gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update komodo/mastodon/compose.yaml

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-01-19 03:46:52 +00:00
parent c86d3fa887
commit d8691f8187
1 changed files with 112 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
komodo/mastodon/compose.yaml
View File

@@ -19,6 +19,107 @@ services:
volumes: volumes:
- redis-data:/data - redis-data:/data
init:
image: ghcr.io/mastodon/mastodon:latest
depends_on:
- db
- redis
restart: "no"
volumes:
- public-system:/mastodon/public/system
- public-assets:/mastodon/public/assets
- public-packs:/mastodon/public/packs
- mastodon-log:/mastodon/log
environment:
- RAILS_ENV=production
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
- LOCAL_HTTPS=${LOCAL_HTTPS}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
- DB_USER=${DB_USER}
- DB_PASS=${DB_PASS}
- DB_PASSWORD=${DB_PASSWORD}
- REDIS_URL=${REDIS_URL}
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
- OTP_SECRET=${OTP_SECRET}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
- STREAMING_ENABLED=${STREAMING_ENABLED}
- RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES}
command: >
bash -lc "
set -euo pipefail
echo '== Mastodon init job starting'
# 1) Verify ActiveRecord encryption keys. If missing, generate and print them and exit so operator can set them.
if [ -z \"${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY:-}\" ] || [ -z \"${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT:-}\" ]; then
echo 'ActiveRecord encryption keys are NOT set. Running bin/rails db:encryption:init to generate keys...'
bin/rails db:encryption:init || true
echo '======================================================='
echo 'The above command generated the ACTIVE_RECORD encryption keys. Copy them into Komodo (use these exact env names):'
echo ' ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY'
echo ' ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY'
echo ' ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT'
echo ''
echo 'After adding those to Komodo, re-run this init job (docker-compose run --rm --no-deps init).'
echo 'Exiting with code 1 to ensure you capture and persist the keys in your secret store.'
exit 1
fi
echo 'ActiveRecord encryption keys present. Continuing initialization...'
# 2) Wait for DB to accept connections (retry loop)
echo 'Waiting for Postgres to be ready...'
attempt=0
until bundle exec rails db:version >/dev/null 2>&1; do
attempt=$((attempt+1))
if [ \"$attempt\" -gt 60 ]; then
echo 'Timed out waiting for Postgres (60 attempts). Check DB connectivity and env vars.' >&2
exit 2
fi
echo \"Postgres not ready yet (attempt $attempt). Sleeping 2s...\"
sleep 2
done
echo 'Postgres is ready.'
# 3) Prepare DB (create/migrate as needed)
echo 'Running rails db:prepare (create DB / migrate if needed)...'
bundle exec rails db:prepare
# 4) Generate VAPID keys if not provided
if [ -z \"${VAPID_PUBLIC_KEY:-}\" ] || [ -z \"${VAPID_PRIVATE_KEY:-}\" ]; then
echo 'VAPID keys (VAPID_PUBLIC_KEY/VAPID_PRIVATE_KEY) are missing. Generating...'
bundle exec rake mastodon:webpush:generate_vapid_key || true
echo '======================================================='
echo 'If VAPID keys were printed above, copy them into Komodo as VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY and re-run this init job (or continue to start services if you accept missing VAPID keys).'
else
echo 'VAPID keys present.'
fi
# 5) Install JS deps and precompile assets
echo 'Installing javascript dependencies (yarn)...'
if command -v yarn >/dev/null 2>&1; then
yarn install --check-files --production=false
else
echo 'yarn not found in image; skipping yarn install (ensure assets are available in the image or build them externally).'
fi
echo 'Precompiling rails assets...'
RAILS_ENV=production bundle exec rails assets:precompile
echo 'Init job complete. You can now start web/sidekiq/streaming services.'
"
web: web:
image: ghcr.io/mastodon/mastodon:latest image: ghcr.io/mastodon/mastodon:latest
depends_on: depends_on:
@@ -32,7 +133,6 @@ services:
- mastodon-log:/mastodon/log - mastodon-log:/mastodon/log
ports: ports:
- "3000:3000" - "3000:3000"
# Komodo must inject all Mastodon env vars below into the container environment.
environment: environment:
- RAILS_ENV=production - RAILS_ENV=production
- LOCAL_DOMAIN=${LOCAL_DOMAIN} - LOCAL_DOMAIN=${LOCAL_DOMAIN}
@@ -44,14 +144,15 @@ services:
- DB_NAME=${DB_NAME} - DB_NAME=${DB_NAME}
- DB_USER=${DB_USER} - DB_USER=${DB_USER}
- DB_PASS=${DB_PASS} - DB_PASS=${DB_PASS}
- DB_PASSWORD=${DB_PASSWORD}
- REDIS_URL=${REDIS_URL} - REDIS_URL=${REDIS_URL}
- SECRET_KEY_BASE=${SECRET_KEY_BASE} - SECRET_KEY_BASE=${SECRET_KEY_BASE}
- OTP_SECRET=${OTP_SECRET} - OTP_SECRET=${OTP_SECRET}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY} - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY} - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY} - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY} - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT} - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SMTP_SERVER=${SMTP_SERVER} - SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT} - SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN} - SMTP_LOGIN=${SMTP_LOGIN}
@@ -78,13 +179,14 @@ services:
- DB_NAME=${DB_NAME} - DB_NAME=${DB_NAME}
- DB_USER=${DB_USER} - DB_USER=${DB_USER}
- DB_PASS=${DB_PASS} - DB_PASS=${DB_PASS}
- DB_PASSWORD=${DB_PASSWORD}
- REDIS_URL=${REDIS_URL} - REDIS_URL=${REDIS_URL}
- SECRET_KEY_BASE=${SECRET_KEY_BASE} - SECRET_KEY_BASE=${SECRET_KEY_BASE}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY} - VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY} - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY} - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY} - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT} - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SMTP_SERVER=${SMTP_SERVER} - SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT} - SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN} - SMTP_LOGIN=${SMTP_LOGIN}
@@ -106,9 +208,9 @@ services:
- LOCAL_DOMAIN=${LOCAL_DOMAIN} - LOCAL_DOMAIN=${LOCAL_DOMAIN}
- PORT=${STREAMING_PORT} - PORT=${STREAMING_PORT}
- REDIS_URL=${REDIS_URL} - REDIS_URL=${REDIS_URL}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY} - ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY} - ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT} - ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- STREAMING_ENABLED=${STREAMING_ENABLED} - STREAMING_ENABLED=${STREAMING_ENABLED}
command: bash -lc "NODE_ENV=production ./bin/streaming" command: bash -lc "NODE_ENV=production ./bin/streaming"