gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update komodo/mastodon/compose.yaml

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-01-19 03:55:28 +00:00
parent d8691f8187
commit 6154a93f1b
1 changed files with 25 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
komodo/mastodon/compose.yaml
View File

@@ -1,14 +1,12 @@
# Mastodon using Docker named volumes. All runtime env vars are passed through (no env_file). # docker-compose.yml
# Komodo / your orchestration should inject the environment variables listed below into each container. version: "3.8"
services: services:
db: db:
image: postgres:14-alpine image: postgres:14-alpine
restart: unless-stopped restart: unless-stopped
environment: env_file:
POSTGRES_DB: mastodon_production - .env.production
POSTGRES_USER: mastodon
# Komodo must provide DB_PASSWORD in the environment for this service
POSTGRES_PASSWORD: "${DB_PASSWORD}"
volumes: volumes:
- db-data:/var/lib/postgresql/data - db-data:/var/lib/postgresql/data
@@ -16,6 +14,8 @@ services:
image: redis:6-alpine image: redis:6-alpine
restart: unless-stopped restart: unless-stopped
command: ["redis-server", "--appendonly", "yes"] command: ["redis-server", "--appendonly", "yes"]
env_file:
- .env.production
volumes: volumes:
- redis-data:/data - redis-data:/data
@@ -25,60 +25,37 @@ services:
- db - db
- redis - redis
restart: "no" restart: "no"
env_file:
- .env.production
volumes: volumes:
- public-system:/mastodon/public/system - public-system:/mastodon/public/system
- public-assets:/mastodon/public/assets - public-assets:/mastodon/public/assets
- public-packs:/mastodon/public/packs - public-packs:/mastodon/public/packs
- mastodon-log:/mastodon/log - mastodon-log:/mastodon/log
environment:
- RAILS_ENV=production
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
- LOCAL_HTTPS=${LOCAL_HTTPS}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
- DB_USER=${DB_USER}
- DB_PASS=${DB_PASS}
- DB_PASSWORD=${DB_PASSWORD}
- REDIS_URL=${REDIS_URL}
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
- OTP_SECRET=${OTP_SECRET}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
- STREAMING_ENABLED=${STREAMING_ENABLED}
- RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
command: > command: >
bash -lc " bash -lc "
set -euo pipefail set -euo pipefail
echo '== Mastodon init job starting' echo '== Mastodon init job starting'
# 1) Verify ActiveRecord encryption keys. If missing, generate and print them and exit so operator can set them. # 1) Check ActiveRecord encryption keys; if missing, run db:encryption:init to generate and print them then exit.
if [ -z \"${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}\" ]; then if [ -z \"${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}\" ]; then
echo 'ActiveRecord encryption keys are NOT set. Running bin/rails db:encryption:init to generate keys...' echo 'ActiveRecord encryption keys are NOT set. Running bin/rails db:encryption:init to generate keys...'
bin/rails db:encryption:init || true bin/rails db:encryption:init || true
echo '=======================================================' echo '======================================================='
echo 'The above command generated the ACTIVE_RECORD encryption keys. Copy them into Komodo (use these exact env names):' echo 'The above command generated ACTIVE_RECORD encryption keys. Copy them into .env.production (use these exact names):'
echo ' ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY' echo ' ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY'
echo ' ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY' echo ' ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY'
echo ' ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT' echo ' ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT'
echo '' echo ''
echo 'After adding those to Komodo, re-run this init job (docker-compose run --rm --no-deps init).' echo 'After editing .env.production to include the keys, re-run this init job:'
echo 'Exiting with code 1 to ensure you capture and persist the keys in your secret store.' echo ' docker-compose run --rm --no-deps init'
echo 'Exiting with code 1 so you persist the keys before continuing.'
exit 1 exit 1
fi fi
echo 'ActiveRecord encryption keys present. Continuing initialization...' echo 'ActiveRecord encryption keys present. Continuing initialization...'
# 2) Wait for DB to accept connections (retry loop) # 2) Wait for Postgres readiness
echo 'Waiting for Postgres to be ready...' echo 'Waiting for Postgres to be ready...'
attempt=0 attempt=0
until bundle exec rails db:version >/dev/null 2>&1; do until bundle exec rails db:version >/dev/null 2>&1; do
@@ -92,16 +69,16 @@ services:
done done
echo 'Postgres is ready.' echo 'Postgres is ready.'
