playbook.yml

- name: "Setup the VM"
  hosts: all
  gather_facts: true
  roles:
    - role: roles/setup

- name: "External Docker network"
  hosts: all
  gather_facts: false
  tags:
    - traefik
    - mastodon
    - mastodon.setup
    - mastodon.setup.docker-network
  vars_files:
    - roles/mastodon/vars/mastodon-vars.yml
  tasks:
    - community.docker.docker_network:
        name: "{{ mastodon_docker_external_network_name }}"

- name: "Setup Traefik"
  hosts: all
  gather_facts: false
  tags:
    - traefik
  roles:
    - epfl_si.traefik.traefik
  vars_files:
    - versions.yml   # For traefik_docker_image
    - roles/mastodon/vars/mastodon-vars.yml   # For mastodon_web_container_name + mastodon_docker_external_network_name
  vars:
    traefik_root_location: /srv/traefik
    traefik_docker_networks:
      - name: "{{ mastodon_docker_external_network_name }}"
      - name: "{{ mastodon_docker_internal_network_name }}" # Metrics
    traefik_use_acme_prod_ca: true
    traefik_external_http_port: 80
    traefik_debug: false
  tasks:
    - epfl_si.traefik.dynamic_config:
        name: mastodon
        content: |
          http:
            services:
              mastodon:
                loadBalancer:
                  servers:
                  - url: http://{{ mastodon_web_container_name }}:3000

            routers:
              mastodon:
                rule: Host(`{{ inventory_hostname }}`)
                service: mastodon
                tls:
                  certResolver: letsencrypt
                middlewares: {{ "[ 'test-auth' ]" if (enable_basic_auth is defined and enable_basic_auth) else '[]' }}

            middlewares:
              test-auth:
                basicAuth:
                  users:
                  - "{{ _secrets.epfl_account_basic_auth }}"

    - epfl_si.traefik.dynamic_config:
        name: prometheus
        content: |
          http:
            services:
              prometheus:
                loadBalancer:
                  servers:
                  - url: http://prometheus:9090

            routers:
              # Serves prometheus on https://{{ inventory_hostname }}/prometheus/
              prometheus:
                rule: Host(`{{ inventory_hostname }}`) && (PathPrefix(`/prometheus/`) || Header(`Referer`, `https://{{ inventory_hostname }}/prometheus/graph`))
                service: prometheus
                tls: true
                middlewares:
                  - prometheus-strip-prefix
                  - prometheus-ui-auth

            middlewares:
              prometheus-strip-prefix:
                stripPrefix:
                  prefixes:
                  - "/prometheus"
              prometheus-ui-auth:
                basicAuth:
                  users:
                  - "{{ _secrets.epfl_account_basic_auth }}"

- name: "Setup Mastodon"
  hosts: all
  gather_facts: false
  roles:
    - role: roles/mastodon

- name: "Setup monitoring"
  hosts: all
  gather_facts: false
  roles:
    - role: roles/monitoring