feat: Implement Ansible for Proxmox VM management and refactor Mastodon Docker Compose, removing outdated service definitions.
This commit is contained in:
Nikholas Pcenicni
@@ -1,48 +1,99 @@
|
||||
# Reference list of environment variables / placeholders that Komodo should set for the containers.
|
||||
# Fill these in your Komodo service/environment configuration (do NOT store secrets in VCS).
|
||||
# Service configuration
|
||||
# ---------------------
|
||||
LOCAL_DOMAIN=example.com
|
||||
LOCAL_HTTPS=true
|
||||
ALTERNATE_DOMAINS=localhost,127.0.0.1
|
||||
# Use 'true' since you have an external proxy (Pangolin/Nginx) handling TLS
|
||||
# This tells Mastodon to generate https:// links
|
||||
|
||||
# Basic site
|
||||
LOCAL_DOMAIN=masto.pcenicni.social
|
||||
LOCAL_HTTPS=true # true since Pangolin terminates TLS
|
||||
RAILS_ENV=production
|
||||
PORT=3000
|
||||
STREAMING_PORT=4000
|
||||
# Trusted Proxy Configuration
|
||||
# ---------------------------
|
||||
# Allow Mastodon to trust headers (X-Forwarded-For, X-Forwarded-Proto) from your reverse proxy.
|
||||
# We whitelist standard private ranges so the proxy's internal IP is trusted.
|
||||
TRUSTED_PROXY_IP=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
|
||||
|
||||
# Database (Postgres)
|
||||
# OIDC / Authentik Integration
|
||||
# ----------------------------
|
||||
OIDC_ENABLED=true
|
||||
OIDC_DISPLAY_NAME=Authentik
|
||||
OIDC_DISCOVERY=true
|
||||
# Fill these in from Authentik:
|
||||
OIDC_ISSUER=https://auth.example.com/application/o/mastodon/
|
||||
OIDC_AUTH_ENDPOINT=https://auth.example.com/application/o/authorize/
|
||||
OIDC_CLIENT_ID=<YOUR_CLIENT_ID>
|
||||
OIDC_CLIENT_SECRET=<YOUR_CLIENT_SECRET>
|
||||
OIDC_SCOPE=openid,profile,email
|
||||
OIDC_UID_FIELD=preferred_username
|
||||
OIDC_REDIRECT_URI=https://social.example.com/auth/auth/openid_connect/callback
|
||||
# Automatically verify emails from Authentik
|
||||
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
||||
# To force users to log in with Authentik only:
|
||||
# OMNIAUTH_ONLY=true
|
||||
|
||||
# Database configuration
|
||||
# ----------------------
|
||||
DB_HOST=db
|
||||
DB_PORT=5432
|
||||
DB_NAME=mastodon_production
|
||||
DB_USER=mastodon
|
||||
# DB password: must be set securely in Komodo
|
||||
DB_PASSWORD=__REPLACE_DB_PASSWORD__ # used by postgres service
|
||||
DB_PASS=${DB_PASSWORD} # passed into Mastodon containers
|
||||
DB_PASS=<DB_PASSWORD>
|
||||
# DB_PASS is used by the Mastodon application to connect
|
||||
|
||||
# Redis
|
||||
REDIS_URL=redis://redis:6379
|
||||
# If you use a Redis password, set REDIS_URL accordingly (e.g. redis://:password@redis:6379)
|
||||
# Postgres container configuration (must match above)
|
||||
POSTGRES_USER=mastodon
|
||||
POSTGRES_PASSWORD=<DB_PASSWORD>
|
||||
POSTGRES_DB=mastodon_production
|
||||
|
||||
# Mastodon secrets (generate securely)
|
||||
SECRET_KEY_BASE=__REPLACE_SECRET_KEY_BASE__
|
||||
OTP_SECRET=__REPLACE_OTP_SECRET__
|
||||
VAPID_PUBLIC_KEY=__REPLACE_VAPID_PUBLIC_KEY__
|
||||
VAPID_PRIVATE_KEY=__REPLACE_VAPID_PRIVATE_KEY__
|
||||
# Redis configuration
|
||||
# -------------------
|
||||
REDIS_HOST=redis
|
||||
REDIS_PORT=6379
|
||||
# REDIS_PASSWORD=
|
||||
# If you set a Redis password, also update REDIS_URL below
|
||||
|
||||
# ActiveRecord encryption keys (required for Rails/Mastodon encrypted attributes)
|
||||
# Generate strong random values (examples below generate hex strings).
|
||||
# Komodo must set these three variables. Do NOT reuse or change them after data is written without a proper key-rotation plan.
|
||||
ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=__REPLACE_WITH_PRIMARY_KEY__ # 32 bytes (hex recommended)
|
||||
ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=__REPLACE_WITH_DETERMINISTIC_KEY__ # 32 bytes (hex recommended)
|
||||
ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=__REPLACE_WITH_KEY_DERIVATION_SALT__ # 16 bytes (hex recommended)
|
||||
# Mastodon secrets
|
||||
# ----------------
|
||||
# Use `docker-compose run --rm web bundle exec rake secret` to generate new keys if needed
|
||||
# Generate new secrets for production!
|
||||
SECRET_KEY_BASE=<GENERATED_SECRET>
|
||||
OTP_SECRET=<GENERATED_SECRET>
|
||||
|
||||
# Mail / SMTP (placeholders; template uses Gmail STARTTLS)
|
||||
# VAPID keys (for push notifications)
|
||||
# Required. Generate with `docker-compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key`
|
||||
VAPID_PRIVATE_KEY=<GENERATED_VAPID_PRIVATE_KEY>
|
||||
VAPID_PUBLIC_KEY=<GENERATED_VAPID_PUBLIC_KEY>
|
||||
|
||||
# ActiveRecord Encryption (Rails 7+)
|
||||
# ----------------------------------
|
||||
# Required. Do not change these once data is encrypted in the DB.
|
||||
# Generate these!
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=<GENERATED_KEY>
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=<GENERATED_KEY>
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=<GENERATED_SALT>
|
||||
|
||||
# S3 / Object Storage (Optional)
|
||||
# ------------------------------
|
||||
# S3_ENABLED=true
|
||||
# S3_BUCKET=
|
||||
# AWS_ACCESS_KEY_ID=
|
||||
# AWS_SECRET_ACCESS_KEY=
|
||||
# S3_REGION=
|
||||
# S3_PROTOCOL=https
|
||||
# S3_HOSTNAME=
|
||||
|
||||
# SMTP / Email
|
||||
# ------------
|
||||
SMTP_SERVER=smtp.gmail.com
|
||||
SMTP_PORT=587
|
||||
SMTP_LOGIN=notifications@example.com
|
||||
SMTP_PASSWORD=__REPLACE_SMTP_PASSWORD__
|
||||
SMTP_PASSWORD=<SMTP_PASSWORD>
|
||||
SMTP_FROM_ADDRESS=notifications@example.com
|
||||
SMTP_AUTH_METHOD=plain
|
||||
SMTP_OPENSSL_VERIFY_MODE=require
|
||||
# SMTP_ENABLE_STARTTLS_AUTO=true
|
||||
|
||||
# Misc
|
||||
STREAMING_ENABLED=true
|
||||
RAILS_SERVE_STATIC_FILES=true
|
||||
# Application defaults
|
||||
# --------------------
|
||||
RAILS_ENV=production
|
||||
NODE_ENV=production
|
||||
RAILS_SERVE_STATIC_FILES=true
|
||||
|
||||
Reference in New Issue
Block a user