Update komodo/mastodon/compose.yaml
This commit is contained in:
@@ -1,14 +1,12 @@
|
||||
# Mastodon using Docker named volumes. All runtime env vars are passed through (no env_file).
|
||||
# Komodo / your orchestration should inject the environment variables listed below into each container.
|
||||
# docker-compose.yml
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:14-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: mastodon_production
|
||||
POSTGRES_USER: mastodon
|
||||
# Komodo must provide DB_PASSWORD in the environment for this service
|
||||
POSTGRES_PASSWORD: "${DB_PASSWORD}"
|
||||
env_file:
|
||||
- .env.production
|
||||
volumes:
|
||||
- db-data:/var/lib/postgresql/data
|
||||
|
||||
@@ -16,6 +14,8 @@ services:
|
||||
image: redis:6-alpine
|
||||
restart: unless-stopped
|
||||
command: ["redis-server", "--appendonly", "yes"]
|
||||
env_file:
|
||||
- .env.production
|
||||
volumes:
|
||||
- redis-data:/data
|
||||
|
||||
@@ -25,60 +25,37 @@ services:
|
||||
- db
|
||||
- redis
|
||||
restart: "no"
|
||||
env_file:
|
||||
- .env.production
|
||||
volumes:
|
||||
- public-system:/mastodon/public/system
|
||||
- public-assets:/mastodon/public/assets
|
||||
- public-packs:/mastodon/public/packs
|
||||
- mastodon-log:/mastodon/log
|
||||
environment:
|
||||
- RAILS_ENV=production
|
||||
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
|
||||
- LOCAL_HTTPS=${LOCAL_HTTPS}
|
||||
- DB_HOST=${DB_HOST}
|
||||
- DB_PORT=${DB_PORT}
|
||||
- DB_NAME=${DB_NAME}
|
||||
- DB_USER=${DB_USER}
|
||||
- DB_PASS=${DB_PASS}
|
||||
- DB_PASSWORD=${DB_PASSWORD}
|
||||
- REDIS_URL=${REDIS_URL}
|
||||
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
|
||||
- OTP_SECRET=${OTP_SECRET}
|
||||
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
|
||||
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
|
||||
- SMTP_SERVER=${SMTP_SERVER}
|
||||
- SMTP_PORT=${SMTP_PORT}
|
||||
- SMTP_LOGIN=${SMTP_LOGIN}
|
||||
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
|
||||
- STREAMING_ENABLED=${STREAMING_ENABLED}
|
||||
- RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
|
||||
command: >
|
||||
bash -lc "
|
||||
set -euo pipefail
|
||||
|
||||
echo '== Mastodon init job starting'
|
||||
|
||||
# 1) Verify ActiveRecord encryption keys. If missing, generate and print them and exit so operator can set them.
|
||||
# 1) Check ActiveRecord encryption keys; if missing, run db:encryption:init to generate and print them then exit.
|
||||
if [ -z \"${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}\" ]; then
|
||||
echo 'ActiveRecord encryption keys are NOT set. Running bin/rails db:encryption:init to generate keys...'
|
||||
bin/rails db:encryption:init || true
|
||||
echo '======================================================='
|
||||
echo 'The above command generated the ACTIVE_RECORD encryption keys. Copy them into Komodo (use these exact env names):'
|
||||
echo 'The above command generated ACTIVE_RECORD encryption keys. Copy them into .env.production (use these exact names):'
|
||||
echo ' ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY'
|
||||
echo ' ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY'
|
||||
echo ' ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT'
|
||||
echo ''
|
||||
echo 'After adding those to Komodo, re-run this init job (docker-compose run --rm --no-deps init).'
|
||||
echo 'Exiting with code 1 to ensure you capture and persist the keys in your secret store.'
|
||||
echo 'After editing .env.production to include the keys, re-run this init job:'
|
||||
echo ' docker-compose run --rm --no-deps init'
|
||||
echo 'Exiting with code 1 so you persist the keys before continuing.'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo 'ActiveRecord encryption keys present. Continuing initialization...'
|
||||
|
||||
# 2) Wait for DB to accept connections (retry loop)
|
||||
# 2) Wait for Postgres readiness
|
||||
echo 'Waiting for Postgres to be ready...'
|
||||
attempt=0
|
||||
until bundle exec rails db:version >/dev/null 2>&1; do
|
||||
@@ -92,16 +69,16 @@ services:
|
||||
done
|
||||
echo 'Postgres is ready.'
|
||||
|
||||
# 3) Prepare DB (create/migrate as needed)
|
||||
# 3) Prepare DB (create/migrate)
|
||||
echo 'Running rails db:prepare (create DB / migrate if needed)...'
