mastodon_ prefix for role vars

webapps/mastodon/LISEZMOI.md

@@ -20,13 +20,7 @@ Dépendances
 
 Ce rôle Ansible dépend des rôles suivants :
 
-- nodejs
-- postgresql
-- redis
-- elasticsearch
 - rbenv
-- nginx
-- certbot
 
 Exemple de playbook
 -------------------
@@ -37,17 +31,17 @@ Exemple de playbook
     - all
   vars:
     # Supplanter ici les variables du rôle
-    domains: ['votre-vrai-domaine.org']
-    service: 'mon-mastodon'
-    db_host: 'localhost'
-    db_user: "{{ service }}"
-    db_name: "{{ service }}"
-    db_password: 'zKEh-CHANGEZ-MOI-qIKc'
-    app_secret_key_base: ""
-    app_otp_secret: ""
-    app_vapid_private_key: ""
-    app_vapid_public_key: ""
-    app_smtp_from_address: "mastodon@votre-vrai-domaine.org"
+    mastodon_domains: ['votre-vrai-domaine.org']
+    mastodon_service: 'mon-mastodon'
+    mastodon_db_host: 'localhost'
+    mastodon_db_user: "{{ service }}"
+    mastodon_db_name: "{{ service }}"
+    mastodon_db_password: 'zKEh-CHANGEZ-MOI-qIKc'
+    mastodon_app_secret_key_base: ""
+    mastodon_app_otp_secret: ""
+    mastodon_app_vapid_private_key: ""
+    mastodon_app_vapid_public_key: ""
+    mastodon_app_smtp_from_address: "mastodon@votre-vrai-domaine.org"
 
   pre_tasks:
     - name: "Installer les rôles systèmes"

webapps/mastodon/README.md

@@ -20,13 +20,7 @@ Dependencies
 
 This Ansible role depends on the following other roles:
 
-- nodejs
-- postgresql
-- redis
-- elasticsearch
 - rbenv
-- nginx
-- certbot
 
 Example Playbook
 ----------------
@@ -37,17 +31,17 @@ Example Playbook
     - all
   vars:
     # Overwrite the role variable here
-    domains: ['your-real-domain.org']
-    service: 'my-mastodon'
-    db_host: 'localhost'
-    db_user: "{{ service }}"
-    db_name: "{{ service }}"
-    db_password: 'zKEh-CHANGE-ME-qIKc'
-    app_secret_key_base: ""
-    app_otp_secret: ""
-    app_vapid_private_key: ""
-    app_vapid_public_key: ""
-    app_smtp_from_address: "mastodon@your-real-domain.org"
+    mastodon_domains: ['your-real-domain.org']
+    mastodon_service: 'my-mastodon'
+    mastodon_db_host: 'localhost'
+    mastodon_db_user: "{{ service }}"
+    mastodon_db_name: "{{ service }}"
+    mastodon_db_password: 'zKEh-CHANGE-ME-qIKc'
+    mastodon_app_secret_key_base: ""
+    mastodon_app_otp_secret: ""
+    mastodon_app_vapid_private_key: ""
+    mastodon_app_vapid_public_key: ""
+    mastodon_app_smtp_from_address: "mastodon@your-real-domain.org"
 
   pre_tasks:
     - name: "Install system roles"

webapps/mastodon/defaults/main.yml

@@ -1,26 +1,24 @@
 ---
 # defaults file for mastodon
-system_dep: "['imagemagick', 'ffmpeg', 'libpq-dev', 'libxml2-dev', 'libxslt1-dev', 'file', 'git-core', 'g++', 'libprotobuf-dev', 'protobuf-compiler', 'pkg-config', 'nodejs', 'gcc', 'autoconf', 'bison', 'build-essential', 'libssl-dev', 'libyaml-dev', 'libreadline6-dev', 'zlib1g-dev', 'libncurses5-dev', 'libffi-dev', 'libgdbm-dev', 'nginx', 'redis-server', 'redis-tools', 'postgresql', 'postgresql-contrib', 'certbot', 'python3-certbot-nginx', 'libidn11-dev', 'libicu-dev', 'libjemalloc-dev', 'yarn']"
-domains: ['example.somedomain.org']
-git_url: 'https://github.com/mastodon/mastodon.git'
-git_version: 'v4.0.2'
-ruby_version: '3.0.4'
-service: 'example'
+mastodon_system_dep: "['imagemagick', 'ffmpeg', 'libpq-dev', 'libxml2-dev', 'libxslt1-dev', 'file', 'git-core', 'g++', 'libprotobuf-dev', 'protobuf-compiler', 'pkg-config', 'nodejs', 'gcc', 'autoconf', 'bison', 'build-essential', 'libssl-dev', 'libyaml-dev', 'libreadline6-dev', 'zlib1g-dev', 'libncurses5-dev', 'libffi-dev', 'libgdbm-dev', 'nginx', 'redis-server', 'redis-tools', 'postgresql', 'postgresql-contrib', 'certbot', 'python3-certbot-nginx', 'python3-psycopg2', 'libidn11-dev', 'libicu-dev', 'libjemalloc-dev']"
+mastodon_domains: ['example.somedomain.org']
+mastodon_git_url: 'https://github.com/mastodon/mastodon.git'
+mastodon_git_version: 'v4.0.2'
+mastodon_ruby_version: '3.0.4'
+mastodon_service: 'example'
 
-db_host: 'localhost'
-db_user: "{{ service }}"
-db_name: "{{ service }}_production"
-db_password: 'CHANGE_ME'
-#puma_port: '3000'
-#node_port: '4000'
+mastodon_db_host: 'localhost'
+mastodon_db_user: "{{ mastodon_service }}"
+mastodon_db_name: "{{ mastodon_service }}_production"
+mastodon_db_password: 'CHANGE_ME'
 
-app_secret_key_base: ""
-app_otp_secret: ""
-app_vapid_private_key: ""
-app_vapid_public_key: ""
-app_smtp_server: "127.0.0.1"
-app_smtp_port: "25"
-app_smtp_from_address: "example@somedomain.org"
-app_smtp_auth_method: "none"
-app_smtp_openssl_verify_mode: "none"
-app_es_enabled: "false"
+mastodon_app_secret_key_base: ""
+mastodon_app_otp_secret: ""
+mastodon_app_vapid_private_key: ""
+mastodon_app_vapid_public_key: ""
+mastodon_app_smtp_server: "127.0.0.1"
+mastodon_app_smtp_port: "25"
+mastodon_app_smtp_from_address: "example@somedomain.org"
+mastodon_app_smtp_auth_method: "none"
+mastodon_app_smtp_openssl_verify_mode: "none"
+mastodon_app_es_enabled: "false"

webapps/mastodon/tasks/main.yml

@@ -3,18 +3,39 @@
 
 - name: Install main system dependencies
   apt:
-    name: "{{ system_dep }}"
+    name: "{{ mastodon_system_dep }}"
+    update_cache: yes
+
+- name: Install npm on Debian 12
+  apt:
+    name: npm
+  when: ansible_distribution_major_version is version('12', '>=')
+
+- name: Install corepack via npm on Debian 12
+  shell: npm install -g corepack
+  when: ansible_distribution_major_version is version('12', '>=')
+
+- name: Fix permissions for corepack
+  ansible.builtin.file:
+    path: /usr/local/lib/node_modules/
+    state: directory
+    mode: o+rx
+    recurse: yes
+  when: ansible_distribution_major_version is version('12', '>=')
+
+- name: Enable yarn (via corepack)
+  shell: "corepack enable; yarn set version classic"
 
 - name: Add PostgreSQL user
   postgresql_user:
-    name: "{{ db_user }}"
-    password: "{{ db_password }}"
+    name: "{{ mastodon_db_user }}"
+    password: "{{ mastodon_db_password }}"
     role_attr_flags: CREATEDB
   become_user: postgres
 
 - name: Add UNIX account
   user:
-    name: "{{ service }}"
+    name: "{{ mastodon_service }}"
     shell: /bin/bash
 #    umask: "0022" nécessite ansible-core 2.12
 
@@ -22,18 +43,18 @@
   include_role:
     name: rbenv
   vars:
-    - username: "{{ service }}"
-    - rbenv_ruby_version: "{{ ruby_version }}"
+    - username: "{{ mastodon_service }}"
+    - rbenv_ruby_version: "{{ mastodon_ruby_version }}"
 
 - name: Clone Mastodon repo (git)
   git:
-    repo: "{{ git_url }}"
+    repo: "{{ mastodon_git_url }}"
     dest: "~/mastodon/"
-    version: "{{ git_version | default(omit) }}"
+    version: "{{ mastodon_git_version | default(omit) }}"
     #force: yes
     update: yes
     umask: '0022'
-  become_user: "{{ service }}"
+  become_user: "{{ mastodon_service }}"
 
 - block:
   - name: Install bundler
@@ -51,21 +72,21 @@
     args:
       chdir: "~/mastodon"
       executable: /bin/bash # fails with /bin/sh
-  become_user: "{{ service }}"
+  become_user: "{{ mastodon_service }}"
 
 - name: Template .env.production configuration file
   template:
     src: "env.j2"
-    dest: "~{{ service }}/mastodon/.env.production"
-    owner: "{{ service }}"
-    group: "{{ service }}"
+    dest: "~{{ mastodon_service }}/mastodon/.env.production"
+    owner: "{{ mastodon_service }}"
+    group: "{{ mastodon_service }}"
     mode: "0640"
 
 - name: Check if secrets need to be generated or not
   shell: "grep -P SECRET_KEY_BASE=[[:alnum:]]{128} .env.production"
   args:
     chdir: "~/mastodon"
-  become_user: "{{ service }}"
+  become_user: "{{ mastodon_service }}"
   register: secrets
   failed_when: "secrets.rc == 2"
 
@@ -103,18 +124,18 @@
     lineinfile:
       path: "~/mastodon/.env.production"
       regexp: '^VAPID_PRIVATE_KEY='
-      line: "VAPID_PRIVATE_KEY={{ app_vapid_private_key.stdout }}" 
+      line: "VAPID_PRIVATE_KEY={{ mastodon_app_vapid_private_key.stdout }}" 
   - name: Write app_vapid_public_key to production .env file
     lineinfile:
       path: "~/mastodon/.env.production"
       regexp: '^VAPID_PUBLIC_KEY='
-      line: "VAPID_PUBLIC_KEY={{ app_vapid_public_key.stdout }}"
-  become_user: "{{ service }}"
+      line: "VAPID_PUBLIC_KEY={{ mastodon_app_vapid_public_key.stdout }}"
+  become_user: "{{ mastodon_service }}"
   when: "secrets.rc == 1"
 
 - name: Check if mastodon database is already present or not
   shell: |
-   psql -lqt | cut -d \| -f 1 | grep -qw {{ service }}_production
+   psql -lqt | cut -d \| -f 1 | grep -qw {{ mastodon_service }}_production
   become_user: postgres
   register: db_present
   failed_when: "db_present.rc == 2"
@@ -124,7 +145,7 @@
   args:
     chdir: "~/mastodon"
     executable: /bin/bash # fails with /bin/sh
-  become_user: "{{ service }}"
+  become_user: "{{ mastodon_service }}"
   when: "db_present.rc == 1"
 
 - name: Precompile assets
@@ -132,7 +153,7 @@
   args:
     chdir: "~/mastodon"
     executable: /bin/bash # fails with /bin/sh
-  become_user: "{{ service }}"
+  become_user: "{{ mastodon_service }}"
 
 - name: Adjust permissions of files in public folder
   file:
@@ -140,27 +161,27 @@
     state: directory
     mode: 'o=rX'
     recurse: true
-  become_user: "{{ service }}"
+  become_user: "{{ mastodon_service }}"
 
 - name: Add systemd target
   template:
     src: "mastodon.target.j2"
-    dest: "/etc/systemd/system/{{ service }}.target"
+    dest: "/etc/systemd/system/{{ mastodon_service }}.target"
 
 - name: Add systemd web unit
   template:
     src: "mastodon-web.service.j2"
-    dest: "/etc/systemd/system/{{ service }}-web.service"
+    dest: "/etc/systemd/system/{{ mastodon_service }}-web.service"
 
 - name: Add systemd sidekiq unit
   template:
     src: "mastodon-sidekiq.service.j2"
-    dest: "/etc/systemd/system/{{ service }}-sidekiq.service"
+    dest: "/etc/systemd/system/{{ mastodon_service }}-sidekiq.service"
 
