ansible-role-mastodon/templates/env.j2

# Service dependencies
# You may set REDIS_URL instead for more advanced options
# You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers
REDIS_HOST={{ redis_host }}
REDIS_PORT={{ redis_port }}
# You may set DATABASE_URL instead for more advanced options
{% if mastodon_db_login_unix_socket %}
DB_HOST={{ mastodon_db_login_unix_socket }}
{% else %}
DB_HOST={{ db_host }}
{% endif %}
DB_USER={{ mastodon_db_user }}
DB_NAME={{ mastodon_db }}
DB_PASS={{ mastodon_db_password }}
DB_PORT={{ db_port }}

# Federation
# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.
# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
LOCAL_DOMAIN={{ local_domain }}
LOCAL_HTTPS={{ local_https }}

{% if web_domain %}
WEB_DOMAIN={{ web_domain }}
{% endif %}

{% if alternate_domains %}
ALTERNATE_DOMAINS={{ alternate_domains }}
{% endif %}

# Application secrets
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
PAPERCLIP_SECRET={{ paperclip_secret }}
SECRET_KEY_BASE={{ secret_key_base }}
OTP_SECRET={{ otp_secret }}

# VAPID keys (used for push notifications
# You can generate the keys using the following command (first is the private key, second is the public one)
# You should only generate this once per instance. If you later decide to change it, all push subscription will
# be invalidated, requiring the users to access the website again to resubscribe.
#
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
#
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
VAPID_PRIVATE_KEY={{ vapid_private_key }}
VAPID_PUBLIC_KEY=({ vapid_public_key })

{% if single_user_mode %}
# Registrations
# Single user mode will disable registrations and redirect frontpage to the first profile
SINGLE_USER_MODE=true
{% endif %}
{% if email_domain_blacklist %}
# Prevent registrations with following e-mail domains
EMAIL_DOMAIN_BLACKLIST={{ email_domain_blacklist }}
{% endif %}
{% if email_domain_whitelist %}
# Only allow registrations with the following e-mail domains
EMAIL_DOMAIN_WHITELIST={{ email_domain_whitelist }}
{% endif %}

# Optionally change default language
DEFAULT_LOCALE={{ default_locale }}

# E-mail configuration
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
# If you want to use an SMTP server without authentication (e.g local Postfix relay)
# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
SMTP_SERVER={{ smtp_server }}
SMTP_PORT={{ smtp_port }}
SMTP_LOGIN={{ smtp_login }}
SMTP_PASSWORD={{ smtp_password }}
SMTP_FROM_ADDRESS={{ smtp_from_address }}

{% if smtp_domain %}
SMTP_DOMAIN={{ smtp_domain }}
{% endif %}
{% if smtp_delivery_method %}
SMTP_DELIVERY_METHOD={{ smtp_delivery_method }}
{% endif %}
{% if smtp_auth_method %}
SMTP_AUTH_METHOD={{ smtp_auth_method }}
{% endif %}
{% if smtp_ca_file is defined %}
SMTP_CA_FILE={{ smtp_ca_file }}
{% endif %}
{% if smtp_openssl_verify_mode %}
SMTP_OPENSSL_VERIFY_MODE={{ smtp_openssl_verify_mode }}
{% endif %}
{% if smtp_enable_starttls_auto %}
SMTP_ENABLE_STARTTLS_AUTO={{ smtp_enable_starttls_auto }}
{% endif %}
{% if smtp_tls %}
SMTP_TLS={{ smtp_tls }}
{% endif %}

{% if paperclip_root_path %}
# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
PAPERCLIP_ROOT_PATH={{ paperclip_root_path }}
{% endif %}
{% if paperclip_root_url %}
PAPERCLIP_ROOT_URL={{ paperclip_root_url }}
{% endif %}

{% if cdn_host %}
# Optional asset host for multi-server setups
CDN_HOST={{ cdn_host }}
{% endif %}

{% if s3_enabled %}
S3_ENABLED={{ s3_enabled }}
{% endif %}
{% if s3_bucket %}
S3_BUCKET={{ s3_bucket }}
{% endif %}
{% if aws_access_key_id %}
AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
{% endif %}
{% if aws_secret_access_key %}
AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
{% endif %}
{% if s3_region %}
S3_REGION={{ s3_region }}
{% endif %}
{% if s3_protocol %}
S3_PROTOCOL={{ s3_protocol }}
{% endif %}
{% if s3_hostname %}
S3_HOSTNAME={{ s3_hostname }}
{% endif %}
{% if s3_endpoint %}
S3_ENDPOINT={{ s3_endpoint }}
{% endif %}
{% if s3_signature_version %}
S3_SIGNATURE_VERSION={{ s3_signature_version }}
{% endif %}

{% if swift_enabled %}
SWIFT_ENABLED={{ swift_enabled }}
{% endif %}
{% if swift_username %}
SWIFT_USERNAME={{ swift_username }}
{% endif %}
{% if swift_tenant %}
# For Keystone V3, the value for SWIFT_TENANT should be the project name
SWIFT_TENANT=
{% endif %}
{% if swift_password %}
SWIFT_PASSWORD={{ swift_password }}
{% endif %}
{% if swift_auth_url %}
# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
# issues with token rate-limiting during high load.
SWIFT_AUTH_URL={{ swift_auth_url }}
{% endif %}
{% if swift_container %}
SWIFT_CONTAINER={{ swift_container }}
{% endif %}
{% if swift_object_url %}
SWIFT_OBJECT_URL={{ swift_object_url }}
{% endif %}
{% if swift_region %}
SWIFT_REGION={{ swift_region }}
{% endif %}
{% if swift_domain_name %}
# Defaults to 'default'
# SWIFT_DOMAIN_NAME={{ swift_domain_name }}
{% endif %}
{% if swift_cache_ttl %}
# Defaults to 60 seconds. Set to 0 to disable
# SWIFT_CACHE_TTL={{ swift_cache_ttl }}
{% endif %}

{% if s3_cloudfront_host %}
# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
S3_CLOUDFRONT_HOST={{ s3_cloudfront_host }}
{% endif %}
{% if streaming_api_base_url %}
# Streaming API integration
# STREAMING_API_BASE_URL={{ streaming_api_base_url }}
{% endif %}

{% if prepared_statements %}
# Advanced settings
# If you need to use pgBouncer, you need to disable prepared statements:
# PREPARED_STATEMENTS={{ prepared_statements }}
{% endif %}

{% if streaming_cluster_num %}
# Cluster number setting for streaming API server.
# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
STREAMING_CLUSTER_NUM=1
{% endif %}
adapt code from mastodon-ansible 2022-11-19 10:10:57 +01:00			`# Service dependencies`
			`# You may set REDIS_URL instead for more advanced options`
			`# You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers`
			`REDIS_HOST={{ redis_host }}`
			`REDIS_PORT={{ redis_port }}`
			`# You may set DATABASE_URL instead for more advanced options`
fix db vars in env 2022-11-19 17:01:28 +01:00			`{% if mastodon_db_login_unix_socket %}`
			`DB_HOST={{ mastodon_db_login_unix_socket }}`
			`{% else %}`
adapt code from mastodon-ansible 2022-11-19 10:10:57 +01:00			`DB_HOST={{ db_host }}`
fix db vars in env 2022-11-19 17:01:28 +01:00			`{% endif %}`
			`DB_USER={{ mastodon_db_user }}`
			`DB_NAME={{ mastodon_db }}`
			`DB_PASS={{ mastodon_db_password }}`
adapt code from mastodon-ansible 2022-11-19 10:10:57 +01:00			`DB_PORT={{ db_port }}`

			`# Federation`
			`# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.`
			`# LOCAL_DOMAIN should NOT contain the protocol part of the domain e.g https://example.com.`
			`LOCAL_DOMAIN={{ local_domain }}`
			`LOCAL_HTTPS={{ local_https }}`

			`{% if web_domain %}`
			`WEB_DOMAIN={{ web_domain }}`
			`{% endif %}`

			`{% if alternate_domains %}`
			`ALTERNATE_DOMAINS={{ alternate_domains }}`
			`{% endif %}`

			`# Application secrets`
			# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
			`PAPERCLIP_SECRET={{ paperclip_secret }}`
			`SECRET_KEY_BASE={{ secret_key_base }}`
			`OTP_SECRET={{ otp_secret }}`

			`# VAPID keys (used for push notifications`
			`# You can generate the keys using the following command (first is the private key, second is the public one)`
			`# You should only generate this once per instance. If you later decide to change it, all push subscription will`
			`# be invalidated, requiring the users to access the website again to resubscribe.`
			`#`
			# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
			`#`
			`# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html`
			`VAPID_PRIVATE_KEY={{ vapid_private_key }}`
			`VAPID_PUBLIC_KEY=({ vapid_public_key })`

			`{% if single_user_mode %}`
			`# Registrations`
			`# Single user mode will disable registrations and redirect frontpage to the first profile`
			`SINGLE_USER_MODE=true`
			`{% endif %}`
			`{% if email_domain_blacklist %}`
			`# Prevent registrations with following e-mail domains`
			`EMAIL_DOMAIN_BLACKLIST={{ email_domain_blacklist }}`
			`{% endif %}`
			`{% if email_domain_whitelist %}`
			`# Only allow registrations with the following e-mail domains`
			`EMAIL_DOMAIN_WHITELIST={{ email_domain_whitelist }}`
			`{% endif %}`

			`# Optionally change default language`
			`DEFAULT_LOCALE={{ default_locale }}`

			`# E-mail configuration`
			`# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers`
			`# If you want to use an SMTP server without authentication (e.g local Postfix relay)`
			`# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and`
			`# comment SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).`
			`SMTP_SERVER={{ smtp_server }}`
			`SMTP_PORT={{ smtp_port }}`
			`SMTP_LOGIN={{ smtp_login }}`
			`SMTP_PASSWORD={{ smtp_password }}`
			`SMTP_FROM_ADDRESS={{ smtp_from_address }}`

			`{% if smtp_domain %}`
			`SMTP_DOMAIN={{ smtp_domain }}`
			`{% endif %}`
			`{% if smtp_delivery_method %}`
			`SMTP_DELIVERY_METHOD={{ smtp_delivery_method }}`
			`{% endif %}`
			`{% if smtp_auth_method %}`
			`SMTP_AUTH_METHOD={{ smtp_auth_method }}`
			`{% endif %}`
fix template 2022-11-19 16:57:25 +01:00			`{% if smtp_ca_file is defined %}`
adapt code from mastodon-ansible 2022-11-19 10:10:57 +01:00			`SMTP_CA_FILE={{ smtp_ca_file }}`
			`{% endif %}`
			`{% if smtp_openssl_verify_mode %}`
			`SMTP_OPENSSL_VERIFY_MODE={{ smtp_openssl_verify_mode }}`
			`{% endif %}`
			`{% if smtp_enable_starttls_auto %}`
			`SMTP_ENABLE_STARTTLS_AUTO={{ smtp_enable_starttls_auto }}`
			`{% endif %}`
			`{% if smtp_tls %}`
			`SMTP_TLS={{ smtp_tls }}`
			`{% endif %}`

			`{% if paperclip_root_path %}`
			`# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.`
			`PAPERCLIP_ROOT_PATH={{ paperclip_root_path }}`
			`{% endif %}`
			`{% if paperclip_root_url %}`
			`PAPERCLIP_ROOT_URL={{ paperclip_root_url }}`
			`{% endif %}`

			`{% if cdn_host %}`
			`# Optional asset host for multi-server setups`
			`CDN_HOST={{ cdn_host }}`
			`{% endif %}`

			`{% if s3_enabled %}`
			`S3_ENABLED={{ s3_enabled }}`
			`{% endif %}`
			`{% if s3_bucket %}`
			`S3_BUCKET={{ s3_bucket }}`
			`{% endif %}`
			`{% if aws_access_key_id %}`
			`AWS_ACCESS_KEY_ID={{ aws_access_key_id }}`
			`{% endif %}`
			`{% if aws_secret_access_key %}`
			`AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}`
			`{% endif %}`
			`{% if s3_region %}`
			`S3_REGION={{ s3_region }}`
			`{% endif %}`
			`{% if s3_protocol %}`
			`S3_PROTOCOL={{ s3_protocol }}`
			`{% endif %}`
			`{% if s3_hostname %}`
			`S3_HOSTNAME={{ s3_hostname }}`
			`{% endif %}`
			`{% if s3_endpoint %}`
			`S3_ENDPOINT={{ s3_endpoint }}`
			`{% endif %}`
			`{% if s3_signature_version %}`
			`S3_SIGNATURE_VERSION={{ s3_signature_version }}`
			`{% endif %}`

			`{% if swift_enabled %}`
			`SWIFT_ENABLED={{ swift_enabled }}`
			`{% endif %}`
			`{% if swift_username %}`
			`SWIFT_USERNAME={{ swift_username }}`
			`{% endif %}`
			`{% if swift_tenant %}`
			`# For Keystone V3, the value for SWIFT_TENANT should be the project name`
			`SWIFT_TENANT=`
			`{% endif %}`
			`{% if swift_password %}`
			`SWIFT_PASSWORD={{ swift_password }}`
			`{% endif %}`
			`{% if swift_auth_url %}`
			`# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid`
			`# issues with token rate-limiting during high load.`
			`SWIFT_AUTH_URL={{ swift_auth_url }}`
			`{% endif %}`
			`{% if swift_container %}`
			`SWIFT_CONTAINER={{ swift_container }}`
			`{% endif %}`
			`{% if swift_object_url %}`
			`SWIFT_OBJECT_URL={{ swift_object_url }}`
			`{% endif %}`
			`{% if swift_region %}`
			`SWIFT_REGION={{ swift_region }}`
			`{% endif %}`
			`{% if swift_domain_name %}`
			`# Defaults to 'default'`
			`# SWIFT_DOMAIN_NAME={{ swift_domain_name }}`
			`{% endif %}`
			`{% if swift_cache_ttl %}`
			`# Defaults to 60 seconds. Set to 0 to disable`
			`# SWIFT_CACHE_TTL={{ swift_cache_ttl }}`
			`{% endif %}`

			`{% if s3_cloudfront_host %}`
			`# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front`
			`S3_CLOUDFRONT_HOST={{ s3_cloudfront_host }}`
			`{% endif %}`
			`{% if streaming_api_base_url %}`
			`# Streaming API integration`
			`# STREAMING_API_BASE_URL={{ streaming_api_base_url }}`
			`{% endif %}`

			`{% if prepared_statements %}`
			`# Advanced settings`
			`# If you need to use pgBouncer, you need to disable prepared statements:`
			`# PREPARED_STATEMENTS={{ prepared_statements }}`
			`{% endif %}`

			`{% if streaming_cluster_num %}`
			`# Cluster number setting for streaming API server.`
			# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
			`STREAMING_CLUSTER_NUM=1`
			`{% endif %}`