|
||||
bundle exec rails db:prepare
|
||||
|
||||
# 4) Generate VAPID keys if not provided
|
||||
# 4) Generate VAPID keys if missing (prints keys)
|
||||
if [ -z \"${VAPID_PUBLIC_KEY:-}\" ] || [ -z \"${VAPID_PRIVATE_KEY:-}\" ]; then
|
||||
echo 'VAPID keys (VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY) are missing. Generating...'
|
||||
bundle exec rake mastodon:webpush:generate_vapid_key || true
|
||||
echo '======================================================='
|
||||
echo 'If VAPID keys were printed above, copy them into Komodo as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run this init job (or continue to start services if you accept missing VAPID keys).'
|
||||
echo 'If VAPID keys were printed above, copy them into .env.production as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run init.'
|
||||
else
|
||||
echo 'VAPID keys present.'
|
||||
fi
|
||||
@@ -111,7 +88,7 @@ services:
|
||||
if command -v yarn >/dev/null 2>&1; then
|
||||
yarn install --check-files --production=false
|
||||
else
|
||||
echo 'yarn not found in image; skipping yarn install (ensure assets are available in the image or build them externally).'
|
||||
echo 'yarn not found in image; skipping yarn install (ensure assets are built if image doesn't include yarn).'
|
||||
fi
|
||||
|
||||
echo 'Precompiling rails assets...'
|
||||
@@ -126,6 +103,8 @@ services:
|
||||
- db
|
||||
- redis
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- .env.production
|
||||
volumes:
|
||||
- public-system:/mastodon/public/system
|
||||
- public-assets:/mastodon/public/assets
|
||||
@@ -133,33 +112,6 @@ services:
|
||||
- mastodon-log:/mastodon/log
|
||||
ports:
|
||||
- "3000:3000"
|
||||
environment:
|
||||
- RAILS_ENV=production
|
||||
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
|
||||
- LOCAL_HTTPS=${LOCAL_HTTPS}
|
||||
- PORT=${PORT}
|
||||
- STREAMING_PORT=${STREAMING_PORT}
|
||||
- DB_HOST=${DB_HOST}
|
||||
- DB_PORT=${DB_PORT}
|
||||
- DB_NAME=${DB_NAME}
|
||||
- DB_USER=${DB_USER}
|
||||
- DB_PASS=${DB_PASS}
|
||||
- DB_PASSWORD=${DB_PASSWORD}
|
||||
- REDIS_URL=${REDIS_URL}
|
||||
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
|
||||
- OTP_SECRET=${OTP_SECRET}
|
||||
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
|
||||
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
|
||||
- SMTP_SERVER=${SMTP_SERVER}
|
||||
- SMTP_PORT=${SMTP_PORT}
|
||||
- SMTP_LOGIN=${SMTP_LOGIN}
|
||||
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
|
||||
- STREAMING_ENABLED=${STREAMING_ENABLED}
|
||||
- RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
|
||||
command: bash -lc "RAILS_ENV=production bundle exec puma -C config/puma.rb"
|
||||
|
||||
sidekiq:
|
||||
@@ -168,30 +120,11 @@ services:
|
||||
- db
|
||||
- redis
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- .env.production
|
||||
volumes:
|
||||
- public-system:/mastodon/public/system
|
||||
- mastodon-log:/mastodon/log
|
||||
environment:
|
||||
- RAILS_ENV=production
|
||||
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
|
||||
- DB_HOST=${DB_HOST}
|
||||
- DB_PORT=${DB_PORT}
|
||||
- DB_NAME=${DB_NAME}
|
||||
- DB_USER=${DB_USER}
|
||||
- DB_PASS=${DB_PASS}
|
||||
- DB_PASSWORD=${DB_PASSWORD}
|
||||
- REDIS_URL=${REDIS_URL}
|
||||
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
|
||||
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
|
||||
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
|
||||
- SMTP_SERVER=${SMTP_SERVER}
|
||||
- SMTP_PORT=${SMTP_PORT}
|
||||
- SMTP_LOGIN=${SMTP_LOGIN}
|
||||
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
||||
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
|
||||
command: bash -lc "RAILS_ENV=production bundle exec sidekiq"
|
||||
|
||||
streaming:
|
||||
@@ -199,19 +132,12 @@ services:
|
||||
depends_on:
|
||||
- redis
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- .env.production
|
||||
volumes:
|
||||
- mastodon-log:/mastodon/log
|
||||
ports:
|
||||
- "4000:4000"
|
||||
environment:
|
||||
- RAILS_ENV=production
|
||||
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
|
||||
- PORT=${STREAMING_PORT}
|
||||
- REDIS_URL=${REDIS_URL}
|
||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
|
||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
|
||||
- STREAMING_ENABLED=${STREAMING_ENABLED}
|
||||
command: bash -lc "NODE_ENV=production ./bin/streaming"
|
||||
|
||||
volumes:
|
||||
|
||||
Reference in New Issue
Block a user