Skip to content

Instantly share code, notes, and snippets.

@perillamint

perillamint/.env

Last active July 8, 2023 03:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save perillamint/2367937679fdbd1f84109b2909eac155 to your computer and use it in GitHub Desktop.
Save perillamint/2367937679fdbd1f84109b2909eac155 to your computer and use it in GitHub Desktop.
Download ZIP
SiFNet Mastodon deployments
Raw
.env
MASTODON_IMAGE=ghcr.io/cybersiliconforest/mastodon
MASTODON_TAG=latest
Raw
.env.production
# with the `rake mastodon:setup` interactive setup wizard, but to customize
# your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Federation
# ----------
# This identifies your server and cannot be changed safely later
# ----------
WEB_DOMAIN=social.silicon.moe
LOCAL_DOMAIN=silicon.moe
# Redis
# -----
REDIS_HOST=redis
REDIS_PORT=6379
# Web tuning
WEB_CONCURRENCY=12
MAX_THREADS=10
# PostgreSQL
# ----------
DB_HOST=db
DB_USER=mastodon
DB_NAME=mastodon
DB_PASS=[REDACTED]
DB_PORT=5432
# DB Pooling
DB_POOL=48
# Elasticsearch (optional)
# ------------------------
ES_ENABLED=true
ES_HOST=es
ES_PORT=9200
# Authentication for ES (optional)
#ES_USER=elastic
#ES_PASS=password
# Secrets
# -------
# Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE=[REDACTED]
OTP_SECRET=[REDACTED]
# Web Push
# --------
# Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY=[REDACTED]
VAPID_PUBLIC_KEY=[ᅟREDACTED]
# Sending mail
# ------------
SMTP_SERVER=mail.silicon.moe
SMTP_PORT=587
SMTP_AUTH_METHOD=plain
SMTP_LOGIN=social@silicon.moe
SMTP_PASSWORD=[REDACTED]
SMTP_OPENSSL_VERIFY_MODE=peer
SMTP_FROM_ADDRESS=SiFNet Mastodon <social@silicon.moe>
SMTP_REPLY_TO=noreply@silicon.moe
SMTP_RETURN_PATH=social@silicon.moe
# File storage (optional)
# -----------------------
S3_ENABLED=true
S3_PROTOCOL=https
S3_REGION=us-east-1
S3_ENDPOINT=https://s3.us-west-004.backblazeb2.com
S3_HOSTNAME=s3.us-west-004.backblazeb2.com
S3_BUCKET=sifnet-mastodon
AWS_ACCESS_KEY_ID=[REDACTED]
AWS_SECRET_ACCESS_KEY=[REDACTED]
S3_ALIAS_HOST=mstdn-cdn.e14forest.net
S3_READ_TIMEOUT=10
S3_OPEN_TIMEOUT=10
# IP and session retention
# -----------------------
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
# -----------------------
IP_RETENTION_PERIOD=31556952
SESSION_RETENTION_PERIOD=31556952
# OIDC configuration
OIDC_ENABLED=true
OIDC_DISPLAY_NAME="SiliconForest ID"
OIDC_ISSUER=https://auth.silicon.moe/application/o/siliconforest-mastodon/
OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"
OIDC_UID_FIELD=preferred_username
OIDC_CLIENT_ID=[REDACTED]
OIDC_REDIRECT_URI=https://social.silicon.moe/auth/auth/openid_connect/callback
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
OIDC_CLIENT_SECRET=[REDACTED]
# Translator
#LIBRE_TRANSLATE_ENDPOINT=http://libretranslate:5000
Raw
docker-compose.yml
version: '3'
services:
db:
restart: always
image: postgres:15-alpine
shm_size: 256mb
networks:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'mastodon']
volumes:
- ./postgres15:/var/lib/postgresql/data
environment:
- 'POSTGRES_USER=mastodon'
- 'POSTGRES_PASSWORD=[REDACTED]'
#pgbouncer:
# restart: always
# image: bitnami/pgbouncer:latest
# networks:
# - internal_network
# ports:
# - 6432:5432
# environment:
# - 'POSTGRESQL_USERNAME=mastodon'
# - 'POSTGRESQL_PASSWORD=[REDACTED]'
# - 'POSTGRESQL_DATABASE=mastodon'
# - 'POSTGRESQL_HOST=db'
# - 'POSTGRESQL_PORT=5432'
# - 'PGBOUNCER_PORT=5432'
# - 'PGBOUNCER_BIND_ADDRESS=0.0.0.0'
# - 'PGBOUNCER_DATABASE=mastodon'
# - 'PGBOUNCER_POOL_MODE=transaction'
# - 'PGBOUNCER_MAX_CLIENT_CONN=10000'
# - 'PGBOUNCER_DEFAULT_POOL_SIZE=100'
# - ''
# depends_on:
# - db
redis:
restart: always
image: redis:7-alpine
networks:
- internal_network
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- ./redis:/data
es:
restart: always
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
- "xpack.license.self_generated.type=basic"
- "xpack.security.enabled=false"
- "xpack.watcher.enabled=false"
- "xpack.graph.enabled=false"
- "xpack.ml.enabled=false"
- "bootstrap.memory_lock=true"
- "cluster.name=es-mastodon"
- "discovery.type=single-node"
- "thread_pool.write.queue_size=1000"
networks:
- external_network
- internal_network
healthcheck:
test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
volumes:
- ./elasticsearch:/usr/share/elasticsearch/data
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- '0.0.0.0:9201:9200'
web:
#build: .
image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest}
restart: always
env_file: .env.production
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- external_network
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
ports:
- '0.0.0.0:4002:3000'
depends_on:
- db
- redis
# - es
volumes:
- ./public/system:/mastodon/public/system
streaming:
#build: .
image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest}
restart: always
env_file: .env.production
command: node ./streaming
networks:
- external_network
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
ports:
- '0.0.0.0:4003:4000'
depends_on:
- db
- redis
sidekiq:
#build: .
image: ${MASTODON_IMAGE:-tootsuite/mastodon}:${MASTODON_TAG:-latest}
restart: always
env_file: .env.production
command: bundle exec sidekiq -c 32
depends_on:
- db
- redis
networks:
- external_network
- internal_network
volumes:
- ./public/system:/mastodon/public/system
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
sidekiq-exporter:
image: strech/sidekiq-prometheus-exporter
restart: always
depends_on:
- redis
ports:
- '0.0.0.0:3001:9292'
networks:
- external_network
- internal_network
environment:
- 'REDIS_URL=redis://redis:6379/0'
# libretranslate:
# image: libretranslate/libretranslate:latest
# restart: unless-stopped
# networks:
# - external_network
# - internal_network
# volumes:
# - ./libretranslate/share:/home/libretranslate/.local/share
# - ./libretranslate/cache:/home/libretranslate/.local/cache
# environment:
# - LT_HOST=0.0.0.0
# ports:
# - '0.0.0.0:5000:5000'
## Uncomment to enable federation with tor instances along with adding the following ENV variables
## http_proxy=http://privoxy:8118
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
# tor:
# image: sirboops/tor
# networks:
# - external_network
# - internal_network
#
# privoxy:
# image: sirboops/privoxy
# volumes:
# - ./priv-config:/opt/config
# networks:
# - external_network
# - internal_network
networks:
external_network:
internal_network:
internal: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment