diff --git a/dockers/mastodon/.env b/dockers/mastodon/.env new file mode 120000 index 0000000..406acd1 --- /dev/null +++ b/dockers/mastodon/.env @@ -0,0 +1 @@ +../../config/dockers.env \ No newline at end of file diff --git a/dockers/mastodon/docker-compose.yml b/dockers/mastodon/docker-compose.yml new file mode 100644 index 0000000..cc13ba6 --- /dev/null +++ b/dockers/mastodon/docker-compose.yml @@ -0,0 +1,154 @@ +# This file is designed for production server deployment, not local development work +# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker + +services: + db: + restart: always + image: postgres:14-alpine + shm_size: 256mb + networks: + - mastodonNet + healthcheck: + test: ['CMD', 'pg_isready', '-U', 'postgres'] + volumes: + - postgres:/var/lib/postgresql/data + environment: + - 'POSTGRES_HOST_AUTH_METHOD=trust' + + redis: + restart: always + image: redis:7-alpine + networks: + - mastodonNet + healthcheck: + test: ['CMD', 'redis-cli', 'ping'] + volumes: + - redis:/data + + # es: + # restart: always + # image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4 + # environment: + # - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true" + # - "xpack.license.self_generated.type=basic" + # - "xpack.security.enabled=false" + # - "xpack.watcher.enabled=false" + # - "xpack.graph.enabled=false" + # - "xpack.ml.enabled=false" + # - "bootstrap.memory_lock=true" + # - "cluster.name=es-mastodon" + # - "discovery.type=single-node" + # - "thread_pool.write.queue_size=1000" + # networks: + # - external_network + # - internal_network + # healthcheck: + # test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"] + # volumes: + # - ./elasticsearch:/usr/share/elasticsearch/data + # ulimits: + # memlock: + # soft: -1 + # hard: -1 + # nofile: + # soft: 65536 + # hard: 65536 + # ports: + # - '127.0.0.1:9200:9200' + + web: + # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes + # build: . + image: ghcr.io/mastodon/mastodon:v4.3.6 + restart: always + env_file: + - env-config + - ../../secret/env-mastodonServ + command: bundle exec puma -C config/puma.rb + networks: + - mastodonNet + healthcheck: + # prettier-ignore + test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"] + ports: + - '127.0.0.1:3000:3000' + depends_on: + - db + - redis + # - es + volumes: + - public_system:/mastodon/public/system + labels: + - "traefik.enable=true" + - "traefik.http.routers.koz.rule=Host(`koz.kaz.bzh`)" + - "traefik.http.services.koz.loadbalancer.server.port=3000" + - "traefik.docker.network=mobilizonNet" + + + streaming: + # You can uncomment the following lines if you want to not use the prebuilt image, for example if you have local code changes + # build: + # dockerfile: ./streaming/Dockerfile + # context: . + image: ghcr.io/mastodon/mastodon-streaming:v4.3.6 + restart: always + env_file: + - env-config + - ../../secret/env-mastodonServ + command: node ./streaming/index.js + networks: + - mastodonNet + healthcheck: + # prettier-ignore + test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"] + ports: + - '127.0.0.1:4000:4000' + depends_on: + - db + - redis + + sidekiq: + # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes + # build: . + image: ghcr.io/mastodon/mastodon:v4.3.6 + restart: always + env_file: + - env-config + - ../../secret/env-mastodonServ + command: bundle exec sidekiq + depends_on: + - db + - redis + networks: + - mastodonNet + volumes: + - public_system:/mastodon/public/system + healthcheck: + test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] + + ## Uncomment to enable federation with tor instances along with adding the following ENV variables + ## http_hidden_proxy=http://privoxy:8118 + ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true + # tor: + # image: sirboops/tor + # networks: + # - external_network + # - internal_network + # + # privoxy: + # image: sirboops/privoxy + # volumes: + # - ./priv-config:/opt/config + # networks: + # - external_network + # - internal_network + +volumes: + postgres: + redis: + public_system: + +networks: + mastodonNet: + external: true + name: mastodonNet diff --git a/dockers/mastodon/env-config b/dockers/mastodon/env-config new file mode 100644 index 0000000..b23ff94 --- /dev/null +++ b/dockers/mastodon/env-config @@ -0,0 +1,113 @@ +# This is a sample configuration file. You can generate your configuration +# with the `bundle exec rails mastodon:setup` interactive setup wizard, but to customize +# your setup even further, you'll need to edit it manually. This sample does +# not demonstrate all available configuration options. Please look at +# https://docs.joinmastodon.org/admin/config/ for the full documentation. + +# Note that this file accepts slightly different syntax depending on whether +# you are using `docker-compose` or not. In particular, if you use +# `docker-compose`, the value of each declared variable will be taken verbatim, +# including surrounding quotes. +# See: https://github.com/mastodon/mastodon/issues/16895 + +# Federation +# ---------- +# This identifies your server and cannot be changed safely later +# ---------- +# LOCAL_DOMAIN= + +# Redis +# ----- +REDIS_HOST=redis +REDIS_PORT= + +# PostgreSQL +# ---------- +DB_HOST=db +DB_USER=postgres +DB_NAME=postgres +DB_PASS= +DB_PORT=5432 + +# Elasticsearch (optional) +# ------------------------ +ES_ENABLED=false +ES_HOST=localhost +ES_PORT=9200 +# Authentication for ES (optional) +ES_USER=elastic +ES_PASS=password + +# Secrets +# ------- +# Make sure to use `bundle exec rails secret` to generate secrets +# ------- +#SECRET_KEY_BASE= +#OTP_SECRET= + +# Encryption secrets +# ------------------ +# Must be available (and set to same values) for all server processes +# These are private/secret values, do not share outside hosting environment +# Use `bin/rails db:encryption:init` to generate fresh secrets +# Do NOT change these secrets once in use, as this would cause data loss and other issues +# ------------------ +#ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= +#ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= +#ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= + + +# Web Push +# -------- +# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` +# -------- +#VAPID_PRIVATE_KEY= +#VAPID_PUBLIC_KEY= + +# Sending mail +# ------------ +#SMTP_SERVER= +#SMTP_PORT= +#SMTP_LOGIN= +#SMTP_PASSWORD= +#SMTP_FROM_ADDRESS= + +# File storage (optional) +# ----------------------- +S3_ENABLED=false +S3_BUCKET=files.example.com +AWS_ACCESS_KEY_ID= +AWS_SECRET_ACCESS_KEY= +S3_ALIAS_HOST=files.example.com + +# IP and session retention +# ----------------------- +# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml +# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). +# ----------------------- +IP_RETENTION_PERIOD=31556952 +SESSION_RETENTION_PERIOD=31556952 + +# Fetch All Replies Behavior +# -------------------------- +# When a user expands a post (DetailedStatus view), fetch all of its replies +# (default: false) +FETCH_REPLIES_ENABLED=false + +# Period to wait between fetching replies (in minutes) +FETCH_REPLIES_COOLDOWN_MINUTES=15 + +# Period to wait after a post is first created before fetching its replies (in minutes) +FETCH_REPLIES_INITIAL_WAIT_MINUTES=5 + +# Max number of replies to fetch - total, recursively through a whole reply tree +FETCH_REPLIES_MAX_GLOBAL=1000 + +# Max number of replies to fetch - for a single post +FETCH_REPLIES_MAX_SINGLE=500 + +# Max number of replies Collection pages to fetch - total +FETCH_REPLIES_MAX_PAGES=500 + +SINGLE_USER_MODE=false +#EMAIL_DOMAIN_ALLOWLIST=