Remove Mastodon deployment
parent
7bc0b83abc
commit
1111813ef2
@ -1,6 +0,0 @@
|
||||
---
|
||||
- hosts: voe_social
|
||||
roles:
|
||||
- caddy
|
||||
- mastodon
|
||||
tags: voe_social
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
dependencies:
|
||||
- { role: docker }
|
@ -1,30 +0,0 @@
|
||||
---
|
||||
- name: Create /root/docker-compose/mastodon-{{ domain }}
|
||||
file:
|
||||
path=/root/docker-compose/mastodon-{{ domain }}
|
||||
state=directory
|
||||
recurse=yes
|
||||
owner=root
|
||||
group=root
|
||||
mode=0755
|
||||
|
||||
- name: Create docker-compose.yml
|
||||
template:
|
||||
dest=/root/docker-compose/mastodon-{{ domain }}/docker-compose.yml
|
||||
src=docker-compose.yml.tmpl
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
|
||||
- name: Create env.production
|
||||
template:
|
||||
dest=/root/docker-compose/mastodon-{{ domain }}/env.production
|
||||
src=env.production.tmpl
|
||||
owner=root
|
||||
group=root
|
||||
mode=0640
|
||||
|
||||
- name: Compose
|
||||
command:
|
||||
docker-compose up -d
|
||||
chdir=/root/docker-compose/mastodon-{{ domain }}
|
@ -1,81 +0,0 @@
|
||||
version: '3.0'
|
||||
services:
|
||||
|
||||
db:
|
||||
restart: always
|
||||
image: postgres:9.6-alpine
|
||||
networks:
|
||||
- internal_network
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
|
||||
redis:
|
||||
restart: always
|
||||
image: redis:4.0-alpine
|
||||
networks:
|
||||
- internal_network
|
||||
volumes:
|
||||
- redis:/data
|
||||
|
||||
web:
|
||||
image: tootsuite/mastodon:v2.3.3
|
||||
restart: always
|
||||
env_file: env.production
|
||||
command: bundle exec rails s -p 3000 -b '0.0.0.0'
|
||||
networks:
|
||||
- external_network
|
||||
- internal_network
|
||||
ports:
|
||||
- "127.0.0.1:3000:3000"
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
volumes:
|
||||
- /var/lib/caddy/{{ domain }}/public/assets:/mastodon/public/assets
|
||||
- /var/lib/caddy/{{ domain }}/public/packs:/mastodon/public/packs
|
||||
- /var/lib/caddy/{{ domain }}/public/system:/mastodon/public/system
|
||||
|
||||
streaming:
|
||||
image: tootsuite/mastodon:v2.3.3
|
||||
restart: always
|
||||
env_file: env.production
|
||||
command: yarn start
|
||||
networks:
|
||||
- external_network
|
||||
- internal_network
|
||||
ports:
|
||||
- "127.0.0.1:4000:4000"
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
volumes:
|
||||
- /var/lib/caddy/{{ domain }}/public/assets:/mastodon/public/assets
|
||||
- /var/lib/caddy/{{ domain }}/public/packs:/mastodon/public/packs
|
||||
- /var/lib/caddy/{{ domain }}/public/system:/mastodon/public/system
|
||||
|
||||
sidekiq:
|
||||
image: tootsuite/mastodon:v2.3.3
|
||||
restart: always
|
||||
env_file: env.production
|
||||
command: bundle exec sidekiq -q default -q mailers -q pull -q push
|
||||
networks:
|
||||
- external_network
|
||||
- internal_network
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
volumes:
|
||||
- /var/lib/caddy/{{ domain }}/public/assets:/mastodon/public/assets
|
||||
- /var/lib/caddy/{{ domain }}/public/packs:/mastodon/public/packs
|
||||
- /var/lib/caddy/{{ domain }}/public/system:/mastodon/public/system
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
driver: local
|
||||
redis:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
external_network:
|
||||
internal_network:
|
||||
internal: true
|
@ -1,216 +0,0 @@
|
||||
# Service dependencies
|
||||
REDIS_HOST=redis
|
||||
REDIS_PORT=6379
|
||||
# REDIS_DB=0
|
||||
|
||||
DB_HOST=db
|
||||
DB_USER=postgres
|
||||
DB_NAME=postgres
|
||||
DB_PASS=
|
||||
DB_PORT=5432
|
||||
|
||||
# Optional ElasticSearch configuration
|
||||
# ES_ENABLED=true
|
||||
# ES_HOST=es
|
||||
# ES_PORT=9200
|
||||
|
||||
# Federation
|
||||
LOCAL_DOMAIN={{ domain }}
|
||||
|
||||
# Use this only if you need to run mastodon on a different domain than the one used for federation.
|
||||
# Do not use this unless you know exactly what you are doing.
|
||||
# WEB_DOMAIN=
|
||||
|
||||
# Application secrets
|
||||
# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
|
||||
PAPERCLIP_SECRET={{ mastodon[domain].paperclip_secret }}
|
||||
SECRET_KEY_BASE={{ mastodon[domain].secret_key_base }}
|
||||
OTP_SECRET={{ mastodon[domain].otp_secret }}
|
||||
|
||||
# VAPID keys (used for push notifications
|
||||
# You can generate the keys using the following command (first is the private key, second is the public one)
|
||||
# You should only generate this once per instance. If you later decide to change it, all push subscription will
|
||||
# be invalidated, requiring the users to access the website again to resubscribe.
|
||||
#
|
||||
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
|
||||
#
|
||||
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
|
||||
VAPID_PRIVATE_KEY={{ mastodon[domain].vapid_private_key }}
|
||||
VAPID_PUBLIC_KEY={{ mastodon[domain].vapid_public_key }}
|
||||
|
||||
# Registrations
|
||||
{% if mastodon[domain].single_user_mode | default(False) %}
|
||||
# Single user mode will disable registrations and redirect frontpage to the first profile
|
||||
SINGLE_USER_MODE=true
|
||||
{% endif %}
|
||||
{% if mastodon[domain].email_domain_blacklist is defined %}
|
||||
# Prevent registrations with following e-mail domains
|
||||
EMAIL_DOMAIN_BLACKLIST={{ mastodon[domain].email_domain_blacklist }}
|
||||
{% endif %}
|
||||
{% if mastodon[domain].email_domain_whitelist is defined %}
|
||||
# Only allow registrations with the following e-mail domains
|
||||
EMAIL_DOMAIN_WHITELIST={{ mastodon[domain].email_domain_whitelist }}
|
||||
{% endif %}
|
||||
|
||||
# Optionally change default language
|
||||
DEFAULT_LOCALE=en
|
||||
|
||||
# E-mail configuration
|
||||
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
|
||||
# If you want to use an SMTP server without authentication (e.g local Postfix relay)
|
||||
# then set SMTP_AUTH_METHOD to 'none' and *comment* SMTP_LOGIN and SMTP_PASSWORD.
|
||||
# Leaving them blank is not enough for authentication method 'none'.
|
||||
SMTP_SERVER={{ mastodon[domain].smtp.server }}
|
||||
SMTP_PORT=587
|
||||
SMTP_LOGIN={{ mastodon[domain].smtp.login }}
|
||||
SMTP_PASSWORD={{ mastodon[domain].smtp.password }}
|
||||
SMTP_FROM_ADDRESS={{ mastodon[domain].smtp.from }}
|
||||
#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
|
||||
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
|
||||
#SMTP_AUTH_METHOD=plain
|
||||
#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
#SMTP_OPENSSL_VERIFY_MODE=peer
|
||||
#SMTP_ENABLE_STARTTLS_AUTO=true
|
||||
|
||||
|
||||
# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
|
||||
# PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
|
||||
# PAPERCLIP_ROOT_URL=/system
|
||||
|
||||
# Optional asset host for multi-server setups
|
||||
# CDN_HOST=assets.example.com
|
||||
|
||||
# S3 (optional)
|
||||
# S3_ENABLED=true
|
||||
# S3_BUCKET=
|
||||
# AWS_ACCESS_KEY_ID=
|
||||
# AWS_SECRET_ACCESS_KEY=
|
||||
# S3_REGION=
|
||||
# S3_PROTOCOL=http
|
||||
# S3_HOSTNAME=192.168.1.123:9000
|
||||
|
||||
# S3 (Minio Config (optional) Please check Minio instance for details)
|
||||
# S3_ENABLED=true
|
||||
# S3_BUCKET=
|
||||
# AWS_ACCESS_KEY_ID=
|
||||
# AWS_SECRET_ACCESS_KEY=
|
||||
# S3_REGION=
|
||||
# S3_PROTOCOL=https
|
||||
# S3_HOSTNAME=
|
||||
# S3_ENDPOINT=
|
||||
# S3_SIGNATURE_VERSION=
|
||||
|
||||
# Swift (optional)
|
||||
# SWIFT_ENABLED=true
|
||||
# SWIFT_USERNAME=
|
||||
# For Keystone V3, the value for SWIFT_TENANT should be the project name
|
||||
# SWIFT_TENANT=
|
||||
# SWIFT_PASSWORD=
|
||||
# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
|
||||
# issues with token rate-limiting during high load.
|
||||
# SWIFT_AUTH_URL=
|
||||
# SWIFT_CONTAINER=
|
||||
# SWIFT_OBJECT_URL=
|
||||
# SWIFT_REGION=
|
||||
# Defaults to 'default'
|
||||
# SWIFT_DOMAIN_NAME=
|
||||
# Defaults to 60 seconds. Set to 0 to disable
|
||||
# SWIFT_CACHE_TTL=
|
||||
|
||||
# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
|
||||
# S3_CLOUDFRONT_HOST=
|
||||
|
||||
# Streaming API integration
|
||||
# STREAMING_API_BASE_URL=
|
||||
|
||||
# Advanced settings
|
||||
# If you need to use pgBouncer, you need to disable prepared statements:
|
||||
# PREPARED_STATEMENTS=false
|
||||
|
||||
# Cluster number setting for streaming API server.
|
||||
# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
|
||||
STREAMING_CLUSTER_NUM=1
|
||||
|
||||
# Docker mastodon user
|
||||
# If you use Docker, you may want to assign UID/GID manually.
|
||||
# UID=1000
|
||||
# GID=1000
|
||||
|
||||
# LDAP authentication (optional)
|
||||
# LDAP_ENABLED=true
|
||||
# LDAP_HOST=localhost
|
||||
# LDAP_PORT=389
|
||||
# LDAP_METHOD=simple_tls
|
||||
# LDAP_BASE=
|
||||
# LDAP_BIND_DN=
|
||||
# LDAP_PASSWORD=
|
||||
# LDAP_UID=cn
|
||||
|
||||
# PAM authentication (optional)
|
||||
# PAM authentication uses for the email generation the "email" pam variable
|
||||
# and optional as fallback PAM_DEFAULT_SUFFIX
|
||||
# The pam environment variable "email" is provided by:
|
||||
# https://github.com/devkral/pam_email_extractor
|
||||
# PAM_ENABLED=true
|
||||
# Fallback email domain for email address generation (LOCAL_DOMAIN by default)
|
||||
# PAM_EMAIL_DOMAIN=example.com
|
||||
# Name of the pam service (pam "auth" section is evaluated)
|
||||
# PAM_DEFAULT_SERVICE=rpam
|
||||
# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)
|
||||
# PAM_CONTROLLED_SERVICE=rpam
|
||||
|
||||
# Global OAuth settings (optional) :
|
||||
