Alright, this shoooould be functional

defaults/main.yml

@@ -0,0 +1,24 @@
+# vim:ft=ansible:
+pleroma_home: /opt/pleroma
+pleroma_arch: amd64
+pleroma_install: yes
+pleroma_enabled: yes
+pleroma_download_url: "https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job={{ pleroma_arch }}"
+
+# Site configuration
+pleroma_hostname: ""
+pleroma_char_limit: 65536
+pleroma_open_registration: "false"
+pleroma_instance_name: "My Pleroma Instance"
+pleroma_instance_desc: "My Pleroma instance, deployed via Ansible with no defaults changed"
+
+# Secret configuration
+pleroma_secret_key_base: ""
+pleroma_secret_signing_salt: ""
+
+# DB configuration
+pleroma_db_name: ""
+pleroma_db_host: ""
+pleroma_db_user: ""
+pleroma_db_pass: ""
+pleroma_db_pool_size: 10

handlers/main.yml

@@ -0,0 +1,8 @@
+# vim:ft=ansible:
+---
+- name: restart pleroma
+  systemd:
+    name: pleroma.service
+    state: restarted
+  become: yes
+  when: pleroma_enabled

tasks/main.yml

@@ -0,0 +1,75 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- name: set up system
+  block:
+    - name: install packages
+      apt: name=curl,python3-psycopg2,unzip,libmagic-dev,ncurses-bin
+    - name: assure pleroma uesr
+      user: name=pleroma system=yes home={{ pleroma_home }}
+    - name: assure operational directory
+      file: path={{ pleroma_home }} state=directory owner=pleroma group=pleroma mode="3775"
+    - name: assure systemd unit
+      template: src=pleroma.service dest=/etc/systemd/system/pleroma@.service
+      notify: restart pleroma
+- name: set up pleroma
+  block:
+    - name: assure db extensions
+      postgresql_ext:
+        db: "{{ pleroma_db_name }}"
+        name: "{{ item }}"
+        login_host: "{{ pleroma_db_host }}"
+        login_user: "{{ pleroma_db_user }}"
+        login_pass: "{{ pleroma_db_pass }}"
+      loop:
+        - citext
+        - pg_trgm
+        - uuid-ossp
+      notify: restart pleroma
+    - name: get latest release
+      get_url: url={{ pleroma_download_url }} dest={{ pleroma_home }}/release.zip
+      register: dl
+    - name: install pleroma
+      block:
+        - name: stop pleroma
+          systemd: name=pleroma@{{ pleroma_name }} state=stopped
+        - name: unzip release
+          unarchive: src={{ pleroma_home }}/release.zip dest={{ pleroma_home }} remote_src=yes
+        - name: remove old release
+          file: path={{ pleroma_home }}/{{ item }} state=absent
+          loop:
+            - bin
+            - lib
+            - releases
+            - installation
+        - name: move new release in
+          shell: rsync -a {{ pleroma_home }}/release/* {{ pleroma_home }}/
+        - name: clean up
+          file: path={{ pleroma_home }}/release state=absent
+        - name: clean up ownership
+          file: path={{ pleroma_home }} owner=pleroma group=pleroma recurse=yes
+      when: dl is changed and pleroma_install
+    - name: assure directory structure
+      file: path={{ item }} state=directory owner=pleroma group=pleroma mode="0755"
+      loop:
+        - /etc/pleroma
+        - /opt/pleroma
+        - /var/lib/pleroma
+        - /var/lib/pleroma/static
+        - /var/lib/pleroma/uploads
+    - name: template out stub config
+      template: src=config.exs dest=/etc/pleroma/config.exs owner=pleroma group=pleroma mode="0640"
+      notify: restart pleroma
+    - name: migrate db
+      command: {{ pleroma_home }}/bin/pleroma_ctl migrate
+      args:
+        chdir: "{{ pleroma_home }}"
+      become: yes
+      become_user: pleroma
+      changed_when: false
+- name: enable service
+  systemd: name=pleroma state=started enabled=yes
+  when: pleroma_enabled
+- name: disable service
+  systemd: name=pleroma state=stopped enabled=no
+  when: not pleroma_enabled

templates/config.exs

@@ -0,0 +1,47 @@
+# WARNING: THIS FILE CONTAINS SENSITIVE INFORMATION
+import Config
+
+# Basic configuration
+config :pleroma, Pleroma.Web.Endpoint,
+	url: [host: "{{ pleroma_hostname }}", scheme: "https", port: 443],
+	http: [ip: {127, 0, 0, 1}, port: 4000],
+	secret_key_base: "{{ pleroma_secret_key_base }}",
+	signing_salt: "{{ pleroma_secret_signing_salt }}"
+config :pleroma, :instance,
+	name: "{{ pleroma_instance_name }}",
+	desc: "{{ pleroma_instance_desc }}",
+	limit: "{{ pleroma_char_limit }}",
+	registrations_open: {{ pleroma_open_registration }},
+	static_dir: "/var/lib/pleroma/static"
+config :pleroma, Pleroma.Upload,
+	uploader: Pleroma.Uploaders.Local,
+	filters: [Pleroma.Upload.Filter.Dedupe]
+config :pleroma, Pleroma.Uploaders.Local,
+	uploads: "/var/lib/pleroma/uploads"
+config :pleroma, :media_proxy,
+	enabled: false,
+	redirect_on_failure: true
+
+# Use in-db configs where possible
+config :pleroma, configurable_from_database: true
+
+# DB configuration
+config :pleroma, Pleroma.Repo,
+	adapter: Ecto.Adapters.Postgres,
+	database: "{{ pleroma_db_name }}",
+	hostname: "{{ pleroma_db_host }}",
+	username: "{{ pleroma_db_user }}",
+	password: "{{ pleroma_db_pass }}",
+	pool_size: {{ pleroma_db_pool_size }}
+config :pleroma, :database, rum_enabled: false
+
+# Mail
+config :pleroma, Pleroma.Emails.Mailer,
+	enabled: false,
+
+# Theming
+config :pleroma, :frontend_configurations,
+	pleroma_fe: %{
+		background: "/images/background.jpg",
+		theme: "simply-dark"
+	}

templates/pleroma.service

@@ -0,0 +1,26 @@
+# vim:ft=systemd
+[Unit]
+Description=Pleroma social network %i
+After=network.target
+
+[Service]
+User=pleroma
+Environment="HOME={{ pleroma_home }}/%i}"
+WorkingDirectory={{ pleroma_home }}/%i
+
+KillMode=process
+Restart=on-failure
+
+ExecStart={{ pleroma_home }}/%i/bin/pleroma start
+ExecStop={{ pleroma_home }}/%i/bin/pleroma stop
+
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+PrivateDevice=false
+NoNewPrivileges=true
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+
+[Install]
+WantedBy=multi-user.target
+