|
|
|
@ -43,15 +43,17 @@ ES_PASS=password |
|
|
|
|
# ------- |
|
|
|
|
# Make sure to use `rake secret` to generate secrets |
|
|
|
|
# ------- |
|
|
|
|
SECRET_KEY_BASE=abcdef1234 |
|
|
|
|
OTP_SECRET=99991234 |
|
|
|
|
# written to env.secrets |
|
|
|
|
#SECRET_KEY_BASE=abcdef1234 |
|
|
|
|
#OTP_SECRET=99991234 |
|
|
|
|
|
|
|
|
|
# Web Push |
|
|
|
|
# -------- |
|
|
|
|
# Generate with `rake mastodon:webpush:generate_vapid_key` |
|
|
|
|
# -------- |
|
|
|
|
VAPID_PRIVATE_KEY= |
|
|
|
|
VAPID_PUBLIC_KEY= |
|
|
|
|
# written to env.secrets |
|
|
|
|
#VAPID_PRIVATE_KEY= |
|
|
|
|
#VAPID_PUBLIC_KEY= |
|
|
|
|
|
|
|
|
|
# Sending mail |
|
|
|
|
# ------------ |
|
|
|
@ -69,31 +71,10 @@ SMTP_FROM_ADDRESS=notifications@example.com |
|
|
|
|
#AWS_SECRET_ACCESS_KEY= |
|
|
|
|
#S3_ALIAS_HOST=files.example.com |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# do not allow normal logins |
|
|
|
|
OMNIAUTH_ONLY=true |
|
|
|
|
#SAML_ENABLED=true |
|
|
|
|
#SAML_IDP_SSO_TARGET_URL=https://login.hackerspace.zone/realms/hackerspace/protocol/saml |
|
|
|
|
#SAML_ACS_URL=https://social.hackerspace.zone/auth/auth/saml/callback |
|
|
|
|
#SAML_ISSUER=mastodon |
|
|
|
|
#SAML_IDP_CERT=MIICnzCCAYcCBgGAiY+tazANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhtYXN0b2RvbjAeFw0yMjA1MDMxMDUzNTZaFw0zMjA1MDMxMDU1MzZaMBMxETAPBgNVBAMMCG1hc3RvZG9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+1QUockEX0Bx0EvkrHsX1cXjzNB3vOzpzHaIqSn2ztpQMxsCjWB8nHL4KDCdvXL4IrxRV4x1cT37r/oQsTbW8fplIfllMIQt5pnTSlacru3LX6smfS0xkhpolUp+JmHqnzJqw4/D+WI+dKQbMymWjZ32wI2SqoMI0t4j/c38S6dFgcaRrWcqR/B418F0Fsjs7FzyvjcOgUzPPmfdITmHvH4YDpdq1xsz/9FGwBLd4kgW2GEKWLFTDP9si275/kBuSPE1NGO32TWWSJX4YThkjJ5qDWv3WfxNhTrBpbmW8rUTpQhVFtE/L6dpxswNASNRx34JPwDRH1u971aQPfYaQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAP1+ssMQkSvPl4tctis5ccdD5KhtsbURppwCx96DjYGH9awI+XMhByV7fw/1Cm/KQteparldjzikflNxZySUmQ6IY67Vw6d+9T4FWuOPDy6jRdgU8nLBMeE/Xjb9Mn4ArXU29qXnCFaO9Nz0/yCOKTwv8VBY3XeixBzT/sIaSMEV8/KFY4707AZdr9SB9Rxtq88FC/BLETWY1dg9omx8kZqiM2aVhAW0jhej9urNBGab86o4Xv+v2Gvv8lsXVB0B7KfbFpV/fG/r2jBxXirVPcD0nzjbAzc3rSs+UgBqSNAO4Wb+IDlO0jYPqO4fw9hS22vZBsJ94GDXIH0t/PyQ5p |
|
|
|
|
##SAML_IDP_CERT_FINGERPRINT=7B:53:95:6A:D6:FE:7E:E5:68:FE:9C:E1:68:51:BF:DD:F9:AF:63:F2 |
|
|
|
|
#SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
|
|
|
|
##SAML_CERT= |
|
|
|
|
##SAML_PRIVATE_KEY= |
|
|
|
|
#SAML_SECURITY_WANT_ASSERTION_SIGNED=true |
|
|
|
|
##SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true |
|
|
|
|
#SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true |
|
|
|
|
#SAML_ATTRIBUTES_STATEMENTS_UID=uid |
|
|
|
|
#SAML_ATTRIBUTES_STATEMENTS_EMAIL=email |
|
|
|
|
##SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241" |
|
|
|
|
#SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME=first_name |
|
|
|
|
#SAML_ATTRIBUTES_STATEMENTS_LAST_NAME=last_name |
|
|
|
|
##SAML_UID_ATTRIBUTE=uid |
|
|
|
|
##SAML_ATTRIBUTES_STATEMENTS_VERIFIED= |
|
|
|
|
##SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL= |
|
|
|
|
# |
|
|
|
|
|
|
|
|
|
# https://github.com/mastodon/mastodon/pull/16221 |
|
|
|
|
# OIDC supported since https://github.com/mastodon/mastodon/pull/16221 |
|
|
|
|
OIDC_ENABLED=true |
|
|
|
|
OIDC_PROMPT=Keycloak |
|
|
|
|
OIDC_DISPLAY_NAME=hackerspace.zone |
|
|
|
@ -101,8 +82,7 @@ OIDC_ISSUER=https://login.hackerspace.zone/realms/hackerspace |
|
|
|
|
OIDC_REDIRECT_URI=https://social.hackerspace.zone/auth/auth/openid_connect/callback |
|
|
|
|
OIDC_DISCOVERY=true |
|
|
|
|
OIDC_SCOPE=openid,profile |
|
|
|
|
OIDC_UID_FIELD=uid |
|
|
|
|
OIDC_UID_FIELD=preferred_username |
|
|
|
|
OIDC_CLIENT_ID=mastodon |
|
|
|
|
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true |
|
|
|
|
OIDC_CLIENT_SECRET=abcdef12345 |
|
|
|
|
|
|
|
|
|
# OIDC_CLIENT_SECRET is in env.secrets |
|
|
|
|