finallycoffee/fediverse
5
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

feat(mastodon): add ansible role for deployment

Browse Source
This commit is contained in:
transcaffeine
2022-04-23 18:02:30 +02:00
parent 1fe954197f
commit accd829e91
8 changed files with 563 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
roles/mastodon/templates/env.j2 Normal file
View File

@ -0,0 +1,86 @@
# This is a sample configuration file. You can generate your configuration
# with the `rake mastodon:setup` interactive setup wizard, but to customize
# your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Federation
# ----------
# This identifies your server and cannot be changed safely later
# ----------
LOCAL_DOMAIN={{ mastodon_domain }}
{% if mastodon_web_domain|default(false, true) %}
WEB_DOMAIN={{ mastodon_web_domain }}
{% endif %}
# Redis
# -----
{% if mastodon_redis_host|default(false, true) %}
REDIS_HOST={{ mastodon_redis_host }}
{% endif %}
{% if mastodon_redis_port|default(false, true) %}
REDIS_PORT={{ mastodon_redis_port }}
{% endif %}
{% if mastodon_redis_url %}
REDIS_URL={{ mastodon_redis_url }}
{% endif %}
{% if mastodon_redis_password %}
REDIS_PASSWORD={{ mastodon_redis_password }}
{% endif %}
{% if mastodon_redis_db_index %}
REDIS_DB_INDEX={{ mastodon_redis_db_index }}
{% endif %}
# PostgreSQL
# ----------
DB_HOST={{ mastodon_database_host }}
DB_USER={{ mastodon_database_user }}
DB_NAME={{ mastodon_database_name }}
DB_PASS={{ mastodon_database_pass }}
DB_PORT={{ mastodon_database_port }}
# Elasticsearch (optional)
# ------------------------
ES_ENABLED={{ mastodon_elasticsearch_enabled }}
ES_HOST={{ mastodon_elasticsearch_host }}
ES_PORT={{ mastodon_elasticsearch_port }}
# Authentication for ES (optional)
ES_USER={{ mastodon_elasticsearch_user }}
ES_PASS={{ mastodon_elasticsearch_pass }}
# Secrets
# -------
# Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE={{ mastodon_secret_key }}
OTP_SECRET={{ mastodon_otp_secret }}
# Web Push
# --------
# Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY={{ mastodon_vapid_private_key }}
VAPID_PUBLIC_KEY={{ mastodon_vapid_public_key }}
# Sending mail
# ------------
SMTP_SERVER={{ mastodon_mail_server }}
SMTP_PORT={{ mastodon_mail_port }}
SMTP_LOGIN={{ mastodon_mail_user }}
SMTP_PASSWORD={{ mastodon_mail_password }}
SMTP_FROM_ADDRESS={{ mastodon_mail_from_address }}
# File storage (optional)
# -----------------------
S3_ENABLED={{ mastodon_s3_enabled }}
S3_BUCKET={{ mastodon_s3_bucket }}
AWS_ACCESS_KEY_ID={{ mastodon_s3_aws_access_key_id }}
AWS_SECRET_ACCESS_KEY={{ mastodon_s3_aws_secret_access_key }}
S3_ALIAS_HOST={{ mastodon_s3_alias_host }}

94
roles/mastodon/templates/nginx.conf.j2 Normal file
View File

@ -0,0 +1,94 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream backend {
server {{ mastodon_api_backend }} fail_timeout=0;
}
upstream streaming {
server {{ mastodon_streaming_backend }} fail_timeout=0;
}
proxy_cache_path {{ mastodon_container_nginx_cache_directory }} levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=2g;
server {
listen {{ mastodon_backend }};
server_name {{ mastodon_nginx_server_name }};
keepalive_timeout 70;
sendfile on;
client_max_body_size 200m;
root {{ mastodon_container_nginx_working_directory }};
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000" always;
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000" always;
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000" always;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass http://streaming;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}