-
-
Save perillamint/2367937679fdbd1f84109b2909eac155 to your computer and use it in GitHub Desktop.
SiFNet Mastodon deployments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MASTODON_IMAGE=ghcr.io/cybersiliconforest/mastodon | |
MASTODON_TAG=latest |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# with the `rake mastodon:setup` interactive setup wizard, but to customize | |
# your setup even further, you'll need to edit it manually. This sample does | |
# not demonstrate all available configuration options. Please look at | |
# https://docs.joinmastodon.org/admin/config/ for the full documentation. | |
# Note that this file accepts slightly different syntax depending on whether | |
# you are using `docker-compose` or not. In particular, if you use | |
# `docker-compose`, the value of each declared variable will be taken verbatim, | |
# including surrounding quotes. | |
# See: https://github.com/mastodon/mastodon/issues/16895 | |
# Federation | |
# ---------- | |
# This identifies your server and cannot be changed safely later | |
# ---------- | |
WEB_DOMAIN=social.silicon.moe | |
LOCAL_DOMAIN=silicon.moe | |
# Redis | |
# ----- | |
REDIS_HOST=redis | |
REDIS_PORT=6379 | |
# Web tuning | |
WEB_CONCURRENCY=12 | |
MAX_THREADS=10 | |
# PostgreSQL | |
# ---------- | |
DB_HOST=db | |
DB_USER=mastodon | |
DB_NAME=mastodon | |
DB_PASS=[REDACTED] | |
DB_PORT=5432 | |
# DB Pooling | |
DB_POOL=48 | |
# Elasticsearch (optional) | |
# ------------------------ | |
ES_ENABLED=true | |
ES_HOST=es | |
ES_PORT=9200 | |
# Authentication for ES (optional) | |
#ES_USER=elastic | |
#ES_PASS=password | |
# Secrets | |
# ------- | |
# Make sure to use `rake secret` to generate secrets | |
# ------- | |
SECRET_KEY_BASE=[REDACTED] | |
OTP_SECRET=[REDACTED] | |
# Web Push | |
# -------- | |
# Generate with `rake mastodon:webpush:generate_vapid_key` | |
# -------- | |
VAPID_PRIVATE_KEY=[REDACTED] | |
VAPID_PUBLIC_KEY=[ᅟREDACTED] | |
# Sending mail | |
# ------------ | |
SMTP_SERVER=mail.silicon.moe | |
SMTP_PORT=587 | |
SMTP_AUTH_METHOD=plain | |
[email protected] | |
SMTP_PASSWORD=[REDACTED] | |
SMTP_OPENSSL_VERIFY_MODE=peer | |
SMTP_FROM_ADDRESS=SiFNet Mastodon <[email protected]> | |
[email protected] | |
[email protected] | |
# File storage (optional) | |
# ----------------------- | |
S3_ENABLED=true | |
S3_PROTOCOL=https | |
S3_REGION=us-east-1 | |
S3_ENDPOINT=https://s3.us-west-004.backblazeb2.com | |
S3_HOSTNAME=s3.us-west-004.backblazeb2.com | |
S3_BUCKET=sifnet-mastodon | |
AWS_ACCESS_KEY_ID=[REDACTED] | |
AWS_SECRET_ACCESS_KEY=[REDACTED] | |
S3_ALIAS_HOST=mstdn-cdn.e14forest.net | |
S3_READ_TIMEOUT=10 | |
S3_OPEN_TIMEOUT=10 | |
# IP and session retention | |
# ----------------------- | |
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml | |
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). | |
# ----------------------- | |
IP_RETENTION_PERIOD=31556952 | |
SESSION_RETENTION_PERIOD=31556952 | |
# OIDC configuration | |
OIDC_ENABLED=true | |
OIDC_DISPLAY_NAME="SiliconForest ID" | |
OIDC_ISSUER=https://auth.silicon.moe/application/o/siliconforest-mastodon/ | |
OIDC_DISCOVERY=true | |
OIDC_SCOPE="openid,profile,email" | |
OIDC_UID_FIELD=preferred_username | |
OIDC_CLIENT_ID=[REDACTED] | |
OIDC_REDIRECT_URI=https://social.silicon.moe/auth/auth/openid_connect/callback | |
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true | |
OIDC_CLIENT_SECRET=[REDACTED] | |
# Translator | |
#LIBRE_TRANSLATE_ENDPOINT=http://libretranslate:5000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
db: | |
restart: always | |
image: postgres:15-alpine | |
shm_size: 256mb | |
networks: | |
- internal_network | |
healthcheck: | |
test: ['CMD', 'pg_isready', '-U', 'mastodon'] | |
volumes: | |
- ./postgres15:/var/lib/postgresql/data | |
environment: | |
- 'POSTGRES_USER=mastodon' | |
- 'POSTGRES_PASSWORD=[REDACTED]' | |
#pgbouncer: | |
# restart: always | |
# image: bitnami/pgbouncer:latest | |
# networks: | |
# - internal_network | |
# ports: | |
# - 6432:5432 | |
# environment: | |
# - 'POSTGRESQL_USERNAME=mastodon' | |
# - 'POSTGRESQL_PASSWORD=[REDACTED]' | |
# - 'POSTGRESQL_DATABASE=mastodon' | |
# - 'POSTGRESQL_HOST=db' | |
# - 'POSTGRESQL_PORT=5432' | |
# - 'PGBOUNCER_PORT=5432' | |
# - 'PGBOUNCER_BIND_ADDRESS=0.0.0.0' | |
# - 'PGBOUNCER_DATABASE=mastodon' | |
# - 'PGBOUNCER_POOL_MODE=transaction' | |
# - 'PGBOUNCER_MAX_CLIENT_CONN=10000' | |
# - 'PGBOUNCER_DEFAULT_POOL_SIZE=100' | |
# - '' | |
# depends_on: | |
# - db | |
redis: | |
restart: always | |
image: redis:7-alpine | |
networks: | |
- internal_network | |
healthcheck: | |
test: ['CMD', 'redis-cli', 'ping'] | |
volumes: | |
- ./redis:/data | |
es: | |
restart: always | |
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4 | |
environment: | |
- "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true" | |
- "xpack.license.self_generated.type=basic" | |
- "xpack.security.enabled=false" | |
- "xpack.watcher.enabled=false" | |
- "xpack.graph.enabled=false" | |
- "xpack.ml.enabled=false" | |
- "bootstrap.memory_lock=true" | |
- "cluster.name=es-mastodon" | |
- "discovery.type=single-node" | |
- "thread_pool.write.queue_size=1000" | |
networks: | |
- external_network | |
- internal_network | |
healthcheck: | |
test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"] | |
volumes: | |
- ./elasticsearch:/usr/share/elasticsearch/data | |
ulimits: | |
memlock: | |
soft: -1 | |
hard: -1 | |
nofile: | |
soft: 65536 | |
hard: 65536 | |
ports: | |
- '0.0.0.0:9201:9200' | |
web: | |
#build: . | |
image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest} | |
restart: always | |
env_file: .env.production | |
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" | |
networks: | |
- external_network | |
- internal_network | |
healthcheck: | |
# prettier-ignore | |
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] | |
ports: | |
- '0.0.0.0:4002:3000' | |
depends_on: | |
- db | |
- redis | |
# - es | |
volumes: | |
- ./public/system:/mastodon/public/system | |
streaming: | |
#build: . | |
image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest} | |
restart: always | |
env_file: .env.production | |
command: node ./streaming | |
networks: | |
- external_network | |
- internal_network | |
healthcheck: | |
# prettier-ignore | |
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] | |
ports: | |
- '0.0.0.0:4003:4000' | |
depends_on: | |
- db | |
- redis | |
sidekiq: | |
#build: . | |
image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest} | |
restart: always | |
env_file: .env.production | |
command: bundle exec sidekiq -c 32 | |
depends_on: | |
- db | |
- redis | |
networks: | |
- external_network | |
- internal_network | |
volumes: | |
- ./public/system:/mastodon/public/system | |
healthcheck: | |
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] | |
sidekiq-exporter: | |
image: strech/sidekiq-prometheus-exporter | |
restart: always | |
depends_on: | |
- redis | |
ports: | |
- '0.0.0.0:3001:9292' | |
networks: | |
- external_network | |
- internal_network | |
environment: | |
- 'REDIS_URL=redis://redis:6379/0' | |
# libretranslate: | |
# image: libretranslate/libretranslate:latest | |
# restart: unless-stopped | |
# networks: | |
# - external_network | |
# - internal_network | |
# volumes: | |
# - ./libretranslate/share:/home/libretranslate/.local/share | |
# - ./libretranslate/cache:/home/libretranslate/.local/cache | |
# environment: | |
# - LT_HOST=0.0.0.0 | |
# ports: | |
# - '0.0.0.0:5000:5000' | |
## Uncomment to enable federation with tor instances along with adding the following ENV variables | |
## http_proxy=http://privoxy:8118 | |
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true | |
# tor: | |
# image: sirboops/tor | |
# networks: | |
# - external_network | |
# - internal_network | |
# | |
# privoxy: | |
# image: sirboops/privoxy | |
# volumes: | |
# - ./priv-config:/opt/config | |
# networks: | |
# - external_network | |
# - internal_network | |
networks: | |
external_network: | |
internal_network: | |
internal: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment