homelab/tasks/mastodon.yml

---
- name: Create folder structure
  file:
    path: "{{ item }}"
    state: directory
  with_items:
    - "{{ data_dir }}/mastodon"
    - "{{ data_dir }}/mastodon/db"
    - "{{ data_dir }}/mastodon/redis"
    - "{{ data_dir }}/mastodon/public"

- name: Create Mastodon Network
  docker_network:
    name: mastodon

- name: Pull latest Postgres Docker Image
  docker_image:
    name: postgres
    tag: 14-alpine
    source: pull
- name: Pull latest Redis Docker Image
  docker_image:
    name: redis
    tag: 7-alpine
    source: pull
- name: Pull latest Mastodon Docker Image
  docker_image:
    name: lscr.io/linuxserver/mastodon
    tag: latest
    source: pull

- name: Create Mastodon DB Container
  docker_container:
    name: mastodon_db
    image: postgres:14-alpine
    recreate: true
    restart_policy: unless-stopped
    networks:
      - name: mastodon
    volumes:
      - "{{ data_dir }}/mastodon/db:/var/lib/postgresql/data"
    healthcheck:
      test: CMD pg_isready -U postgres
    env:
      POSTGRES_HOST_AUTH_METHOD: "trust"
      POSTGRES_USER: mastodon
      POSTGRES_PASSWORD: "{{ MASTODON_DB_PASS }}"
      POSTGRES_DB: mastodon

- name: Create Mastodon Redis Container
  docker_container:
    name: mastodon_redis
    image: redis:7-alpine
    recreate: true
    restart_policy: unless-stopped
    healthcheck:
      test: CMD redis-cli ping
    networks:
      - name: mastodon
    volumes:
      - "{{ data_dir }}/mastodon/redis:/data"

- name: Create Mastodon Container
  docker_container:
    name: mastodon
    image: lscr.io/linuxserver/mastodon:latest
    recreate: true
    restart_policy: unless-stopped
    networks:
      - name: mastodon
      - name: "{{ docker_network_name }}"
    volumes:
      - "{{ data_dir }}/mastodon/public:/config"
    env:
      PUID: "{{ PUID }}"
      PGID: "{{ PGID }}"
      TZ: "{{ TZ }}"
      LOCAL_DOMAIN: "{{ MASTODON_LOCAL_DOMAIN }}"
      REDIS_HOST: "mastodon_redis"
      REDIS_PORT: "6379"
      DB_HOST: "mastodon_db"
      DB_USER: "mastodon"
      DB_PASS: "{{ MASTODON_DB_PASS }}"
      DB_PORT: "5432"
      ES_ENABLED: "false"
      SECRET_KEY_BASE: "{{ MASTODON_SECRET_KEY_BASE }}"
      VAPID_PRIVATE_KEY: "{{ MASTODON_VAPID_PRIVATE_KEY }}"
      VAPID_PUBLIC_KEY: "{{ MASTODON_VAPID_PUBLIC_KEY }}"
      OTP_SECRET: "{{ MASTODON_OTP_SECRET }}"
      S3_ENABLED: "false"
      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ MASTODON_ARE_DETERMINISTIC }}"
      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ MASTODON_ARE_KEY_DERIVATION }}"
      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ MASTODON_ARE_PRIMARY }}"
    labels:
      traefik.enable: "true"
      traefik.http.routers.mst.rule: Host(`mst.fntz.net`)
      traefik.http.routers.mst.entrypoints: webSecure
      traefik.http.routers.mst.tls.certresolver: letsencrypt
      traefik.http.services.mst.loadbalancer.server.port: "80"