From 6c46240a32b1d3522d71134062d02933dfa1e170 Mon Sep 17 00:00:00 2001 From: Nikholas Pcenicni Date: Mon, 19 Jan 2026 03:11:25 +0000 Subject: [PATCH] Update komodo/mastodon/.env.sample --- komodo/mastodon/.env.sample | 94 +++++++++++++++---------------------- 1 file changed, 39 insertions(+), 55 deletions(-) diff --git a/komodo/mastodon/.env.sample b/komodo/mastodon/.env.sample index d2792b2..88720e1 100644 --- a/komodo/mastodon/.env.sample +++ b/komodo/mastodon/.env.sample @@ -1,64 +1,48 @@ -# .env (example/base) -# Basic user/group and timezone -PUID=1000 -PGID=1000 -TZ=Etc/UTC +# Reference list of environment variables / placeholders that Komodo should set for the containers. +# Fill these in your Komodo service/environment configuration (do NOT store secrets in VCS). -# Domain and redis -LOCAL_DOMAIN=example.com -REDIS_HOST=redis -REDIS_PORT=6379 +# Basic site +LOCAL_DOMAIN=masto.pcenicni.social +LOCAL_HTTPS=true # true since Pangolin terminates TLS +RAILS_ENV=production +PORT=3000 +STREAMING_PORT=4000 -# Postgres DB +# Database (Postgres) DB_HOST=db -DB_USER=mastodon -DB_NAME=mastodon -DB_PASS=mastodon DB_PORT=5432 -DB_POOL=5 +DB_NAME=mastodon_production +DB_USER=mastodon +# DB password: must be set securely in Komodo +DB_PASSWORD=__REPLACE_DB_PASSWORD__ # used by postgres service +DB_PASS=${DB_PASSWORD} # passed into Mastodon containers -# Elasticsearch (optional) -ES_ENABLED=false -ES_HOST=es -ES_PORT=9200 -ES_USER=elastic -ES_PASS=elastic +# Redis +REDIS_URL=redis://redis:6379 +# If you use a Redis password, set REDIS_URL accordingly (e.g. redis://:password@redis:6379) -# ActiveRecord encryption & application secrets (required in production) -ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= -ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= -ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= -SECRET_KEY_BASE= -OTP_SECRET= -VAPID_PRIVATE_KEY= -VAPID_PUBLIC_KEY= +# Mastodon secrets (generate securely) +SECRET_KEY_BASE=__REPLACE_SECRET_KEY_BASE__ +OTP_SECRET=__REPLACE_OTP_SECRET__ +VAPID_PUBLIC_KEY=__REPLACE_VAPID_PUBLIC_KEY__ +VAPID_PRIVATE_KEY=__REPLACE_VAPID_PRIVATE_KEY__ -# SMTP settings -SMTP_SERVER=mail.example.com -SMTP_PORT=25 -SMTP_LOGIN= -SMTP_PASSWORD= +# ActiveRecord encryption keys (required for Rails/Mastodon encrypted attributes) +# Generate strong random values (examples below generate hex strings). +# Komodo must set these three variables. Do NOT reuse or change them after data is written without a proper key-rotation plan. +ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=__REPLACE_WITH_PRIMARY_KEY__ # 32 bytes (hex recommended) +ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=__REPLACE_WITH_DETERMINISTIC_KEY__ # 32 bytes (hex recommended) +ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=__REPLACE_WITH_KEY_DERIVATION_SALT__ # 16 bytes (hex recommended) + +# Mail / SMTP (placeholders; template uses Gmail STARTTLS) +SMTP_SERVER=smtp.gmail.com +SMTP_PORT=587 +SMTP_LOGIN=notifications@example.com +SMTP_PASSWORD=__REPLACE_SMTP_PASSWORD__ SMTP_FROM_ADDRESS=notifications@example.com +SMTP_AUTH_METHOD=plain +SMTP_OPENSSL_VERIFY_MODE=require -# S3 / AWS (optional) -S3_ENABLED=false -S3_BUCKET= -AWS_ACCESS_KEY_ID= -AWS_SECRET_ACCESS_KEY= -S3_ALIAS_HOST= - -# Sidekiq options (optional) -SIDEKIQ_ONLY=false -SIDEKIQ_QUEUE= -SIDEKIQ_DEFAULT=false -SIDEKIQ_THREADS=5 - -# Other options -NO_CHOWN= -MASTODON_PROMETHEUS_EXPORTER_ENABLED= - -# Host paths and ports (customize) -CONFIG_PATH=/path/to/mastodon/config -PORT_HTTP=80 -PORT_HTTPS=443 -PORT_PROMETHEUS=9394 \ No newline at end of file +# Misc +STREAMING_ENABLED=true +RAILS_SERVE_STATIC_FILES=true \ No newline at end of file