From 6154a93f1b0e328226472fd5cd2b8ba3df6d8d38 Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <nikholaspce@gmail.com>
Date: Mon, 19 Jan 2026 03:55:28 +0000
Subject: [PATCH] Update komodo/mastodon/compose.yaml

---
 komodo/mastodon/compose.yaml | 124 +++++++----------------------------
 1 file changed, 25 insertions(+), 99 deletions(-)

diff --git a/komodo/mastodon/compose.yaml b/komodo/mastodon/compose.yaml
index 25660ab..e9e6f7c 100644
--- a/komodo/mastodon/compose.yaml
+++ b/komodo/mastodon/compose.yaml
@@ -1,14 +1,12 @@
-# Mastodon using Docker named volumes. All runtime env vars are passed through (no env_file).
-# Komodo / your orchestration should inject the environment variables listed below into each container.
+# docker-compose.yml
+version: "3.8"
+
 services:
   db:
     image: postgres:14-alpine
     restart: unless-stopped
-    environment:
-      POSTGRES_DB: mastodon_production
-      POSTGRES_USER: mastodon
-      # Komodo must provide DB_PASSWORD in the environment for this service
-      POSTGRES_PASSWORD: "${DB_PASSWORD}"
+    env_file:
+      - .env.production
     volumes:
       - db-data:/var/lib/postgresql/data
 
@@ -16,6 +14,8 @@ services:
     image: redis:6-alpine
     restart: unless-stopped
     command: ["redis-server", "--appendonly", "yes"]
+    env_file:
+      - .env.production
     volumes:
       - redis-data:/data
 
@@ -25,60 +25,37 @@ services:
       - db
       - redis
     restart: "no"
+    env_file:
+      - .env.production
     volumes:
       - public-system:/mastodon/public/system
       - public-assets:/mastodon/public/assets
       - public-packs:/mastodon/public/packs
       - mastodon-log:/mastodon/log
-    environment:
-      - RAILS_ENV=production
-      - LOCAL_DOMAIN=${LOCAL_DOMAIN}
-      - LOCAL_HTTPS=${LOCAL_HTTPS}
-      - DB_HOST=${DB_HOST}
-      - DB_PORT=${DB_PORT}
-      - DB_NAME=${DB_NAME}
-      - DB_USER=${DB_USER}
-      - DB_PASS=${DB_PASS}
-      - DB_PASSWORD=${DB_PASSWORD}
-      - REDIS_URL=${REDIS_URL}
-      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
-      - OTP_SECRET=${OTP_SECRET}
-      - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
-      - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
-      - SMTP_SERVER=${SMTP_SERVER}
-      - SMTP_PORT=${SMTP_PORT}
-      - SMTP_LOGIN=${SMTP_LOGIN}
-      - SMTP_PASSWORD=${SMTP_PASSWORD}
-      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
-      - STREAMING_ENABLED=${STREAMING_ENABLED}
-      - RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
     command: >
       bash -lc "
       set -euo pipefail
-
       echo '== Mastodon init job starting'
 
-      # 1) Verify ActiveRecord encryption keys. If missing, generate and print them and exit so operator can set them.
+      # 1) Check ActiveRecord encryption keys; if missing, run db:encryption:init to generate and print them then exit.
       if [ -z \"${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}\" ]; then
         echo 'ActiveRecord encryption keys are NOT set. Running bin/rails db:encryption:init to generate keys...'
         bin/rails db:encryption:init || true
         echo '======================================================='
-        echo 'The above command generated the ACTIVE_RECORD encryption keys. Copy them into Komodo (use these exact env names):'
+        echo 'The above command generated ACTIVE_RECORD encryption keys. Copy them into .env.production (use these exact names):'
         echo '  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY'
         echo '  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY'
         echo '  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT'
         echo ''
-        echo 'After adding those to Komodo, re-run this init job (docker-compose run --rm --no-deps init).'
-        echo 'Exiting with code 1 to ensure you capture and persist the keys in your secret store.'
+        echo 'After editing .env.production to include the keys, re-run this init job:'
+        echo '  docker-compose run --rm --no-deps init'
+        echo 'Exiting with code 1 so you persist the keys before continuing.'
         exit 1
       fi
 
       echo 'ActiveRecord encryption keys present. Continuing initialization...'
 
-      # 2) Wait for DB to accept connections (retry loop)
+      # 2) Wait for Postgres readiness
       echo 'Waiting for Postgres to be ready...'
       attempt=0
       until bundle exec rails db:version >/dev/null 2>&1; do
@@ -92,16 +69,16 @@ services:
       done
       echo 'Postgres is ready.'
 
