Raw refactoring of roles

2025-08-29 15:06:26 +02:00 · 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions
--- a/roles/docker-mastodon/meta/schema.yml
+++ b/roles/docker-mastodon/meta/schema.yml
@@ -0,0 +1,40 @@
+credentials:
+  database_password:
+    description: "Password for the Mastodon PostgreSQL database user"
+    algorithm: "bcrypt"
+    validation: "^\\$2[aby]\\$.{56}$"
+
+  secret_key_base:
+    description: "Main secret key used to verify the integrity of signed cookies and tokens"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+
+  otp_secret:
+    description: "OTP secret used for two-factor authentication"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+
+  vapid_private_key:
+    description: "Private VAPID key used for web push notifications"
+    algorithm: "plain"
+    validation: "^[-_a-zA-Z0-9]{30,}$"
+
+  vapid_public_key:
+    description: "Public VAPID key used for web push notifications"
+    algorithm: "plain"
+    validation: "^[-_a-zA-Z0-9]{30,}$"
+
+  active_record_encryption_deterministic_key:
+    description: "Deterministic encryption key for Active Record encryption"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+
+  active_record_encryption_key_derivation_salt:
+    description: "Key derivation salt for Active Record encryption"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+
+  active_record_encryption_primary_key:
+    description: "Primary encryption key for Active Record encrypted columns"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
--- a/roles/docker-mastodon/templates/env.j2
+++ b/roles/docker-mastodon/templates/env.j2
@@ -20,8 +20,8 @@ OTP_SECRET=         {{applications.mastodon.credentials.otp_secret}}
 # --------
 # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
 # --------
-VAPID_PRIVATE_KEY=  {{applications.mastodon.credentials.vapid.private_key}}
-VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid.public_key}}
+VAPID_PRIVATE_KEY=  {{applications.mastodon.credentials.vapid_private_key}}
+VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid_public_key}}

 # Encryption secrets
 # ------------------
@@ -29,9 +29,9 @@ VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid.public_key}}
 # These are private/secret values, do not share outside hosting environment
 # Use `bin/rails db:encryption:init` to generate fresh secrets
 # Do NOT change these secrets once in use, as this would cause data loss and other issues
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{applications.mastodon.credentials.active_record_encryption.deterministic_key}}
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{applications.mastodon.credentials.active_record_encryption.key_derivation_salt}}
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{applications.mastodon.credentials.active_record_encryption.primary_key}}
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{applications.mastodon.credentials.active_record_encryption_deterministic_key}}
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}}
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{applications.mastodon.credentials.active_record_encryption_primary_key}}

 DB_HOST={{database_host}}
 DB_PORT={{database_port}}
--- a/roles/docker-mastodon/vars/configuration.yml
+++ b/roles/docker-mastodon/vars/configuration.yml
@@ -0,0 +1,19 @@
+version:                      "latest"
+single_user_mode:             false                                           # Set true for initial setup
+setup:                        false                                           # Set true in inventory file to execute the setup and initializing procedures
+credentials:
+# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
+#     database_password:                              
+#     secret_key_base:                                
+#     otp_secret:                                     
+#     vapid_private_key:                                  
+#     vapid_public_key:                                   
+#     active_record_encryption_deterministic_key:                            
+#     active_record_encryption_key_derivation_salt:                          
+#     active_record_encryption_primary_key:                                  
+features:
+  matomo: true
+  css: true
+  landingpage_iframe: false
+  oidc: true
+  central_database: true
--- a/roles/docker-mastodon/vars/main.yml
+++ b/roles/docker-mastodon/vars/main.yml
@@ -1,3 +1,3 @@
 application_id:  	  "mastodon"
-database_password:  "{{applications[application_id].credentials.database.password}}"
+database_password:  "{{applications[application_id].credentials.database_password}}"
 database_type:      "postgres"