kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-02-22 20:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implemented OIDC für mastodon

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-06 18:19:42 +01:00
parent 31ee369a90
commit 95f3fdb130
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/docker-mastodon/README.md
View File

@ -40,6 +40,12 @@ To ensure all required database tables and structures are in place after an upda
docker compose exec -it web bash -c "RAILS_ENV=production bin/rails db:migrate"
```
### delete cache
```bash
docker-compose exec web bundle exec rails assets:precompile
docker-compose restart
```
This command enters the web container and runs migrations in production mode, updating the database structure to match the current version of the Mastodon software. If your Mastodon web container is named differently in your `docker-compose.yml`, replace `web` with the appropriate container name.
## further information
@ -48,4 +54,5 @@ This command enters the web container and runs migrations in production mode, up
- https://www.2daygeek.com/linux-command-check-website-is-up-down-alive/
- https://vitobotta.com/2022/11/07/setting-up-a-personal-mastodon-instance/
- https://www.digitalocean.com/community/tutorials/how-to-scale-your-mastodon-server
- https://github.com/mastodon/mastodon/issues/7958

24
roles/docker-mastodon/templates/env.j2
View File

@ -1,3 +1,5 @@
# @see https://docs.joinmastodon.org/admin/config
LOCAL_DOMAIN={{domain}}
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
@ -28,3 +30,25 @@ SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{mastodon_active_record_encryption_primary_key}}
{% if oidc.enabled | bool %}
###################################
# OpenID Connect settings
###################################
# @see https://github.com/mastodon/mastodon/pull/16221
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
OIDC_ENABLED={{ oidc.enabled | string | lower }}
OIDC_DISPLAY_NAME="{{primary_domain}} SSO"
OIDC_ISSUER={{oidc.client.issuer_url}}
OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"
OIDC_UID_FIELD=preferred_username # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
OIDC_CLIENT_ID={{oidc.client.id}}
OIDC_REDIRECT_URI=https://{{domain}}
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
OIDC_CLIENT_SECRET={{oidc.client.secret}}
OMNIAUTH_ONLY=true # uncomment to only use OIDC for login / registration buttons
ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true
ONE_CLICK_SSO_LOGIN=true
{% endif %}