Platform code for the toot.community Mastodon instance https://toot.community

helm kubernetes mastodon opentofu packer

HCL 41.4%
Shell 40.9%
Go Template 17.7%

Find a file

Renovate Bot 1f2f3f19df chore(deps): update cloudflare/cloudflared docker tag to v2026.6.1		2026-06-18 15:10:30 +00:00
.claude	chore: fix the tofu drift	2026-04-16 11:31:16 +02:00
charts	chore(deps): update mastodon to v4.5.11	2026-06-03 12:47:37 +00:00
docs	Archive heal missing remote media files	2026-06-02 09:28:31 +02:00
manifests	chore(deps): update cloudflare/cloudflared docker tag to v2026.6.1	2026-06-18 15:10:30 +00:00
packer	Moving to a bare metal cluster (#432 )	2025-10-31 21:17:25 +01:00
platform	Fix Vault metrics token rotation	2026-06-02 09:28:31 +02:00
scripts	tune upgrade script	2026-05-27 06:35:18 +02:00
.envrc.dist	chore: fix the tofu drift	2026-04-16 11:31:16 +02:00
.gitignore	crowdsec: detect srcset-style media_proxy abuse	2026-02-03 08:00:13 +01:00
CLAUDE.md	chore: migrate the remaining secrets from 1password to vault	2026-04-14 14:05:11 +02:00
README.md	feat(vault): move mastodon secrets-env to helm chart, remove op-connect	2026-04-14 14:14:58 +02:00
renovate.json	renovate: skip lookup for local charts pinned at 0.0.0	2026-05-05 06:12:29 +02:00

README.md

toot.community Kubernetes Cluster

Note

The code included in this repository is not meant to be run as-is. It's merely a collection of infrastructure code and Kubernetes manifests that are used to deploy the toot.community Kubernetes cluster. You will need to adapt the code to your own needs and environment.

Overview

This repository contains the complete infrastructure-as-code setup for deploying a production Kubernetes cluster on Hetzner Cloud. The project uses:

OpenTofu/Terraform - Infrastructure provisioning and management
Talos Linux - Kubernetes-optimized operating system
Packer - Custom OS image building
ArgoCD - GitOps continuous deployment
HashiCorp Vault - Secrets management
Helm Charts - Application packaging (Mastodon, Varnish)
Task - Build automation via platform/Taskfile.yml

The infrastructure follows GitOps principles with ArgoCD managing application deployments from the manifests/ directory.

Project Structure

platform/ - OpenTofu infrastructure code for Hetzner Cloud resources
packer/ - Talos Linux image building configuration
manifests/ - Kubernetes applications and cluster bootstrap configurations
charts/ - Custom Helm charts for Mastodon and Varnish
platform/configs/ - Environment-specific configuration files

Create the template

Build a custom Talos Linux image for Hetzner Cloud using Packer:

cd packer
packer build .

Note the image ID from the output and update it in configs/production.tfvars

Create infrastructure

Install OpenTofu first, then provision the Hetzner Cloud infrastructure:

cd platform
task plan    # Review planned changes
task apply   # Deploy infrastructure

This creates the Kubernetes cluster, networking, storage, and security groups as defined in the OpenTofu configuration files.

Bootstrap

After infrastructure deployment, bootstrap the cluster with essential services:

cd platform
task get-kubeconfig   # Download cluster access credentials
task get-talosconfig  # Download Talos management credentials
cd ../

# Setup Hetzner Cloud integration
kubectl create --namespace kube-system secret generic hcloud \
  --from-literal=network="$(op read 'op://toot.community/6r6v2bqh6dhuunbn6nri4bw3sa/network')" \
  --from-literal=token="$(op read 'op://toot.community/6r6v2bqh6dhuunbn6nri4bw3sa/token')" \
  --from-literal=robot-user="$(op read 'op://toot.community/6r6v2bqh6dhuunbn6nri4bw3sa/robot-user')" \
  --from-literal=robot-password="$(op read 'op://toot.community/6r6v2bqh6dhuunbn6nri4bw3sa/robot-password')"

# Deploy core cluster services via ArgoCD
kustomize build --enable-helm --load-restrictor=LoadRestrictionsNone manifests/cluster-bootstrap | kubectl apply -f -

This bootstrap process installs:

ArgoCD for GitOps deployments
Core networking (Cilium)
Other essential cluster services defined in the manifests