 - name: Add systemd streaming unit
   template:
     src: "mastodon-streaming.service.j2"
-    dest: "/etc/systemd/system/{{ service }}-streaming.service"
+    dest: "/etc/systemd/system/{{ mastodon_service }}-streaming.service"
 
 - name: Enable systemd units
   systemd:
@@ -168,19 +189,19 @@
     enabled: yes
     daemon_reload: yes
   loop:
-    - "{{ service }}.target"
-    - "{{ service }}-web.service"
-    - "{{ service }}-sidekiq.service"
-    - "{{ service }}-streaming.service"
+    - "{{ mastodon_service }}.target"
+    - "{{ mastodon_service }}-web.service"
+    - "{{ mastodon_service }}-sidekiq.service"
+    - "{{ mastodon_service }}-streaming.service"
 
 - name: Start services
   service:
-    name: "{{ service }}.target"
+    name: "{{ mastodon_service }}.target"
     state: started
 
 - name: Check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: Generate certificate only if required (first time)
@@ -188,34 +209,34 @@
   - name: Template vhost without SSL for successfull LE challengce
     template: 
       src: "vhost.j2"
-      dest: "/etc/nginx/sites-available/{{ service }}"
+      dest: "/etc/nginx/sites-available/{{ mastodon_service }}"
   - name: Enable temporary nginx vhost for LE
     file:
-      src: "/etc/nginx/sites-available/{{ service }}"
-      dest: "/etc/nginx/sites-enabled/{{ service }}"
+      src: "/etc/nginx/sites-available/{{ mastodon_service }}"
+      dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}"
       state: link
   - name: Reload nginx conf
     service:
       name: nginx
       state: reloaded
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ domains |first }}
+    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ mastodon_domains |first }}
   when: ssl.stat.exists == false
 
 - name: (Re)check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: (Re)template conf file for nginx vhost with SSL
   template:
     src: "vhost.j2"
-    dest: "/etc/nginx/sites-available/{{ service }}"
+    dest: "/etc/nginx/sites-available/{{ mastodon_service }}"
 
 - name: Enable nginx vhost for mastodon
   file:
-    src: "/etc/nginx/sites-available/{{ service }}"
-    dest: "/etc/nginx/sites-enabled/{{ service }}"
+    src: "/etc/nginx/sites-available/{{ mastodon_service }}"
+    dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}"
     state: link
 
 - name: Reload nginx conf

webapps/mastodon/templates/env.j2

@@ -5,22 +5,22 @@
 REDIS_HOST=localhost
 REDIS_PORT=6379
 REDIS_PASSWORD=
-REDIS_NAMESPACE={{ service }}
+REDIS_NAMESPACE={{ mastodon_service }}
 # You may set DATABASE_URL instead for more advanced options
-DB_HOST={{ db_host }}
-DB_USER={{ db_user }}
-DB_NAME={{ db_name }}
-DB_PASS='{{ db_password }}'
+DB_HOST={{ mastodon_db_host }}
+DB_USER={{ mastodon_db_user }}
+DB_NAME={{ mastodon_db_name }}
+DB_PASS='{{ mastodon_db_password }}'
 DB_PORT=5432
 # Optional ElasticSearch configuration
-#ES_ENABLED={{ app_es_enabled | default('false') }}
-#ES_HOST={{ app_es_host | default('localhost') }}
-#ES_PORT={{ app_es_port | default('9200') }}
+#ES_ENABLED={{ mastodon_app_es_enabled | default('false') }}
+#ES_HOST={{ mastodon_app_es_host | default('localhost') }}
+#ES_PORT={{ mastodon_app_es_port | default('9200') }}
 
 # Federation
 # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.
 # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
-LOCAL_DOMAIN={{ domains |first }}
+LOCAL_DOMAIN={{ mastodon_domains |first }}
 
 # Changing LOCAL_HTTPS in production is no longer supported. (Mastodon will always serve https:// links)
 
@@ -36,8 +36,8 @@ LOCAL_DOMAIN={{ domains |first }}
 
 # Application secrets
 # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
-SECRET_KEY_BASE={{ app_secret_key_base }}
-OTP_SECRET={{ app_otp_secret }}
+SECRET_KEY_BASE={{ mastodon_app_secret_key_base }}
+OTP_SECRET={{ mastodon_app_otp_secret }}
 
 # VAPID keys (used for push notifications
 # You can generate the keys using the following command (first is the private key, second is the public one)
@@ -47,8 +47,8 @@ OTP_SECRET={{ app_otp_secret }}
 # Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
 #
 # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
-VAPID_PRIVATE_KEY={{ app_vapid_private_key }}
-VAPID_PUBLIC_KEY={{ app_vapid_public_key }}
+VAPID_PRIVATE_KEY={{ mastodon_app_vapid_private_key }}
+VAPID_PUBLIC_KEY={{ mastodon_app_vapid_public_key }}
 
 # Registrations
 # Single user mode will disable registrations and redirect frontpage to the first profile
@@ -66,16 +66,16 @@ VAPID_PUBLIC_KEY={{ app_vapid_public_key }}
 # If you want to use an SMTP server without authentication (e.g local Postfix relay)
 # then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
 # *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
-SMTP_SERVER={{ app_smtp_server | default('smtp.mailgun.org') }}
-SMTP_PORT={{ app_smtp_port | default('587') }}
+SMTP_SERVER={{ mastodon_app_smtp_server | default('smtp.mailgun.org') }}
+SMTP_PORT={{ mastodon_app_smtp_port | default('587') }}
 #SMTP_LOGIN=
 #SMTP_PASSWORD=
-SMTP_FROM_ADDRESS={{ app_smtp_from_address | default('notifications@example.com') }}
+SMTP_FROM_ADDRESS={{ mastodon_app_smtp_from_address | default('notifications@example.com') }}
 #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
 #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
-SMTP_AUTH_METHOD={{ app_smtp_auth_method | default('plain') }}
+SMTP_AUTH_METHOD={{ mastodon_app_smtp_auth_method | default('plain') }}
 #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
-#SMTP_OPENSSL_VERIFY_MODE={{ app_smtp_openssl_verify_mode | default('peer') }}
+#SMTP_OPENSSL_VERIFY_MODE={{ mastodon_app_smtp_openssl_verify_mode | default('peer') }}
 #SMTP_ENABLE_STARTTLS_AUTO=true
 #SMTP_TLS=true
 

webapps/mastodon/templates/mastodon-sidekiq.service.j2

@@ -1,23 +1,23 @@
 [Unit]
 Description=mastodon-sidekiq
 After=network.target
-PartOf={{service}}.target
+PartOf={{ mastodon_service }}.target
 
 [Service]
 Type=simple
-User={{service}}
-Group={{service}}
+User={{ mastodon_service }}
+Group={{ mastodon_service }}
 UMask=0027
-WorkingDirectory=/home/{{service}}/mastodon/
+WorkingDirectory=/home/{{ mastodon_service }}/mastodon/
 Environment="RAILS_ENV=production"
 Environment="RAILS_LOG_LEVEL=error"
 Environment="DB_POOL=25"
 Environment="MALLOC_ARENA_MAX=2"
 Environment="LD_PRELOAD=libjemalloc.so"
-ExecStart=/home/{{service}}/.rbenv/shims/bundle exec sidekiq -c 25
+ExecStart=/home/{{ mastodon_service }}/.rbenv/shims/bundle exec sidekiq -c 25
 TimeoutSec=15
 Restart=always
 SyslogIdentifier=%p
 
 [Install]
-WantedBy={{service}}.target
+WantedBy={{ mastodon_service }}.target

webapps/mastodon/templates/mastodon-streaming.service.j2

@@ -1,16 +1,16 @@
 [Unit]
 Description=mastodon-streaming
 After=network.target
-PartOf={{service}}.target
+PartOf={{ mastodon_service }}.target
 
 [Service]
 Type=simple
-User={{service}}
-Group={{service}}
+User={{ mastodon_service }}
+Group={{ mastodon_service }}
 UMask=0027
-WorkingDirectory=/home/{{service}}/mastodon/
+WorkingDirectory=/home/{{ mastodon_service }}/mastodon/
 Environment="NODE_ENV=production"
-Environment="PORT={{ node_port | default('4000')}}"
+Environment="PORT={{ mastodon_node_port | default('4000') }}"
 Environment="STREAMING_CLUSTER_NUM=1"
 ExecStart=/bin/bash -lc "node ./streaming"
 TimeoutSec=15
@@ -18,4 +18,4 @@ Restart=always
 SyslogIdentifier=%p
 