-      # 3) Prepare DB (create/migrate as needed)
+      # 3) Prepare DB (create/migrate)
       echo 'Running rails db:prepare (create DB / migrate if needed)...'
       bundle exec rails db:prepare
 
-      # 4) Generate VAPID keys if not provided
+      # 4) Generate VAPID keys if missing (prints keys)
       if [ -z \"${VAPID_PUBLIC_KEY:-}\" ] || [ -z \"${VAPID_PRIVATE_KEY:-}\" ]; then
         echo 'VAPID keys (VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY) are missing. Generating...'
         bundle exec rake mastodon:webpush:generate_vapid_key || true
         echo '======================================================='
-        echo 'If VAPID keys were printed above, copy them into Komodo as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run this init job (or continue to start services if you accept missing VAPID keys).'
+        echo 'If VAPID keys were printed above, copy them into .env.production as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run init.'
       else
         echo 'VAPID keys present.'
       fi
@@ -111,7 +88,7 @@ services:
       if command -v yarn >/dev/null 2>&1; then
         yarn install --check-files --production=false
       else
-        echo 'yarn not found in image; skipping yarn install (ensure assets are available in the image or build them externally).'
+        echo 'yarn not found in image; skipping yarn install (ensure assets are built if image doesn't include yarn).'
       fi
 
       echo 'Precompiling rails assets...'
@@ -126,6 +103,8 @@ services:
       - db
       - redis
     restart: unless-stopped
+    env_file:
+      - .env.production
     volumes:
       - public-system:/mastodon/public/system
       - public-assets:/mastodon/public/assets
@@ -133,33 +112,6 @@ services:
       - mastodon-log:/mastodon/log
     ports:
       - "3000:3000"
-    environment:
-      - RAILS_ENV=production
-      - LOCAL_DOMAIN=${LOCAL_DOMAIN}
-      - LOCAL_HTTPS=${LOCAL_HTTPS}
-      - PORT=${PORT}
-      - STREAMING_PORT=${STREAMING_PORT}
-      - DB_HOST=${DB_HOST}
-      - DB_PORT=${DB_PORT}
-      - DB_NAME=${DB_NAME}
-      - DB_USER=${DB_USER}
-      - DB_PASS=${DB_PASS}
-      - DB_PASSWORD=${DB_PASSWORD}
-      - REDIS_URL=${REDIS_URL}
-      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
-      - OTP_SECRET=${OTP_SECRET}
-      - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
-      - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
-      - SMTP_SERVER=${SMTP_SERVER}
-      - SMTP_PORT=${SMTP_PORT}
-      - SMTP_LOGIN=${SMTP_LOGIN}
-      - SMTP_PASSWORD=${SMTP_PASSWORD}
-      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
-      - STREAMING_ENABLED=${STREAMING_ENABLED}
-      - RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
     command: bash -lc "RAILS_ENV=production bundle exec puma -C config/puma.rb"
 
   sidekiq:
@@ -168,30 +120,11 @@ services:
       - db
       - redis
     restart: unless-stopped
+    env_file:
+      - .env.production
     volumes:
       - public-system:/mastodon/public/system
       - mastodon-log:/mastodon/log
-    environment:
-      - RAILS_ENV=production
-      - LOCAL_DOMAIN=${LOCAL_DOMAIN}
-      - DB_HOST=${DB_HOST}
-      - DB_PORT=${DB_PORT}
-      - DB_NAME=${DB_NAME}
-      - DB_USER=${DB_USER}
-      - DB_PASS=${DB_PASS}
-      - DB_PASSWORD=${DB_PASSWORD}
-      - REDIS_URL=${REDIS_URL}
-      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
-      - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
-      - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
-      - SMTP_SERVER=${SMTP_SERVER}
-      - SMTP_PORT=${SMTP_PORT}
-      - SMTP_LOGIN=${SMTP_LOGIN}
-      - SMTP_PASSWORD=${SMTP_PASSWORD}
-      - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
     command: bash -lc "RAILS_ENV=production bundle exec sidekiq"
 
   streaming:
@@ -199,19 +132,12 @@ services:
     depends_on:
       - redis
     restart: unless-stopped
+    env_file:
+      - .env.production
     volumes:
       - mastodon-log:/mastodon/log
     ports:
       - "4000:4000"
-    environment:
-      - RAILS_ENV=production
-      - LOCAL_DOMAIN=${LOCAL_DOMAIN}
-      - PORT=${STREAMING_PORT}
-      - REDIS_URL=${REDIS_URL}
-      - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
-      - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
-      - STREAMING_ENABLED=${STREAMING_ENABLED}
     command: bash -lc "NODE_ENV=production ./bin/streaming"
 
 volumes: