SiFNet Mastodon deployments

.env

MASTODON_IMAGE=ghcr.io/cybersiliconforest/mastodon
MASTODON_TAG=latest

.env.production

# with the `rake mastodon:setup` interactive setup wizard, but to customize
# your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.

# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895

# Federation
# ----------
# This identifies your server and cannot be changed safely later
# ----------
WEB_DOMAIN=social.silicon.moe
LOCAL_DOMAIN=silicon.moe

# Redis
# -----
REDIS_HOST=redis
REDIS_PORT=6379

# Web tuning
WEB_CONCURRENCY=12
MAX_THREADS=10

# PostgreSQL
# ----------
DB_HOST=db
DB_USER=mastodon
DB_NAME=mastodon
DB_PASS=[REDACTED]
DB_PORT=5432

# DB Pooling
DB_POOL=48

# Elasticsearch (optional)
# ------------------------
ES_ENABLED=true
ES_HOST=es
ES_PORT=9200
# Authentication for ES (optional)
#ES_USER=elastic
#ES_PASS=password

# Secrets
# -------
# Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE=[REDACTED]
OTP_SECRET=[REDACTED]

# Web Push
# --------
# Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY=[REDACTED]
VAPID_PUBLIC_KEY=[ᅟREDACTED]

# Sending mail
# ------------
SMTP_SERVER=mail.silicon.moe
SMTP_PORT=587
SMTP_AUTH_METHOD=plain
[email protected]
SMTP_PASSWORD=[REDACTED]
SMTP_OPENSSL_VERIFY_MODE=peer
SMTP_FROM_ADDRESS=SiFNet Mastodon <[email protected]>
[email protected]
[email protected]

# File storage (optional)
# -----------------------
S3_ENABLED=true
S3_PROTOCOL=https
S3_REGION=us-east-1
S3_ENDPOINT=https://s3.us-west-004.backblazeb2.com
S3_HOSTNAME=s3.us-west-004.backblazeb2.com
S3_BUCKET=sifnet-mastodon
AWS_ACCESS_KEY_ID=[REDACTED]
AWS_SECRET_ACCESS_KEY=[REDACTED]
S3_ALIAS_HOST=mstdn-cdn.e14forest.net

S3_READ_TIMEOUT=10
S3_OPEN_TIMEOUT=10

# IP and session retention
# -----------------------
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
# -----------------------
IP_RETENTION_PERIOD=31556952
SESSION_RETENTION_PERIOD=31556952

# OIDC configuration
OIDC_ENABLED=true
OIDC_DISPLAY_NAME="SiliconForest ID"
OIDC_ISSUER=https://auth.silicon.moe/application/o/siliconforest-mastodon/
OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"
OIDC_UID_FIELD=preferred_username
OIDC_CLIENT_ID=[REDACTED]
OIDC_REDIRECT_URI=https://social.silicon.moe/auth/auth/openid_connect/callback
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
OIDC_CLIENT_SECRET=[REDACTED]

# Translator
#LIBRE_TRANSLATE_ENDPOINT=http://libretranslate:5000

docker-compose.yml

version: '3'
services:
  db:
    restart: always
    image: postgres:15-alpine
    shm_size: 256mb
    networks:
      - internal_network
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'mastodon']
    volumes:
      - ./postgres15:/var/lib/postgresql/data
    environment:
      - 'POSTGRES_USER=mastodon'
      - 'POSTGRES_PASSWORD=[REDACTED]'
        #pgbouncer:
        #  restart: always
        #  image: bitnami/pgbouncer:latest
        #  networks:
        #    - internal_network
        #  ports:
        #    - 6432:5432
        #  environment:
        #    - 'POSTGRESQL_USERNAME=mastodon'
        #    - 'POSTGRESQL_PASSWORD=[REDACTED]'
        #    - 'POSTGRESQL_DATABASE=mastodon'
        #    - 'POSTGRESQL_HOST=db'
        #    - 'POSTGRESQL_PORT=5432'
        #    - 'PGBOUNCER_PORT=5432'
        #    - 'PGBOUNCER_BIND_ADDRESS=0.0.0.0'
        #    - 'PGBOUNCER_DATABASE=mastodon'
        #    - 'PGBOUNCER_POOL_MODE=transaction'
        #    - 'PGBOUNCER_MAX_CLIENT_CONN=10000'
        #    - 'PGBOUNCER_DEFAULT_POOL_SIZE=100'
        #    - ''
        #  depends_on:
        #    - db

  redis:
    restart: always
    image: redis:7-alpine
    networks:
      - internal_network
    healthcheck:
      test: ['CMD', 'redis-cli', 'ping']
    volumes:
      - ./redis:/data

  es:
    restart: always
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
      - "xpack.license.self_generated.type=basic"
      - "xpack.security.enabled=false"
      - "xpack.watcher.enabled=false"
      - "xpack.graph.enabled=false"
      - "xpack.ml.enabled=false"
      - "bootstrap.memory_lock=true"
      - "cluster.name=es-mastodon"
      - "discovery.type=single-node"
      - "thread_pool.write.queue_size=1000"
    networks:
       - external_network
       - internal_network
    healthcheck:
       test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
    volumes:
       - ./elasticsearch:/usr/share/elasticsearch/data
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - '0.0.0.0:9201:9200'

  web:
    #build: .
    image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest}
    restart: always
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    networks:
      - external_network
      - internal_network
    healthcheck:
      # prettier-ignore
      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
    ports:
      - '0.0.0.0:4002:3000'
    depends_on:
      - db
      - redis
      # - es
    volumes:
      - ./public/system:/mastodon/public/system

  streaming:
    #build: .
    image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest}
    restart: always
    env_file: .env.production
    command: node ./streaming
    networks:
      - external_network
      - internal_network
    healthcheck:
      # prettier-ignore
      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
    ports:
      - '0.0.0.0:4003:4000'
    depends_on:
      - db
      - redis

  sidekiq:
    #build: .
    image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest}
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq -c 32
    depends_on:
      - db
      - redis
    networks:
      - external_network
      - internal_network
    volumes:
      - ./public/system:/mastodon/public/system
    healthcheck:
      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]

  sidekiq-exporter:
    image: strech/sidekiq-prometheus-exporter
    restart: always
    depends_on:
      - redis
    ports:
      - '0.0.0.0:3001:9292'
    networks:
      - external_network
      - internal_network
    environment:
      - 'REDIS_URL=redis://redis:6379/0'

        #  libretranslate:
        #    image: libretranslate/libretranslate:latest
        #    restart: unless-stopped
        #    networks:
        #       - external_network
        #       - internal_network
        #    volumes:
        #      - ./libretranslate/share:/home/libretranslate/.local/share
        #      - ./libretranslate/cache:/home/libretranslate/.local/cache
        #    environment:
        #      - LT_HOST=0.0.0.0
        #    ports:
        #      - '0.0.0.0:5000:5000'

  ## Uncomment to enable federation with tor instances along with adding the following ENV variables
  ## http_proxy=http://privoxy:8118
  ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
  # tor:
  #   image: sirboops/tor
  #   networks:
  #      - external_network
  #      - internal_network
  #
  # privoxy:
  #   image: sirboops/privoxy
  #   volumes:
  #     - ./priv-config:/opt/config
  #   networks:
  #     - external_network
  #     - internal_network

networks:
  external_network:
  internal_network:
    internal: true