adelgado/puppet-mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: adelgado:production
Branches Tags
adelgado:production
adelgado:master
..
compare: adelgado:master
Branches Tags
adelgado:production
adelgado:master

No commits in common. "production" and "master" have entirely different histories.
production ... master

27 changed files with 1 additions and 2253 deletions
Show stats Expand all files Collapse all files

6
.fixtures.yml
View file

@ -1,6 +0,0 @@
# This file can be used to install module dependencies for unit testing
# See https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures for details
---
fixtures:
forge_modules:
# stdlib: "puppetlabs/stdlib"

5
.gitattributes vendored
View file

@ -1,5 +0,0 @@
*.rb eol=lf
*.erb eol=lf
*.pp eol=lf
*.sh eol=lf
*.epp eol=lf

28
.gitignore vendored
View file

@ -1,28 +0,0 @@
.git/
.*.sw[op]
.metadata
.yardoc
.yardwarns
*.iml
/.bundle/
/.idea/
/.vagrant/
/coverage/
/bin/
/doc/
/Gemfile.local
/Gemfile.lock
/junit/
/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/*
/tmp/
/vendor/
/convert_report.txt
/update_report.txt
.DS_Store
.project
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml

43
.pdkignore
View file

@ -1,43 +0,0 @@
.git/
.*.sw[op]
.metadata
.yardoc
.yardwarns
*.iml
/.bundle/
/.idea/
/.vagrant/
/coverage/
/bin/
/doc/
/Gemfile.local
/Gemfile.lock
/junit/
/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/*
/tmp/
/vendor/
/convert_report.txt
/update_report.txt
.DS_Store
.project
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml
/.fixtures.yml
/Gemfile
/.gitattributes
/.gitignore
/.pdkignore
/.puppet-lint.rc
/Rakefile
/rakelib/
/.rspec
/..yml
/.yardopts
/spec/
/.vscode/
/.sync.yml
/.devcontainer/

