change env template

2022-11-19 18:17:16 +02:00 · 2022-11-19 18:17:16 +02:00 · 66075683e4
commit 66075683e4
parent 6b58fe6b43
2 changed files with 66 additions and 178 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,5 +1,4 @@
 ---
-mastodon_db_password: "{{ vault_mastodon_db_password }}"
 redis_pass: "{{ vault_mastodon_redis_password }}"
 mastodon_secret_key_base: "{{ vault_mastodon_secret_key_base }}"
 mastodon_otp_secret: "{{ vault_mastodon_otp_secret }}"
@ -46,6 +45,7 @@ mastodon_allow_prerelease: "false"
 mastodon_user: "mastodon"
 mastodon_home: "/home/{{ mastodon_user }}"
 mastodon_db_user: "{{ mastodon_user }}"
+mastodon_db_password: "{{ vault_mastodon_db_password }}"
 mastodon_path: "live"
 mastodon_db: "{{ mastodon_user }}_instance"
 mastodon_db_port: 5432
@ -60,6 +60,19 @@ db_host: /var/run/postgresql
 self_signed_cert_location: /etc/ssl/certs
 self_signed_key_location: /etc/ssl/private

+es_enabled: 'false'
+es_host: localhost
+es_port: 9200
+es_user: elastic
+es_pass: password
+
+s3_enabled: 'false'
+s3_bucket: ''
+aws_access_key_id: ''
+aws_secret_access_key: '' 
+s3_alias_host: ''
+
+
 ubuntu_codename: "{{ ansible_distribution_release }}"
 mastodon_db_login_unix_socket: "/var/run/postgresql"

--- a/templates/env.j2
+++ b/templates/env.j2
@ -1,194 +1,69 @@
-# Service dependencies
-# You may set REDIS_URL instead for more advanced options
-# You may also set REDIS_NAMESPACE to share Redis between multiple Mastodon servers
+# This is a sample configuration file. You can generate your configuration
+# with the `rake mastodon:setup` interactive setup wizard, but to customize
+# your setup even further, you'll need to edit it manually. This sample does
+# not demonstrate all available configuration options. Please look at
+# https://docs.joinmastodon.org/admin/config/ for the full documentation.
+
+# Note that this file accepts slightly different syntax depending on whether
+# you are using `docker-compose` or not. In particular, if you use
+# `docker-compose`, the value of each declared variable will be taken verbatim,
+# including surrounding quotes.
+# See: https://github.com/mastodon/mastodon/issues/16895
+
+# Federation
+# ----------
+# This identifies your server and cannot be changed safely later
+# ----------
+LOCAL_DOMAIN={{ mastodon_host }}
+
+# Redis
+# -----
 REDIS_HOST={{ redis_host }}
 REDIS_PORT={{ redis_port }}
-# You may set DATABASE_URL instead for more advanced options
-{% if mastodon_db_login_unix_socket %}
+
+# PostgreSQL
+# ----------
 DB_HOST={{ mastodon_db_login_unix_socket }}
-{% else %}
-DB_HOST={{ db_host }}
-{% endif %}
 DB_USER={{ mastodon_db_user }}
 DB_NAME={{ mastodon_db }}
 DB_PASS={{ mastodon_db_password }}
-DB_PORT={{ db_port }}
+DB_PORT={{ mastodon_db_port }}

-# Federation
-# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.
-# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
-LOCAL_DOMAIN={{ mastodon_host }}
-LOCAL_HTTPS={{ local_https }}
+# Elasticsearch (optional)
+# ------------------------
+ES_ENABLED={{ es_enabled }}
+ES_HOST={{ es_host }}
+ES_PORT={{ es_port }}
+# Authentication for ES (optional)
+ES_USER={{ es_user }}
+ES_PASS={{ es_pass }}

-{% if web_domain %}
-WEB_DOMAIN={{ mastodon_host }}
-{% endif %}
+# Secrets
+# -------
+# Make sure to use `rake secret` to generate secrets
+# -------
+SECRET_KEY_BASE=
+OTP_SECRET=

-{% if alternate_domains %}
-ALTERNATE_DOMAINS={{ alternate_domains }}
-{% endif %}
+# Web Push
+# --------
+# Generate with `rake mastodon:webpush:generate_vapid_key`
+# --------
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=

-# Application secrets
-# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
-#PAPERCLIP_SECRET=
-#SECRET_KEY_BASE=
-#OTP_SECRET=
-
-# VAPID keys (used for push notifications
-# You can generate the keys using the following command (first is the private key, second is the public one)
-# You should only generate this once per instance. If you later decide to change it, all push subscription will
-# be invalidated, requiring the users to access the website again to resubscribe.
-#
-# Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)
-#
-# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
-#VAPID_PRIVATE_KEY=
-#VAPID_PUBLIC_KEY=
-
-{% if single_user_mode %}
-# Registrations
-# Single user mode will disable registrations and redirect frontpage to the first profile
-SINGLE_USER_MODE=true
-{% endif %}
-{% if email_domain_blacklist %}
-# Prevent registrations with following e-mail domains
-EMAIL_DOMAIN_BLACKLIST={{ email_domain_blacklist }}
-{% endif %}
-{% if email_domain_whitelist %}
-# Only allow registrations with the following e-mail domains
-EMAIL_DOMAIN_WHITELIST={{ email_domain_whitelist }}
-{% endif %}
-
-# Optionally change default language
-DEFAULT_LOCALE={{ default_locale }}
-
-# E-mail configuration
-# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
-# If you want to use an SMTP server without authentication (e.g local Postfix relay)
-# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
-# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
+# Sending mail
+# ------------
 SMTP_SERVER={{ smtp_server }}
-SMTP_PORT={{ smtp_port }}
-SMTP_LOGIN={{ smtp_login }}
-SMTP_PASSWORD={{ smtp_password }}
+SMTP_PORT={{ smtp_port | default(587) }}
+SMTP_LOGIN={{ smtp_login | default('') }}
+SMTP_PASSWORD={{ smtp_password | default('') }}
 SMTP_FROM_ADDRESS={{ smtp_from_address }}

