From 66075683e49b968ef19e712f7a07e4e180aabde4 Mon Sep 17 00:00:00 2001 From: "Antonio J. Delgado" Date: Sat, 19 Nov 2022 18:17:16 +0200 Subject: [PATCH] change env template --- defaults/main.yml | 15 ++- templates/env.j2 | 229 +++++++++++----------------------------------- 2 files changed, 66 insertions(+), 178 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index ab9aaa6..5d7f5ce 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,4 @@ --- -mastodon_db_password: "{{ vault_mastodon_db_password }}" redis_pass: "{{ vault_mastodon_redis_password }}" mastodon_secret_key_base: "{{ vault_mastodon_secret_key_base }}" mastodon_otp_secret: "{{ vault_mastodon_otp_secret }}" @@ -46,6 +45,7 @@ mastodon_allow_prerelease: "false" mastodon_user: "mastodon" mastodon_home: "/home/{{ mastodon_user }}" mastodon_db_user: "{{ mastodon_user }}" +mastodon_db_password: "{{ vault_mastodon_db_password }}" mastodon_path: "live" mastodon_db: "{{ mastodon_user }}_instance" mastodon_db_port: 5432 @@ -60,6 +60,19 @@ db_host: /var/run/postgresql self_signed_cert_location: /etc/ssl/certs self_signed_key_location: /etc/ssl/private +es_enabled: 'false' +es_host: localhost +es_port: 9200 +es_user: elastic +es_pass: password + +s3_enabled: 'false' +s3_bucket: '' +aws_access_key_id: '' +aws_secret_access_key: '' +s3_alias_host: '' + + ubuntu_codename: "{{ ansible_distribution_release }}" mastodon_db_login_unix_socket: "/var/run/postgresql" diff --git a/templates/env.j2 b/templates/env.j2 index fe6666d..0d16f3b 100644 --- a/templates/env.j2 +++ b/templates/env.j2 @@ -1,194 +1,69 @@ -# Service dependencies -# You may set REDIS_URL instead for more advanced options -# You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers +# This is a sample configuration file. You can generate your configuration +# with the `rake mastodon:setup` interactive setup wizard, but to customize +# your setup even further, you'll need to edit it manually. This sample does +# not demonstrate all available configuration options. Please look at +# https://docs.joinmastodon.org/admin/config/ for the full documentation. + +# Note that this file accepts slightly different syntax depending on whether +# you are using `docker-compose` or not. In particular, if you use +# `docker-compose`, the value of each declared variable will be taken verbatim, +# including surrounding quotes. +# See: https://github.com/mastodon/mastodon/issues/16895 + +# Federation +# ---------- +# This identifies your server and cannot be changed safely later +# ---------- +LOCAL_DOMAIN={{ mastodon_host }} + +# Redis +# ----- REDIS_HOST={{ redis_host }} REDIS_PORT={{ redis_port }} -# You may set DATABASE_URL instead for more advanced options -{% if mastodon_db_login_unix_socket %} + +# PostgreSQL +# ---------- DB_HOST={{ mastodon_db_login_unix_socket }} -{% else %} -DB_HOST={{ db_host }} -{% endif %} DB_USER={{ mastodon_db_user }} DB_NAME={{ mastodon_db }} DB_PASS={{ mastodon_db_password }} -DB_PORT={{ db_port }} +DB_PORT={{ mastodon_db_port }} -# Federation -# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects. -# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com. -LOCAL_DOMAIN={{ mastodon_host }} -LOCAL_HTTPS={{ local_https }} +# Elasticsearch (optional) +# ------------------------ +ES_ENABLED={{ es_enabled }} +ES_HOST={{ es_host }} +ES_PORT={{ es_port }} +# Authentication for ES (optional) +ES_USER={{ es_user }} +ES_PASS={{ es_pass }} -{% if web_domain %} -WEB_DOMAIN={{ mastodon_host }} -{% endif %} +# Secrets +# ------- +# Make sure to use `rake secret` to generate secrets +# ------- +SECRET_KEY_BASE= +OTP_SECRET= -{% if alternate_domains %} -ALTERNATE_DOMAINS={{ alternate_domains }} -{% endif %} +# Web Push +# -------- +# Generate with `rake mastodon:webpush:generate_vapid_key` +# -------- +VAPID_PRIVATE_KEY= +VAPID_PUBLIC_KEY= -# Application secrets -# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) -#PAPERCLIP_SECRET= -#SECRET_KEY_BASE= -#OTP_SECRET= - -# VAPID keys (used for push notifications -# You can generate the keys using the following command (first is the private key, second is the public one) -# You should only generate this once per instance. If you later decide to change it, all push subscription will -# be invalidated, requiring the users to access the website again to resubscribe. -# -# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose) -# -# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html -#VAPID_PRIVATE_KEY= -#VAPID_PUBLIC_KEY= - -{% if single_user_mode %} -# Registrations -# Single user mode will disable registrations and redirect frontpage to the first profile -SINGLE_USER_MODE=true -{% endif %} -{% if email_domain_blacklist %} -# Prevent registrations with following e-mail domains -EMAIL_DOMAIN_BLACKLIST={{ email_domain_blacklist }} -{% endif %} -{% if email_domain_whitelist %} -# Only allow registrations with the following e-mail domains -EMAIL_DOMAIN_WHITELIST={{ email_domain_whitelist }} -{% endif %} - -# Optionally change default language -DEFAULT_LOCALE={{ default_locale }} - -# E-mail configuration -# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers -# If you want to use an SMTP server without authentication (e.g local Postfix relay) -# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and -# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough). +# Sending mail +# ------------ SMTP_SERVER={{ smtp_server }} -SMTP_PORT={{ smtp_port }} -SMTP_LOGIN={{ smtp_login }} -SMTP_PASSWORD={{ smtp_password }} +SMTP_PORT={{ smtp_port | default(587) }} +SMTP_LOGIN={{ smtp_login | default('') }} +SMTP_PASSWORD={{ smtp_password | default('') }} SMTP_FROM_ADDRESS={{ smtp_from_address }} -{% if smtp_domain %} -SMTP_DOMAIN={{ smtp_domain }} -{% endif %} -{% if smtp_delivery_method %} -SMTP_DELIVERY_METHOD={{ smtp_delivery_method }} -{% endif %} -{% if smtp_auth_method %} -SMTP_AUTH_METHOD={{ smtp_auth_method }} -{% endif %} -{% if smtp_ca_file is defined %} -SMTP_CA_FILE={{ smtp_ca_file }} -{% endif %} -{% if smtp_openssl_verify_mode %} -SMTP_OPENSSL_VERIFY_MODE={{ smtp_openssl_verify_mode }} -{% endif %} -{% if smtp_enable_starttls_auto %} -SMTP_ENABLE_STARTTLS_AUTO={{ smtp_enable_starttls_auto }} -{% endif %} -{% if smtp_tls %} -SMTP_TLS={{ smtp_tls }} -{% endif %} - -{% if paperclip_root_path %} -# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files. -PAPERCLIP_ROOT_PATH={{ paperclip_root_path }} -{% endif %} -{% if paperclip_root_url %} -PAPERCLIP_ROOT_URL={{ paperclip_root_url }} -{% endif %} - -{% if cdn_host %} -# Optional asset host for multi-server setups -CDN_HOST={{ cdn_host }} -{% endif %} - -{% if s3_enabled %} +# File storage (optional) +# ----------------------- S3_ENABLED={{ s3_enabled }} -{% endif %} -{% if s3_bucket %} S3_BUCKET={{ s3_bucket }} -{% endif %} -{% if aws_access_key_id %} AWS_ACCESS_KEY_ID={{ aws_access_key_id }} -{% endif %} -{% if aws_secret_access_key %} AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }} -{% endif %} -{% if s3_region %} -S3_REGION={{ s3_region }} -{% endif %} -{% if s3_protocol %} -S3_PROTOCOL={{ s3_protocol }} -{% endif %} -{% if s3_hostname %} -S3_HOSTNAME={{ s3_hostname }} -{% endif %} -{% if s3_endpoint %} -S3_ENDPOINT={{ s3_endpoint }} -{% endif %} -{% if s3_signature_version %} -S3_SIGNATURE_VERSION={{ s3_signature_version }} -{% endif %} - -{% if swift_enabled %} -SWIFT_ENABLED={{ swift_enabled }} -{% endif %} -{% if swift_username %} -SWIFT_USERNAME={{ swift_username }} -{% endif %} -{% if swift_tenant %} -# For Keystone V3, the value for SWIFT_TENANT should be the project name -SWIFT_TENANT= -{% endif %} -{% if swift_password %} -SWIFT_PASSWORD={{ swift_password }} -{% endif %} -{% if swift_auth_url %} -# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid -# issues with token rate-limiting during high load. -SWIFT_AUTH_URL={{ swift_auth_url }} -{% endif %} -{% if swift_container %} -SWIFT_CONTAINER={{ swift_container }} -{% endif %} -{% if swift_object_url %} -SWIFT_OBJECT_URL={{ swift_object_url }} -{% endif %} -{% if swift_region %} -SWIFT_REGION={{ swift_region }} -{% endif %} -{% if swift_domain_name %} -# Defaults to 'default' -# SWIFT_DOMAIN_NAME={{ swift_domain_name }} -{% endif %} -{% if swift_cache_ttl %} -# Defaults to 60 seconds. Set to 0 to disable -# SWIFT_CACHE_TTL={{ swift_cache_ttl }} -{% endif %} - -{% if s3_cloudfront_host %} -# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front -S3_CLOUDFRONT_HOST={{ s3_cloudfront_host }} -{% endif %} -{% if streaming_api_base_url %} -# Streaming API integration -# STREAMING_API_BASE_URL={{ streaming_api_base_url }} -{% endif %} - -{% if prepared_statements %} -# Advanced settings -# If you need to use pgBouncer, you need to disable prepared statements: -# PREPARED_STATEMENTS={{ prepared_statements }} -{% endif %} - -{% if streaming_cluster_num %} -# Cluster number setting for streaming API server. -# If you comment out following line, cluster number will be `numOfCpuCores - 1`. -STREAMING_CLUSTER_NUM=1 -{% endif %} +S3_ALIAS_HOST={{ s3_alias_host}}