added mastodon docker draft

roles/docker-mastodon/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: recreate mastodon
+  command:
+    cmd: docker-compose -p mastodon up -d --force-recreate
+    chdir: "{{docker_compose_mastodon_path}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600

roles/docker-mastodon/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- native-docker-reverse-proxy

roles/docker-mastodon/readme.md

@@ -0,0 +1,10 @@
+# docker mastodon
+## create configuration
+```bash
+    docker-compose run --rm web bundle exec rake mastodon:setup
+```
+
+## further information
+- https://goneuland.de/mastodon-mit-docker-und-traefik-installieren/
+- https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4
+- https://www.2daygeek.com/linux-command-check-website-is-up-down-alive/

roles/docker-mastodon/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+- name: recieve {{domain}} certificate
+  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+
+- name: configure {{domain}}.conf
+  template: src=templates/mastodon.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
+  notify: restart nginx
+
+- name: "create {{docker_compose_mastodon_path}}"
+  file:
+    path: "{{docker_compose_mastodon_path}}"
+    state: directory
+    mode: 0755
+
+- name: register directory
+  stat:
+    path: "{{docker_compose_mastodon_path}}}"
+  register: docker_compose_mastodon_path_register
+
+- name: checkout repository 
+  ansible.builtin.shell: git checkout .
+  become: true
+  args:
+    chdir: "{{docker_compose_mastodon_path}}"
+  when: docker_compose_mastodon_path_register.stat.exists
+  become: true
+
+- name: pull docker repository
+  git:
+    repo: "https://github.com/tootsuite/mastodon.git"
+    dest: "{{docker_compose_mastodon_path}}"
+    update: yes
+  #notify: recreate mastodon
+  become: true
+
+- name: copy docker-compose.yml
+  template: src=docker-compose.yml.j2 dest={{docker_compose_mastodon_path}}docker-compose.yml
+  #notify: recreate mastodon
+
+- name: copy configuration
+  template: src=.env.production.j2 dest={{docker_compose_mastodon_path}}.env.production
+  #notify: recreate mastodon
+
+- name: add docker-compose.yml
+  template: src=docker-compose.yml.j2 dest={{docker_compose_mastodon_path}}docker-compose.yml
+  #notify: recreate mastodon

roles/docker-mastodon/templates/.env.production.j2

@@ -0,0 +1,52 @@
+LOCAL_DOMAIN={{domain}}
+
+# Redis
+# -----
+REDIS_HOST=localhost
+REDIS_PORT=6379
+
+# PostgreSQL
+# ----------
+DB_HOST=database
+DB_USER=mastodon
+DB_NAME=mastodon
+DB_PASS={{mastodon_database_password}}
+DB_PORT=3306
+
+# Secrets
+# -------
+# Make sure to use `rake secret` to generate secrets
+# -------
+SECRET_KEY_BASE=
+OTP_SECRET=
+
+# Web Push
+# --------
+# Generate with `rake mastodon:webpush:generate_vapid_key`
+# --------
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=
+
+# Sending mail
+# ------------
+SMTP_SERVER=smtp.mailgun.org
+SMTP_PORT=587
+SMTP_LOGIN=
+SMTP_PASSWORD=
+SMTP_FROM_ADDRESS=notifications@example.com
+
+# File storage (optional)
+# -----------------------
+S3_ENABLED=true
+S3_BUCKET=files.example.com
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+S3_ALIAS_HOST=files.example.com
+
+# IP and session retention
+# -----------------------
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
+# -----------------------
+IP_RETENTION_PERIOD=31556952
+SESSION_RETENTION_PERIOD=31556952

roles/docker-mastodon/templates/docker-compose.yml.j2

@@ -0,0 +1,92 @@
+version: '3'
+services:
+  database:
+    logging:
+      driver: journald
+    image: mariadb:10.5
+    command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"
+    environment:
+      MYSQL_DATABASE: "mastodon"
+      MYSQL_USER: "mastodon"
+      MYSQL_PASSWORD: "{{mastodon_database_password}}"
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+    volumes:
+      - database:/var/lib/mysql
+    restart: always
+    healthcheck:
+      test: "/usr/bin/mysql --user=mastodon --password={{mastodon_database_password}} --execute \"SHOW DATABASES;\""
+      interval: 3s
+      timeout: 1s
+      retries: 5
+  redis:
+    restart: always
+    image: redis:7-alpine
+    networks:
+      - internal_network
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+    volumes:
+      - redis:/data
+
+  web:
+    build: .
+    image: tootsuite/mastodon:{{mastodon_version}}
+    restart: always
+    env_file: .env.production
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
+    networks:
+      - external_network
+      - internal_network
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
+    ports:
+      - "127.0.0.1:{{http_port}}:3000"
+    depends_on:
+      - database
+      - redis
+    volumes:
+      - data:/mastodon/public/system
+
+  streaming:
+    build: .
+    image: tootsuite/mastodon:{{mastodon_version}}
+    restart: always
+    env_file: .env.production
+    command: node ./streaming
+    networks:
+      - external_network
+      - internal_network
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
+    ports:
+      - "127.0.0.1:{{stream_port}}:4000"
+    depends_on:
+      - database
+      - redis
+
+  sidekiq:
+    build: .
+    image: tootsuite/mastodon:{{mastodon_version}}
+    restart: always
+    env_file: .env.production
+    command: bundle exec sidekiq
+    depends_on:
+      - database
+      - redis
+    networks:
+      - external_network
+      - internal_network
+    volumes:
+      - data:/mastodon/public/system
+    healthcheck:
+      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
+volumes:
+  database:
+  redis:
+  data:
+networks:
+  external_network:
+  internal_network:
+    internal: true

roles/docker-mastodon/templates/mastodon.conf.j2

@@ -0,0 +1,46 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+server {
+  server_name {{domain}};
+
+  {% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 80m;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+  add_header Strict-Transport-Security "max-age=31536000";
+
+  {% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
+
+  location /api/v1/streaming {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header Proxy "";
+
+    proxy_pass http://127.0.0.1:{{stream_port}};
+    proxy_buffering off;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    tcp_nodelay on;
+  }
+
+  error_page 500 501 502 503 504 /500.html;
+}

roles/docker-mastodon/vars/main.yml

@@ -0,0 +1 @@
+docker_compose_mastodon_path: "/home/administrator/docker-compose/mastodon/"