diff --git a/roles/docker-container/templates/resource.yml.j2 b/roles/docker-container/templates/resource.yml.j2 index e6b63a8f..40acdc9d 100644 --- a/roles/docker-container/templates/resource.yml.j2 +++ b/roles/docker-container/templates/resource.yml.j2 @@ -1,4 +1,4 @@ -cpus: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'cpus' ] |join('.'), False, RESOURCE_CPUS) }} -mem_reservation: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'mem_reservation' ] |join('.'), False, RESOURCE_MEM_RESERVATION) }} -mem_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'mem_limit' ] |join('.'), False, RESOURCE_MEM_LIMIT) }} -pids_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'pids_limit' ] |join('.'), False, RESOURCE_PIDS_LIMIT) }} \ No newline at end of file +cpus: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'cpus' ] |join('.'), False, RESOURCE_CPUS) }} +mem_reservation: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'mem_reservation' ] |join('.'), False, RESOURCE_MEM_RESERVATION) }} +mem_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'mem_limit' ] |join('.'), False, RESOURCE_MEM_LIMIT) }} +pids_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'pids_limit' ] |join('.'), False, RESOURCE_PIDS_LIMIT) }} \ No newline at end of file diff --git a/roles/web-app-mastodon/Administration.md b/roles/web-app-mastodon/Administration.md deleted file mode 100644 index 902c475e..00000000 --- a/roles/web-app-mastodon/Administration.md +++ /dev/null @@ -1,39 +0,0 @@ -# Administration - -## 🗑️ Cleanup (Remove Instance & Volumes) -```bash -cd {{ PATH_DOCKER_COMPOSE_INSTANCES }}mastodon/ -docker-compose down -docker volume rm mastodon_data mastodon_database mastodon_redis -cd {{ PATH_DOCKER_COMPOSE_INSTANCES }} && -rm -vR {{ PATH_DOCKER_COMPOSE_INSTANCES }}mastodon -``` - -## 🔍 Access Mastodon Terminal -```bash -docker-compose exec -it web /bin/bash -``` - -## 🛠️ Set File Permissions -After setting up Mastodon, apply the correct file permissions: -```bash -docker-compose exec -it -u root web chown -R 991:991 public -``` - -# 📦 Database Management - -## 🏗️ Running Database Migrations -Ensure all required database structures are up to date: -```bash -docker compose exec -it web bash -c "RAILS_ENV=production bin/rails db:migrate" -``` - -# 🚀 Performance Optimization - -## 🗑️ Delete Cache & Recompile Assets -```bash -docker-compose exec web bundle exec rails assets:precompile -docker-compose restart -``` - -This ensures your Mastodon instance is loading the latest assets after updates. diff --git a/roles/web-app-mastodon/Installation.md b/roles/web-app-mastodon/Installation.md deleted file mode 100644 index 1a7fd9da..00000000 --- a/roles/web-app-mastodon/Installation.md +++ /dev/null @@ -1,22 +0,0 @@ -# ⚙️ Configuration & Setup - -## 🔧 Create Credentials -Run the following command to generate a new configuration setup: -```bash - docker pull ghcr.io/mastodon/mastodon:latest - # Secret Generation - docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret - docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret - # Vapid Key Generation - docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails mastodon:webpush:generate_vapid_key - # ACTIVE_RECORD_ENCRYPTION Generation - docker run --rm ghcr.io/mastodon/mastodon:latest bin/rails db:encryption:init -``` - -## 🔄 Setup with an Existing Configuration -```bash -docker-compose run --rm web bundle exec rails db:migrate -``` - -## 🔐 OIDC (OpenID Connect) Authentication Support -This Mastodon role now **fully supports OpenID Connect (OIDC)**, allowing seamless authentication via identity providers like **Keycloak, Auth0, Google, or other OIDC-compliant services**. \ No newline at end of file diff --git a/roles/web-app-mastodon/README.md b/roles/web-app-mastodon/README.md index eb5b271a..89a9c3eb 100644 --- a/roles/web-app-mastodon/README.md +++ b/roles/web-app-mastodon/README.md @@ -8,12 +8,6 @@ Dive into a decentralized social experience with Mastodon, a vibrant platform th This role deploys Mastodon using Docker, streamlining the installation and configuration of a full-featured social networking platform. Mastodon is built to support federation across multiple instances, offering