Adaptation à mastodon v4.3
This commit is contained in:
parent
6f1fde87f7
commit
cb1fe43de4
3 changed files with 53 additions and 34 deletions
|
@ -1,43 +1,45 @@
|
||||||
- name: docker directory
|
- name: Dossier pour le service docker
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /opt/{{ docker_mastodon_service_id }}/
|
path: /opt/{{ docker_mastodon_service_id }}/
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: prepare docker-compose.yml
|
- name: Prepare docker-compose.yml
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: /opt/{{ docker_mastodon_service_id }}/
|
dest: /opt/{{ docker_mastodon_service_id }}/
|
||||||
with_items:
|
with_items:
|
||||||
- docker-compose.yml
|
- docker-compose.yml
|
||||||
- .env.production
|
- .env.production
|
||||||
|
|
||||||
|
- name: Generation des secrets
|
||||||
- name: generate secrets
|
|
||||||
when: docker_mastodon_gen_secrets is true
|
when: docker_mastodon_gen_secrets is true
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: docker-compose-gen-secrets
|
- name: Script pour la génération des secrets
|
||||||
shell: |
|
ansible.builtin.shell: |
|
||||||
docker compose down
|
docker compose down
|
||||||
echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
|
echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
|
||||||
echo SECRET_KEY_BASE=$(docker-compose run --rm web bundle exec rake secret)
|
echo SECRET_KEY_BASE=$(docker compose run --rm web bundle exec rake secret)
|
||||||
echo OTP_SECRET=$(docker-compose run --rm web bundle exec rake secret)
|
echo OTP_SECRET=$(docker compose run --rm web bundle exec rake secret)
|
||||||
docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
|
docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
|
||||||
|
docker compose run --rm web bin/rails db:encryption:init
|
||||||
|
docker compose down
|
||||||
args:
|
args:
|
||||||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||||
register: secrets
|
register: secrets
|
||||||
|
|
||||||
- debug:
|
- name: Affiche les secrets
|
||||||
|
ansible.builtin.debug:
|
||||||
msg: "{{ secrets.stdout_lines }}"
|
msg: "{{ secrets.stdout_lines }}"
|
||||||
|
|
||||||
- name: Playbook stops here if docker_mastodon_gen_secrets is set
|
- name: On s'arrête ici si docker_mastodon_gen_secrets est défini
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- docker_mastodon_gen_secrets is false
|
- docker_mastodon_gen_secrets is false
|
||||||
|
|
||||||
### initialize-data
|
### initialize-data
|
||||||
- name: docker-compose-initialize-data
|
- name: Migration BDD et précompilation
|
||||||
shell: |
|
ansible.builtin.shell: |
|
||||||
docker compose down
|
docker compose down
|
||||||
docker compose run --rm web rails db:migrate
|
docker compose run --rm web rails db:migrate
|
||||||
docker compose run --rm web rails assets:precompile
|
docker compose run --rm web rails assets:precompile
|
||||||
|
@ -46,8 +48,8 @@
|
||||||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||||
when: docker_mastodon_initialize_data is true
|
when: docker_mastodon_initialize_data is true
|
||||||
|
|
||||||
- name: docker-compose-up
|
- name: Démarrage
|
||||||
shell: |
|
ansible.builtin.shell: |
|
||||||
docker compose up -d
|
docker compose up -d
|
||||||
args:
|
args:
|
||||||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||||
|
|
|
@ -31,14 +31,25 @@ ES_PASS=password
|
||||||
|
|
||||||
# Secrets
|
# Secrets
|
||||||
# -------
|
# -------
|
||||||
# Make sure to use `rake secret` to generate secrets
|
# Make sure to use `bundle exec rake secret` to generate secrets
|
||||||
# -------
|
# -------
|
||||||
SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }}
|
SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }}
|
||||||
OTP_SECRET={{ docker_mastodon_otp_secret }}
|
OTP_SECRET={{ docker_mastodon_otp_secret }}
|
||||||
|
|
||||||
|
# Encryption secrets
|
||||||
|
# ------------------
|
||||||
|
# Must be available (and set to same values) for all server processes
|
||||||
|
# These are private/secret values, do not share outside hosting environment
|
||||||
|
# Use `bin/rails db:encryption:init` to generate fresh secrets
|
||||||
|
# Do not change these secrets once in use, as this would cause data loss and other issues
|
||||||
|
# ------------------
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ docker_mastodon_active_record_encryption_deterministic_key }}
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ docker_mastodon_active_record_encryption_key_derivation_salt }}
|
||||||
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ docker_mastodon_active_record_encryption_primary_key }}
|
||||||
|
|
||||||
# Web Push
|
# Web Push
|
||||||
# --------
|
# --------
|
||||||
# Generate with `rake mastodon:webpush:generate_vapid_key`
|
# Generate with `bundle exec rake mastodon:webpush:generate_vapid_key`
|
||||||
# --------
|
# --------
|
||||||
VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }}
|
VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }}
|
||||||
VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }}
|
VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }}
|
||||||
|
@ -59,6 +70,13 @@ AWS_ACCESS_KEY_ID=
|
||||||
AWS_SECRET_ACCESS_KEY=
|
AWS_SECRET_ACCESS_KEY=
|
||||||
S3_ALIAS_HOST=files.example.com
|
S3_ALIAS_HOST=files.example.com
|
||||||
|
|
||||||
|
# IP and session retention
|
||||||
|
# -----------------------
|
||||||
|
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
|
||||||
|
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
|
||||||
|
# -----------------------
|
||||||
|
IP_RETENTION_PERIOD=31556952
|
||||||
|
SESSION_RETENTION_PERIOD=31556952
|
||||||
|
|
||||||
{% if docker_mastodon_oidc_enabled is true %}
|
{% if docker_mastodon_oidc_enabled is true %}
|
||||||
# OpenID Connect configuration
|
# OpenID Connect configuration
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
version: '3'
|
|
||||||
services:
|
services:
|
||||||
db:
|
db:
|
||||||
restart: always
|
restart: always
|
||||||
|
@ -36,7 +35,7 @@ services:
|
||||||
- mastodon
|
- mastodon
|
||||||
healthcheck:
|
healthcheck:
|
||||||
# prettier-ignore
|
# prettier-ignore
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
|
@ -53,16 +52,16 @@ services:
|
||||||
|
|
||||||
|
|
||||||
streaming:
|
streaming:
|
||||||
image: tootsuite/mastodon:{{ docker_mastodon_image_version }}
|
image: tootsuite/mastodon-streaming:{{ docker_mastodon_image_version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: .env.production
|
env_file: .env.production
|
||||||
command: node ./streaming
|
command: node ./streaming/index.js
|
||||||
networks:
|
networks:
|
||||||
- traefik
|
- traefik
|
||||||
- mastodon
|
- mastodon
|
||||||
healthcheck:
|
healthcheck:
|
||||||
# prettier-ignore
|
# prettier-ignore
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.docker.network=traefik
|
- traefik.docker.network=traefik
|
||||||
|
|
Loading…
Reference in a new issue