# 3) Prepare DB (create/migrate as needed) # 3) Prepare DB (create/migrate)
echo 'Running rails db:prepare (create DB / migrate if needed)...' echo 'Running rails db:prepare (create DB / migrate if needed)...'
bundle exec rails db:prepare bundle exec rails db:prepare
# 4) Generate VAPID keys if not provided # 4) Generate VAPID keys if missing (prints keys)
if [ -z \"${VAPID_PUBLIC_KEY:-}\" ] || [ -z \"${VAPID_PRIVATE_KEY:-}\" ]; then if [ -z \"${VAPID_PUBLIC_KEY:-}\" ] || [ -z \"${VAPID_PRIVATE_KEY:-}\" ]; then
echo 'VAPID keys (VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY) are missing. Generating...' echo 'VAPID keys (VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY) are missing. Generating...'
bundle exec rake mastodon:webpush:generate_vapid_key || true bundle exec rake mastodon:webpush:generate_vapid_key || true
echo '=======================================================' echo '======================================================='
echo 'If VAPID keys were printed above, copy them into Komodo as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run this init job (or continue to start services if you accept missing VAPID keys).' echo 'If VAPID keys were printed above, copy them into .env.production as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run init.'
else else
echo 'VAPID keys present.' echo 'VAPID keys present.'
fi fi
@@ -111,7 +88,7 @@ services:
if command -v yarn >/dev/null 2>&1; then if command -v yarn >/dev/null 2>&1; then
yarn install --check-files --production=false yarn install --check-files --production=false
else else
echo 'yarn not found in image; skipping yarn install (ensure assets are available in the image or build them externally).' echo 'yarn not found in image; skipping yarn install (ensure assets are built if image doesn't include yarn).'
fi fi
echo 'Precompiling rails assets...' echo 'Precompiling rails assets...'
@@ -126,6 +103,8 @@ services:
- db - db
- redis - redis
restart: unless-stopped restart: unless-stopped
env_file:
- .env.production
volumes: volumes:
- public-system:/mastodon/public/system - public-system:/mastodon/public/system
- public-assets:/mastodon/public/assets - public-assets:/mastodon/public/assets
@@ -133,33 +112,6 @@ services:
- mastodon-log:/mastodon/log - mastodon-log:/mastodon/log
ports: ports:
- "3000:3000" - "3000:3000"
environment:
- RAILS_ENV=production
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
- LOCAL_HTTPS=${LOCAL_HTTPS}
- PORT=${PORT}
- STREAMING_PORT=${STREAMING_PORT}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
- DB_USER=${DB_USER}
- DB_PASS=${DB_PASS}
- DB_PASSWORD=${DB_PASSWORD}
- REDIS_URL=${REDIS_URL}
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
- OTP_SECRET=${OTP_SECRET}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
- STREAMING_ENABLED=${STREAMING_ENABLED}
- RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
command: bash -lc "RAILS_ENV=production bundle exec puma -C config/puma.rb" command: bash -lc "RAILS_ENV=production bundle exec puma -C config/puma.rb"
sidekiq: sidekiq:
@@ -168,30 +120,11 @@ services:
- db - db
- redis - redis
restart: unless-stopped restart: unless-stopped
env_file:
- .env.production
volumes: volumes:
- public-system:/mastodon/public/system - public-system:/mastodon/public/system
- mastodon-log:/mastodon/log - mastodon-log:/mastodon/log
environment:
- RAILS_ENV=production
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
- DB_USER=${DB_USER}
- DB_PASS=${DB_PASS}
- DB_PASSWORD=${DB_PASSWORD}
- REDIS_URL=${REDIS_URL}
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
command: bash -lc "RAILS_ENV=production bundle exec sidekiq" command: bash -lc "RAILS_ENV=production bundle exec sidekiq"
streaming: streaming:
@@ -199,19 +132,12 @@ services:
depends_on: depends_on:
- redis - redis
restart: unless-stopped restart: unless-stopped
env_file:
- .env.production
volumes: volumes:
- mastodon-log:/mastodon/log - mastodon-log:/mastodon/log
ports: ports:
- "4000:4000" - "4000:4000"
environment:
- RAILS_ENV=production
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
- PORT=${STREAMING_PORT}
- REDIS_URL=${REDIS_URL}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- STREAMING_ENABLED=${STREAMING_ENABLED}
command: bash -lc "NODE_ENV=production ./bin/streaming" command: bash -lc "NODE_ENV=production ./bin/streaming"
volumes: volumes: