From 109083603e3c9585ee254411a6b98f48b3012828 Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <admin@comfycamp.space>
Date: Wed, 11 Dec 2024 20:54:14 +0500
Subject: [PATCH] Make mastodon role generic

---
 mastodon.yml                             | 14 ++++++
 roles/mastodon/meta/argument_specs.yml   | 61 +++++++++++++++++++++++-
 roles/mastodon/templates/mastodon.env.j2 | 31 ++++++------
 roles/mastodon/vars/main.yml             | 32 +++++++++----
 4 files changed, 111 insertions(+), 27 deletions(-)

diff --git a/mastodon.yml b/mastodon.yml
index 0c1f380..cfffe3d 100644
--- a/mastodon.yml
+++ b/mastodon.yml
@@ -2,13 +2,27 @@
 - hosts: webservers
   roles:
     - role: mastodon
+      local_domain: m.comfycamp.space
+      alternate_domains: mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
+      vapid_public_key: BKSOPo1yo71g9_u9P2bxvIMI5GekLdmz0ozoBxvVE0ERSlYYTwd2_mOOpJZoZLr312M81hQCfLfvT8zVQRUEuqU=
       vapid_private_key: "{{ mastodon.vapid_private_key }}"
       db_pass: "{{ postgresql_users.mastodon }}"
       otp_secret: "{{ mastodon.otp_secret }}"
       secret_key_base: "{{ mastodon.secret_key_base }}"
+      smtp_server: comfycamp.space
+      smtp_login: mastodon@comfycamp.space
+      smtp_from_address: mastodon@comfycamp.space
       smtp_password: "{{ mail_users['mastodon@comfycamp.space'] }}"
+      s3_enabled: true
+      s3_endpoint: http://minio:9000
+      s3_hostname: s3.comfycamp.space
+      aws_access_key_id: WfSoEsOL1Glg9GXc3sRN
       aws_secret_access_key: "{{ mastodon.aws_secret_access_key }}"
       active_record_encryption_deterministic_key: "{{ mastodon.active_record_encryption_deterministic_key }}"
       active_record_encryption_key_derivation_salt: "{{ mastodon.active_record_encryption_key_derivation_salt  }}"
       active_record_encryption_primary_key: "{{ mastodon.active_record_encryption_primary_key }}"
+      ldap_enabled: true
+      ldap_host: comfycamp.space
+      ldap_base: DC=ldap,DC=goauthentik,DC=io
+      ldap_bind_dn: cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io
       ldap_password: "{{ ldap_password }}"
diff --git a/roles/mastodon/meta/argument_specs.yml b/roles/mastodon/meta/argument_specs.yml
index 1365939..a9a379f 100644
--- a/roles/mastodon/meta/argument_specs.yml
+++ b/roles/mastodon/meta/argument_specs.yml
@@ -2,6 +2,18 @@
 argument_specs:
   main:
     options:
+      rails_log_level:
+        type: str
+      default_locale:
+        type: str
+      local_domain:
+        type: str
+        required: true
+      alternate_domains:
+        type: str
+      vapid_public_key:
+        type: str
+        required: true
       vapid_private_key:
         type: str
         required: true
@@ -11,15 +23,49 @@ argument_specs:
       secret_key_base:
         type: str
         required: true
+      # Database
+      db_host:
+        type: str
+      db_user:
+        type: str
+      db_name:
+        type: str
+      db_port:
+        type: int
       db_pass:
         type: str
         required: true
+      # SMTP
+      smtp_server:
+        type: str
+        required: true
+      smtp_port:
+        type: int
+      smtp_enable_starttls:
+        type: str
+      smtp_login:
+        type: str
+      smtp_from_address:
+        type: str
       smtp_password:
         type: str
         required: true
+      # S3
+      s3_enabled:
+        type: bool
+      s3_endpoint:
+        type: str
+      s3_hostname:
+        type: str
+      s3_bucket:
+        type: str
+      s3_protocol:
+        type: str
+      aws_access_key_id:
+        type: str
       aws_secret_access_key:
         type: str
-        required: true
+      # Active record
       active_record_encryption_deterministic_key:
         type: str
         required: true
@@ -29,6 +75,19 @@ argument_specs:
       active_record_encryption_primary_key:
         type: str
         required: true
+      # LDAP
+      ldap_enabled:
+        type: bool
+      ldap_host:
+        type: str
+      ldap_port:
+        type: int
+      ldap_method:
+        type: str
+      ldap_base:
+        type: str
+      ldap_bind_dn:
+        type: str
       ldap_password:
         type: str
         required: true
diff --git a/roles/mastodon/templates/mastodon.env.j2 b/roles/mastodon/templates/mastodon.env.j2
index 1e707b9..8d751dc 100644
--- a/roles/mastodon/templates/mastodon.env.j2
+++ b/roles/mastodon/templates/mastodon.env.j2
@@ -1,7 +1,7 @@
 LOCAL_DOMAIN={{ local_domain }}
-ALTERNATE_DOMAINS=mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
-RAILS_LOG_LEVEL=warn
-DEFAULT_LOCALE=ru
+ALTERNATE_DOMAINS={{ alternate_domains }}
+RAILS_LOG_LEVEL={{ rails_log_level }}
+DEFAULT_LOCALE={{ default_locale }}
 
 REDIS_HOST=redis-mastodon
 REDIS_PORT=6379
@@ -12,7 +12,7 @@ DB_HOST={{ db_host }}
 DB_USER={{ db_user }}
 DB_NAME={{ db_name }}
 DB_PASS={{ db_pass }}
-DB_PORT={{ db_port }}
+DB_PORT={{ db_port | string }}
 
 SECRET_KEY_BASE={{ secret_key_base }}
 OTP_SECRET={{ otp_secret }}
@@ -21,29 +21,28 @@ VAPID_PRIVATE_KEY={{ vapid_private_key }}
 VAPID_PUBLIC_KEY={{ vapid_public_key }}
 
 SMTP_SERVER={{ smtp_server }}
-SMTP_PORT={{ smtp_port }}
+SMTP_PORT={{ smtp_port | string }}
 SMTP_LOGIN={{ smtp_login }}
 SMTP_PASSWORD={{ smtp_password }}
 SMTP_FROM_ADDRESS={{ smtp_from_address }}
-SMTP_ENABLE_STARTTLS=always
+SMTP_ENABLE_STARTTLS={{ smtp_enable_starttls }}
 
-S3_ENABLED=true
+S3_ENABLED={{ s3_enabled | string | lower }}
 S3_ENDPOINT={{ s3_endpoint }}
 S3_BUCKET={{ s3_bucket }}
+S3_PROTOCOL={{ s3_protocol }}
+S3_HOSTNAME={{ s3_hostname }}
 AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
 AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
 
-S3_PROTOCOL=https
-S3_HOSTNAME={{ s3_hostname }}
-
 ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ active_record_encryption_deterministic_key }}
 ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ active_record_encryption_key_derivation_salt }}
 ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ active_record_encryption_primary_key }}
 
-LDAP_ENABLED=true
-LDAP_HOST=comfycamp.space
-LDAP_PORT=389
-LDAP_METHOD=start_tls
-LDAP_BASE=DC=ldap,DC=goauthentik,DC=io
-LDAP_BIND_DN=cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io
+LDAP_ENABLED={{ ldap_enabled | string | lower }}
+LDAP_HOST={{ ldap_host }}
+LDAP_PORT={{ ldap_port | string }}
+LDAP_METHOD={{ ldap_method }}
+LDAP_BASE={{ ldap_base }}
+LDAP_BIND_DN={{ ldap_bind_dn }}
 LDAP_PASSWORD={{ ldap_password }}
diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml
index b278fa7..bc35ded 100644
--- a/roles/mastodon/vars/main.yml
+++ b/roles/mastodon/vars/main.yml
@@ -1,19 +1,31 @@
 version: v4.3.2
 
-local_domain: m.comfycamp.space
-vapid_public_key: BKSOPo1yo71g9_u9P2bxvIMI5GekLdmz0ozoBxvVE0ERSlYYTwd2_mOOpJZoZLr312M81hQCfLfvT8zVQRUEuqU=
+alternate_domains: ""
+rails_log_level: warn
+default_locale: ru
 
 db_host: postgresql
 db_user: mastodon
 db_name: mastodon
-db_port: "5432"
+db_port: 5432
 
-smtp_server: comfycamp.space
-smtp_port: "587"
-smtp_login: mastodon@comfycamp.space
-smtp_from_address: mastodon@comfycamp.space
+smtp_server: ""
+smtp_port: 587
+smtp_login: ""
+smtp_from_address: ""
+smtp_enable_starttls: always
 
-s3_endpoint: http://minio:9000
-s3_hostname: s3.comfycamp.space
+s3_enabled: false
+s3_endpoint: ""
+s3_hostname: ""
 s3_bucket: mastodon
-aws_access_key_id: WfSoEsOL1Glg9GXc3sRN
+s3_protocol: https
+aws_access_key_id: ""
+aws_secret_access_key: ""
+
+ldap_enabled: false
+ldap_host: ""
+ldap_port: 389
+ldap_method: start_tls
+ldap_base: ""
+ldap_bind_dn: ""