In between commit mastodon optimation and cleanup

2025-08-29 15:06:26 +02:00 · 2025-02-19 22:57:26 +01:00
parent 7d24e1d414
commit 5829edf23c
5 changed files with 103 additions and 70 deletions
--- a/roles/docker-mastodon/README.md
+++ b/roles/docker-mastodon/README.md
@@ -7,10 +7,11 @@ This README and some parts of the code were created with the assistance of ChatG

 ## ⚙️ Configuration & Setup

-### 🔧 Create Configuration
+### 🔧 Create Credentials
 Run the following command to generate a new configuration setup:
 ```bash
-    docker-compose run --rm web bundle exec rake mastodon:setup
+    docker pull ghcr.io/mastodon/mastodon:latest
+    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
 ```

 ### 🔄 Setup with an Existing Configuration
--- a/roles/docker-mastodon/templates/env.j2
+++ b/roles/docker-mastodon/templates/env.j2
@@ -1,12 +1,37 @@
+# Configuration file for mastodon
 # @see https://docs.joinmastodon.org/admin/config
+# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
+

 LOCAL_DOMAIN={{domain}}
 ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
 SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
-SECRET_KEY_BASE={{mastodon_secret_key_base}}
-OTP_SECRET={{mastodon_otp_secret}}
-VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}}
-VAPID_PUBLIC_KEY={{mastodon_vapid_public_key}}
+
+# Credentials
+
+# Secrets
+# -------
+# Make sure to use `bundle exec rails secret` to generate secrets
+# -------
+SECRET_KEY_BASE=    {{mastodon.credentials.secret_key_base}}
+OTP_SECRET=         {{mastodon.credentials.otp_secret}}
+
+# Web Push
+# --------
+# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
+# --------
+VAPID_PRIVATE_KEY=  {{mastodon.credentials.vapid.private_key}}
+VAPID_PUBLIC_KEY=   {{mastodon.credentials.vapid.public_key}}
+
+# Encryption secrets
+# ------------------
+# Must be available (and set to same values) for all server processes
+# These are private/secret values, do not share outside hosting environment
+# Use `bin/rails db:encryption:init` to generate fresh secrets
+# Do NOT change these secrets once in use, as this would cause data loss and other issues
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{mastodon.credentials.active_record_encryption.deterministic_key}}
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{mastodon.credentials.active_record_encryption.key_derivation_salt}}
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{mastodon.credentials.active_record_encryption.primary_key}}

 DB_HOST={{database_host}}
 DB_PORT={{database_port}}
@@ -27,10 +52,6 @@ SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_ENABLE_STARTTLS=auto
 SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>

-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}}
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}}
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{mastodon_active_record_encryption_primary_key}}
-
 {% if oidc.enabled | bool %}
 ################################### 
 # OpenID Connect settings
--- a/roles/docker-mastodon/vars/main.yml
+++ b/roles/docker-mastodon/vars/main.yml
@@ -1,3 +1,3 @@
 application_id:  	  "mastodon"
-database_password:  "{{mastodon_database_password}}"
+database_password:  "{{mastodon.credentials.database_password}}"
 database_type:      "postgres"