adelgado/ansible-role-mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

change env template

Browse source
This commit is contained in:
Antonio J. Delgado 2022-11-19 18:17:16 +02:00
parent 6b58fe6b43
commit 66075683e4
2 changed files with 66 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
defaults/main.yml
View file

@ -1,5 +1,4 @@
--- ---
mastodon_db_password: "{{ vault_mastodon_db_password }}"
redis_pass: "{{ vault_mastodon_redis_password }}" redis_pass: "{{ vault_mastodon_redis_password }}"
mastodon_secret_key_base: "{{ vault_mastodon_secret_key_base }}" mastodon_secret_key_base: "{{ vault_mastodon_secret_key_base }}"
mastodon_otp_secret: "{{ vault_mastodon_otp_secret }}" mastodon_otp_secret: "{{ vault_mastodon_otp_secret }}"
@ -46,6 +45,7 @@ mastodon_allow_prerelease: "false"
mastodon_user: "mastodon" mastodon_user: "mastodon"
mastodon_home: "/home/{{ mastodon_user }}" mastodon_home: "/home/{{ mastodon_user }}"
mastodon_db_user: "{{ mastodon_user }}" mastodon_db_user: "{{ mastodon_user }}"
mastodon_db_password: "{{ vault_mastodon_db_password }}"
mastodon_path: "live" mastodon_path: "live"
mastodon_db: "{{ mastodon_user }}_instance" mastodon_db: "{{ mastodon_user }}_instance"
mastodon_db_port: 5432 mastodon_db_port: 5432
@ -60,6 +60,19 @@ db_host: /var/run/postgresql
self_signed_cert_location: /etc/ssl/certs self_signed_cert_location: /etc/ssl/certs
self_signed_key_location: /etc/ssl/private self_signed_key_location: /etc/ssl/private
es_enabled: 'false'
es_host: localhost
es_port: 9200
es_user: elastic
es_pass: password
s3_enabled: 'false'
s3_bucket: ''
aws_access_key_id: ''
aws_secret_access_key: ''
s3_alias_host: ''
ubuntu_codename: "{{ ansible_distribution_release }}" ubuntu_codename: "{{ ansible_distribution_release }}"
mastodon_db_login_unix_socket: "/var/run/postgresql" mastodon_db_login_unix_socket: "/var/run/postgresql"

229
templates/env.j2
View file

@ -1,194 +1,69 @@
# Service dependencies # This is a sample configuration file. You can generate your configuration
# You may set REDIS_URL instead for more advanced options # with the `rake mastodon:setup` interactive setup wizard, but to customize
# You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers # your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Federation
# ----------
# This identifies your server and cannot be changed safely later
# ----------
LOCAL_DOMAIN={{ mastodon_host }}
# Redis
# -----
REDIS_HOST={{ redis_host }} REDIS_HOST={{ redis_host }}
REDIS_PORT={{ redis_port }} REDIS_PORT={{ redis_port }}
# You may set DATABASE_URL instead for more advanced options
{% if mastodon_db_login_unix_socket %} # PostgreSQL
# ----------
DB_HOST={{ mastodon_db_login_unix_socket }} DB_HOST={{ mastodon_db_login_unix_socket }}
{% else %}
DB_HOST={{ db_host }}
{% endif %}
DB_USER={{ mastodon_db_user }} DB_USER={{ mastodon_db_user }}
DB_NAME={{ mastodon_db }} DB_NAME={{ mastodon_db }}
DB_PASS={{ mastodon_db_password }} DB_PASS={{ mastodon_db_password }}
DB_PORT={{ db_port }} DB_PORT={{ mastodon_db_port }}
# Federation # Elasticsearch (optional)
# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects. # ------------------------
# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com. ES_ENABLED={{ es_enabled }}
LOCAL_DOMAIN={{ mastodon_host }} ES_HOST={{ es_host }}
LOCAL_HTTPS={{ local_https }} ES_PORT={{ es_port }}
# Authentication for ES (optional)
ES_USER={{ es_user }}
ES_PASS={{ es_pass }}
{% if web_domain %} # Secrets
WEB_DOMAIN={{ mastodon_host }} # -------
{% endif %} # Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE=
OTP_SECRET=
{% if alternate_domains %} # Web Push
ALTERNATE_DOMAINS={{ alternate_domains }} # --------
{% endif %} # Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=
# Application secrets # Sending mail
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) # ------------
#PAPERCLIP_SECRET=
#SECRET_KEY_BASE=
#OTP_SECRET=
# VAPID keys (used for push notifications
# You can generate the keys using the following command (first is the private key, second is the public one)
# You should only generate this once per instance. If you later decide to change it, all push subscription will
# be invalidated, requiring the users to access the website again to resubscribe.
#
# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
#
# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
#VAPID_PRIVATE_KEY=
#VAPID_PUBLIC_KEY=
{% if single_user_mode %}
# Registrations
# Single user mode will disable registrations and redirect frontpage to the first profile
SINGLE_USER_MODE=true
{% endif %}
{% if email_domain_blacklist %}
# Prevent registrations with following e-mail domains
EMAIL_DOMAIN_BLACKLIST={{ email_domain_blacklist }}
{% endif %}
{% if email_domain_whitelist %}
# Only allow registrations with the following e-mail domains
EMAIL_DOMAIN_WHITELIST={{ email_domain_whitelist }}
{% endif %}
# Optionally change default language
DEFAULT_LOCALE={{ default_locale }}
# E-mail configuration
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
# If you want to use an SMTP server without authentication (e.g local Postfix relay)
# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
SMTP_SERVER={{ smtp_server }} SMTP_SERVER={{ smtp_server }}
SMTP_PORT={{ smtp_port }} SMTP_PORT={{ smtp_port | default(587) }}
SMTP_LOGIN={{ smtp_login }} SMTP_LOGIN={{ smtp_login | default('') }}
SMTP_PASSWORD={{ smtp_password }} SMTP_PASSWORD={{ smtp_password | default('') }}
SMTP_FROM_ADDRESS={{ smtp_from_address }} SMTP_FROM_ADDRESS={{ smtp_from_address }}
{% if smtp_domain %} # File storage (optional)
SMTP_DOMAIN={{ smtp_domain }} # -----------------------
{% endif %}
{% if smtp_delivery_method %}
SMTP_DELIVERY_METHOD={{ smtp_delivery_method }}
{% endif %}
{% if smtp_auth_method %}
SMTP_AUTH_METHOD={{ smtp_auth_method }}
{% endif %}
{% if smtp_ca_file is defined %}
SMTP_CA_FILE={{ smtp_ca_file }}
{% endif %}
{% if smtp_openssl_verify_mode %}
SMTP_OPENSSL_VERIFY_MODE={{ smtp_openssl_verify_mode }}
{% endif %}
{% if smtp_enable_starttls_auto %}
SMTP_ENABLE_STARTTLS_AUTO={{ smtp_enable_starttls_auto }}
{% endif %}
{% if smtp_tls %}
SMTP_TLS={{ smtp_tls }}
{% endif %}
{% if paperclip_root_path %}
# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
PAPERCLIP_ROOT_PATH={{ paperclip_root_path }}
{% endif %}
{% if paperclip_root_url %}
PAPERCLIP_ROOT_URL={{ paperclip_root_url }}
{% endif %}
{% if cdn_host %}
# Optional asset host for multi-server setups
CDN_HOST={{ cdn_host }}
{% endif %}
{% if s3_enabled %}
S3_ENABLED={{ s3_enabled }} S3_ENABLED={{ s3_enabled }}
{% endif %}
{% if s3_bucket %}
S3_BUCKET={{ s3_bucket }} S3_BUCKET={{ s3_bucket }}
{% endif %}
{% if aws_access_key_id %}
AWS_ACCESS_KEY_ID={{ aws_access_key_id }} AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
{% endif %}
{% if aws_secret_access_key %}
AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }} AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
{% endif %} S3_ALIAS_HOST={{ s3_alias_host}}
{% if s3_region %}
S3_REGION={{ s3_region }}
{% endif %}
{% if s3_protocol %}
S3_PROTOCOL={{ s3_protocol }}
{% endif %}
{% if s3_hostname %}
S3_HOSTNAME={{ s3_hostname }}
{% endif %}
{% if s3_endpoint %}
S3_ENDPOINT={{ s3_endpoint }}
{% endif %}
{% if s3_signature_version %}
S3_SIGNATURE_VERSION={{ s3_signature_version }}
{% endif %}
{% if swift_enabled %}
SWIFT_ENABLED={{ swift_enabled }}
{% endif %}
{% if swift_username %}
SWIFT_USERNAME={{ swift_username }}
{% endif %}
{% if swift_tenant %}
# For Keystone V3, the value for SWIFT_TENANT should be the project name
SWIFT_TENANT=
{% endif %}
{% if swift_password %}
SWIFT_PASSWORD={{ swift_password }}
{% endif %}
{% if swift_auth_url %}
# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
# issues with token rate-limiting during high load.
SWIFT_AUTH_URL={{ swift_auth_url }}
{% endif %}
{% if swift_container %}
SWIFT_CONTAINER={{ swift_container }}
{% endif %}
{% if swift_object_url %}
SWIFT_OBJECT_URL={{ swift_object_url }}
{% endif %}
{% if swift_region %}
SWIFT_REGION={{ swift_region }}
{% endif %}
{% if swift_domain_name %}
# Defaults to 'default'
# SWIFT_DOMAIN_NAME={{ swift_domain_name }}
{% endif %}
{% if swift_cache_ttl %}
# Defaults to 60 seconds. Set to 0 to disable
# SWIFT_CACHE_TTL={{ swift_cache_ttl }}
{% endif %}
{% if s3_cloudfront_host %}
# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
S3_CLOUDFRONT_HOST={{ s3_cloudfront_host }}
{% endif %}
{% if streaming_api_base_url %}
# Streaming API integration
# STREAMING_API_BASE_URL={{ streaming_api_base_url }}
{% endif %}
{% if prepared_statements %}
# Advanced settings
# If you need to use pgBouncer, you need to disable prepared statements:
# PREPARED_STATEMENTS={{ prepared_statements }}
{% endif %}
{% if streaming_cluster_num %}
# Cluster number setting for streaming API server.
# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
STREAMING_CLUSTER_NUM=1
{% endif %}