 [Install]
-WantedBy={{service}}.target
+WantedBy={{ mastodon_service }}.target

webapps/mastodon/templates/mastodon-web.service.j2

@@ -1,23 +1,23 @@
 [Unit]
 Description=mastodon-web
 After=network.target
-PartOf={{service}}.target
+PartOf={{ mastodon_service }}.target
 
 [Service]
 Type=simple
-User={{service}}
-Group={{service}}
+User={{ mastodon_service }}
+Group={{ mastodon_service }}
 UMask=0027
-WorkingDirectory=/home/{{service}}/mastodon/
+WorkingDirectory=/home/{{ mastodon_service }}/mastodon/
 Environment="RAILS_ENV=production"
-Environment="PORT={{puma_port|default('3000')}}"
+Environment="PORT={{ mastodon_puma_port | default('3000') }}"
 Environment="RAILS_LOG_LEVEL=warn"
 Environment="LD_PRELOAD=libjemalloc.so"
-ExecStart=/home/{{service}}/.rbenv/shims/bundle exec puma -C config/puma.rb
+ExecStart=/home/{{ mastodon_service }}/.rbenv/shims/bundle exec puma -C config/puma.rb
 ExecReload=/bin/kill -SIGUSR1 $MAINPID
 TimeoutSec=15
 Restart=always
 SyslogIdentifier=%p
 
 [Install]
-WantedBy={{service}}.target
+WantedBy={{ mastodon_service }}.target

webapps/mastodon/templates/mastodon.target.j2

@@ -2,7 +2,7 @@
 Description=Mastodon Microblogging service
 Wants=redis-server.service
 After=redis-server.service
-Requires={{ service }}-web.service {{ service }}-sidekiq.service {{ service }}-streaming.service
+Requires={{ mastodon_service }}-web.service {{ mastodon_service }}-sidekiq.service {{ mastodon_service }}-streaming.service
 
 [Install]
 WantedBy=multi-user.target

webapps/mastodon/templates/vhost.j2

@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ domains |first }};
+  server_name {{ mastodon_domains |first }};
   include /etc/nginx/snippets/letsencrypt.conf;
   {% if ssl.stat.exists %}
   location / { return 301 https://$host$request_uri; }
@@ -17,12 +17,12 @@ server {
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
-  server_name {{ domains |first }};
+  server_name {{ mastodon_domains |first }};
 
   include /etc/nginx/snippets/letsencrypt.conf;
-  ssl_certificate /etc/letsencrypt/live/{{ domains |first }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/{{ domains |first }}/privkey.pem;
-  ssl_trusted_certificate /etc/letsencrypt/live/{{ domains |first }}/chain.pem;
+  ssl_certificate /etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_domains |first }}/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/{{ mastodon_domains |first }}/chain.pem;
 
   # OCSP stapling
   ssl_stapling on;
@@ -33,7 +33,7 @@ server {
   sendfile             on;
   client_max_body_size 0;
 
-  root /home/{{ service }}/mastodon/public;
+  root /home/{{ mastodon_service }}/mastodon/public;
 
   gzip on;
   gzip_disable "msie6";
@@ -45,7 +45,7 @@ server {
   gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
   #add_header Strict-Transport-Security "max-age=31536000";
-  #add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://{{ domains |first }}; upgrade-insecure-requests";
+  #add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://{{ mastodon_domains |first }}; upgrade-insecure-requests";
 
   location / {
     try_files $uri @proxy;
@@ -64,7 +64,7 @@ server {
     proxy_set_header Proxy "";
     proxy_pass_header Server;
 
-    proxy_pass http://127.0.0.1:{{puma_port|default('3000')}};
+    proxy_pass http://127.0.0.1:{{ mastodon_puma_port | default('3000') }};
     proxy_buffering off;
     proxy_redirect off;
     proxy_http_version 1.1;
@@ -81,7 +81,7 @@ server {
     proxy_set_header X-Forwarded-Proto https;
     proxy_set_header Proxy "";
 
-    proxy_pass http://127.0.0.1:{{ node_port | default('4000')}};
+    proxy_pass http://127.0.0.1:{{ mastodon_node_port | default('4000') }};
     proxy_buffering off;
     proxy_redirect off;
     proxy_http_version 1.1;