2025-02-19 22:57:26 +01:00
|
|
|
# Configuration file for mastodon
|
2025-02-06 18:19:42 +01:00
|
|
|
# @see https://docs.joinmastodon.org/admin/config
|
2025-02-19 22:57:26 +01:00
|
|
|
# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
|
|
|
|
|
|
2025-02-06 18:19:42 +01:00
|
|
|
|
2025-02-21 06:32:12 +01:00
|
|
|
LOCAL_DOMAIN={{domains[application_id]}}
|
2025-01-29 15:52:40 +01:00
|
|
|
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
|
2025-02-03 11:44:13 +01:00
|
|
|
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
|
2025-02-19 22:57:26 +01:00
|
|
|
|
|
|
|
|
# Credentials
|
|
|
|
|
|
|
|
|
|
# Secrets
|
|
|
|
|
# -------
|
|
|
|
|
# Make sure to use `bundle exec rails secret` to generate secrets
|
|
|
|
|
# -------
|
2025-02-20 01:19:25 +01:00
|
|
|
SECRET_KEY_BASE= {{applications.mastodon.credentials.secret_key_base}}
|
|
|
|
|
OTP_SECRET= {{applications.mastodon.credentials.otp_secret}}
|
2025-02-19 22:57:26 +01:00
|
|
|
|
|
|
|
|
# Web Push
|
|
|
|
|
# --------
|
|
|
|
|
# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
|
|
|
|
|
# --------
|
2025-02-20 01:19:25 +01:00
|
|
|
VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid.private_key}}
|
|
|
|
|
VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid.public_key}}
|
2025-02-19 22:57:26 +01:00
|
|
|
|
|
|
|
|
# Encryption secrets
|
|
|
|
|
# ------------------
|
|
|
|
|
# Must be available (and set to same values) for all server processes
|
|
|
|
|
# These are private/secret values, do not share outside hosting environment
|
|
|
|
|
# Use `bin/rails db:encryption:init` to generate fresh secrets
|
|
|
|
|
# Do NOT change these secrets once in use, as this would cause data loss and other issues
|
2025-02-20 01:19:25 +01:00
|
|
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption.deterministic_key}}
|
|
|
|
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption.key_derivation_salt}}
|
|
|
|
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption.primary_key}}
|
2024-01-04 20:57:02 +01:00
|
|
|
|
2023-12-26 03:13:16 +01:00
|
|
|
DB_HOST={{database_host}}
|
2025-01-28 16:54:39 +01:00
|
|
|
DB_PORT={{database_port}}
|
2024-01-06 14:32:49 +01:00
|
|
|
DB_NAME={{database_name}}
|
2023-12-26 03:13:16 +01:00
|
|
|
DB_USER={{database_username}}
|
|
|
|
|
DB_PASS={{database_password}}
|
2024-01-02 21:13:34 +01:00
|
|
|
|
2022-11-15 21:43:05 +01:00
|
|
|
REDIS_HOST=redis
|
|
|
|
|
REDIS_PORT=6379
|
|
|
|
|
REDIS_PASSWORD=
|
2024-01-02 21:13:34 +01:00
|
|
|
|
2025-01-29 14:20:34 +01:00
|
|
|
SMTP_SERVER={{system_email.host}}
|
2025-02-05 11:44:11 +01:00
|
|
|
SMTP_PORT={{system_email.port}}
|
2025-01-29 14:20:34 +01:00
|
|
|
SMTP_LOGIN={{system_email.username}}
|
|
|
|
|
SMTP_PASSWORD={{system_email.password}}
|
2022-11-15 21:43:05 +01:00
|
|
|
SMTP_AUTH_METHOD=plain
|
|
|
|
|
SMTP_OPENSSL_VERIFY_MODE=none
|
|
|
|
|
SMTP_ENABLE_STARTTLS=auto
|
2025-01-29 14:20:34 +01:00
|
|
|
SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
|
2025-02-06 18:19:42 +01:00
|
|
|
|
2025-02-20 11:44:50 +01:00
|
|
|
{% if applications[application_id].oidc.enabled | bool %}
|
2025-02-06 18:19:42 +01:00
|
|
|
###################################
|
|
|
|
|
# OpenID Connect settings
|
|
|
|
|
###################################
|
|
|
|
|
# @see https://github.com/mastodon/mastodon/pull/16221
|
|
|
|
|
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
|
|
|
|
|
|
2025-02-20 11:44:50 +01:00
|
|
|
OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | lower }}
|
2025-02-06 18:47:04 +01:00
|
|
|
OIDC_DISPLAY_NAME="{{primary_domain | upper}} SSO"
|
2025-02-06 18:19:42 +01:00
|
|
|
OIDC_ISSUER={{oidc.client.issuer_url}}
|
|
|
|
|
OIDC_DISCOVERY=true
|
|
|
|
|
OIDC_SCOPE="openid,profile,email"
|
|
|
|
|
OIDC_UID_FIELD=preferred_username # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
|
|
|
|
|
OIDC_CLIENT_ID={{oidc.client.id}}
|
2025-02-21 06:32:12 +01:00
|
|
|
OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
|
2025-02-06 18:19:42 +01:00
|
|
|
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
|
|
|
|
OIDC_CLIENT_SECRET={{oidc.client.secret}}
|
|
|
|
|
OMNIAUTH_ONLY=true # uncomment to only use OIDC for login / registration buttons
|
|
|
|
|
ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true
|
|
|
|
|
ONE_CLICK_SSO_LOGIN=true
|
|
|
|
|
{% endif %}
|
