From 8bb577ae786b1f883fe50925cfa7bb3c9a172e22 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 2 May 2022 11:54:38 +0000 Subject: [PATCH] mastodon: it sort of starts up now --- mastodon/README.md | 11 +++ mastodon/docker-compose.yaml | 125 +++++++++++++++++++++++++++++++++++ mastodon/env.production | 69 +++++++++++++++++++ 3 files changed, 205 insertions(+) create mode 100644 mastodon/README.md create mode 100644 mastodon/docker-compose.yaml create mode 100644 mastodon/env.production diff --git a/mastodon/README.md b/mastodon/README.md new file mode 100644 index 0000000..596e231 --- /dev/null +++ b/mastodon/README.md @@ -0,0 +1,11 @@ +Notes from https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4 + +elastic search needs hacks to set permissions on data directory + +there's an interactive setup stage? + +need to preconfigure with hostname, email, etc + +VAPID key stuff? + +rails db:setup diff --git a/mastodon/docker-compose.yaml b/mastodon/docker-compose.yaml new file mode 100644 index 0000000..b4fb1c2 --- /dev/null +++ b/mastodon/docker-compose.yaml @@ -0,0 +1,125 @@ +version: '3' +services: + database: + image: postgres:13.4-alpine + restart: always + #shm_size: 256mb + networks: + - internal_network + healthcheck: + test: ['CMD', 'pg_isready', '-U', "mastodon"] + volumes: + - ./database:/var/lib/postgresql/data + environment: + - POSTGRES_USER=mastodon + - POSTGRES_PASSWORD=mastodon + - POSTGRES_DB=mastodon_production + + redis: + restart: always + image: redis:6-alpine + networks: + - internal_network + healthcheck: + test: ['CMD', 'redis-cli', 'ping'] + volumes: + - ./redis:/data + + es: + restart: always + image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 + environment: + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + - "cluster.name=es-mastodon" + - "discovery.type=single-node" + - "bootstrap.memory_lock=true" + networks: + - internal_network + healthcheck: + test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"] + volumes: + - ./elasticsearch:/usr/share/elasticsearch/data + # fixup the permissions on the data directory since they are created as root on host + entrypoint: /bin/sh -c "chown -R elasticsearch:elasticsearch data && /usr/local/bin/docker-entrypoint.sh eswrapper" + ulimits: + memlock: + soft: -1 + hard: -1 + + web: + # build: . + image: tootsuite/mastodon + restart: always + env_file: env.production + command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 6001" + networks: + - external_network + - internal_network + healthcheck: + # prettier-ignore + test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:6001/health || exit 1'] + ports: + - '6001:6001' + depends_on: + - database + - redis + - es + volumes: + - ./public/system:/mastodon/public/system + + streaming: + build: . + image: tootsuite/mastodon + restart: always + env_file: env.production + command: node ./streaming + networks: + - external_network + - internal_network + healthcheck: + # prettier-ignore + test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] + ports: + - '4000:4000' + depends_on: + - database + - redis + + sidekiq: + build: . + image: tootsuite/mastodon + restart: always + env_file: env.production + command: bundle exec sidekiq + depends_on: + - database + - redis + networks: + - external_network + - internal_network + volumes: + - ./public/system:/mastodon/public/system + healthcheck: + test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] + + ## Uncomment to enable federation with tor instances along with adding the following ENV variables + ## http_proxy=http://privoxy:8118 + ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true + # tor: + # image: sirboops/tor + # networks: + # - external_network + # - internal_network + # + # privoxy: + # image: sirboops/privoxy + # volumes: + # - ./priv-config:/opt/config + # networks: + # - external_network + # - internal_network + +networks: + external_network: + internal_network: + internal: true diff --git a/mastodon/env.production b/mastodon/env.production new file mode 100644 index 0000000..af94eff --- /dev/null +++ b/mastodon/env.production @@ -0,0 +1,69 @@ +# This is a sample configuration file. You can generate your configuration +# with the `rake mastodon:setup` interactive setup wizard, but to customize +# your setup even further, you'll need to edit it manually. This sample does +# not demonstrate all available configuration options. Please look at +# https://docs.joinmastodon.org/admin/config/ for the full documentation. + +# Note that this file accepts slightly different syntax depending on whether +# you are using `docker-compose` or not. In particular, if you use +# `docker-compose`, the value of each declared variable will be taken verbatim, +# including surrounding quotes. +# See: https://github.com/mastodon/mastodon/issues/16895 + +# Federation +# ---------- +# This identifies your server and cannot be changed safely later +# ---------- +LOCAL_DOMAIN=spacestation + +# Redis +# ----- +REDIS_HOST=redis +REDIS_PORT=6379 + +# PostgreSQL +# ---------- +DB_HOST=database +DB_USER=mastodon +DB_NAME=mastodon_production +DB_PASS=mastodon +DB_PORT=5432 + +# Elasticsearch (optional) +# ------------------------ +ES_ENABLED=true +ES_HOST=es +ES_PORT=9200 +# Authentication for ES (optional) +ES_USER=elastic +ES_PASS=password + +# Secrets +# ------- +# Make sure to use `rake secret` to generate secrets +# ------- +SECRET_KEY_BASE=abcdef1234 +OTP_SECRET=99991234 + +# Web Push +# -------- +# Generate with `rake mastodon:webpush:generate_vapid_key` +# -------- +VAPID_PRIVATE_KEY= +VAPID_PUBLIC_KEY= + +# Sending mail +# ------------ +SMTP_SERVER=smtp.mailgun.org +SMTP_PORT=587 +SMTP_LOGIN= +SMTP_PASSWORD= +SMTP_FROM_ADDRESS=notifications@example.com + +# File storage (optional) +# ----------------------- +#S3_ENABLED=true +#S3_BUCKET=files.example.com +#AWS_ACCESS_KEY_ID= +#AWS_SECRET_ACCESS_KEY= +#S3_ALIAS_HOST=files.example.com