www/content/blog/ansible/gotosocial.md

5.9 KiB

title description date tags
Migrating gotosocial from nixos to Debian How I am deploying gotosocial with ansible 2025-03-16
ansible
gotosocial

Introduction

Last year I migrated several services back from NixOS to a more standard Debian server. Here is the ansible role I wrote to manage gotosocial, a lightweight Mastodon alternative.

Ansible role

Meta

The meta/main.yaml contains the role dependencies:

---
dependencies:
  - role: 'borg'
  - role: 'nginx'
  - role: 'podman'

Tasks

The tasks/main.yaml just creates a data directory. All the heavy lifting is then done by calling other roles that I presented in earlier articles:

---
- name: 'Create gotosocial data directory'
  file:
    path: '/srv/gotosocial'
    owner: '1000'
    group: '1000'
    mode: '0750'
    state: 'directory'

- name: 'Copy gotosocial configuration file'
  copy:
    src: 'gotosocial.yaml'
    dest: '/etc/'
    owner: 'root'
    mode: '0444'

- name: 'Configure gotosocial podman container'
  include_role:
    name: 'podman'
    tasks_from: 'container'
  vars:
    container:
      cmd:
        - '--config-path'
        - '/gotosocial.yaml'
      #extra_options:
      #  - '--cgroup-conf=memory.high=402653184'
      name: 'gotosocial'
      image: '{{ versions.gotosocial.image }}:{{ versions.gotosocial.tag }}'
      publishs:
        - container_port: '8080'
          host_port: '8089'
          ip: '127.0.0.1'
      volumes:
        - dest: '/gotosocial.yaml:ro'
          src: '/etc/gotosocial.yaml'
        - dest: '/gotosocial/storage'
          src: '/srv/gotosocial'

- name: 'Configure fedi.adyxax.org nginx vhost'
  include_role:
    name: 'nginx'
    tasks_from: 'vhost'
  vars:
    vhost:
      name: 'fedi'
      path: 'roles/fedi.adyxax.org/files/nginx-vhost.conf'

- include_role:
    name: 'borg'
    tasks_from: 'client'
  vars:
    client:
      jobs:
        - name: 'sqlite3'
          paths:
            - '/tmp/gotosocial.db'
          pre_command: "rm -f /tmp/gotosocial.db; umask 077; printf '%s' \"VACUUM INTO '/tmp/gotosocial.db'\" | sqlite3 /srv/gotosocial/sqlite.db"
          post_command: 'rm -f /tmp/gotosocial.db'
        - name: 'data'
          paths:
            - '/srv/gotosocial/storage'
      name: 'fedi'
      server: '{{ fedi_adyxax_org.borg }}'

Files

Here is the nginx vhost file, fairly straightforward:

###############################################################################
#     \_o<     WARNING : This file is being managed by ansible!      >o_/     #
#     ~~~~                                                           ~~~~     #
###############################################################################

server {
	listen  80;
	listen  [::]:80;
	server_name  fedi.adyxax.org;
	location / {
		return 308 https://$server_name$request_uri;
	}
}

server {
	listen  443       ssl;
	listen  [::]:443  ssl;
	server_name  fedi.adyxax.org;

	location / {
        proxy_pass http://127.0.0.1:8089;
	}
	ssl_certificate      adyxax.org.fullchain;
	ssl_certificate_key  adyxax.org.key;
}

Here is my gotosocial.yaml which is rather long:

###############################################################################
#     \_o<     WARNING : This file is being managed by ansible!      >o_/     #
#     ~~~~                                                           ~~~~     #
###############################################################################

###########################
##### GENERAL CONFIG ######
###########################

log-level: "warn"
log-timestamp-format: "2006-01-02T15:04:05Z07:00"
host: "fedi.adyxax.org"

# String. Domain to use when federating profiles. This is useful when you want your server to be at
# eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better
# or is just shorter/easier to remember.
#
# To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger"
# to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly.
#
# You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way.
#
# You should also redirect requests at "example.org/.well-known/host-meta" in the same way. This endpoint
# is used by a number of clients to discover the API endpoint to use when the host and account domain are
# different.
#
# An empty string (ie., not set) means that the same value as 'host' will be used.
#
# DO NOT change this after your server has already run once, or you will break things!
#
# Please read the appropriate section of the installation guide before you go messing around with this setting:
# https://docs.gotosocial.org/en/latest/advanced/host-account-domain/
#
# Examples: ["example.org","server.com"]
# Default: ""
account-domain: "adyxax.org"
protocol: "https"
bind-address: "0.0.0.0"
port: 8080
trusted-proxies:
  - "127.0.0.0/8"
  - "::1"
  - "fc00::3/64"
  - "10.88.0.1/32"

############################
##### DATABASE CONFIG ######
############################

db-type: "sqlite"
db-address: "/gotosocial/storage/sqlite.db"

###########################
##### INSTANCE CONFIG #####
###########################

instance-languages: ["en", "fr"]
instance-expose-public-timeline: true

###########################
##### ACCOUNTS CONFIG #####
###########################

accounts-registration-open: false

########################
##### MEDIA CONFIG #####
########################

media-local-max-size: 40MiB
media-image-size-hint: 5MiB
media-video-size-hint: 40MiB
media-remote-cache-days: 2

##########################
##### STORAGE CONFIG #####
##########################

storage-local-base-path: "/gotosocial/storage/storage"

#############################
##### ADVANCED SETTINGS #####
#############################

advanced-sender-multiplier: 2

Conclusion

I did all this in early October and performed several upgrades since then. It all works well!