From d8691f81878d227f6e45534288c7a301b9679e43 Mon Sep 17 00:00:00 2001 From: Nikholas Pcenicni Date: Mon, 19 Jan 2026 03:46:52 +0000 Subject: [PATCH] Update komodo/mastodon/compose.yaml --- komodo/mastodon/compose.yaml | 122 ++++++++++++++++++++++++++++++++--- 1 file changed, 112 insertions(+), 10 deletions(-) diff --git a/komodo/mastodon/compose.yaml b/komodo/mastodon/compose.yaml index 79fb645..25660ab 100644 --- a/komodo/mastodon/compose.yaml +++ b/komodo/mastodon/compose.yaml @@ -19,6 +19,107 @@ services: volumes: - redis-data:/data + init: + image: ghcr.io/mastodon/mastodon:latest + depends_on: + - db + - redis + restart: "no" + volumes: + - public-system:/mastodon/public/system + - public-assets:/mastodon/public/assets + - public-packs:/mastodon/public/packs + - mastodon-log:/mastodon/log + environment: + - RAILS_ENV=production + - LOCAL_DOMAIN=${LOCAL_DOMAIN} + - LOCAL_HTTPS=${LOCAL_HTTPS} + - DB_HOST=${DB_HOST} + - DB_PORT=${DB_PORT} + - DB_NAME=${DB_NAME} + - DB_USER=${DB_USER} + - DB_PASS=${DB_PASS} + - DB_PASSWORD=${DB_PASSWORD} + - REDIS_URL=${REDIS_URL} + - SECRET_KEY_BASE=${SECRET_KEY_BASE} + - OTP_SECRET=${OTP_SECRET} + - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY} + - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY} + - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY} + - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY} + - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT} + - SMTP_SERVER=${SMTP_SERVER} + - SMTP_PORT=${SMTP_PORT} + - SMTP_LOGIN=${SMTP_LOGIN} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS} + - STREAMING_ENABLED=${STREAMING_ENABLED} + - RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES} + command: > + bash -lc " + set -euo pipefail + + echo '== Mastodon init job starting' + + # 1) Verify ActiveRecord encryption keys. If missing, generate and print them and exit so operator can set them. + if [ -z \"${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}\" ]; then + echo 'ActiveRecord encryption keys are NOT set. Running bin/rails db:encryption:init to generate keys...' + bin/rails db:encryption:init || true + echo '=======================================================' + echo 'The above command generated the ACTIVE_RECORD encryption keys. Copy them into Komodo (use these exact env names):' + echo ' ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY' + echo ' ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY' + echo ' ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT' + echo '' + echo 'After adding those to Komodo, re-run this init job (docker-compose run --rm --no-deps init).' + echo 'Exiting with code 1 to ensure you capture and persist the keys in your secret store.' + exit 1 + fi + + echo 'ActiveRecord encryption keys present. Continuing initialization...' + + # 2) Wait for DB to accept connections (retry loop) + echo 'Waiting for Postgres to be ready...' + attempt=0 + until bundle exec rails db:version >/dev/null 2>&1; do + attempt=$((attempt+1)) + if [ \"$attempt\" -gt 60 ]; then + echo 'Timed out waiting for Postgres (60 attempts). Check DB connectivity and env vars.' >&2 + exit 2 + fi + echo \"Postgres not ready yet (attempt $attempt). Sleeping 2s...\" + sleep 2 + done + echo 'Postgres is ready.' + + # 3) Prepare DB (create/migrate as needed) + echo 'Running rails db:prepare (create DB / migrate if needed)...' + bundle exec rails db:prepare + + # 4) Generate VAPID keys if not provided + if [ -z \"${VAPID_PUBLIC_KEY:-}\" ] || [ -z \"${VAPID_PRIVATE_KEY:-}\" ]; then + echo 'VAPID keys (VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY) are missing. Generating...' + bundle exec rake mastodon:webpush:generate_vapid_key || true + echo '=======================================================' + echo 'If VAPID keys were printed above, copy them into Komodo as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run this init job (or continue to start services if you accept missing VAPID keys).' + else + echo 'VAPID keys present.' + fi + + # 5) Install JS deps and precompile assets + echo 'Installing javascript dependencies (yarn)...' + if command -v yarn >/dev/null 2>&1; then + yarn install --check-files --production=false + else + echo 'yarn not found in image; skipping yarn install (ensure assets are available in the image or build them externally).' + fi + + echo 'Precompiling rails assets...' + RAILS_ENV=production bundle exec rails assets:precompile + + echo 'Init job complete. You can now start web/sidekiq/streaming services.' + " + web: image: ghcr.io/mastodon/mastodon:latest depends_on: @@ -32,7 +133,6 @@ services: - mastodon-log:/mastodon/log ports: - "3000:3000" - # Komodo must inject all Mastodon env vars below into the container environment. environment: - RAILS_ENV=production - LOCAL_DOMAIN=${LOCAL_DOMAIN} @@ -44,14 +144,15 @@ services: - DB_NAME=${DB_NAME} - DB_USER=${DB_USER} - DB_PASS=${DB_PASS} + - DB_PASSWORD=${DB_PASSWORD} - REDIS_URL=${REDIS_URL} - SECRET_KEY_BASE=${SECRET_KEY_BASE} - OTP_SECRET=${OTP_SECRET} - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY} - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY} - - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY} - - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY} - - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT} + - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY} + - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY} + - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT} - SMTP_SERVER=${SMTP_SERVER} - SMTP_PORT=${SMTP_PORT} - SMTP_LOGIN=${SMTP_LOGIN} @@ -78,13 +179,14 @@ services: - DB_NAME=${DB_NAME} - DB_USER=${DB_USER} - DB_PASS=${DB_PASS} + - DB_PASSWORD=${DB_PASSWORD} - REDIS_URL=${REDIS_URL} - SECRET_KEY_BASE=${SECRET_KEY_BASE} - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY} - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY} - - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY} - - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY} - - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT} + - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY} + - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY} + - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT} - SMTP_SERVER=${SMTP_SERVER} - SMTP_PORT=${SMTP_PORT} - SMTP_LOGIN=${SMTP_LOGIN} @@ -106,9 +208,9 @@ services: - LOCAL_DOMAIN=${LOCAL_DOMAIN} - PORT=${STREAMING_PORT} - REDIS_URL=${REDIS_URL} - - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY} - - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY} - - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT} + - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY} + - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY} + - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT} - STREAMING_ENABLED=${STREAMING_ENABLED} command: bash -lc "NODE_ENV=production ./bin/streaming"