Adaptation à mastodon v4.3

This commit is contained in:
Navas 2024-10-22 10:55:56 +02:00
parent 6f1fde87f7
commit cb1fe43de4
3 changed files with 53 additions and 34 deletions

View file

@ -1,43 +1,45 @@
- name: docker directory - name: Dossier pour le service docker
file: ansible.builtin.file:
path: /opt/{{ docker_mastodon_service_id }}/ path: /opt/{{ docker_mastodon_service_id }}/
state: directory state: directory
- name: prepare docker-compose.yml - name: Prepare docker-compose.yml
template: ansible.builtin.template:
src: "{{ item }}" src: "{{ item }}"
dest: /opt/{{ docker_mastodon_service_id }}/ dest: /opt/{{ docker_mastodon_service_id }}/
with_items: with_items:
- docker-compose.yml - docker-compose.yml
- .env.production - .env.production
- name: Generation des secrets
- name: generate secrets
when: docker_mastodon_gen_secrets is true when: docker_mastodon_gen_secrets is true
block: block:
- name: docker-compose-gen-secrets - name: Script pour la génération des secrets
shell: | ansible.builtin.shell: |
docker compose down docker compose down
echo "Placer les valeurs suivantes dans les variables du playbook mastodon :" echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
echo SECRET_KEY_BASE=$(docker-compose run --rm web bundle exec rake secret) echo SECRET_KEY_BASE=$(docker compose run --rm web bundle exec rake secret)
echo OTP_SECRET=$(docker-compose run --rm web bundle exec rake secret) echo OTP_SECRET=$(docker compose run --rm web bundle exec rake secret)
docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
docker compose run --rm web bin/rails db:encryption:init
docker compose down
args: args:
chdir: /opt/{{ docker_mastodon_service_id }}/ chdir: /opt/{{ docker_mastodon_service_id }}/
register: secrets register: secrets
- debug: - name: Affiche les secrets
ansible.builtin.debug:
msg: "{{ secrets.stdout_lines }}" msg: "{{ secrets.stdout_lines }}"
- name: Playbook stops here if docker_mastodon_gen_secrets is set - name: On s'arrête ici si docker_mastodon_gen_secrets est défini
assert: ansible.builtin.assert:
that: that:
- docker_mastodon_gen_secrets is false - docker_mastodon_gen_secrets is false
### initialize-data ### initialize-data
- name: docker-compose-initialize-data - name: Migration BDD et précompilation
shell: | ansible.builtin.shell: |
docker compose down docker compose down
docker compose run --rm web rails db:migrate docker compose run --rm web rails db:migrate
docker compose run --rm web rails assets:precompile docker compose run --rm web rails assets:precompile
@ -46,8 +48,8 @@
chdir: /opt/{{ docker_mastodon_service_id }}/ chdir: /opt/{{ docker_mastodon_service_id }}/
when: docker_mastodon_initialize_data is true when: docker_mastodon_initialize_data is true
- name: docker-compose-up - name: Démarrage
shell: | ansible.builtin.shell: |
docker compose up -d docker compose up -d
args: args:
chdir: /opt/{{ docker_mastodon_service_id }}/ chdir: /opt/{{ docker_mastodon_service_id }}/

View file

@ -31,14 +31,25 @@ ES_PASS=password
# Secrets # Secrets
# ------- # -------
# Make sure to use `rake secret` to generate secrets # Make sure to use `bundle exec rake secret` to generate secrets
# ------- # -------
SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }} SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }}
OTP_SECRET={{ docker_mastodon_otp_secret }} OTP_SECRET={{ docker_mastodon_otp_secret }}
# Encryption secrets
# ------------------
# Must be available (and set to same values) for all server processes
# These are private/secret values, do not share outside hosting environment
# Use `bin/rails db:encryption:init` to generate fresh secrets
# Do not change these secrets once in use, as this would cause data loss and other issues
# ------------------
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ docker_mastodon_active_record_encryption_deterministic_key }}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ docker_mastodon_active_record_encryption_key_derivation_salt }}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ docker_mastodon_active_record_encryption_primary_key }}
# Web Push # Web Push
# -------- # --------
# Generate with `rake mastodon:webpush:generate_vapid_key` # Generate with `bundle exec rake mastodon:webpush:generate_vapid_key`
# -------- # --------
VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }} VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }}
VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }} VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }}
@ -59,6 +70,13 @@ AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY= AWS_SECRET_ACCESS_KEY=
S3_ALIAS_HOST=files.example.com S3_ALIAS_HOST=files.example.com
# IP and session retention
# -----------------------
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
# -----------------------
IP_RETENTION_PERIOD=31556952
SESSION_RETENTION_PERIOD=31556952
{% if docker_mastodon_oidc_enabled is true %} {% if docker_mastodon_oidc_enabled is true %}
# OpenID Connect configuration # OpenID Connect configuration

View file

@ -1,5 +1,4 @@
# {{ ansible_managed }} # {{ ansible_managed }}
version: '3'
services: services:
db: db:
restart: always restart: always
@ -36,7 +35,7 @@ services:
- mastodon - mastodon
healthcheck: healthcheck:
# prettier-ignore # prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
depends_on: depends_on:
- db - db
- redis - redis
@ -53,16 +52,16 @@ services:
streaming: streaming:
image: tootsuite/mastodon:{{ docker_mastodon_image_version }} image: tootsuite/mastodon-streaming:{{ docker_mastodon_image_version }}
restart: always restart: always
env_file: .env.production env_file: .env.production
command: node ./streaming command: node ./streaming/index.js
networks: networks:
- traefik - traefik
- mastodon - mastodon
healthcheck: healthcheck:
# prettier-ignore # prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=traefik - traefik.docker.network=traefik