-{% if smtp_domain %}
-SMTP_DOMAIN={{ smtp_domain }}
-{% endif %}
-{% if smtp_delivery_method %}
-SMTP_DELIVERY_METHOD={{ smtp_delivery_method }}
-{% endif %}
-{% if smtp_auth_method %}
-SMTP_AUTH_METHOD={{ smtp_auth_method }}
-{% endif %}
-{% if smtp_ca_file is defined %}
-SMTP_CA_FILE={{ smtp_ca_file }}
-{% endif %}
-{% if smtp_openssl_verify_mode %}
-SMTP_OPENSSL_VERIFY_MODE={{ smtp_openssl_verify_mode }}
-{% endif %}
-{% if smtp_enable_starttls_auto %}
-SMTP_ENABLE_STARTTLS_AUTO={{ smtp_enable_starttls_auto }}
-{% endif %}
-{% if smtp_tls %}
-SMTP_TLS={{ smtp_tls }}
-{% endif %}
-
-{% if paperclip_root_path %}
-# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
-PAPERCLIP_ROOT_PATH={{ paperclip_root_path }}
-{% endif %}
-{% if paperclip_root_url %}
-PAPERCLIP_ROOT_URL={{ paperclip_root_url }}
-{% endif %}
-
-{% if cdn_host %}
-# Optional asset host for multi-server setups
-CDN_HOST={{ cdn_host }}
-{% endif %}
-
-{% if s3_enabled %}
+# File storage (optional)
+# -----------------------
 S3_ENABLED={{ s3_enabled }}
-{% endif %}
-{% if s3_bucket %}
 S3_BUCKET={{ s3_bucket }}
-{% endif %}
-{% if aws_access_key_id %}
 AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
-{% endif %}
-{% if aws_secret_access_key %}
 AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
-{% endif %}
-{% if s3_region %}
-S3_REGION={{ s3_region }}
-{% endif %}
-{% if s3_protocol %}
-S3_PROTOCOL={{ s3_protocol }}
-{% endif %}
-{% if s3_hostname %}
-S3_HOSTNAME={{ s3_hostname }}
-{% endif %}
-{% if s3_endpoint %}
-S3_ENDPOINT={{ s3_endpoint }}
-{% endif %}
-{% if s3_signature_version %}
-S3_SIGNATURE_VERSION={{ s3_signature_version }}
-{% endif %}
-
-{% if swift_enabled %}
-SWIFT_ENABLED={{ swift_enabled }}
-{% endif %}
-{% if swift_username %}
-SWIFT_USERNAME={{ swift_username }}
-{% endif %}
-{% if swift_tenant %}
-# For Keystone V3, the value for SWIFT_TENANT should be the project name
-SWIFT_TENANT=
-{% endif %}
-{% if swift_password %}
-SWIFT_PASSWORD={{ swift_password }}
-{% endif %}
-{% if swift_auth_url %}
-# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
-# issues with token rate-limiting during high load.
-SWIFT_AUTH_URL={{ swift_auth_url }}
-{% endif %}
-{% if swift_container %}
-SWIFT_CONTAINER={{ swift_container }}
-{% endif %}
-{% if swift_object_url %}
-SWIFT_OBJECT_URL={{ swift_object_url }}
-{% endif %}
-{% if swift_region %}
-SWIFT_REGION={{ swift_region }}
-{% endif %}
-{% if swift_domain_name %}
-# Defaults to 'default'
-# SWIFT_DOMAIN_NAME={{ swift_domain_name }}
-{% endif %}
-{% if swift_cache_ttl %}
-# Defaults to 60 seconds. Set to 0 to disable
-# SWIFT_CACHE_TTL={{ swift_cache_ttl }}
-{% endif %}
-
-{% if s3_cloudfront_host %}
-# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
-S3_CLOUDFRONT_HOST={{ s3_cloudfront_host }}
-{% endif %}
-{% if streaming_api_base_url %}
-# Streaming API integration
-# STREAMING_API_BASE_URL={{ streaming_api_base_url }}
-{% endif %}
-
-{% if prepared_statements %}
-# Advanced settings
-# If you need to use pgBouncer, you need to disable prepared statements:
-# PREPARED_STATEMENTS={{ prepared_statements }}
-{% endif %}
-
-{% if streaming_cluster_num %}
-# Cluster number setting for streaming API server.
-# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
-STREAMING_CLUSTER_NUM=1
-{% endif %}
+S3_ALIAS_HOST={{ s3_alias_host}}