1
.puppet-lint.rc
View file

@ -1 +0,0 @@
--relative

2
.rspec
View file

@ -1,2 +0,0 @@
--color
--format documentation

723
.rubocop.yml
View file

@ -1,723 +0,0 @@
---
require:
- rubocop-performance
- rubocop-rspec
AllCops:
DisplayCopNames: true
TargetRubyVersion: '2.6'
Include:
- "**/*.rb"
Exclude:
- bin/*
- ".vendor/**/*"
- "**/Gemfile"
- "**/Rakefile"
- pkg/**/*
- spec/fixtures/**/*
- vendor/**/*
- "**/Puppetfile"
- "**/Vagrantfile"
- "**/Guardfile"
Layout/LineLength:
Description: People have wide screens, use them.
Max: 200
RSpec/BeforeAfterAll:
Description: Beware of using after(:all) as it may cause state to leak between tests.
A necessary evil in acceptance testing.
Exclude:
- spec/acceptance/**/*.rb
RSpec/HookArgument:
Description: Prefer explicit :each argument, matching existing module's style
EnforcedStyle: each
RSpec/DescribeSymbol:
Exclude:
- spec/unit/facter/**/*.rb
Style/BlockDelimiters:
Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
be consistent then.
EnforcedStyle: braces_for_chaining
Style/ClassAndModuleChildren:
Description: Compact style reduces the required amount of indentation.
EnforcedStyle: compact
Style/EmptyElse:
Description: Enforce against empty else clauses, but allow `nil` for clarity.
EnforcedStyle: empty
Style/FormatString:
Description: Following the main puppet project's style, prefer the % format format.
EnforcedStyle: percent
Style/FormatStringToken:
Description: Following the main puppet project's style, prefer the simpler template
tokens over annotated ones.
EnforcedStyle: template
Style/Lambda:
Description: Prefer the keyword for easier discoverability.
EnforcedStyle: literal
Style/RegexpLiteral:
Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168
EnforcedStyle: percent_r
Style/TernaryParentheses:
Description: Checks for use of parentheses around ternary conditions. Enforce parentheses
on complex expressions for better readability, but seriously consider breaking
it up.
EnforcedStyle: require_parentheses_when_complex
Style/TrailingCommaInArguments:
Description: Prefer always trailing comma on multiline argument lists. This makes
diffs, and re-ordering nicer.
EnforcedStyleForMultiline: comma
Style/TrailingCommaInArrayLiteral:
Description: Prefer always trailing comma on multiline literals. This makes diffs,
and re-ordering nicer.
EnforcedStyleForMultiline: comma
Style/SymbolArray:
Description: Using percent style obscures symbolic intent of array's contents.
EnforcedStyle: brackets
RSpec/MessageSpies:
EnforcedStyle: receive
Style/Documentation:
Exclude:
- lib/puppet/parser/functions/**/*
- spec/**/*
Style/WordArray:
EnforcedStyle: brackets
Performance/AncestorsInclude:
Enabled: true
Performance/BigDecimalWithNumericArgument:
Enabled: true
Performance/BlockGivenWithExplicitBlock:
Enabled: true
Performance/CaseWhenSplat:
Enabled: true
Performance/ConstantRegexp:
Enabled: true
Performance/MethodObjectAsBlock:
Enabled: true
Performance/RedundantSortBlock:
Enabled: true
Performance/RedundantStringChars:
Enabled: true
Performance/ReverseFirst:
Enabled: true
Performance/SortReverse:
Enabled: true
Performance/Squeeze:
Enabled: true
Performance/StringInclude:
Enabled: true
Performance/Sum:
Enabled: true
Style/CollectionMethods:
Enabled: true
Style/MethodCalledOnDoEndBlock:
Enabled: true
Style/StringMethods:
Enabled: true
Bundler/GemFilename:
Enabled: false
Bundler/InsecureProtocolSource:
Enabled: false
Capybara/CurrentPathExpectation:
Enabled: false
Capybara/VisibilityMatcher:
Enabled: false
Gemspec/DuplicatedAssignment:
Enabled: false
Gemspec/OrderedDependencies:
Enabled: false
Gemspec/RequiredRubyVersion:
Enabled: false
Gemspec/RubyVersionGlobalsUsage:
Enabled: false
Layout/ArgumentAlignment:
Enabled: false
Layout/BeginEndAlignment:
Enabled: false
Layout/ClosingHeredocIndentation:
Enabled: false
Layout/EmptyComment:
Enabled: false
Layout/EmptyLineAfterGuardClause:
Enabled: false
Layout/EmptyLinesAroundArguments:
Enabled: false
Layout/EmptyLinesAroundAttributeAccessor:
Enabled: false
Layout/EndOfLine:
Enabled: false
Layout/FirstArgumentIndentation:
Enabled: false
Layout/HashAlignment:
Enabled: false
Layout/HeredocIndentation:
Enabled: false
Layout/LeadingEmptyLines:
Enabled: false
Layout/SpaceAroundMethodCallOperator:
Enabled: false
Layout/SpaceInsideArrayLiteralBrackets:
Enabled: false
Layout/SpaceInsideReferenceBrackets:
Enabled: false
Lint/BigDecimalNew:
Enabled: false
Lint/BooleanSymbol:
Enabled: false
Lint/ConstantDefinitionInBlock:
Enabled: false
Lint/DeprecatedOpenSSLConstant:
Enabled: false
Lint/DisjunctiveAssignmentInConstructor:
Enabled: false
Lint/DuplicateElsifCondition:
Enabled: false
Lint/DuplicateRequire:
Enabled: false
Lint/DuplicateRescueException:
Enabled: false
Lint/EmptyConditionalBody:
Enabled: false
Lint/EmptyFile:
Enabled: false
Lint/ErbNewArguments:
Enabled: false
Lint/FloatComparison:
Enabled: false
Lint/HashCompareByIdentity:
Enabled: false
Lint/IdentityComparison:
Enabled: false
Lint/InterpolationCheck:
Enabled: false
Lint/MissingCopEnableDirective:
Enabled: false
Lint/MixedRegexpCaptureTypes:
Enabled: false
Lint/NestedPercentLiteral:
Enabled: false
Lint/NonDeterministicRequireOrder:
Enabled: false
Lint/OrderedMagicComments:
Enabled: false
Lint/OutOfRangeRegexpRef:
Enabled: false
Lint/RaiseException:
Enabled: false
Lint/RedundantCopEnableDirective:
Enabled: false
Lint/RedundantRequireStatement:
Enabled: false
Lint/RedundantSafeNavigation:
Enabled: false
Lint/RedundantWithIndex:
Enabled: false
Lint/RedundantWithObject:
Enabled: false
Lint/RegexpAsCondition:
Enabled: false
Lint/ReturnInVoidContext:
Enabled: false
Lint/SafeNavigationConsistency:
Enabled: false
Lint/SafeNavigationWithEmpty:
Enabled: false
Lint/SelfAssignment:
Enabled: false
Lint/SendWithMixinArgument:
Enabled: false
Lint/ShadowedArgument:
Enabled: false
Lint/StructNewOverride:
Enabled: false
Lint/ToJSON:
Enabled: false
Lint/TopLevelReturnWithArgument:
Enabled: false
Lint/TrailingCommaInAttributeDeclaration:
Enabled: false
Lint/UnreachableLoop:
Enabled: false
Lint/UriEscapeUnescape:
Enabled: false
Lint/UriRegexp:
Enabled: false
Lint/UselessMethodDefinition:
Enabled: false
Lint/UselessTimes:
Enabled: false
Metrics/AbcSize:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/BlockNesting:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/ModuleLength:
Enabled: false
Metrics/ParameterLists:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
Migration/DepartmentName:
Enabled: false
Naming/AccessorMethodName:
Enabled: false
Naming/BlockParameterName:
Enabled: false
Naming/HeredocDelimiterCase:
Enabled: false
Naming/HeredocDelimiterNaming:
Enabled: false
Naming/MemoizedInstanceVariableName:
Enabled: false
Naming/MethodParameterName:
Enabled: false
Naming/RescuedExceptionsVariableName:
Enabled: false
Naming/VariableNumber:
Enabled: false
Performance/BindCall:
Enabled: false
Performance/DeletePrefix:
Enabled: false
Performance/DeleteSuffix:
Enabled: false
Performance/InefficientHashSearch:
Enabled: false
Performance/UnfreezeString:
Enabled: false
Performance/UriDefaultParser:
Enabled: false
RSpec/Be:
Enabled: false
RSpec/Capybara/FeatureMethods:
Enabled: false
RSpec/ContainExactly:
Enabled: false
RSpec/ContextMethod:
Enabled: false
RSpec/ContextWording:
Enabled: false
RSpec/DescribeClass:
Enabled: false
RSpec/EmptyHook:
Enabled: false
RSpec/EmptyLineAfterExample:
Enabled: false
RSpec/EmptyLineAfterExampleGroup:
Enabled: false
RSpec/EmptyLineAfterHook:
Enabled: false
RSpec/ExampleLength:
Enabled: false
RSpec/ExampleWithoutDescription:
Enabled: false
RSpec/ExpectChange:
Enabled: false
RSpec/ExpectInHook:
Enabled: false
RSpec/FactoryBot/AttributeDefinedStatically:
Enabled: false
RSpec/FactoryBot/CreateList:
Enabled: false
RSpec/FactoryBot/FactoryClassName:
Enabled: false
RSpec/HooksBeforeExamples:
Enabled: false
RSpec/ImplicitBlockExpectation:
Enabled: false
RSpec/ImplicitSubject:
Enabled: false
RSpec/LeakyConstantDeclaration:
Enabled: false
RSpec/LetBeforeExamples:
Enabled: false
RSpec/MatchArray:
Enabled: false
RSpec/MissingExampleGroupArgument:
Enabled: false
RSpec/MultipleExpectations:
Enabled: false
RSpec/MultipleMemoizedHelpers:
Enabled: false
RSpec/MultipleSubjects:
Enabled: false
RSpec/NestedGroups:
Enabled: false
RSpec/PredicateMatcher:
Enabled: false
RSpec/ReceiveCounts:
Enabled: false
RSpec/ReceiveNever:
Enabled: false
RSpec/RepeatedExampleGroupBody:
Enabled: false
RSpec/RepeatedExampleGroupDescription:
Enabled: false
RSpec/RepeatedIncludeExample:
Enabled: false
RSpec/ReturnFromStub:
Enabled: false
RSpec/SharedExamples:
Enabled: false
RSpec/StubbedMock:
Enabled: false
RSpec/UnspecifiedException:
Enabled: false
RSpec/VariableDefinition:
Enabled: false
RSpec/VoidExpect:
Enabled: false
RSpec/Yield:
Enabled: false
Security/Open:
Enabled: false
Style/AccessModifierDeclarations:
Enabled: false
Style/AccessorGrouping:
Enabled: false
Style/BisectedAttrAccessor:
Enabled: false
Style/CaseLikeIf:
Enabled: false
Style/ClassEqualityComparison:
Enabled: false
Style/ColonMethodDefinition:
Enabled: false
Style/CombinableLoops:
Enabled: false
Style/CommentedKeyword:
Enabled: false
Style/Dir:
Enabled: false
Style/DoubleCopDisableDirective:
Enabled: false
Style/EmptyBlockParameter:
Enabled: false
Style/EmptyLambdaParameter:
Enabled: false
Style/Encoding:
Enabled: false
Style/EvalWithLocation:
Enabled: false
Style/ExpandPathArguments:
Enabled: false
Style/ExplicitBlockArgument:
Enabled: false
Style/ExponentialNotation:
Enabled: false
Style/FloatDivision:
Enabled: false
Style/FrozenStringLiteralComment:
Enabled: false
Style/GlobalStdStream:
Enabled: false
Style/HashAsLastArrayItem:
Enabled: false
Style/HashLikeCase:
Enabled: false
Style/HashTransformKeys:
Enabled: false
Style/HashTransformValues:
Enabled: false
Style/IfUnlessModifier:
Enabled: false
Style/KeywordParametersOrder:
Enabled: false
Style/MinMax:
Enabled: false
Style/MixinUsage:
Enabled: false
Style/MultilineWhenThen:
Enabled: false
Style/NegatedUnless:
Enabled: false
Style/NumericPredicate:
Enabled: false
Style/OptionalBooleanParameter:
Enabled: false
Style/OrAssignment:
Enabled: false
Style/RandomWithOffset:
Enabled: false
Style/RedundantAssignment:
Enabled: false
Style/RedundantCondition:
Enabled: false
Style/RedundantConditional:
Enabled: false
Style/RedundantFetchBlock:
Enabled: false
Style/RedundantFileExtensionInRequire:
Enabled: false
Style/RedundantRegexpCharacterClass:
Enabled: false
Style/RedundantRegexpEscape:
Enabled: false
Style/RedundantSelfAssignment:
Enabled: false
Style/RedundantSort:
Enabled: false
Style/RescueStandardError:
Enabled: false
Style/SingleArgumentDig:
Enabled: false
Style/SlicingWithRange:
Enabled: false
Style/SoleNestedConditional:
Enabled: false
Style/StderrPuts:
Enabled: false
Style/StringConcatenation:
Enabled: false
Style/Strip:
Enabled: false
Style/SymbolProc:
Enabled: false
Style/TrailingBodyOnClass:
Enabled: false
Style/TrailingBodyOnMethodDefinition:
Enabled: false
Style/TrailingBodyOnModule:
Enabled: false
Style/TrailingCommaInHashLiteral:
Enabled: false
Style/TrailingMethodEndStatement:
Enabled: false
Style/UnpackFirst:
Enabled: false
Capybara/MatchStyle:
Enabled: false
Capybara/NegationMatcher:
Enabled: false
Capybara/SpecificActions:
Enabled: false
Capybara/SpecificFinders:
Enabled: false
Capybara/SpecificMatcher:
Enabled: false
Gemspec/DeprecatedAttributeAssignment:
Enabled: false
Gemspec/DevelopmentDependencies:
Enabled: false
Gemspec/RequireMFA:
Enabled: false
Layout/LineContinuationLeadingSpace:
Enabled: false
Layout/LineContinuationSpacing:
Enabled: false
Layout/LineEndStringConcatenationIndentation:
Enabled: false
Layout/SpaceBeforeBrackets:
Enabled: false
Lint/AmbiguousAssignment:
Enabled: false
Lint/AmbiguousOperatorPrecedence:
Enabled: false
Lint/AmbiguousRange:
Enabled: false
Lint/ConstantOverwrittenInRescue:
Enabled: false
Lint/DeprecatedConstants:
Enabled: false
Lint/DuplicateBranch:
Enabled: false
Lint/DuplicateMagicComment:
Enabled: false
Lint/DuplicateRegexpCharacterClassElement:
Enabled: false
Lint/EmptyBlock:
Enabled: false
Lint/EmptyClass:
Enabled: false
Lint/EmptyInPattern:
Enabled: false
Lint/IncompatibleIoSelectWithFiberScheduler:
Enabled: false
Lint/LambdaWithoutLiteralBlock:
Enabled: false
Lint/NoReturnInBeginEndBlocks:
Enabled: false
Lint/NonAtomicFileOperation:
Enabled: false
Lint/NumberedParameterAssignment:
Enabled: false
Lint/OrAssignmentToConstant:
Enabled: false
Lint/RedundantDirGlobSort:
Enabled: false
Lint/RefinementImportMethods:
Enabled: false
Lint/RequireRangeParentheses:
Enabled: false
Lint/RequireRelativeSelfPath:
Enabled: false
Lint/SymbolConversion:
Enabled: false
Lint/ToEnumArguments:
Enabled: false
Lint/TripleQuotes:
Enabled: false
Lint/UnexpectedBlockArity:
Enabled: false
Lint/UnmodifiedReduceAccumulator:
Enabled: false
Lint/UselessRescue:
Enabled: false
Lint/UselessRuby2Keywords:
Enabled: false
Metrics/CollectionLiteralLength:
Enabled: false
Naming/BlockForwarding:
Enabled: false
Performance/CollectionLiteralInLoop:
Enabled: false
Performance/ConcurrentMonotonicTime:
Enabled: false
Performance/MapCompact:
Enabled: false
Performance/RedundantEqualityComparisonBlock:
Enabled: false
Performance/RedundantSplitRegexpArgument:
Enabled: false
Performance/StringIdentifierArgument:
Enabled: false
RSpec/BeEq:
Enabled: false
RSpec/BeNil:
Enabled: false
RSpec/ChangeByZero:
Enabled: false
RSpec/ClassCheck:
Enabled: false
RSpec/DuplicatedMetadata:
Enabled: false
RSpec/ExcessiveDocstringSpacing:
Enabled: false
RSpec/FactoryBot/ConsistentParenthesesStyle:
Enabled: false
RSpec/FactoryBot/FactoryNameStyle:
Enabled: false
RSpec/FactoryBot/SyntaxMethods:
Enabled: false
RSpec/IdenticalEqualityAssertion:
Enabled: false
RSpec/NoExpectationExample:
Enabled: false
RSpec/PendingWithoutReason:
Enabled: false
RSpec/Rails/AvoidSetupHook:
Enabled: false
RSpec/Rails/HaveHttpStatus:
Enabled: false
RSpec/Rails/InferredSpecType:
Enabled: false
RSpec/Rails/MinitestAssertions:
Enabled: false
RSpec/Rails/TravelAround:
Enabled: false
RSpec/RedundantAround:
Enabled: false
RSpec/SkipBlockInsideExample:
Enabled: false
RSpec/SortMetadata:
Enabled: false
RSpec/SubjectDeclaration:
Enabled: false
RSpec/VerifiedDoubleReference:
Enabled: false
Security/CompoundHash:
Enabled: false
Security/IoMethods:
Enabled: false
Style/ArgumentsForwarding:
Enabled: false
Style/ArrayIntersect:
Enabled: false
Style/CollectionCompact:
Enabled: false
Style/ComparableClamp:
Enabled: false
Style/ConcatArrayLiterals:
Enabled: false
Style/DirEmpty:
Enabled: false
Style/DocumentDynamicEvalDefinition:
Enabled: false
Style/EmptyHeredoc:
Enabled: false
Style/EndlessMethod:
Enabled: false
Style/EnvHome:
Enabled: false
Style/FetchEnvVar:
Enabled: false
Style/FileEmpty:
Enabled: false
Style/FileRead:
Enabled: false
Style/FileWrite:
Enabled: false
Style/HashConversion:
Enabled: false
Style/HashExcept:
Enabled: false
Style/IfWithBooleanLiteralBranches:
Enabled: false
Style/InPatternThen:
Enabled: false
Style/MagicCommentFormat:
Enabled: false
Style/MapCompactWithConditionalBlock:
Enabled: false
Style/MapToHash:
Enabled: false
Style/MapToSet:
Enabled: false
Style/MinMaxComparison:
Enabled: false
Style/MultilineInPatternThen:
Enabled: false
Style/NegatedIfElseCondition:
Enabled: false
Style/NestedFileDirname:
Enabled: false
Style/NilLambda:
Enabled: false
Style/NumberedParameters:
Enabled: false
Style/NumberedParametersLimit:
Enabled: false
Style/ObjectThen:
Enabled: false
Style/OpenStructUse:
Enabled: false
Style/OperatorMethodCall:
Enabled: false
Style/QuotedSymbols:
Enabled: false
Style/RedundantArgument:
Enabled: false
Style/RedundantConstantBase:
Enabled: false
Style/RedundantDoubleSplatHashBraces:
Enabled: false
Style/RedundantEach:
Enabled: false
Style/RedundantHeredocDelimiterQuotes:
Enabled: false
Style/RedundantInitialize:
Enabled: false
Style/RedundantSelfAssignmentBranch:
Enabled: false
Style/RedundantStringEscape:
Enabled: false
Style/SelectByRegexp:
Enabled: false
Style/StringChars:
Enabled: false
Style/SwapValues:
Enabled: false

8
.sync.yml
View file

@ -1,8 +0,0 @@
# This file can be used to customize the files managed by PDK.
#
# See https://github.com/puppetlabs/pdk-templates/blob/main/README.md
# for more information.
#
# See https://github.com/puppetlabs/pdk-templates/blob/main/config_defaults.yml
# for the default values.
--- {}

6
.vscode/extensions.json vendored
View file

@ -1,6 +0,0 @@
{
"recommendations": [
"puppet.puppet-vscode",
"rebornix.Ruby"
]
}

1
.yardopts
View file

@ -1 +0,0 @@
--markup markdown

11
CHANGELOG.md
View file

@ -1,11 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
## Release 0.1.0
**Features**
**Bugfixes**
**Known Issues**

73
Gemfile
View file

@ -1,73 +0,0 @@
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
def location_for(place_or_version, fake_version = nil)
git_url_regex = %r{\A(?<url>(https?|git)[:@][^#]*)(#(?<branch>.*))?}
file_url_regex = %r{\Afile:\/\/(?<path>.*)}
if place_or_version && (git_url = place_or_version.match(git_url_regex))
[fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
else
[place_or_version, { require: false }]
end
end
group :development do
gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
gem "facterdb", '~> 1.18', require: false
gem "metadata-json-lint", '~> 3.0', require: false
gem "puppetlabs_spec_helper", '~> 6.0', require: false
gem "rspec-puppet-facts", '~> 2.0', require: false
gem "codecov", '~> 0.2', require: false
gem "dependency_checker", '~> 1.0.0', require: false
gem "parallel_tests", '= 3.12.1', require: false
gem "pry", '~> 0.10', require: false
gem "simplecov-console", '~> 0.5', require: false
gem "puppet-debugger", '~> 1.0', require: false
gem "rubocop", '= 1.48.1', require: false
gem "rubocop-performance", '= 1.16.0', require: false
gem "rubocop-rspec", '= 2.19.0', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
end
group :system_tests do
gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
gem "serverspec", '~> 2.41', require: false
end
puppet_version = ENV['PUPPET_GEM_VERSION']
facter_version = ENV['FACTER_GEM_VERSION']
hiera_version = ENV['HIERA_GEM_VERSION']
gems = {}
gems['puppet'] = location_for(puppet_version)
# If facter or hiera versions have been specified via the environment
# variables
gems['facter'] = location_for(facter_version) if facter_version
gems['hiera'] = location_for(hiera_version) if hiera_version
gems.each do |gem_name, gem_params|
gem gem_name, *gem_params
end
# Evaluate Gemfile.local and ~/.gemfile if they exist
extra_gemfiles = [
"#{__FILE__}.local",
File.join(Dir.home, '.gemfile'),
]
extra_gemfiles.each do |gemfile|
if File.file?(gemfile) && File.readable?(gemfile)
eval(File.read(gemfile), binding)
end
end
# vim: syntax=ruby

109
README.md
View file

@ -1,108 +1 @@
# mastodon ## puppet-mastodon
This module install and manage Mastodon, Redis and PostgreSQL servers.
## Table of Contents
1. [Description](#description)
1. [Setup - The basics of getting started with mastodon](#setup)
* [What mastodon affects](#what-mastodon-affects)
* [Setup requirements](#setup-requirements)
* [Beginning with mastodon](#beginning-with-mastodon)
1. [Usage - Configuration options and additional functionality](#usage)
1. [Limitations - OS compatibility, etc.](#limitations)
1. [Development - Guide for contributing to the module](#development)
## Description
Mastodon https://joinmastodon.org/ is a decrentralized social network using the ActivityPub protocol to federate.
This module install and configure it with the required components (PostgreSQL and Redis).
## Setup
### What mastodon affects
This module will install PostgreSQL and Redis server.
### Setup Requirements
You will need a host name registered in DNS.
### Beginning with mastodon
You need to generate these secrets:
- mastodon::db_password
- mastodon::secret_key_base
- mastodon::otp_secret
- mastodon::vapid_private_key
- mastodon::vapid_public_key
## Usage
In your Puppetfile include:
```ruby
mod 'mastodon',
:git => 'https://codeberg.org/adelgado/puppet-mastodon.git',
:branch => 'production'
```
Hiera data to set up the instance:
```yaml
classes:
- mastodon
mastodon::hostname: mastodon.example.org
mastodon::db_host: /var/run/postgresql
mastodon::db_port: 5432
mastodon::db_name: mastodon
mastodon::db_user: mastodon
mastodon::users:
- username: my_custom_admin
email: admin@example.org
confirmed: true
role: Owner
mastodon::config:
SINGLE_USER_MODE: false
REDIS_HOST: 127.0.0.1
SMTP_SERVER: 127.0.0.1
SMTP_PORT: 25
SMTP_AUTH_METHOD: none
SMTP_OPENSSL_VERIFY_MODE: none
SMTP_ENABLE_STARTTLS: auto
SMTP_FROM_ADDRESS: 'Mastodon <notifications@example.org>'
```
And some secrets in eyaml (you can do a first run that fails and
then run ```RAILS_ENV=production bundle exec rake mastodon:setup``` to create this secrets).
```yaml
mastodon::db_password: >
ENC[PKCS7,]
mastodon::secret_key_base: >
ENC[PKCS7,]
mastodon::otp_secret: >
ENC[PKCS7,]
mastodon::vapid_private_key: >
ENC[PKCS7,]
mastodon::vapid_public_key: >
ENC[PKCS7,]
```
## Updating your instance
The module deploys a script to do updates. But many updates required extra
steps that are not included in the script, so use it at your own risk.
This script requires a Github token with access to read public repositories.
## Limitations
Tested in Ubuntu
## Development
## Release Notes/Contributors/Etc.

88
Rakefile
View file

@ -1,88 +0,0 @@
# frozen_string_literal: true
require 'bundler'
require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
def changelog_user
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil || JSON.load(File.read('metadata.json'))['author']
raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator user:#{returnVal}"
returnVal
end
def changelog_project
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil
returnVal ||= begin
metadata_source = JSON.load(File.read('metadata.json'))['source']
metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
metadata_source_match && metadata_source_match[1]
end
raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator project:#{returnVal}"
returnVal
end
def changelog_future_release
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator future_release:#{returnVal}"
returnVal
end
PuppetLint.configuration.send('disable_relative')
if Gem.loaded_specs.key? 'github_changelog_generator'
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
config.user = "#{changelog_user}"
config.project = "#{changelog_project}"
config.future_release = "#{changelog_future_release}"
config.exclude_labels = ['maintenance']
config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
config.add_pr_wo_labels = true
config.issues = false
config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
config.configure_sections = {
"Changed" => {
"prefix" => "### Changed",
"labels" => ["backwards-incompatible"],
},
"Added" => {
"prefix" => "### Added",
"labels" => ["enhancement", "feature"],
},
"Fixed" => {
"prefix" => "### Fixed",
"labels" => ["bug", "documentation", "bugfix"],
},
}
end
else
desc 'Generate a Changelog from GitHub'
task :changelog do
raise <<EOM
The changelog tasks depends on recent features of the github_changelog_generator gem.
Please manually add it to your .sync.yml for now, and run `pdk update`:
---
Gemfile:
optional:
':development':
- gem: 'github_changelog_generator'
version: '~> 1.15'
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
EOM
end
end

