kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
roles/web-app-mastodon/templates/env.j2 Normal file
View File

@@ -0,0 +1,77 @@
# Configuration file for mastodon
# @see https://docs.joinmastodon.org/admin/config
# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
LOCAL_DOMAIN={{domains | get_domain(application_id)}}
ALTERNATE_DOMAINS="{{ domains.mastodon[1:] | join(',') }}"
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
# Credentials
# Secrets
# -------
# Make sure to use `bundle exec rails secret` to generate secrets
# -------
SECRET_KEY_BASE= {{applications.mastodon.credentials.secret_key_base}}
OTP_SECRET= {{applications.mastodon.credentials.otp_secret}}
# Web Push
# --------
# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid_private_key}}
VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid_public_key}}
# Encryption secrets
# ------------------
# Must be available (and set to same values) for all server processes
# These are private/secret values, do not share outside hosting environment
# Use `bin/rails db:encryption:init` to generate fresh secrets
# Do NOT change these secrets once in use, as this would cause data loss and other issues
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption_deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption_primary_key}}
DB_HOST={{ database_host }}
DB_PORT={{ database_port }}
DB_NAME={{ database_name }}
DB_USER={{ database_username }}
DB_PASS={{ database_password }}
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
SMTP_SERVER={{system_email.host}}
SMTP_PORT={{system_email.port}}
SMTP_LOGIN={{ users['no-reply'].email }}
SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS=auto
SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}>
{% if applications | is_feature_enabled('oidc',application_id) %}
###################################
# OpenID Connect settings
###################################
# @see https://github.com/mastodon/mastodon/pull/16221
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | lower }}
OIDC_DISPLAY_NAME="{{oidc.button_text}}"
OIDC_ISSUER={{oidc.client.issuer_url}}
OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"
# @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
OIDC_UID_FIELD={{oidc.attributes.username}}
OIDC_CLIENT_ID={{oidc.client.id}}
OIDC_REDIRECT_URI=https://{{domains | get_domain(application_id)}}/auth/auth/openid_connect/callback
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
OIDC_CLIENT_SECRET={{oidc.client.secret}}
# uncomment to only use OIDC for login / registration buttons
OMNIAUTH_ONLY=true
ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true
ONE_CLICK_SSO_LOGIN=true
{% endif %}