Adaptation à mastodon v4.3
This commit is contained in:
parent
6f1fde87f7
commit
cb1fe43de4
3 changed files with 53 additions and 34 deletions
|
@ -1,43 +1,45 @@
|
|||
- name: docker directory
|
||||
file:
|
||||
- name: Dossier pour le service docker
|
||||
ansible.builtin.file:
|
||||
path: /opt/{{ docker_mastodon_service_id }}/
|
||||
state: directory
|
||||
|
||||
- name: prepare docker-compose.yml
|
||||
template:
|
||||
- name: Prepare docker-compose.yml
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: /opt/{{ docker_mastodon_service_id }}/
|
||||
with_items:
|
||||
- docker-compose.yml
|
||||
- .env.production
|
||||
|
||||
|
||||
- name: generate secrets
|
||||
- name: Generation des secrets
|
||||
when: docker_mastodon_gen_secrets is true
|
||||
block:
|
||||
|
||||
- name: docker-compose-gen-secrets
|
||||
shell: |
|
||||
docker compose down
|
||||
echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
|
||||
echo SECRET_KEY_BASE=$(docker-compose run --rm web bundle exec rake secret)
|
||||
echo OTP_SECRET=$(docker-compose run --rm web bundle exec rake secret)
|
||||
docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
|
||||
args:
|
||||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||
register: secrets
|
||||
- name: Script pour la génération des secrets
|
||||
ansible.builtin.shell: |
|
||||
docker compose down
|
||||
echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
|
||||
echo SECRET_KEY_BASE=$(docker compose run --rm web bundle exec rake secret)
|
||||
echo OTP_SECRET=$(docker compose run --rm web bundle exec rake secret)
|
||||
docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
|
||||
docker compose run --rm web bin/rails db:encryption:init
|
||||
docker compose down
|
||||
args:
|
||||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||
register: secrets
|
||||
|
||||
- debug:
|
||||
msg: "{{ secrets.stdout_lines }}"
|
||||
- name: Affiche les secrets
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ secrets.stdout_lines }}"
|
||||
|
||||
- name: Playbook stops here if docker_mastodon_gen_secrets is set
|
||||
assert:
|
||||
- name: On s'arrête ici si docker_mastodon_gen_secrets est défini
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- docker_mastodon_gen_secrets is false
|
||||
|
||||
### initialize-data
|
||||
- name: docker-compose-initialize-data
|
||||
shell: |
|
||||
- name: Migration BDD et précompilation
|
||||
ansible.builtin.shell: |
|
||||
docker compose down
|
||||
docker compose run --rm web rails db:migrate
|
||||
docker compose run --rm web rails assets:precompile
|
||||
|
@ -46,8 +48,8 @@
|
|||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||
when: docker_mastodon_initialize_data is true
|
||||
|
||||
- name: docker-compose-up
|
||||
shell: |
|
||||
- name: Démarrage
|
||||
ansible.builtin.shell: |
|
||||
docker compose up -d
|
||||
args:
|
||||
chdir: /opt/{{ docker_mastodon_service_id }}/
|
||||
|
|
|
@ -31,14 +31,25 @@ ES_PASS=password
|
|||
|
||||
# Secrets
|
||||
# -------
|
||||
# Make sure to use `rake secret` to generate secrets
|
||||
# Make sure to use `bundle exec rake secret` to generate secrets
|
||||
# -------
|
||||
SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }}
|
||||
OTP_SECRET={{ docker_mastodon_otp_secret }}
|
||||
|
||||
# Encryption secrets
|
||||
# ------------------
|
||||
# Must be available (and set to same values) for all server processes
|
||||
# These are private/secret values, do not share outside hosting environment
|
||||
# Use `bin/rails db:encryption:init` to generate fresh secrets
|
||||
# Do not change these secrets once in use, as this would cause data loss and other issues
|
||||
# ------------------
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ docker_mastodon_active_record_encryption_deterministic_key }}
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ docker_mastodon_active_record_encryption_key_derivation_salt }}
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ docker_mastodon_active_record_encryption_primary_key }}
|
||||
|
||||
# Web Push
|
||||
# --------
|
||||
# Generate with `rake mastodon:webpush:generate_vapid_key`
|
||||
# Generate with `bundle exec rake mastodon:webpush:generate_vapid_key`
|
||||
# --------
|
||||
VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }}
|
||||
VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }}
|
||||
|
@ -59,6 +70,13 @@ AWS_ACCESS_KEY_ID=
|
|||
AWS_SECRET_ACCESS_KEY=
|
||||
S3_ALIAS_HOST=files.example.com
|
||||
|
||||
# IP and session retention
|
||||
# -----------------------
|
||||
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
|
||||
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
|
||||
# -----------------------
|
||||
IP_RETENTION_PERIOD=31556952
|
||||
SESSION_RETENTION_PERIOD=31556952
|
||||
|
||||
{% if docker_mastodon_oidc_enabled is true %}
|
||||
# OpenID Connect configuration
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
version: '3'
|
||||
services:
|
||||
db:
|
||||
restart: always
|
||||
|
@ -36,7 +35,7 @@ services:
|
|||
- mastodon
|
||||
healthcheck:
|
||||
# prettier-ignore
|
||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||
test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
|
@ -53,16 +52,16 @@ services:
|
|||
|
||||
|
||||
streaming:
|
||||
image: tootsuite/mastodon:{{ docker_mastodon_image_version }}
|
||||
image: tootsuite/mastodon-streaming:{{ docker_mastodon_image_version }}
|
||||
restart: always
|
||||
env_file: .env.production
|
||||
command: node ./streaming
|
||||
command: node ./streaming/index.js
|
||||
networks:
|
||||
- traefik
|
||||
- mastodon
|
||||
healthcheck:
|
||||
# prettier-ignore
|
||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||
test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.docker.network=traefik
|
||||
|
|
Loading…
Reference in a new issue