1
data/common.yaml
View file

@ -1 +0,0 @@
--- {}

176
files/update_mastodon.sh
View file

@ -1,176 +0,0 @@
#!/bin/bash
set -euo pipefail
tag=latest
dummy=false
no_backup=false
reinstall=false
token=""
DEBUG=false
organization=mastodon
repository=mastodon
function usage() {
echo "Usage:"
echo "$(basename "${0}") [-t|--tag <TAG>] [-T|--token <GITHUB_TOKEN>] [-d|--debug]"
echo ""
echo " -d|--debug Show more debug information."
echo " -t|--tag <TAG> Release tag or 'latest' (default)."
echo " -T|--token <TOKEN> Github token with read access to public repositories."
echo " -D|--dummy|--dry-run Run in Dry-mode without actually updating but showing the commands to execute."
echo " -r|--reinstall Allow to reinstall the same tag."
echo " -n|--no-backup Don't do a backup of the database before the upgrade."
echo " -o|--organization Repository organization."
echo " -R|--repository Repository in the organization."
}
while [ $# -gt 0 ]
do
case "${1}" in
"-h"|"-?"|"--help")
shift
usage
exit 0
;;
"-d"|"--debug")
shift
export DEBUG=true
;;
"-t"|"--tag")
shift
tag="${1}"
shift
;;
"-T"|"--token")
shift
token="${1}"
shift
;;
'-D'|'--dummy'|'--dry-run')
shift
dummy=true
;;
'-n'|'--no-backup')
shift
no_backup=true
;;
'-r'|'--reinstall')
shift
reinstall=true
;;
'-o'|'--organization')
shift
organization="${1}"
shift
;;
'-R'|'--repository')
shift
repository="${1}"
shift
;;
*)
message "Unknown parameter '$1'" p
shift
;;
esac
done
if [ -z "${token}" ]; then
auth_params=""
else
auth_params=(-H "Authorization: Bearer ${token}")
fi
if [ "${tag}" == "latest" ]; then
tag=$(curl -L -s -H "Accept: application/vnd.github+json" "${auth_params[@]}" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/repos/${organization}/${repository}/releases/latest" | jq '.tag_name' | sed 's/"//g')
if [ "${DEBUG}" == "true" ]; then
echo "Latest tag is '${tag}'"
fi
else
if [ "${DEBUG}" == "true" ]; then
echo "Looking for tag '${tag}'..."
fi
next_page="https://api.github.com/repos/${organization}/${repository}/releases"
releases_file=$(mktemp /tmp/tmp.XXXX)
while [ -z "${next_page}" ]
do
tmpfile=$(mktemp /tmp/tmp.XXXXX)
releases=$(curl -L -v -H "Accept: application/vnd.github+json" "${auth_params[@]}" -H "X-GitHub-Api-Version: 2022-11-28" "${next_page}" | jq '.[]|.tag_name' 2> "${tmpfile}")
echo "${releases}" >> "${releases_file}"
next_page=$(grep '< link: ' "${tmpfile}" | sed 's/< link: //g' | sed 's/, /\n/g' | grep 'rel="next"' | grep -o 'https://[^>]*')
done
if ! pgrep "${tag}" "${releases_file}"; then
printf "The tag '%s' is not part of the releases:\n%s" "${tag}" "${releases}"
exit 1
fi
fi
mastodon_home="$(grep "^mastodon:" /etc/passwd | awk 'BEGIN {FS=":"} {print($6)}')"
if [ ! -d "${mastodon_home}" ]; then
printf "The home for the user mastodon '%s', doesn't exist." "${mastodon_home}"
exit 2
fi
if [ "${DEBUG}" == "true" ]; then
echo "Changing to Mastodon's home directory '${mastodon_home}'..."
fi
cd "${mastodon_home}/live" || exit 3
# shellcheck disable=SC1091
source "${mastodon_home}/.profile"
current_tag=$(git name-rev --name-only HEAD | awk 'BEGIN {FS="/"} {print($2)}')
if [ "${current_tag}" != "${tag}" ] || [ "${reinstall}" ]; then
if [ "${DEBUG}" == "true" ]; then
echo "Fetching from repository..."
fi
if [ "${dummy}" == "true" ]; then
echo sudo -u mastodon git fetch
else
sudo -u mastodon git fetch
fi
if [ "${DEBUG}" == "true" ]; then
echo "Changing to reference '${tag}'..."
fi
if [ "${dummy}" == "true" ]; then
echo sudo -u mastodon git checkout "${tag}"
else
sudo -u mastodon git checkout "${tag}"
fi
if [ "${no_backup}" == "false" ]; then
current_date=$(date +%Y-%m-%d-%H-%M-%S)
mkdir -p /var/backups/postgres
backup_file="/var/backups/postgres/pgdump_pre_update_mastodon_to_${tag}_${current_date}.sql.gz"
if [ "${dummy}" == "true" ]; then
echo "sudo -u postgres pg_dump mastodon | gzip -c > \"${backup_file}\""
else
if [ "${DEBUG}" == "true" ]; then
echo "Creating a backup of the database in '${backup_file}'..."
fi
sudo -u postgres pg_dump mastodon | gzip -c > "${backup_file}"
fi
fi
if [ "${DEBUG}" == "true" ]; then
echo "Running bundle install..."
fi
if [ "${dummy}" == "true" ]; then
echo sudo -u mastodon "${mastodon_home}/.rbenv/shims/bundle" install
else
sudo -u mastodon "${mastodon_home}/.rbenv/shims/bundle" install --redownload
fi
if [ "${DEBUG}" == "true" ]; then
echo "Running yarm install..."
fi
if [ "${dummy}" == "true" ]; then
echo sudo -u mastodon "${mastodon_home}/live/bin/yarn" install --frozen-lockfile
else
sudo -u mastodon "${mastodon_home}/live/bin/yarn" install --frozen-lockfile
fi
if [ "${DEBUG}" == "true" ]; then
echo "Restarting Mastodon services..."
fi
if [ "${dummy}" == "true" ]; then
echo sudo systemctl restart mastodon-sidekiq.service mastodon-web.service mastodon-streaming mastodon-streaming@4000.service
else
sudo systemctl restart mastodon-sidekiq.service mastodon-web.service mastodon-streaming mastodon-streaming@4000.service
fi
else
echo "Current branch is already '${tag}'"
exit 0
fi

21
hiera.yaml
View file

@ -1,21 +0,0 @@
---
version: 5
defaults: # Used for any hierarchy level that omits these keys.
datadir: data # This path is relative to hiera.yaml's directory.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
- name: "osfamily/major release"
paths:
# Used to distinguish between Debian and Ubuntu
- "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
- "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
# Used for Solaris
- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
- name: "osfamily"
paths:
- "os/%{facts.os.name}.yaml"
- "os/%{facts.os.family}.yaml"
- name: 'common'
path: 'common.yaml'

