-
-
Notifications
You must be signed in to change notification settings - Fork 144
/
mastodon.yml
121 lines (113 loc) · 4.55 KB
/
mastodon.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# DOMAIN=example.com docker stack deploy -c mastodon.yml mastodon
# chown -R 991:991 system/
# docker exec -it web bundle exec rake secret # OTP_SECRET and SECRET_KEY_BASE
# docker exec -it web bundle exec rake mastodon:webpush:generate_vapid_key # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
# docker exec -it web bin/rails db:encryption:init
# tootctl accounts modify --role Owner <username> # Set owner role
# tootctl accounts create <username> --email <email> --confirmed --role Admin # Add user
# tootctl media remove # Remove all media
# tootctl media remove-orphans # Remove orphan files
# tootctl cache clear # Clear cache
# tootctl accounts modify --disable-2fa <username> # Disable 2FA
x-defaults: &defaults
image: ghcr.io/mastodon/mastodon:${VERSION:-v4.3.2}
environment:
- LOCAL_DOMAIN=${DOMAIN:-mastodon.localhost}
- SINGLE_USER_MODE=${SINGLE_USER_MODE:-false}
- SECRET_KEY_BASE=${SECRET_KEY_BASE:-"DEFAULT_KEY"}
- OTP_SECRET=${OTP_SECRET}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- DB_HOST=${POSTGRES_HOST:-postgres}
- DB_PORT=${POSTGRES_PORT:-5432}
- DB_NAME=${POSTGRES_DB:-mastodon}
- DB_USER=${POSTGRES_USER:-mastodon}
- DB_PASS=${POSTGRES_PASSWORD:-myp@ssw0rd}
- REDIS_HOST=redis
- REDIS_PORT=6379
- REDIS_PASSWORD=
- SMTP_SERVER=${SMTP_SERVER:-smtp.mailgun.org}
- SMTP_PORT=${SMTP_PORT:-587}
- SMTP_LOGIN=${SMTP_LOGIN}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_AUTH_METHOD=${SMTP_AUTH_METHOD:-plain}
- SMTP_OPENSSL_VERIFY_MODE=${SMTP_OPENSSL_VERIFY_MODE:-none}
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS:[email protected]}
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
services:
web:
<<: *defaults
command: bash -c "chown -R 991:991 /mastodon/public/system; rm -f /mastodon/tmp/pids/server.pid; rails db:migrate; rails assets:precompile; rails s -p 3000"
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.mastodon-${NUMBER:-1}.rule=Host(`${DOMAIN:-mastodon.localhost}`)
- traefik.http.routers.mastodon-${NUMBER:-1}.entrypoints=${SCHEME:-https}
- traefik.http.routers.mastodon-${NUMBER:-1}.service=mastodon-${NUMBER:-1}
- traefik.http.routers.mastodon-${NUMBER:-1}.tls.certresolver=letsencrypt
- traefik.http.services.mastodon-${NUMBER:-1}.loadbalancer.server.port=3000
volumes:
- ${VOLUME_PATH}system:/mastodon/public/system
networks:
- traefik
- internal
streaming:
<<: *defaults
image: ghcr.io/mastodon/mastodon-streaming:${VERSION:-v4.3.2}
command: node ./streaming
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.mastodon-streaming-${NUMBER:-1}.rule=Host(`${DOMAIN:-mastodon.localhost}`) && PathPrefix(`/api/v1/streaming`)
- traefik.http.routers.mastodon-streaming-${NUMBER:-1}.entrypoints=${SCHEME:-https}
- traefik.http.routers.mastodon-streaming-${NUMBER:-1}.service=mastodon-streaming-${NUMBER:-1}
- traefik.http.routers.mastodon-streaming-${NUMBER:-1}.tls.certresolver=letsencrypt
- traefik.http.services.mastodon-streaming-${NUMBER:-1}.loadbalancer.server.port=4000
networks:
- traefik
- internal
sidekiq:
<<: *defaults
command: bundle exec sidekiq
volumes:
- ${VOLUME_PATH}system:/mastodon/public/system
networks:
- internal
postgres:
image: postgres:${POSTGRES_VERSION:-12-alpine}
command: postgres -c 'max_connections=250'
healthcheck:
test: ["CMD", "pg_isready", "-U", "postgres"]
environment:
- POSTGRES_DB=${POSTGRES_DB:-mastodon}
- POSTGRES_USER=${POSTGRES_USER:-mastodon}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-myp@ssw0rd}
volumes:
- ${VOLUME_PATH}postgres:/var/lib/postgresql/data
networks:
- internal
redis:
image: redis:6-alpine
healthcheck:
test: ["CMD", "redis-cli", "ping"]
volumes:
- ${VOLUME_PATH}redis:/data
networks:
- internal
volumes:
system:
redis:
postgres:
networks:
internal:
driver: overlay
attachable: true
traefik:
external: true
name: traefik-net