# If you have only one strategy, you may want to enable this
|
||||
# OAUTH_REDIRECT_AT_SIGN_IN=true
|
||||
|
||||
# Optional CAS authentication (cf. omniauth-cas) :
|
||||
# CAS_ENABLED=true
|
||||
# CAS_URL=https://sso.myserver.com/
|
||||
# CAS_HOST=sso.myserver.com/
|
||||
# CAS_PORT=443
|
||||
# CAS_SSL=true
|
||||
# CAS_VALIDATE_URL=
|
||||
# CAS_CALLBACK_URL=
|
||||
# CAS_LOGOUT_URL=
|
||||
# CAS_LOGIN_URL=
|
||||
# CAS_UID_FIELD='user'
|
||||
# CAS_CA_PATH=
|
||||
# CAS_DISABLE_SSL_VERIFICATION=false
|
||||
# CAS_UID_KEY='user'
|
||||
# CAS_NAME_KEY='name'
|
||||
# CAS_EMAIL_KEY='email'
|
||||
# CAS_NICKNAME_KEY='nickname'
|
||||
# CAS_FIRST_NAME_KEY='firstname'
|
||||
# CAS_LAST_NAME_KEY='lastname'
|
||||
# CAS_LOCATION_KEY='location'
|
||||
# CAS_IMAGE_KEY='image'
|
||||
# CAS_PHONE_KEY='phone'
|
||||
|
||||
# Optional SAML authentication (cf. omniauth-saml)
|
||||
# SAML_ENABLED=true
|
||||
# SAML_ACS_URL=
|
||||
# SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
|
||||
# SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
|
||||
# SAML_IDP_CERT=
|
||||
# SAML_IDP_CERT_FINGERPRINT=
|
||||
# SAML_NAME_IDENTIFIER_FORMAT=
|
||||
# SAML_CERT=
|
||||
# SAML_PRIVATE_KEY=
|
||||
# SAML_SECURITY_WANT_ASSERTION_SIGNED=true
|
||||
# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true
|
||||
# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
||||
# SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"
|
||||
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
|
||||
|
||||
# Use HTTP proxy for outgoing request (optional)
|
||||
# http_proxy=http://gateway.local:8118
|
||||
# Access control for hidden service.
|
||||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||
# If you use transparent proxy to access to hidden service, uncomment following for skipping private address check.
|
||||
# HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true
|
@ -1,45 +0,0 @@
|
||||
{{ domain }} {
|
||||
log stderr
|
||||
root /var/lib/caddy/{{ domain }}/public
|
||||
gzip
|
||||
|
||||
header / {
|
||||
Strict-Transport-Security "max-age=31536000;"
|
||||
Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://{{ domain }}; upgrade-insecure-requests"
|
||||
}
|
||||
|
||||
header /emoji Cache-Control "public, max-age=31536000, immutable"
|
||||
header /packs Cache-Control "public, max-age=31536000, immutable"
|
||||
header /system/accounts/avatars Cache-Control "public, max-age=31536000, immutable"
|
||||
header /system/media_attachments/files Cache-Control "public, max-age=31536000, immutable"
|
||||
|
||||
errors {
|
||||
* 500.html
|
||||
}
|
||||
|
||||
rewrite {
|
||||
if {path} is /
|
||||
to /proxy{path}
|
||||
}
|
||||
|
||||
rewrite {
|
||||
if {path} not_has /api/v1/streaming
|
||||
to {path} /proxy{path}
|
||||
}
|
||||
|
||||
proxy /proxy localhost:3000 {
|
||||
without /proxy
|
||||
|
||||
transparent
|
||||
websocket
|
||||
}
|
||||
|
||||
proxy /api/v1/streaming localhost:4000 {
|
||||
transparent
|
||||
websocket
|
||||
}
|
||||
|
||||
tls me@ur.gs {
|
||||
protocols tls1.2
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue