Mastodon: allow internal chess host & refactor var names; OpenLDAP: safer get_app_conf

- Add ALLOWED_PRIVATE_ADDRESSES to .env (from svc-db-postgres) to handle 422 Mastodon::PrivateNetworkAddressError
- Switch docker-compose to MASTODON_* variables and align vars/main.yml
- Always run 01_setup.yml during deployment (removed conditional flag)
- OpenLDAP: remove implicit True default on network.local to avoid unintended truthy behavior

Context: chess.infinito.nexus resolved to 192.168.200.30 (private IP) from Mastodon; targeted allowlist unblocks federation lookups.

Ref: https://chat.openai.com/share/REPLACE_WITH_THIS_CONVERSATION_LINK

roles/web-app-mastodon/config/main.yml

@@ -1,5 +1,4 @@
 single_user_mode:     false                                           # Set true for initial setup
-setup:                true                                            # Set true in inventory file to execute the setup and initializing procedures, don't know if this is still necessary @todo test it                        
 features:
   matomo:             true
   css:                true

roles/web-app-mastodon/tasks/main.yml

@@ -19,5 +19,4 @@
     docker_compose_flush_handlers: true
 
 - name: "start setup procedures for mastodon"
-  include_tasks: 01_setup.yml
-  when: mastodon_setup | bool 
+  include_tasks: 01_setup.yml

roles/web-app-mastodon/templates/docker-compose.yml.j2

@@ -3,8 +3,8 @@
   web:
 {% set container_port = 3000 %}
 {% set container_healthcheck = 'health' %}
-    container_name: {{ mastodon_name }}
-    image: "{{ mastodon_image }}:{{ mastodon_version }}"
+    container_name: {{ MASTODON_NAME }}
+    image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@@ -18,8 +18,8 @@
   streaming:
 {% set container_port = 4000 %}
 {% set container_healthcheck = 'api/v1/streaming/health' %}
-    container_name: {{ mastodon_streaming_name }}
-    image: "{{ mastodon_streaming_image }}:{{ mastodon_streaming_version }}"
+    container_name: {{ MASTODON_STREAMING_NAME }}
+    image: "{{ MASTODON_STREAMING_IMAGE }}:{{ MASTODON_STREAMING_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: node ./streaming
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@@ -29,8 +29,8 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 
   sidekiq:
-    container_name: {{ mastodon_sidekiq_name }}
-    image: "{{ mastodon_image }}:{{ mastodon_version }}"
+    container_name: {{ MASTODON_SIDEKIQ_NAME }}
+    image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: bundle exec sidekiq
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
@@ -45,5 +45,5 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
-    name: "{{ mastodon_volume }}"
+    name: "{{ MASTODON_VOLUME }}"
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-mastodon/templates/env.j2

@@ -5,7 +5,8 @@
 
 LOCAL_DOMAIN={{ domains | get_domain(application_id) }}
 ALTERNATE_DOMAINS="{{ domains['web-app-mastodon'][1:] | join(',') }}"
-SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode', True) }}
+SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode') }}
+ALLOWED_PRIVATE_ADDRESSES={{ MASTODON_ALLOWED_PRIVATE_ADDRESSES }}
 
 # Credentials
 

roles/web-app-mastodon/vars/main.yml

@@ -3,12 +3,12 @@ application_id:               "web-app-mastodon"
 database_type:                "postgres"
 
 # Mastodon Specific
-mastodon_version:             "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
-mastodon_image:               "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
-mastodon_name:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}"
-mastodon_volume:              "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-mastodon_streaming_version:   "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version', True) }}"
-mastodon_streaming_image:     "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image', True) }}"
-mastodon_streaming_name:      "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name', True) }}"
-mastodon_sidekiq_name:        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_sidekiq"
-mastodon_setup:               "{{ applications | get_app_conf(application_id, 'setup', True) }}"
+MASTODON_VERSION:                     "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version') }}"
+MASTODON_IMAGE:                       "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image') }}"
+MASTODON_NAME:                        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}"
+MASTODON_VOLUME:                      "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+MASTODON_STREAMING_VERSION:           "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version') }}"
+MASTODON_STREAMING_IMAGE:             "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image') }}"
+MASTODON_STREAMING_NAME:              "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}"
+MASTODON_SIDEKIQ_NAME:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq"
+MASTODON_ALLOWED_PRIVATE_ADDRESSES:   "{{ networks.local['svc-db-postgres'].subnet if 'web-app-chess' in group_names else ''}}"