    '<%= @mastodon_home %>/.rbenv/shims/bundle' config without 'development test'
+    echo "Running bundle install..."
+    '<%= @mastodon_home %>/.rbenv/shims/bundle' install -j$(getconf _NPROCESSORS_ONLN)
+    echo "Running yarn install..."
+    '<%= @mastodon_home %>/live/bin/yarn' install --pure-lockfile
+    echo $(date +s) > '<%= @mastodon_home %>/.mastodon_install'
+fi

templates/mastodon-sidekiq.service.erb

@@ -0,0 +1,53 @@
+[Unit]
+Description=mastodon-sidekiq
+After=network.target
+
+[Service]
+Type=simple
+User=<%= @mastodon_user %>
+WorkingDirectory=<%= @mastodon_home %>/live
+Environment="RAILS_ENV=production"
+Environment="DB_POOL=25"
+Environment="MALLOC_ARENA_MAX=2"
+Environment="LD_PRELOAD=libjemalloc.so"
+ExecStart=<%= @mastodon_home %>/.rbenv/shims/bundle exec sidekiq -c 25
+TimeoutSec=15
+Restart=always
+# Proc filesystem
+ProcSubset=pid
+ProtectProc=invisible
+# Capabilities
+CapabilityBoundingSet=
+# Security
+NoNewPrivileges=true
+# Sandboxing
+ProtectSystem=strict
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET
+RestrictAddressFamilies=AF_INET6
+RestrictAddressFamilies=AF_NETLINK
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+PrivateMounts=true
+ProtectClock=true
+# System Call Filtering
+SystemCallArchitectures=native
+SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid
+SystemCallFilter=@chown
+SystemCallFilter=pipe
+SystemCallFilter=pipe2
+ReadWritePaths=<%= @mastodon_home %>/live
+
+[Install]
+WantedBy=multi-user.target

templates/mastodon-streaming.service.erb

@@ -0,0 +1,12 @@
+[Unit]
+Description=mastodon-streaming
+After=network.target
+Wants=mastodon-streaming@4000.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/echo "mastodon-streaming exists only to collectively start and stop mastodon-streaming@ instances, shimming over the migration to templated mastodon-streaming systemd unit"
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

templates/mastodon-streaming@.service.erb

@@ -0,0 +1,54 @@
+[Unit]
+Description=mastodon-streaming on port %I
+After=network.target
+# handles using `systemctl restart mastodon-streaming`
+PartOf=mastodon-streaming.service
+ReloadPropagatedFrom=mastodon-streaming.service
+
+[Service]
+Type=simple
+User=<%= @mastodon_user %>
+WorkingDirectory=<%= @mastodon_home %>/live
+Environment="NODE_ENV=production"
+Environment="PORT=%i"
+ExecStart=/usr/bin/node ./streaming
+TimeoutSec=15
+Restart=always
+LimitNOFILE=65536
+# Proc filesystem
+ProcSubset=pid
+ProtectProc=invisible
+# Capabilities
+CapabilityBoundingSet=
+# Security
+NoNewPrivileges=true
+# Sandboxing
+ProtectSystem=strict
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET
+RestrictAddressFamilies=AF_INET6
+RestrictAddressFamilies=AF_NETLINK
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+PrivateMounts=true
+ProtectClock=true
+# System Call Filtering
+SystemCallArchitectures=native
+SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @memlock @mount @obsolete @privileged @resources @setuid
+SystemCallFilter=pipe
+SystemCallFilter=pipe2
+ReadWritePaths=<%= @mastodon_home %>/live
+
+[Install]
+WantedBy=multi-user.target mastodon-streaming.service

templates/mastodon-web.service.erb

@@ -0,0 +1,53 @@
+[Unit]
+Description=mastodon-web
+After=network.target
+
+[Service]
+Type=simple
+User=<%= @mastodon_user %>
+WorkingDirectory=<%= @mastodon_home %>/live
+Environment="RAILS_ENV=production"
+Environment="PORT=3000"
+Environment="LD_PRELOAD=libjemalloc.so"
+ExecStart=<%= @mastodon_home %>/.rbenv/shims/bundle exec puma -C config/puma.rb
+ExecReload=/bin/kill -SIGUSR1 $MAINPID
+TimeoutSec=15
+Restart=always
+# Proc filesystem
+ProcSubset=pid
+ProtectProc=invisible
+# Capabilities
+CapabilityBoundingSet=
+# Security
+NoNewPrivileges=true
+# Sandboxing
+ProtectSystem=strict
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET
+RestrictAddressFamilies=AF_INET6
+RestrictAddressFamilies=AF_NETLINK
+RestrictAddressFamilies=AF_UNIX
+RestrictNamespaces=true
+LockPersonality=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+PrivateMounts=true
+ProtectClock=true
+# System Call Filtering
+SystemCallArchitectures=native
+SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid
+SystemCallFilter=@chown
+SystemCallFilter=pipe
+SystemCallFilter=pipe2
+ReadWritePaths=<%= @mastodon_home %>/live
+
+[Install]
+WantedBy=multi-user.target