Adaptation à mastodon v4.3

2024-10-22 10:55:56 +02:00 · 2024-10-22 10:55:56 +02:00 · cb1fe43de4
commit cb1fe43de4
parent 6f1fde87f7
3 changed files with 53 additions and 34 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,43 +1,45 @@
- name: docker directory
-  file:
+- name: Dossier pour le service docker
+  ansible.builtin.file:
    path: /opt/{{ docker_mastodon_service_id }}/
    state: directory

- name: prepare docker-compose.yml
-  template:
+- name: Prepare docker-compose.yml
+  ansible.builtin.template:
    src: "{{ item }}"
    dest: /opt/{{ docker_mastodon_service_id }}/
  with_items:
    - docker-compose.yml
    - .env.production

-
- name: generate secrets
+- name: Generation des secrets
  when: docker_mastodon_gen_secrets is true
  block:
-  
-  - name: docker-compose-gen-secrets
-    shell: |
-      docker compose down
-      echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
-      echo SECRET_KEY_BASE=$(docker-compose run --rm web bundle exec rake secret)
-      echo OTP_SECRET=$(docker-compose run --rm web bundle exec rake secret)
-      docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
-    args:
-      chdir: /opt/{{ docker_mastodon_service_id }}/
-    register: secrets
-  
-  - debug:
-      msg: "{{ secrets.stdout_lines }}"
-  
- name: Playbook stops here if docker_mastodon_gen_secrets is set
-  assert:
+
+    - name: Script pour la génération des secrets
+      ansible.builtin.shell: |
+        docker compose down
+        echo "Placer les valeurs suivantes dans les variables du playbook mastodon :"
+        echo SECRET_KEY_BASE=$(docker compose run --rm web bundle exec rake secret)
+        echo OTP_SECRET=$(docker compose run --rm web bundle exec rake secret)
+        docker compose run --rm web bundle exec rake mastodon:webpush:generate_vapid_key
+        docker compose run --rm web bin/rails db:encryption:init
+        docker compose down
+      args:
+        chdir: /opt/{{ docker_mastodon_service_id }}/
+      register: secrets
+
+    - name: Affiche les secrets
+      ansible.builtin.debug:
+        msg: "{{ secrets.stdout_lines }}"
+
+- name: On s'arrête ici si docker_mastodon_gen_secrets est défini
+  ansible.builtin.assert:
    that:
      - docker_mastodon_gen_secrets is false

 ### initialize-data
- name: docker-compose-initialize-data
-  shell: |
+- name: Migration BDD et précompilation
+  ansible.builtin.shell: |
    docker compose down
    docker compose run --rm web rails db:migrate
    docker compose run --rm web rails assets:precompile
@ -46,8 +48,8 @@
    chdir: /opt/{{ docker_mastodon_service_id }}/
  when: docker_mastodon_initialize_data is true

- name: docker-compose-up
-  shell: |
+- name: Démarrage
+  ansible.builtin.shell: |
    docker compose up -d
  args:
    chdir: /opt/{{ docker_mastodon_service_id }}/
--- a/templates/.env.production
+++ b/templates/.env.production
@ -31,14 +31,25 @@ ES_PASS=password

 # Secrets
 # -------
-# Make sure to use `rake secret` to generate secrets
+# Make sure to use `bundle exec rake secret` to generate secrets
 # -------
 SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }}
 OTP_SECRET={{ docker_mastodon_otp_secret }}

+# Encryption secrets
+# ------------------
+# Must be available (and set to same values) for all server processes
+# These are private/secret values, do not share outside hosting environment
+# Use `bin/rails db:encryption:init` to generate fresh secrets
+# Do not change these secrets once in use, as this would cause data loss and other issues
+# ------------------
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ docker_mastodon_active_record_encryption_deterministic_key }}
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ docker_mastodon_active_record_encryption_key_derivation_salt }}
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ docker_mastodon_active_record_encryption_primary_key }}
+
 # Web Push
 # --------
-# Generate with `rake mastodon:webpush:generate_vapid_key`
+# Generate with `bundle exec rake mastodon:webpush:generate_vapid_key`
 # --------
 VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }}
 VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }}
@ -59,6 +70,13 @@ AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 S3_ALIAS_HOST=files.example.com

+# IP and session retention
+# -----------------------
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
+# -----------------------
+IP_RETENTION_PERIOD=31556952
+SESSION_RETENTION_PERIOD=31556952

 {% if docker_mastodon_oidc_enabled is true %}
 # OpenID Connect configuration
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@ -1,5 +1,4 @@
 # {{ ansible_managed }}
-version: '3'
 services:
  db:
    restart: always
@ -36,7 +35,7 @@ services:
      - mastodon
    healthcheck:
      # prettier-ignore
-      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
+      test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
    depends_on:
      - db
      - redis
@ -53,16 +52,16 @@ services:
    

  streaming:
-    image: tootsuite/mastodon:{{ docker_mastodon_image_version }}
+    image: tootsuite/mastodon-streaming:{{ docker_mastodon_image_version }}
    restart: always
    env_file: .env.production
-    command: node ./streaming
+    command: node ./streaming/index.js
    networks:
      - traefik
      - mastodon
    healthcheck:
      # prettier-ignore
-      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
+      test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik