ansible/roles/mastodon/defaults/main.yaml

mastodon_enabled: false
mastodon_publish: true
mastodon_use_external_db: true
mastodon_short_name: "mastodon"
mastodon_enable_elasticsearch: true
mastodon_default_values:
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
      kubernetes.io/tls-acme: "true"
    hostname: "{{ mastodon_short_name }}.{{ domain }}"
    tls:
      - secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"
        hosts:
          - "{{ mastodon_short_name }}.{{ domain }}"
  
  # create an initial administrator user; the password is autogenerated and will
  # have to be reset
  createAdmin:
    enabled: true
    username: mastodon
    password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}" 
    email: "admin@{{ domain }}"
  
  # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43
  locale: en
  
  cron:
    # run `tootctl media remove` every week
    removeMedia:
      enabled: true
      schedule: "0 0 * * 0"
  
  application:
    web:
      port: 3000
    streaming:
      port: 4000
      # this should be set manually since os.cpus() returns the number of CPUs on
      # the node running the pod, which is unrelated to the resources allocated to
      # the pod by k8s
      workers: 2
    sidekiq:
      concurrency: 25
  
  # these must be set manually; autogenerated keys are rotated on each upgrade
  secrets:
    secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}"
    otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}"
    vapid:
      private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}"
      public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}"
  
  smtp:
    auth_method: login
    ca_file:
    delivery_method: smtp
    domain: "{{ domain }}"
    enable_starttls_auto: false
    from_address: "mastodon@{{ domain }}"
    login: mastodon
    openssl_verify_mode: false
    password: "{{ mastodon_ldap_pass | default(mastodon_ldap_password) }}"
    port: 465
    reply_to: "mastodon@{{ domain }}"
    server: "{{ mail_short_name | default('mail') }}.{{ domain }}"
    tls: true
  
  elasticsearch:
    # `false` will disable full-text search
    #
    # if you enable ES after the initial install, you will need to manually run
    # RAILS_ENV=production bundle exec rake chewy:sync
    # (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
    enabled: "{{ mastodon_enable_elasticsearch }}" 
    master:
      name: master
      ## Number of master-eligible node(s) replicas to deploy
      ##
      replicas: 1
    coordinating:
      ## Number of coordinating-only node(s) replicas to deploy
      ##
      replicas: 1
    data:
      name: data
      ## Number of data node(s) replicas to deploy
      ##
      replicas: 1


  # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters
  postgresql:
    # Disable for external PostgreSQL
    enabled: false
    # Set for external PostgreSQL
    # postgresqlHost: postgresql.local
    postgresqlHost: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
    postgresqlDatabase: mastodon
    # you must set a password; the password generated by the postgresql chart will
    # be rotated on each upgrade:
    # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade
    postgresqlUsername: "{{ mastodon_db_username }}"
    postgresqlPassword: "{{ mastodon_db_password }}"
  
  # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
  redis:
    enabled: true
    usePassword: true
    # you must set a password; the password generated by the redis chart will be
    # rotated on each upgrade:
    password: "{{ mastodon_vapid_public_key_base64 | hash('md5') }}"
    cluster:
      enabled: false
  
  persistence:
    assets:
      # ReadWriteOnce is more widely supported than ReadWriteMany, but limits
      # scalability, since it requires the Rails and Sidekiq pods to run on the
      # same node.
      storageClassName: "{{ mastodon_assets_storage | default('nfs-ssd') }}"
      accessMode: "{{ mastodon_assets_storage_mode | default('ReadWriteMany') }}"
      resources:
        requests:
          storage: "{{ mastodon_assets_size | default('10Gi') }}"
    system:
      storageClassName: "{{ mastodon_system_storage | default('nfs-hdd') }}"
      accessMode: "{{ mastodon_system_storage_mode | default('ReadWriteMany') }}"
      resources:
        requests:
          storage: "{{ mastodon_system_size | default('100Gi') }}"
add mastodon 2021-02-09 23:28:01 +00:00			`mastodon_enabled: false`
			`mastodon_publish: true`
			`mastodon_use_external_db: true`
			`mastodon_short_name: "mastodon"`
			`mastodon_enable_elasticsearch: true`
			`mastodon_default_values:`
			`ingress:`
			`enabled: true`
			`annotations:`
			`cert-manager.io/cluster-issuer: "letsencrypt-prod"`
			`nginx.ingress.kubernetes.io/proxy-body-size: "0"`
			`nginx.ingress.kubernetes.io/proxy-read-timeout: "600"`
			`nginx.ingress.kubernetes.io/proxy-send-timeout: "600"`
			`kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"`
			`kubernetes.io/tls-acme: "true"`
			`hostname: "{{ mastodon_short_name }}.{{ domain }}"`
			`tls:`
			`- secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"`
			`hosts:`
			`- "{{ mastodon_short_name }}.{{ domain }}"`

			`# create an initial administrator user; the password is autogenerated and will`
			`# have to be reset`
			`createAdmin:`
			`enabled: true`
			`username: mastodon`
			`password: "{{ mastodon_admin_pass \| default(mastodon_admin_password) }}"`
			`email: "admin@{{ domain }}"`

			`# available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43`
			`locale: en`

			`cron:`
			# run `tootctl media remove` every week
			`removeMedia:`
			`enabled: true`
			`schedule: "0 0 * * 0"`

			`application:`
			`web:`
			`port: 3000`
			`streaming:`
			`port: 4000`
			`# this should be set manually since os.cpus() returns the number of CPUs on`
			`# the node running the pod, which is unrelated to the resources allocated to`
			`# the pod by k8s`
			`workers: 2`
			`sidekiq:`
			`concurrency: 25`

			`# these must be set manually; autogenerated keys are rotated on each upgrade`
			`secrets:`
			`secret_key_base: "{{ mastodon_vapid_public_key_base64 \| hash('sha256') }}"`
			`otp_secret: "{{ mastodon_vapid_public_key_base64 \| hash('sha256') \| hash('sha256') }}"`
			`vapid:`
			`private_key: "{{ mastodon_vapid_private_key_base64 \| b64decode }}"`
			`public_key: "{{ mastodon_vapid_public_key_base64 \| b64decode }}"`

			`smtp:`
			`auth_method: login`
			`ca_file:`
			`delivery_method: smtp`
			`domain: "{{ domain }}"`
			`enable_starttls_auto: false`
			`from_address: "mastodon@{{ domain }}"`
			`login: mastodon`
			`openssl_verify_mode: false`
			`password: "{{ mastodon_ldap_pass \| default(mastodon_ldap_password) }}"`
			`port: 465`
			`reply_to: "mastodon@{{ domain }}"`
			`server: "{{ mail_short_name \| default('mail') }}.{{ domain }}"`
			`tls: true`

			`elasticsearch:`
			# `false` will disable full-text search
			`#`
			`# if you enable ES after the initial install, you will need to manually run`
			`# RAILS_ENV=production bundle exec rake chewy:sync`
			`# (https://docs.joinmastodon.org/admin/optional/elasticsearch/)`
			`enabled: "{{ mastodon_enable_elasticsearch }}"`
			`master:`
			`name: master`
			`## Number of master-eligible node(s) replicas to deploy`
			`##`
			`replicas: 1`
			`coordinating:`
			`## Number of coordinating-only node(s) replicas to deploy`
			`##`
			`replicas: 1`
			`data:`
			`name: data`
			`## Number of data node(s) replicas to deploy`
			`##`
			`replicas: 1`


			`# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters`
			`postgresql:`
			`# Disable for external PostgreSQL`
			`enabled: false`
			`# Set for external PostgreSQL`
			`# postgresqlHost: postgresql.local`
			`postgresqlHost: "{{ namespace }}-postgres.{{ postgres_db_namespace \| default(namespace) }}.svc.cluster.local"`
			`postgresqlDatabase: mastodon`
			`# you must set a password; the password generated by the postgresql chart will`
			`# be rotated on each upgrade:`
			`# https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade`
			`postgresqlUsername: "{{ mastodon_db_username }}"`
			`postgresqlPassword: "{{ mastodon_db_password }}"`

			`# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters`
			`redis:`
			`enabled: true`
			`usePassword: true`
			`# you must set a password; the password generated by the redis chart will be`
			`# rotated on each upgrade:`
			`password: "{{ mastodon_vapid_public_key_base64 \| hash('md5') }}"`
			`cluster:`
			`enabled: false`

			`persistence:`
			`assets:`
			`# ReadWriteOnce is more widely supported than ReadWriteMany, but limits`
			`# scalability, since it requires the Rails and Sidekiq pods to run on the`
			`# same node.`
			`storageClassName: "{{ mastodon_assets_storage \| default('nfs-ssd') }}"`
			`accessMode: "{{ mastodon_assets_storage_mode \| default('ReadWriteMany') }}"`
			`resources:`
			`requests:`
			`storage: "{{ mastodon_assets_size \| default('10Gi') }}"`
			`system:`
			`storageClassName: "{{ mastodon_system_storage \| default('nfs-hdd') }}"`
			`accessMode: "{{ mastodon_system_storage_mode \| default('ReadWriteMany') }}"`
			`resources:`
			`requests:`
			`storage: "{{ mastodon_system_size \| default('100Gi') }}"`