mastodon / mastodon-ansible Goto Github PK

Ansible playbook for installing Mastodon

License: MIT License

Smarty 0.92% Jinja 99.08%

mastodon-ansible's Introduction

Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)

Click below to learn more in a video:

Navigation

Features

No vendor lock-in: Fully interoperable with any conforming platform

It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! Learn more

Real-time, chronological timeline updates

Updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!

Media attachments like images and short videos

Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!

Safety and moderation tools

Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking, and all sorts of other features, along with a reporting and moderation system. Learn more

OAuth2 and a straightforward REST API

Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!

Deployment

Tech stack

Ruby on Rails powers the REST API and other web pages
React.js and Redux are used for the dynamic parts of the interface
Node.js powers the streaming API

Requirements

PostgreSQL 12+
Redis 4+
Ruby 3.1+
Node.js 18+

The repository includes deployment configurations for Docker and docker-compose as well as specific platforms like Heroku, and Scalingo. For Helm charts, reference the mastodon/chart repository. The standalone installation guide is available in the documentation.

Development

Vagrant

A Vagrant configuration is included for development purposes. To use it, complete the following steps:

Install Vagrant and Virtualbox
Install the vagrant-hostsupdater plugin: vagrant plugin install vagrant-hostsupdater
Run vagrant up
Run vagrant ssh -c "cd /vagrant && bin/dev"
Open http://mastodon.local in your browser

macOS

To set up macOS for native development, complete the following steps:

Install Homebrew and run brew install postgresql@14 redis imagemagick libidn nvm to install the required project dependencies
Use a Ruby version manager to activate the ruby in .ruby-version and run nvm use to activate the node version from .nvmrc
Run the bin/setup script, which will install the required ruby gems and node packages and prepare the database for local development
Finally, run the bin/dev script which will launch services via overmind (if installed) or foreman

Docker

For production hosting and deployment with Docker, use the Dockerfile and docker-compose.yml in the project root directory.

For local development, install and launch Docker, and run:

docker compose -f .devcontainer/compose.yaml up -d
docker compose -f .devcontainer/compose.yaml exec app bin/setup
docker compose -f .devcontainer/compose.yaml exec app bin/dev

Dev Containers

Within IDEs that support the Development Containers specification, start the "Mastodon on local machine" container from the editor. The necessary docker compose commands to build and setup the container should run automatically. For Visual Studio Code this requires installing the Dev Container extension.

GitHub Codespaces

GitHub Codespaces provides a web-based version of VS Code and a cloud hosted development environment configured with the software needed for this project.

Click the button to create a new codespace, and confirm the options
Wait for the environment to build (takes a few minutes)
When the editor is ready, run bin/dev in the terminal
Wait for an Open in Browser prompt. This will open Mastodon
On the Ports tab "stream" setting change Port visibility → Public

Contributing

Mastodon is free, open-source software licensed under AGPLv3.

You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at CONTRIBUTING.md. If your contributions are accepted into Mastodon, you can request to be paid through our OpenCollective.

IRC channel: #mastodon on irc.libera.chat

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.

mastodon-ansible's People

Contributors

Stargazers

Watchers

mastodon-ansible's Issues

Make compatible with RHEL/CentoS 7

Hi there buddies,

If you want I could develop some recipes to make compatible those playbooks with Red Hat and CentOS platform. Maybe also take a hand with other issues ;).

Requirements:

Make Compatible with RHEL7/CentOS7
Adapt Vagrantfile for testing

Missing variable mastodon_host

Hi. Thanks for the great playbook. Did I miss a step where I define a variable? TIA

fatal: [prox-vm-mastodon]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'mastodon_host' is undefined\n\nThe error appears to be in 'bare/roles/web/tasks/letsencrypt.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- stat: path=/etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - "{{ foo }}"\n"}

Adding full support for production mode

Hello,

After browsing the installation documentation, the playbook and related tasks in the different roles, it lacks bits so that it is really redy-to-go.

Can i send a PR?

Add role for actually cloning/initializing Mastodon, including systemd service configurations

I'm currently interested in writing that role, since i need this playbook to work completely to deploy mastodon, i've a few questions before starting, though :

What would be the best : Deploying for packages or sources ?
Would a split of tasks like this one be good ? => a deploy.yml file included in the role/web/main.yml file, containing git clone / package install.

I'm still hesitating about the naming, if you have any suggestions i'll take it.

Amazing job for the rest of the env deployment otherwise !

Hoping you see this :)

Ansible 7.1.0 not found for the listed pip and python requirements

on Ubuntu focal 20.04 with

Python 3.8.10
virtualenv 20.0.17
pip 20.0.2

Running pip install -r requirements.txt throws:

ERROR: Could not find a version that satisfies the requirement ansible==7.1.0 (from -r requirements.txt (line 1)) (from versions: 1.0, 1.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.7, 1.7.1, 1.7.2, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.0.1, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 2.0.0.0, 2.0.0.1, 2.0.0.2, 2.0.1.0, 2.0.2.0, 2.1.0.0, 2.1.1.0, 2.1.2.0, 2.1.3.0, 2.1.4.0, 2.1.5.0, 2.1.6.0, 2.2.0.0, 2.2.1.0, 2.2.2.0, 2.2.3.0, 2.3.0.0, 2.3.1.0, 2.3.2.0, 2.3.3.0, 2.4.0.0, 2.4.1.0, 2.4.2.0, 2.4.3.0, 2.4.4.0, 2.4.5.0, 2.4.6.0, 2.5.0a1, 2.5.0b1, 2.5.0b2, 2.5.0rc1, 2.5.0rc2, 2.5.0rc3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.6.0a1, 2.6.0a2, 2.6.0rc1, 2.6.0rc2, 2.6.0rc3, 2.6.0rc4, 2.6.0rc5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.7.0.dev0, 2.7.0a1, 2.7.0b1, 2.7.0rc1, 2.7.0rc2, 2.7.0rc3, 2.7.0rc4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.8.0a1, 2.8.0b1, 2.8.0rc1, 2.8.0rc2, 2.8.0rc3, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16rc1, 2.8.16, 2.8.17rc1, 2.8.17, 2.8.18rc1, 2.8.18, 2.8.19rc1, 2.8.19, 2.8.20rc1, 2.8.20, 2.9.0b1, 2.9.0rc1, 2.9.0rc2, 2.9.0rc3, 2.9.0rc4, 2.9.0rc5, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 2.9.14rc1, 2.9.14, 2.9.15rc1, 2.9.15, 2.9.16rc1, 2.9.16, 2.9.17rc1, 2.9.17, 2.9.18rc1, 2.9.18, 2.9.19rc1, 2.9.19, 2.9.20rc1, 2.9.20, 2.9.21rc1, 2.9.21, 2.9.22rc1, 2.9.22, 2.9.23rc1, 2.9.23, 2.9.24rc1, 2.9.24, 2.9.25rc1, 2.9.25, 2.9.26rc1, 2.9.26, 2.9.27rc1, 2.9.27, 2.10.0a1, 2.10.0a2, 2.10.0a3, 2.10.0a4, 2.10.0a5, 2.10.0a6, 2.10.0a7, 2.10.0a8, 2.10.0a9, 2.10.0b1, 2.10.0b2, 2.10.0rc1, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.7, 3.0.0b1, 3.0.0rc1, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 4.0.0a1, 4.0.0a2, 4.0.0a3, 4.0.0a4, 4.0.0b1, 4.0.0b2, 4.0.0rc1, 4.0.0, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 5.0.0a1, 5.0.0a2, 5.0.0a3, 5.0.0b1, 5.0.0b2, 5.0.0rc1, 5.0.1, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.7.1, 5.8.0, 5.9.0, 5.10.0, 6.0.0a1, 6.0.0a2, 6.0.0a3, 6.0.0b1, 6.0.0b2, 6.0.0rc1, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0)
ERROR: No matching distribution found for ansible==7.1.0 (from -r requirements.txt (line 1))

Bare playbooks needed a few modifications to run properly

Hello,

I had trouble running the bare playbook on a pristine Ubuntu VPS. Here are the steps/changes I needed to take to make things happen:

Not 100% sure why, but I had to run the playbook from the root of the project, referencing bare/playbook.yml instead of from the bare folder, referencing only playbook.yml
Add a mastodon_host variable alongside local_domain in my secrets.yml file (file that I also added to the .gitignore to avoid surprise leaks)
Update the web/packages.yml to work with the structure of the variables, similarly to how the postgres/packages.yml worked
Split the nginx installation into two steps, so that let's encrypt wouldn't hit a 403 forbidden due to wrong file permissions:
1. Installing nginx and setting file permissions
2. Configuring nginx to proxy mastodon
  this way, let's encrypt can be run between 1 and 2 and properly respond to the challenge. Otherwise, nginx would still be in the www-data group and not have access to Mastodon's public folder
Update the letsencrypt task to use certbot and add it to the packages being installed
Because of the domain I'm using, the email for mastodon wasn't on the mastodon domain so I added a mastodon_email variable to store it (alongside a letsencrypt_email one as well).

Feel free to have a look at these commits for the changes 😄

DNS01 challenge

HI,
I was experimenting with Mastodon playbook and came across letsencrypt section where HTTP01 challenge is performed. I was wondering if there any limitation for DNS01 challenge implementation in this playbook? The reason why I am asking due to the following requirement of HTTP01:

The HTTP-01 challenge can only be done on port 80. Allowing clients to specify arbitrary ports would make the challenge less secure, and so it is not allowed by the ACME standard

I am willing to contribute, if that's something you would be interested in.

Question: Do we want to add more variables that correspond with mastodon configuration, or a single variable for arbitrary config?

Question for maintainers of this repo:

Would we rather add more optional variables that correspond with Mastodon configuration variables?

Or do we think maintaining those is an unnecessary overhead, and we'd rather have an extra_mastodon_config variable that lets the user define arbitrary key-value pairs to add to .env.production?

Playbook runs fine on Debian stretch, what next -> Ruby problems

Hello,

I'm new to Ansible and was able to run it and it seems, all went fine. Now I'm stuck a bit, because of Gem wants to install to /usr/lib/.... but its not allowed as user Mastodon.

I started with the prduction guide on "Dependencies That Need To Be Added As A Non-Root User"

mastodon@mammoth:~/live$ gem install bundler
ERROR:  While executing gem ... (Gem::FilePermissionError)
    You don't have write permissions for the /usr/lib/rbenv/versions/2.5.1/lib/ruby/gems/2.5.0 directory.

So, I'm asking, if I have to use "su" (which won't work too, because of missing path) or tell gem to make use of --user-install ... but

gem install --user-install bundler
WARNING:  You don't have /home/mastodon/.gem/ruby/2.5.0/bin in your PATH,
	  gem executables will not run.
rbenv: cannot rehash: /usr/lib/rbenv/shims isn't writable
Successfully installed bundler-1.16.3
Parsing documentation for bundler-1.16.3
Done installing documentation for bundler after 2 seconds
1 gem installed

so, bundler works in the end, but fails with installing the dependencies, because of missing path ...

I think, to mix Ruby install on /usr/lib/* and doing "things" as user "mastodon" won't work in this way :-)

I played a bit more and added the PATH "/home/mastodon/.gem/ruby/2.5.0/bin" to the $PATH ... just for fun and a bit later:

Installing cld3 3.2.2 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /home/mastodon/live/vendor/bundle/ruby/2.5.0/gems/cld3-3.2.2/ext/cld3
/usr/lib/rbenv/versions/2.5.1/bin/ruby -r ./siteconf20180819-2252-1u06vfn.rb extconf.rb
Failed to locate protobuf

cu denny

jemalloc-devel missing on RHEL based distributions when performing manual updates

When performing manual update as instructed in main Mastodon releases using RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install, update fails due to missing package:

[mastodon@mastodon live]$ RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install
==> Downloading ruby-3.2.3.tar.gz...
-> curl -q -fL -o ruby-3.2.3.tar.gz https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.3.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 19.6M  100 19.6M    0     0  86.4M      0 --:--:-- --:--:-- --:--:-- 86.4M
==> Installing ruby-3.2.3...
-> ./configure "--prefix=$HOME/.rbenv/versions/3.2.3" --enable-shared --with-ext=openssl,psych,+ --with-jemalloc

BUILD FAILED (Rocky Linux 8.9 on x86_64 using ruby-build 20240119)

