Set up Docker Swarm and abra
Deploy coop-cloud/traefik
abra app new mastodon
Follow the secrets setup docs
abra app config YOURAPPDOMAIN - be sure to change DOMAIN to something that resolves to your Docker swarm box
abra app setup YOURAPPDOMAIN to setup the database and create the admin account (services will stop flapping shortly after)

Secrets setup

Because Mastodon expects secrets generated by specific tools, we don't support that in abra yet. However, you can run these commands yourself using the underlying Docker CLI. You can then load them in as secrets to the swarm using abra though and then they will be picked up on the deployment.

First, generate the SECRET_KEY_BASE and OTP_SECRET and store them in your local shell environment, you'll need them for subsequent commands.

$ SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
$ OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
$ abra app secret insert YOURAPPDOMAIN secret_key_base v1 $SECRET_KEY_BASE
$ abra app secret insert YOURAPPDOMAIN otp_secret v1 $OTP_SECRET

Then you need to generate the VAPID_{PUBLIC/PRIVATE}_KEY values using the SECRET_KEY_BASE/OTP_SECRET:

$ docker run \
  -e SECRET_KEY_BASE=$SECRET_KEY_BASE \
  -e OTP_SECRET=$OTP_SECRET \
  --rm tootsuite/mastodon:v3.4.0 \
  bundle exec rake mastodon:webpush:generate_vapid_key

Once you see the values generated, you can load the VAPID_PUBLIC_KEY into your .env file and VAPID_PRIVATE_KEY into a secret.

$ abra app secret insert YOURDOMAIN vapid_private_key v1 YOURVAPIDPRIVATEKEY

And finally, to end your whirlwind secrets loading adventure, get the DB_PASS and SMTP_PASSWORD loaded.

$ abra app secret generate YOURAPPDOMAIN db_password v1
$ abra app secret insert YOURDOMAIN smtp_password v1 YOURSMTPPASSWORD