615
manifests/init.pp
View file

@ -1,615 +0,0 @@
# Class to install a Mastodon instance
#
# [*ensure*]
# String defining if is present or absent
#
# [*hostname*]
# String with the full qualified hostname of the instance. There must be a DNS record for it.
#
# [*mastodon_home*]
# String path to Mastodon user home directory. Default /opt/mastodon
#
# [*mastodon_version*]
# String with Mastodon version (code tag) to install. Default: v4.2.5
#
# [*mastodon_user*]
# String with the system user name for mastodon. Default: mastodon
#
# [*mastodon_group*]
# String with the system group name for mastodon. Default: mastodon
#
# [*ruby_version*]
# String with the ruby version to use. Default: 3.2.3
#
# [*config*]
# Hash with the configuration to store in .env.production
#
# [*db_host*]
# String with database host name or socket.
#
# [*db_name*]
# String with database name.
#
# [*db_user*]
# String with database user name.
#
# [*db_password*]
# String with database user password.
#
# [*db_port*]
# Integer with database port.
#
# [*secret_key_base*]
# String with secret key base.
#
# [*otp_secret*]
# String with OTP (One-Time-Password) secret.
#
# [*vapid_private_key*]
# String with VAPID private key
#
# [*vapid_public_key*]
# String with VAPID public key
#
# [*users*]
# List of hashes with users information.
#
# [*cert_admin_mail*]
# Email to provide to Let's Encrypt in exchange for SSL certificates
#
# [*nodejs_version*]
# String with nodejs version to install. Default 16.x
#
# [*manage_updater_task*]
# Boolean indicating if this class should manage a scheduled
# task (Systemd Timer unit) to update Mastodon automatically.
# Requires a github token with read access to public repos.
#
# [*github_token*]
# String with the Github token with read access to public repos.
# WARNING! This token will be in plain text in the System unit
# definition, so restrict it to only read public repos.
#
# [*media_retention_days*]
# Integer with the number of days to keep media attachments. Default 7.
#
# [*cards_retention_days*]
# Integer with the number of days to keep preview cards. Default 180.
#
class mastodon (
String $ensure = 'present',
String $hostname = 'mastodon.example.org',
String $mastodon_home = '/opt/mastodon',
String $db_host = '/var/run/postgresql',
String $db_name = 'mastodon',
String $db_user = 'mastodon',
String $db_password = 'S3cr3TP4ssw0rd',
Integer $db_port = 5432,
String $mastodon_version = 'v4.2.7',
String $ruby_version = '3.2.3',
String $mastodon_user = 'mastodon',
String $mastodon_group = 'mastodon',
String $secret_key_base = 'S3cr3tK3i',
String $otp_secret = '0tpS3cr3t',
String $vapid_private_key = 'S3cr3tK3i',
String $vapid_public_key = 'S3cr3tK3i',
String $nodejs_version = '16.x',
Hash $config = {
'LOCAL_DOMAIN' => 'example.com',
'REDIS_HOST' => '127.0.0.1',
'REDIS_PORT' => 6379,
'ES_ENABLED' => 'false',
'ES_HOST' => 'localhost',
'ES_PORT' => 9200,
'ES_USER' => 'elastic',
'ES_PASS' => 'password',
'SMTP_SERVER' => '',
'SMTP_PORT' => 587,
'SMTP_LOGIN' => '',
'SMTP_PASSWORD' => '',
'SMTP_FROM_ADDRESS' => 'notifications@example.com',
'S3_ENABLED' => 'false',
'S3_BUCKET' => 'files.example.com',
'AWS_ACCESS_KEY_ID' => '',
'AWS_SECRET_ACCESS_KEY' => '',
'S3_ALIAS_HOST' => 'files.example.com',
'IP_RETENTION_PERIOD' => 31556952,
'SESSION_RETENTION_PERIOD' => 31556952,
},
Array $users = [],
String $cert_admin_mail = 'cert-admin@example.org',
Boolean $manage_updater_task = false,
String $github_token = '',
Integer $media_retention_days = 7,
Integer $cards_retention_days = 180,
Boolean $manage_redis = true,
) {
case $ensure {
default: {
$package_ensure = 'installed'
$directory_ensure = 'directory'
$link_ensure = 'link'
$service_ensure = 'running'
$file_ensure = 'present'
}
/^(absent|delete|uninstall|remove|unregister)$/: {
$package_ensure = 'absent'
$directory_ensure = 'absent'
$link_ensure = 'absent'
$file_ensure = 'absent'
$service_ensure = 'stopped'
$cron_ensure = 'absent'
}
}
$packages = [
'apt-transport-https',
'autoconf',
'bison',
'build-essential',
'ca-certificates',
'ffmpeg',
'file',
'g++',
'gcc',
'git-core',
'gnupg',
'imagemagick',
'libffi-dev',
'libgdbm-dev',
'libicu-dev',
'libidn11-dev',
'libjemalloc-dev',
'libncurses5-dev',
'libpq-dev',
'libprotobuf-dev',
'libreadline6-dev',
'libssl-dev',
'libxml2-dev',
'libxslt1-dev',
'libyaml-dev',
'lsb-release',
# 'nginx',
'pkg-config',
# 'postgresql-contrib',
'protobuf-compiler',
# 'redis-tools',
'wget',
'zlib1g-dev',
]
$packages.each | $package | {
if (!defined(Package[$package])) {
package { $package:
ensure => $package_ensure,
}
}
}
file { '/usr/local/bin/update_mastodon.sh':
ensure => $ensure,
mode => '0750',
source => 'puppet:///modules/mastodon/update_mastodon.sh',
}
class { 'nodejs':
repo_url_suffix => $nodejs_version,
}
class { 'postgresql::server':
}
if ($manage_redis) {
include redis
}
exec { 'enable_corepack':
command => '/usr/bin/corepack enable',
creates => '/usr/bin/yarn',
require => Class['nodejs'],
}
exec { 'yarn_classic':
command => '/usr/bin/yarn set version classic',
creates => '/root/.yarnrc',
require => Exec['enable_corepack'],
}
group { $mastodon_group: }
user { $mastodon_user:
gid => $mastodon_group,
home => $mastodon_home,
managehome => true,
system => true,
require => Group[$mastodon_group],
}
vcsrepo { 'rbenv':
ensure => $ensure,
path => "${mastodon_home}/.rbenv",
source => 'https://github.com/rbenv/rbenv.git',
provider => 'git',
depth => '1',
owner => $mastodon_user,
group => $mastodon_group,
require => User[$mastodon_user],
}
exec { 'configure_rbenv':
command => "${mastodon_home}/.rbenv/src/configure",
user => $mastodon_user,
cwd => "${mastodon_home}/.rbenv/",
creates => "${mastodon_home}/.rbenv/src/Makefile",
require => Vcsrepo['rbenv'],
}
exec { 'make_rbenv':
command => '/usr/bin/make -C src',
user => $mastodon_user,
cwd => "${mastodon_home}/.rbenv/",
creates => "${mastodon_home}/.rbenv/libexec/rbenv",
require => Exec['configure_rbenv'],
}
file_line { 'mastodon_path':
path => "${mastodon_home}/.bashrc",
line => 'export PATH="$HOME/.rbenv/bin:$PATH"',
match => '^export PATH="$HOME/.rbenv',
require => Vcsrepo['rbenv'],
}
file_line { 'mastodon_rbenv_init':
path => "${mastodon_home}/.bashrc",
line => 'eval "$(rbenv init -)"',
match => '^eval "$(rbenv init -)"',
require => Vcsrepo['rbenv'],
}
vcsrepo { 'ruby_build':
ensure => $ensure,
path => "${mastodon_home}/.rbenv/plugins/ruby-build",
source => 'https://github.com/rbenv/ruby-build.git',
provider => 'git',
depth => '1',
owner => $mastodon_user,
group => $mastodon_group,
require => Vcsrepo['rbenv'],
}
if ($db_password != '') {
postgresql::server::db { $db_name:
user => $db_user,
password => postgresql::postgresql_password($db_user, $db_password),
grant => 'ALL',
}
} else {
postgresql::server::db { $db_name:
user => $db_user,
grant => 'ALL',
}
}
postgresql::server::database_grant { "${db_user}_${db_name}" :
privilege => 'ALL',
db => $db_name,
role => $db_user,
}
vcsrepo { 'mastodon_code':
path => "${mastodon_home}/live",
source => 'https://github.com/mastodon/mastodon.git',
revision => $mastodon_version,
provider => 'git',
depth => '1',
owner => $mastodon_user,
group => $mastodon_group,
require => User[$mastodon_user],
}
file { '/usr/local/bin/install_mastodon.sh':
ensure => $ensure,
content => template('mastodon/install_mastodon.sh.erb'),
mode => '0750',
owner => $mastodon_user,
group => 'root',
require => [
Vcsrepo['mastodon_code'],
Postgresql::Server::Db[$db_name],
Vcsrepo['ruby_build'],
],
}
exec { 'install_mastodon':
command => '/usr/local/bin/install_mastodon.sh',
user => $mastodon_user,
group => $mastodon_group,
environment => [
"HOME=${mastodon_home}",
'LANG=C.UTF-8',
"USER=${mastodon_user}",
],
creates => "${mastodon_home}/.mastodon_install",
path => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
timeout => 0,
require => File['/usr/local/bin/install_mastodon.sh'],
}
$built_config = {
'LOCAL_DOMAIN' => $hostname,
'DB_PASS' => $db_password,
'DB_USER' => $db_user,
'DB_NAME' => $db_name,
'DB_PORT' => $db_port,
'DB_HOST' => $db_host,
'SECRET_KEY_BASE' => $secret_key_base,
'OTP_SECRET' => $otp_secret,
}
$real_config = $config + $built_config
file { "${mastodon_home}/live/.env.production":
ensure => $ensure,
content => template('mastodon/env.production.erb'),
mode => '0640',
owner => $mastodon_user,
group => $mastodon_group,
require => [
Vcsrepo['mastodon_code'],
],
}
# RAILS_ENV=production rails db:setup
exec { 'db_setup':
command => "${mastodon_home}/live/bin/rails db:setup > ${mastodon_home}/db_setup_done",
creates => "${mastodon_home}/db_setup_done",
path => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
environment => [
'RAILS_ENV=production',
],
user => $mastodon_user,
group => $mastodon_group,
cwd => "${mastodon_home}/live",
timeout => 0,
require => File["${mastodon_home}/live/.env.production"],
}
# db:create
# RAILS_ENV=production rails assets:precompile
exec { 'assets_precompile':
command => "${mastodon_home}/live/bin/rails assets:precompile > ${mastodon_home}/assets_precompile_done",
creates => "${mastodon_home}/assets_precompile_done",
path => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
environment => [
'RAILS_ENV=production',
],
user => $mastodon_user,
group => $mastodon_group,
cwd => "${mastodon_home}/live",
timeout => 0,
require => File["${mastodon_home}/live/.env.production"],
}
if (!defined(Class['letsencrypt'])) {
class { 'letsencrypt':
email => $cert_admin_mail,
renew_cron_ensure => 'present',
}
}
letsencrypt::certonly { $hostname:
domains => [$hostname],
pre_hook_commands => ['systemctl stop apache2'],
post_hook_commands => ['systemctl start apache2'],
}
apache::vhost { $hostname:
ensure => $ensure,
access_log_file => $hostname,
add_listen => false,
error_log_file => $hostname,
docroot => "${mastodon_home}/live/public",
manage_docroot => false,
proxy_preserve_host => true,
proxy_add_headers => true,
port => 443,
priority => 15,
protocols => [
'h2',
'http/1.1',
],
protocols_honor_order => true,
proxy_requests => false,
proxy_pass => [
{ 'path' => '/500.html', 'url' => '!' },
{ 'path' => '/sw.js', 'url' => '!' },
{ 'path' => '/robots.txt', 'url' => '!' },
{ 'path' => '/manifest.json', 'url' => '!' },
{ 'path' => '/browserconfig.xml', 'url' => '!' },
{ 'path' => '/mask-icon.svg', 'url' => '!' },
],
custom_fragment => '
ServerSignature Off
ProxyPass /api/v1/streaming ws://localhost:4000
ProxyPassReverse /api/v1/streaming ws://localhost:4000
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
',
proxy_pass_match => [
{ 'path' => '^(/.*\.(png|ico)$)', 'url' => '!' },
{ 'path' => '^/(assets|avatars|emoji|headers|packs|sounds|system)', 'url' => '!' },
],
request_headers => [
'set X-Forwarded-Proto "https"',
],
headers => [
'always set Strict-Transport-Security "max-age=31536000"',
'always set Strict-Transport-Security "max-age=15552001; includeSubDomains"',
],
directories => [
{
'path' => '^/(assets|avatars|emoji|headers|packs|sounds|system)',
'provider' => 'locationmatch',
'headers' => 'always set Cache-Control "public, max-age=31536000, immutable"',
'deny' => 'from all',
'require' => 'all granted',
},
{
'path' => '/',
'provider' => 'location',
'require' => 'all granted',
},
],
error_documents => [
{ 'error_code' => '500', 'document' => '/500' },
{ 'error_code' => '501', 'document' => '/501' },
{ 'error_code' => '502', 'document' => '/502' },
{ 'error_code' => '503', 'document' => '/503' },
{ 'error_code' => '504', 'document' => '/504' },
],
ssl => true,
ssl_cert => "/etc/letsencrypt/live/${hostname}/fullchain.pem",
ssl_cipher => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
ssl_honorcipherorder => true,
ssl_protocol => 'all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1',
ssl_key => "/etc/letsencrypt/live/${hostname}/privkey.pem",
ssl_proxy_check_peer_cn => 'on',
ssl_proxy_check_peer_expire => 'on',
ssl_proxyengine => true,
ssl_reload_on_change => true,
allow_encoded_slashes => 'on',
require => Class['letsencrypt'],
}
apache::vhost { "${hostname}_insecure":
ensure => $ensure,
servername => $hostname,
access_log_file => "${hostname}_insecure",
error_log_file => "${hostname}_insecure",
add_listen => false,
ip => '0.0.0.0',
port => 80,
docroot => "${mastodon_home}/live/public",
redirect_status => 'permanent',
redirect_dest => "https://${hostname}/",
custom_fragment => 'ServerSignature Off',
}
systemd::unit_file { 'mastodon-sidekiq.service':
ensure => present,
content => template('mastodon/mastodon-sidekiq.service.erb'),
active => true,
enable => true,
}
systemd::unit_file { 'mastodon-streaming.service':
ensure => present,
content => template('mastodon/mastodon-streaming.service.erb'),
active => true,
enable => true,
}
systemd::unit_file { 'mastodon-streaming@.service':
ensure => present,
content => template('mastodon/mastodon-streaming@.service.erb'),
# active => true,
enable => true,
}
systemd::unit_file { 'mastodon-web.service':
ensure => present,
content => template('mastodon/mastodon-web.service.erb'),
active => true,
enable => true,
}
$users.each | $user | {
if ($user['confirmed']) {
$confirmed = '--confirmed'
} else {
$confirmed = ''
}
exec { "create_user_${user['username']}":
command => "${mastodon_home}/live/bin/tootctl accounts create '${user['username']}' --email '${user['email']}' ${confirmed} --role '${user['role']}' > '${mastodon_home}/create_user_${user['username']}'",
creates => "${mastodon_home}/create_user_${user['username']}",
path => "${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
environment => [
'RAILS_ENV=production',
],
user => $mastodon_user,
group => $mastodon_group,
cwd => "${mastodon_home}/live",
timeout => 0,
require => File["${mastodon_home}/live/.env.production"],
}
}
#
# Maintenance tasks
$_timer_remove_media = @("EOT")
[Unit]
Description=Mastodon - Remove old media
[Timer]
OnBootSec=24min
OnUnitActiveSec=1d
Unit=mastodon_remove_media.service
[Install]
WantedBy=timers.target
| EOT
$_service_remove_media = @("EOT")
[Service]
Type=simple
User=${mastodon_user}
WorkingDirectory=${mastodon_home}/live
Environment='RAILS_ENV=production' 'PATH=${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
ExecStart=/opt/mastodon/live/bin/tootctl media remove --days ${media_retention_days}
[Unit]
OnFailure=status_email_antoniodelgado@%n.service
| EOT
systemd::timer { 'mastodon_remove_media.timer':
ensure => present,
timer_content => $_timer_remove_media,
service_unit => 'mastodon_remove_media.service',
service_content => $_service_remove_media,
active => true,
enable => true,
}
$_timer_remove_cards = @("EOT")
[Unit]
Description=Mastodon - Remove old media
[Timer]
OnBootSec=24min
OnUnitActiveSec=1d
Unit=mastodon_remove_cards.service
[Install]
WantedBy=timers.target
| EOT
$_service_remove_cards = @("EOT")
[Service]
Type=simple
User=${mastodon_user}
WorkingDirectory=${mastodon_home}/live
Environment='RAILS_ENV=production' 'PATH=${mastodon_home}/.rbenv/shims:${mastodon_home}/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
ExecStart=/opt/mastodon/live/bin/tootctl preview_cards remove --days ${cards_retention_days}
[Unit]
OnFailure=status_email_antoniodelgado@%n.service
| EOT
systemd::timer { 'mastodon_remove_cards.timer':
ensure => present,
timer_content => $_timer_remove_cards,
service_unit => 'mastodon_remove_cards.service',
service_content => $_service_remove_cards,
active => true,
enable => true,
}
if ($manage_updater_task and $github_token != '') {
$_timer_updater = @("EOT")
[Unit]
Description=Mastodon - Updater
[Timer]
OnBootSec=24min
OnUnitActiveSec=1d
Unit=mastodon_updater.service
[Install]
WantedBy=timers.target
| EOT
$_service_updater = @("EOT")
[Service]
Type=simple
User=${mastodon_user}
WorkingDirectory=${mastodon_home}/live
ExecStart=/usr/local/bin/update_mastodon.sh --debug --token "${github_token}"
[Unit]
OnFailure=status_email_antoniodelgado@%n.service
| EOT
systemd::timer { 'mastodon_updater.timer':
ensure => present,
timer_content => $_timer_updater,
service_unit => 'mastodon_updater.service',
service_content => $_service_updater,
active => true,
enable => true,
}
}
}

55
metadata.json
View file

@ -1,55 +0,0 @@
{
"name": "antoniodelgado-mastodon",
"version": "0.1.0",
"author": "antoniodelgado",
"summary": "",
"license": "GPLv3",
"source": "",
"dependencies": [
{
"name": "puppet-nodejs",
"version_requirement": "10.0.0"
},
{
"name": "puppet-redis",
"version_requirement": "9.3.0"
},
{
"name": "puppetlabs-apache",
"version_requirement": "10.1.1"
},
{
"name": "puppetlabs-postgresql",
"version_requirement": "10.0.2"
},
{
"name": "puppetlabs-vcsrepo",
"version_requirement": "5.4.0"
},
{
"name": "puppet-systemd",
"version_requirement": "4.0.1"
},
{
"name": "puppet-letsencrypt",
"version_requirement": "10.1.0"
}
],
"operatingsystem_support": [
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"20.04"
]
}
],
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 7.24 < 9.0.0"
}
],
"pdk-version": "3.0.0",
"template-url": "pdk-default#3.0.0",
"template-ref": "tags/3.0.0-0-g056e50d"
}

8
spec/default_facts.yml
View file

@ -1,8 +0,0 @@
# Use default_module_facts.yml for module specific facts.
#
# Facts specified here will override the values provided by rspec-puppet-facts.
---
ipaddress: "172.16.254.254"
ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
is_pe: false
macaddress: "AA:AA:AA:AA:AA:AA"

74
spec/spec_helper.rb
View file

@ -1,74 +0,0 @@
# frozen_string_literal: true
RSpec.configure do |c|
c.mock_with :rspec
end
require 'puppetlabs_spec_helper/module_spec_helper'
require 'rspec-puppet-facts'
require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
include RspecPuppetFacts
default_facts = {
puppetversion: Puppet.version,
facterversion: Facter.version,
}
default_fact_files = [
File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')),
File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')),
]
default_fact_files.each do |f|
next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin
default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
rescue StandardError => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end
end
# read default_facts and merge them over what is provided by facterdb
default_facts.each do |fact, value|
add_custom_fact fact, value
end
RSpec.configure do |c|
c.default_facts = default_facts
c.before :each do
# set to strictest setting for testing
# by default Puppet runs at warning level
Puppet.settings[:strict] = :warning
Puppet.settings[:strict_variables] = true
end
c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT']
c.after(:suite) do
RSpec::Puppet::Coverage.report!(0)
end
# Filter backtrace noise
backtrace_exclusion_patterns = [
%r{spec_helper},
%r{gems},
]
if c.respond_to?(:backtrace_exclusion_patterns)
c.backtrace_exclusion_patterns = backtrace_exclusion_patterns
elsif c.respond_to?(:backtrace_clean_patterns)
c.backtrace_clean_patterns = backtrace_exclusion_patterns
end
end
# Ensures that a module is defined
# @param module_name Name of the module
def ensure_module_defined(module_name)
module_name.split('::').reduce(Object) do |last_module, next_module|
last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false)
last_module.const_get(next_module, false)
end
end
# 'spec_overrides' from sync.yml will appear below this line

5
templates/env.production.erb
View file

@ -1,5 +0,0 @@
# This file was generated by Puppet
<% @real_config.each_pair do |field, value| -%>
<%= field %>=<%= value %>
<% end -%>

23
templates/install_mastodon.sh.erb
View file

@ -1,23 +0,0 @@
#!/bin/bash
set -euo pipefail
if [ ! -e '<%= @mastodon_home %>/.mastodon_install' ]; then
cd '<%= @mastodon_home %>'
echo "Installing ruby..."
export PATH="<%= @mastodon_home %>/.rbenv/bin:$PATH"
eval "$(<%= @mastodon_home %>/.rbenv/bin/rbenv init -)"
if [ ! -e '<%= @mastodon_home %>/.rbenv/versions/<%= @ruby_version %>/bin/ruby' ]; then
RUBY_CONFIGURE_OPTS=--with-jemalloc '<%= @mastodon_home %>/.rbenv/bin/rbenv' install '<%= @ruby_version %>'
fi
'<%= @mastodon_home %>/.rbenv/bin/rbenv' global '<%= @ruby_version %>'
'<%= @mastodon_home %>/.rbenv/versions/<%= @ruby_version %>/bin/gem' install bundler --no-document
echo "Configuring bundle..."
cd '<%= @mastodon_home %>/live'
'<%= @mastodon_home %>/.rbenv/shims/bundle' config deployment 'true'
'<%= @mastodon_home %>/.rbenv/shims/bundle' config without 'development test'
echo "Running bundle install..."
'<%= @mastodon_home %>/.rbenv/shims/bundle' install -j$(getconf _NPROCESSORS_ONLN)
echo "Running yarn install..."
'<%= @mastodon_home %>/live/bin/yarn' install --pure-lockfile
echo $(date +s) > '<%= @mastodon_home %>/.mastodon_install'
fi

53
templates/mastodon-sidekiq.service.erb
View file

@ -1,53 +0,0 @@
[Unit]
Description=mastodon-sidekiq
After=network.target
[Service]
Type=simple
User=<%= @mastodon_user %>
WorkingDirectory=<%= @mastodon_home %>/live
Environment="RAILS_ENV=production"
Environment="DB_POOL=25"
Environment="MALLOC_ARENA_MAX=2"
Environment="LD_PRELOAD=libjemalloc.so"
ExecStart=<%= @mastodon_home %>/.rbenv/shims/bundle exec sidekiq -c 25
TimeoutSec=15
Restart=always
# Proc filesystem
ProcSubset=pid
ProtectProc=invisible
# Capabilities
CapabilityBoundingSet=
# Security
NoNewPrivileges=true
# Sandboxing
ProtectSystem=strict
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_INET
RestrictAddressFamilies=AF_INET6
RestrictAddressFamilies=AF_NETLINK
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
LockPersonality=true
RestrictRealtime=true
RestrictSUIDSGID=true
RemoveIPC=true
PrivateMounts=true
ProtectClock=true
# System Call Filtering
SystemCallArchitectures=native
SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid
SystemCallFilter=@chown
SystemCallFilter=pipe
SystemCallFilter=pipe2
ReadWritePaths=<%= @mastodon_home %>/live
[Install]
WantedBy=multi-user.target

12
templates/mastodon-streaming.service.erb
View file

@ -1,12 +0,0 @@
[Unit]
Description=mastodon-streaming
After=network.target
Wants=mastodon-streaming@4000.service
[Service]
Type=oneshot
ExecStart=/bin/echo "mastodon-streaming exists only to collectively start and stop mastodon-streaming@ instances, shimming over the migration to templated mastodon-streaming systemd unit"
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

54
templates/mastodon-streaming@.service.erb
View file

@ -1,54 +0,0 @@
[Unit]
Description=mastodon-streaming on port %I
After=network.target
# handles using `systemctl restart mastodon-streaming`
PartOf=mastodon-streaming.service
ReloadPropagatedFrom=mastodon-streaming.service
[Service]
Type=simple
User=<%= @mastodon_user %>
WorkingDirectory=<%= @mastodon_home %>/live
Environment="NODE_ENV=production"
Environment="PORT=%i"
ExecStart=/usr/bin/node ./streaming
TimeoutSec=15
Restart=always
LimitNOFILE=65536
# Proc filesystem
ProcSubset=pid
ProtectProc=invisible
# Capabilities
CapabilityBoundingSet=
# Security
NoNewPrivileges=true
# Sandboxing
ProtectSystem=strict
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_INET
RestrictAddressFamilies=AF_INET6
RestrictAddressFamilies=AF_NETLINK
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
LockPersonality=true
RestrictRealtime=true
RestrictSUIDSGID=true
RemoveIPC=true
PrivateMounts=true
ProtectClock=true
# System Call Filtering
SystemCallArchitectures=native
SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @memlock @mount @obsolete @privileged @resources @setuid
SystemCallFilter=pipe
SystemCallFilter=pipe2
ReadWritePaths=<%= @mastodon_home %>/live
[Install]
WantedBy=multi-user.target mastodon-streaming.service

53
templates/mastodon-web.service.erb
View file

@ -1,53 +0,0 @@
[Unit]
Description=mastodon-web
After=network.target
[Service]
Type=simple
User=<%= @mastodon_user %>
WorkingDirectory=<%= @mastodon_home %>/live
Environment="RAILS_ENV=production"
Environment="PORT=3000"
Environment="LD_PRELOAD=libjemalloc.so"
ExecStart=<%= @mastodon_home %>/.rbenv/shims/bundle exec puma -C config/puma.rb
ExecReload=/bin/kill -SIGUSR1 $MAINPID
TimeoutSec=15
Restart=always
# Proc filesystem
ProcSubset=pid
ProtectProc=invisible
# Capabilities
CapabilityBoundingSet=
# Security
NoNewPrivileges=true
# Sandboxing
ProtectSystem=strict
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_INET
RestrictAddressFamilies=AF_INET6
RestrictAddressFamilies=AF_NETLINK
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
LockPersonality=true
RestrictRealtime=true
RestrictSUIDSGID=true
RemoveIPC=true
PrivateMounts=true
ProtectClock=true
# System Call Filtering
SystemCallArchitectures=native
SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid
SystemCallFilter=@chown
SystemCallFilter=pipe
SystemCallFilter=pipe2
ReadWritePaths=<%= @mastodon_home %>/live
[Install]
WantedBy=multi-user.target