You can inspect the build directory at /tmp/ruby-build.20240206185017.3936147.6dqyYl
See the full build log at /tmp/ruby-build.20240206185017.3936147.log
[mastodon@mastodon live]$ tail /tmp/ruby-build.20240206185017.3936147.log
checking for ucontext.h... yes
checking for utime.h... yes
checking for x86intrin.h... yes
checking for x86intrin.h when defined(__x86_64__)... yes
checking for gmp.h... no
checking for jemalloc/jemalloc.h... no
checking for jemalloc.h... no
checking for jemalloc library... no
configure: error: jemalloc requested but not found
external command failed with status 1

Installing the package fixes it and allows manual patching per Mastodon instructions

[mastodon@mastodon ~]$ sudo dnf install jemalloc-devel
Last metadata expiration check: 0:13:10 ago on Tue 06 Feb 2024 06:38:50 PM EST.
Dependencies resolved.
========================================================================================================================
 Package                          Architecture             Version                         Repository              Size
========================================================================================================================
Installing:
 jemalloc-devel                   x86_64                   5.2.1-2.el8                     epel                    88 k

Transaction Summary
========================================================================================================================
Install  1 Package

Total download size: 88 k
Installed size: 214 k
Is this ok [y/N]: y
Downloading Packages:
jemalloc-devel-5.2.1-2.el8.x86_64.rpm                                                   256 kB/s |  88 kB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                   106 kB/s |  88 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : jemalloc-devel-5.2.1-2.el8.x86_64                                                              1/1
  Running scriptlet: jemalloc-devel-5.2.1-2.el8.x86_64                                                              1/1
  Verifying        : jemalloc-devel-5.2.1-2.el8.x86_64                                                              1/1

Installed:
  jemalloc-devel-5.2.1-2.el8.x86_64

Complete!
[mastodon@mastodon live]$ RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install
==> Downloading ruby-3.2.3.tar.gz...
-> curl -q -fL -o ruby-3.2.3.tar.gz https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.3.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 19.6M  100 19.6M    0     0  86.8M      0 --:--:-- --:--:-- --:--:-- 86.8M
==> Installing ruby-3.2.3...
-> ./configure "--prefix=$HOME/.rbenv/versions/3.2.3" --enable-shared --with-ext=openssl,psych,+ --with-jemalloc
-> make -j 2
-> make install
==> Installed ruby-3.2.3 to /home/mastodon/.rbenv/versions/3.2.3

There might be a similar issue with Ubuntu/Debian distros that will require testing.

Permission steps during updates against an existing instance cause major playbook execution slowdowns & high CPU usage on NFS backed storage

When using the playbook against an existing instance (as part of updates) that is either a part of a larger relay, or has a lot of media files, the file permission tasks crawls media folders as well:
https://github.com/mastodon/mastodon-ansible/blob/main/bare/roles/web/tasks/mastodon-postflight.yml#L102

As Ansible crawls every single media file, it causes the execution to take way too long to perform as it edits every single media file permissions. In testing, it took over two hours and it appeared to be stuck.

This gets worse on NFS backed storage, as Ansible rapidly hammers it and causes the CPU to majorly spike up. Obviously this isn't really ideal.

Mastodon with NFS backed storage Playbook for error replication:
https://github.com/thunderysteak/steaks-ansible-playbooks/tree/main/nfs-mastodon-media

Suggestions on how to solve this:

Omit /home/mastodon/live/public/system from having chown tasks performed against it
Same as above but put it behind a feature flag for backwards compatibility with the default behavior being DISABLED.

Tasks that cause issues:

Ensure that we have correct file permissions with owner being the user and NGINX being the group
Ensure that we have correct file permissions with owner being the user and www-data being the group
Ensure that we have correct selinux context permissions for RedHat systems
Restore selinux condition on RedHat systems
Create folder structure for Mastodon public folder

Feature: ElasticSearch support

Support setting up ElasticSearch for full-text search.

mastodon / mastodon-ansible Goto Github PK

mastodon-ansible's Introduction

Navigation

Features

No vendor lock-in: Fully interoperable with any conforming platform

Real-time, chronological timeline updates

Media attachments like images and short videos

Safety and moderation tools

OAuth2 and a straightforward REST API

Deployment

Tech stack

Requirements

Development

Vagrant

macOS

Docker

Dev Containers

GitHub Codespaces

Contributing

License

mastodon-ansible's People

Contributors

Stargazers

Watchers

Forkers

mastodon-ansible's Issues

Recommend Projects

Recommend Topics

Recommend Org