home-server/komodo/mastodon/.env.sample

# Reference list of environment variables / placeholders that Komodo should set for the containers.
# Fill these in your Komodo service/environment configuration (do NOT store secrets in VCS).

# Basic site
LOCAL_DOMAIN=masto.pcenicni.social
LOCAL_HTTPS=true                # true since Pangolin terminates TLS
RAILS_ENV=production
PORT=3000
STREAMING_PORT=4000

# Database (Postgres)
DB_HOST=db
DB_PORT=5432
DB_NAME=mastodon_production
DB_USER=mastodon
# DB password: must be set securely in Komodo
DB_PASSWORD=__REPLACE_DB_PASSWORD__   # used by postgres service
DB_PASS=${DB_PASSWORD}                # passed into Mastodon containers

# Redis
REDIS_URL=redis://redis:6379
# If you use a Redis password, set REDIS_URL accordingly (e.g. redis://:password@redis:6379)

# Mastodon secrets (generate securely)
SECRET_KEY_BASE=__REPLACE_SECRET_KEY_BASE__
OTP_SECRET=__REPLACE_OTP_SECRET__
VAPID_PUBLIC_KEY=__REPLACE_VAPID_PUBLIC_KEY__
VAPID_PRIVATE_KEY=__REPLACE_VAPID_PRIVATE_KEY__

# ActiveRecord encryption keys (required for Rails/Mastodon encrypted attributes)
# Generate strong random values (examples below generate hex strings).
# Komodo must set these three variables. Do NOT reuse or change them after data is written without a proper key-rotation plan.
ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=__REPLACE_WITH_PRIMARY_KEY__       # 32 bytes (hex recommended)
ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=__REPLACE_WITH_DETERMINISTIC_KEY__  # 32 bytes (hex recommended)
ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=__REPLACE_WITH_KEY_DERIVATION_SALT__  # 16 bytes (hex recommended)

# Mail / SMTP (placeholders; template uses Gmail STARTTLS)
SMTP_SERVER=smtp.gmail.com
SMTP_PORT=587
SMTP_LOGIN=notifications@example.com
SMTP_PASSWORD=__REPLACE_SMTP_PASSWORD__
SMTP_FROM_ADDRESS=notifications@example.com
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=require

# Misc
STREAMING_ENABLED=true
RAILS_SERVE_STATIC_FILES=true