computer-playbook/roles/docker-mastodon/templates/env.j2

# @see https://docs.joinmastodon.org/admin/config

LOCAL_DOMAIN={{domain}}
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
SECRET_KEY_BASE={{mastodon_secret_key_base}}
OTP_SECRET={{mastodon_otp_secret}}
VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}}
VAPID_PUBLIC_KEY={{mastodon_vapid_public_key}}

DB_HOST={{database_host}}
DB_PORT={{database_port}}
DB_NAME={{database_name}}
DB_USER={{database_username}}
DB_PASS={{database_password}}

REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=

SMTP_SERVER={{system_email.host}}
SMTP_PORT={{system_email.port}}
SMTP_LOGIN={{system_email.username}}
SMTP_PASSWORD={{system_email.password}}
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS=auto
SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>

ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{mastodon_active_record_encryption_primary_key}}

{% if oidc.enabled | bool %}
################################### 
# OpenID Connect settings
###################################
# @see https://github.com/mastodon/mastodon/pull/16221
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso

OIDC_ENABLED={{ oidc.enabled | string | lower }}
OIDC_DISPLAY_NAME="{{primary_domain}} SSO"
OIDC_ISSUER={{oidc.client.issuer_url}}
OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"
OIDC_UID_FIELD=preferred_username                       # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
OIDC_CLIENT_ID={{oidc.client.id}}
OIDC_REDIRECT_URI=https://{{domain}}
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
OIDC_CLIENT_SECRET={{oidc.client.secret}}
OMNIAUTH_ONLY=true                                      # uncomment to only use OIDC for login / registration buttons
ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true
ONE_CLICK_SSO_LOGIN=true
{% endif %}
Implemented OIDC für mastodon 2025-02-06 18:19:42 +01:00			`# @see https://docs.joinmastodon.org/admin/config`

added mastodon docker draft 2022-11-15 11:56:48 +01:00			`LOCAL_DOMAIN={{domain}}`
Implemented draft for wildcard certificate 2025-01-29 15:52:40 +01:00			`ALTERNATE_DOMAINS="{{ domains.mastodon_alternates \| join(',') }}"`
Refactored application variables 2025-02-03 11:44:13 +01:00			`SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}`
implemented mastodon 2022-11-15 21:43:05 +01:00			`SECRET_KEY_BASE={{mastodon_secret_key_base}}`
			`OTP_SECRET={{mastodon_otp_secret}}`
			`VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}}`
			`VAPID_PUBLIC_KEY={{mastodon_vapid_public_key}}`
Implemented central database for matrix and mastodon 2024-01-04 20:57:02 +01:00
Changed roles to new docker backup procedure 2023-12-26 03:13:16 +01:00			`DB_HOST={{database_host}}`
Added funkwhale draft and set variablesfor db ports 2025-01-28 16:54:39 +01:00			`DB_PORT={{database_port}}`
Renamed databasename 2024-01-06 14:32:49 +01:00			`DB_NAME={{database_name}}`
Changed roles to new docker backup procedure 2023-12-26 03:13:16 +01:00			`DB_USER={{database_username}}`
			`DB_PASS={{database_password}}`
Implemented vars, tasks and templates for central database setup until mastodon role 2024-01-02 21:13:34 +01:00
implemented mastodon 2022-11-15 21:43:05 +01:00			`REDIS_HOST=redis`
			`REDIS_PORT=6379`
			`REDIS_PASSWORD=`
Implemented vars, tasks and templates for central database setup until mastodon role 2024-01-02 21:13:34 +01:00
Big code and variable refactoring 2025-01-29 14:20:34 +01:00			`SMTP_SERVER={{system_email.host}}`
Continued snipe-it implementation 2025-02-05 11:44:11 +01:00			`SMTP_PORT={{system_email.port}}`
Big code and variable refactoring 2025-01-29 14:20:34 +01:00			`SMTP_LOGIN={{system_email.username}}`
			`SMTP_PASSWORD={{system_email.password}}`
implemented mastodon 2022-11-15 21:43:05 +01:00			`SMTP_AUTH_METHOD=plain`
			`SMTP_OPENSSL_VERIFY_MODE=none`
			`SMTP_ENABLE_STARTTLS=auto`
Big code and variable refactoring 2025-01-29 14:20:34 +01:00			`SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>`
Updated mastodon configuration 2024-11-07 19:26:15 -03:00
			`ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}}`
			`ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}}`
Implemented OIDC für mastodon 2025-02-06 18:19:42 +01:00			`ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{mastodon_active_record_encryption_primary_key}}`

			`{% if oidc.enabled \| bool %}`
			`###################################`
			`# OpenID Connect settings`
			`###################################`
			`# @see https://github.com/mastodon/mastodon/pull/16221`
			`# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso`

			`OIDC_ENABLED={{ oidc.enabled \| string \| lower }}`
			`OIDC_DISPLAY_NAME="{{primary_domain}} SSO"`
			`OIDC_ISSUER={{oidc.client.issuer_url}}`
			`OIDC_DISCOVERY=true`
			`OIDC_SCOPE="openid,profile,email"`
			`OIDC_UID_FIELD=preferred_username # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak`
			`OIDC_CLIENT_ID={{oidc.client.id}}`
			`OIDC_REDIRECT_URI=https://{{domain}}`
			`OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true`
			`OIDC_CLIENT_SECRET={{oidc.client.secret}}`
			`OMNIAUTH_ONLY=true # uncomment to only use OIDC for login / registration buttons`
			`ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`
			`ONE_CLICK_SSO_LOGIN=true`
			`{% endif %}`