diff --git a/inventory/ghp/sample/group_vars/all/versions.yaml b/inventory/ghp/sample/group_vars/all/versions.yaml index 9f1552c..5818c20 100644 --- a/inventory/ghp/sample/group_vars/all/versions.yaml +++ b/inventory/ghp/sample/group_vars/all/versions.yaml @@ -26,8 +26,8 @@ internal_ingress_nginx_version: 4.2.3 local_ingress_nginx_version: 4.2.3 # PostgreSQL operator -postgres_operator_version: 1.11.0 -postgres_operator_ui_version: 1.11.0 +postgres_operator_version: 1.12.0 +postgres_operator_ui_version: 1.12.0 # OpenLDAP openldap_version: 1.2.7 @@ -53,7 +53,7 @@ gitea_act_runner_version: 0.1.10 harbor_version: 1.12.4 # Mastodon -mastodon_version: 4.0.1 +mastodon_version: 5.1.2 # Nextcloud nextcloud_version: 4.6.4 diff --git a/roles/mastodon/defaults/main.yaml b/roles/mastodon/defaults/main.yaml index 1fb6ef2..04b6c80 100644 --- a/roles/mastodon/defaults/main.yaml +++ b/roles/mastodon/defaults/main.yaml @@ -26,43 +26,26 @@ mastodon_default_values: - "{{ mastodon_short_name }}.{{ domain }}" mastodon: - # create an initial administrator user; the password is autogenerated and will - # have to be reset createAdmin: enabled: true username: "{{ mastodon_admin_user | default(mastodon_admin_username) | default('mastodon') }}" password: "{{ mastodon_admin_pass | default(mastodon_admin_password) }}" email: "{{ mastodon_admin_email }}" - # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 locale: en local_domain: "{{ mastodon_short_name }}.{{ domain }}" - cron: - # run `tootctl media remove` every week - removeMedia: - enabled: true - schedule: "0 0 * * 0" - - web: - port: 3000 - streaming: - port: 4000 - # this should be set manually since os.cpus() returns the number of CPUs on - # the node running the pod, which is unrelated to the resources allocated to - # the pod by k8s - workers: 2 - sidekiq: - concurrency: 25 - - # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "{{ mastodon_vapid_public_key_base64 | hash('sha256') }}" otp_secret: "{{ mastodon_vapid_public_key_base64 | hash('sha256') | hash('sha256') }}" vapid: private_key: "{{ mastodon_vapid_private_key_base64 | b64decode }}" public_key: "{{ mastodon_vapid_public_key_base64 | b64decode }}" - + activeRecordEncryption: + primaryKey: "{{ mastodon_primary_key_secret }}" + deterministicKey: "{{ mastodon_deterministic_key_secret }}" + keyDerivationSalt: "{{ mastodon_key_derivation_salt_secret }}" + smtp: auth_method: login ca_file: @@ -95,11 +78,6 @@ mastodon_default_values: storage: "{{ mastodon_system_size | default('100Gi') }}" elasticsearch: - # `false` will disable full-text search - # - # if you enable ES after the initial install, you will need to manually run - # RAILS_ENV=production bundle exec rake chewy:sync - # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) enabled: "{{ mastodon_enable_elasticsearch }}" master: name: master @@ -116,20 +94,14 @@ mastodon_default_values: ## replicas: 1 - # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: - # Disable for external PostgreSQL enabled: false postgresqlHostname: "{{ namespace }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local" - # you must set a password; the password generated by the postgresql chart will - # be rotated on each upgrade: - # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#upgrade auth: database: mastodon username: "{{ mastodon_db_username }}" password: "{{ mastodon_db_password }}" - # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: architecture: standalone enabled: true diff --git a/roles/mastodon/tasks/main.yaml b/roles/mastodon/tasks/main.yaml index d6128a1..2ab004a 100644 --- a/roles/mastodon/tasks/main.yaml +++ b/roles/mastodon/tasks/main.yaml @@ -15,38 +15,3 @@ chart_ref: "{{ mastodon_chart_ref }}" chart_version: "{{ mastodon_version | default(omit) }}" release_values: "{{ mastodon_combined_values | from_yaml }}" - - -- name: Search for mastodon web pod - kubernetes.core.k8s_info: - kind: Pod - namespace: "{{ mastodon_namespace | default(namespace) }}" - label_selectors: - - app.kubernetes.io/component=web - - app.kubernetes.io/instance=mastodon - register: mastodon_web_pod_name - -- name: Remove mastodon web pod for restart - kubernetes.core.k8s: - state: absent - api_version: v1 - kind: Pod - namespace: "{{ mastodon_namespace | default(namespace) }}" - name: "{{ mastodon_web_pod_name.resources[0].metadata.name }}" - -- name: Search for mastodon streaming pod - kubernetes.core.k8s_info: - kind: Pod - namespace: "{{ mastodon_namespace | default(namespace) }}" - label_selectors: - - app.kubernetes.io/component=streaming - - app.kubernetes.io/instance=mastodon - register: mastodon_streaming_pod_name - -- name: Remove mastodon streaming pod for restart - kubernetes.core.k8s: - state: absent - api_version: v1 - kind: Pod - namespace: "{{ mastodon_namespace | default(namespace) }}" - name: "{{ mastodon_streaming_pod_name.resources[0].metadata.name }}" diff --git a/roles/postgres/defaults/main.yaml b/roles/postgres/defaults/main.yaml index 589867a..58af21c 100644 --- a/roles/postgres/defaults/main.yaml +++ b/roles/postgres/defaults/main.yaml @@ -20,6 +20,7 @@ postgres_operator_ui_default_values: envs: # IMPORTANT: While operator chart and UI chart are idendependent, this is the interface between # UI and operator API. Insert the service name of the operator API here! + appUrl: "https://{{ postgres_operator_ui_short_name }}.{{ domain }}" operatorApiUrl: "http://postgres-operator:8080" operatorClusterNameLabel: "cluster-name" resourcesVisible: "False" diff --git a/roles/pwgen/defaults/main.yaml b/roles/pwgen/defaults/main.yaml index cd1515a..1237fcb 100644 --- a/roles/pwgen/defaults/main.yaml +++ b/roles/pwgen/defaults/main.yaml @@ -20,6 +20,9 @@ default_accounts: secret_keys: - { name: peertube } - { name: harbor } + - { name: mastodon_primary_key } + - { name: mastodon_deterministic_key } + - { name: mastodon_key_derivation_salt } htpasswd_accounts: - { name: pypiserver_admin }