95 lines
3.2 KiB
Text
95 lines
3.2 KiB
Text
# {{ ansible_managed }}
|
|
|
|
# Federation
|
|
# ----------
|
|
# This identifies your server and cannot be changed safely later
|
|
# ----------
|
|
LOCAL_DOMAIN={{ docker_mastodon_local_domain }}
|
|
WEB_DOMAIN={{ docker_mastodon_fqdn }}
|
|
|
|
# Redis
|
|
# -----
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
|
|
# PostgreSQL
|
|
# ----------
|
|
DB_HOST=db
|
|
DB_USER={{ docker_mastodon_db_user }}
|
|
DB_NAME={{ docker_mastodon_db_name }}
|
|
DB_PASS={{ docker_mastodon_db_password }}
|
|
DB_PORT=5432
|
|
|
|
# Elasticsearch (optional)
|
|
# ------------------------
|
|
ES_ENABLED=false
|
|
ES_HOST=localhost
|
|
ES_PORT=9200
|
|
# Authentication for ES (optional)
|
|
ES_USER=elastic
|
|
ES_PASS=password
|
|
|
|
# Secrets
|
|
# -------
|
|
# Make sure to use `bundle exec rake secret` to generate secrets
|
|
# -------
|
|
SECRET_KEY_BASE={{ docker_mastodon_secret_key_base }}
|
|
OTP_SECRET={{ docker_mastodon_otp_secret }}
|
|
|
|
# Encryption secrets
|
|
# ------------------
|
|
# Must be available (and set to same values) for all server processes
|
|
# These are private/secret values, do not share outside hosting environment
|
|
# Use `bin/rails db:encryption:init` to generate fresh secrets
|
|
# Do not change these secrets once in use, as this would cause data loss and other issues
|
|
# ------------------
|
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ docker_mastodon_active_record_encryption_deterministic_key }}
|
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ docker_mastodon_active_record_encryption_key_derivation_salt }}
|
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ docker_mastodon_active_record_encryption_primary_key }}
|
|
|
|
# Web Push
|
|
# --------
|
|
# Generate with `bundle exec rake mastodon:webpush:generate_vapid_key`
|
|
# --------
|
|
VAPID_PRIVATE_KEY={{ docker_mastodon_vapid_private_key }}
|
|
VAPID_PUBLIC_KEY={{ docker_mastodon_vapid_public_key }}
|
|
|
|
# Sending mail
|
|
# ------------
|
|
SMTP_SERVER={{ docker_mastodon_mail_smtp_server }}
|
|
SMTP_PORT={{ docker_mastodon_mail_smtp_port }}
|
|
SMTP_LOGIN={{ docker_mastodon_mail_smtp_login }}
|
|
SMTP_PASSWORD={{ docker_mastodon_mail_smtp_password }}
|
|
SMTP_FROM_ADDRESS={{ docker_mastodon_mail_from }}
|
|
|
|
# File storage (optional)
|
|
# -----------------------
|
|
S3_ENABLED=false
|
|
S3_BUCKET=files.example.com
|
|
AWS_ACCESS_KEY_ID=
|
|
AWS_SECRET_ACCESS_KEY=
|
|
S3_ALIAS_HOST=files.example.com
|
|
|
|
# IP and session retention
|
|
# -----------------------
|
|
# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
|
|
# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
|
|
# -----------------------
|
|
IP_RETENTION_PERIOD=31556952
|
|
SESSION_RETENTION_PERIOD=31556952
|
|
|
|
{% if docker_mastodon_oidc_enabled is true %}
|
|
# OpenID Connect configuration
|
|
# --------------------------
|
|
OIDC_ENABLED={{ docker_mastodon_oidc_enabled|string|lower }}
|
|
OIDC_DISPLAY_NAME={{ docker_mastodon_oidc_display_name }}
|
|
OIDC_ISSUER={{ docker_mastodon_oidc_issuer }}
|
|
OIDC_DISCOVERY={{ docker_mastodon_oidc_discovery|string|lower }}
|
|
OIDC_SCOPE="{{ docker_mastodon_oidc_scopes }}"
|
|
OIDC_UID_FIELD={{ docker_mastodon_oidc_uid_field }}
|
|
OIDC_CLIENT_ID={{ docker_mastodon_oidc_client_id }}
|
|
OIDC_CLIENT_SECRET={{ docker_mastodon_oidc_client_secret }}
|
|
OIDC_REDIRECT_URI={{ docker_mastodon_oidc_redirect_uri }}
|
|
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED={{ docker_mastodon_oidc_security_assume_email_is_verified|string|lower }}
|
|
{% endif %}
|
|
OMNIAUTH_ONLY={{ docker_mastodon_omniauth_only|string|lower }}
|