robust content moderation, real-time updates, and flexible API integrations. Its advanced architecture—including separate services for the web frontend, streaming API, and background job processing—ensures high performance and scalability for large communities. -For detailed configuration and operational instructions, please refer to the following files in this directory: -- [Installation.md](./Installation.md) -- [Administration.md](./Administration.md) -- [Upgrade.md](./Upgrade.md) -- [User_Administration.md](./User_Administration.md) - ## Features - **Decentralized Network:** Connect with users across multiple instances in a federated social media ecosystem. diff --git a/roles/web-app-mastodon/config/main.yml b/roles/web-app-mastodon/config/main.yml index 88303ad8..ecddabfb 100644 --- a/roles/web-app-mastodon/config/main.yml +++ b/roles/web-app-mastodon/config/main.yml @@ -18,18 +18,39 @@ server: docker: services: redis: - enabled: true + enabled: true + cpus: "0.3" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 database: - enabled: true + enabled: true + cpus: "1.0" + mem_reservation: "2g" + mem_limit: "3g" + pids_limit: 512 mastodon: - image: "ghcr.io/mastodon/mastodon" - version: latest + image: "ghcr.io/mastodon/mastodon" + version: latest backup: no_stop_required: true - name: "mastodon" + name: "mastodon" + cpus: "1.0" + mem_reservation: "1.5g" + mem_limit: "2g" + pids_limit: 512 streaming: - image: "ghcr.io/mastodon/mastodon-streaming" - version: latest - name: "mastodon-streaming" + image: "ghcr.io/mastodon/mastodon-streaming" + version: latest + name: "mastodon-streaming" + cpus: "0.3" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + sidekiq: + cpus: "0.8" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 volumes: - data: "mastodon_data" + data: "mastodon_data" diff --git a/roles/web-app-mastodon/tasks/01_setup.yml b/roles/web-app-mastodon/tasks/01_setup.yml index ec2c0f94..7c0d66f1 100644 --- a/roles/web-app-mastodon/tasks/01_setup.yml +++ b/roles/web-app-mastodon/tasks/01_setup.yml @@ -1,7 +1,6 @@ - name: "Execute migration for '{{ application_id }}'" command: - cmd: "docker-compose run --rm web bundle exec rails db:migrate" - chdir: "{{ docker_compose.directories.instance }}" + cmd: "docker exec {{ MASTODON_CONTAINER }} bundle exec rails db:migrate" - name: "Include administrator routines for '{{ application_id }}'" include_tasks: 02_administrator.yml \ No newline at end of file diff --git a/roles/web-app-mastodon/tasks/02_administrator.yml b/roles/web-app-mastodon/tasks/02_administrator.yml index e7f8739e..ccf76269 100644 --- a/roles/web-app-mastodon/tasks/02_administrator.yml +++ b/roles/web-app-mastodon/tasks/02_administrator.yml @@ -14,7 +14,7 @@ delay: 5 until: healthcheck.stdout == "healthy" loop: - - web + - mastodon - streaming - sidekiq loop_control: @@ -23,14 +23,12 @@ - name: Remove line containing "- administrator" from config/settings.yml to allow creating administrator account command: - cmd: "docker compose exec -u root web sed -i '/- administrator/d' config/settings.yml" - chdir: "{{ docker_compose.directories.instance }}" + cmd: "docker exec -u root {{ MASTODON_CONTAINER }} sed -i '/- administrator/d' config/settings.yml" when: users.administrator.username == "administrator" - name: Create admin account via tootctl command: - cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"' - chdir: "{{ docker_compose.directories.instance }}" + cmd: 'docker exec -u root {{ MASTODON_CONTAINER }} bash -c "bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"' register: tootctl_create changed_when: tootctl_create.rc == 0 failed_when: > @@ -41,7 +39,6 @@ - name: Approve the administrator account in Mastodon command: - cmd: docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts modify {{users.administrator.username}} --approve" - chdir: "{{ docker_compose.directories.instance }}" + cmd: docker exec -u root {{ MASTODON_CONTAINER }} bash -c "bin/tootctl accounts modify {{users.administrator.username}} --approve" async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" \ No newline at end of file diff --git a/roles/web-app-mastodon/templates/docker-compose.yml.j2 b/roles/web-app-mastodon/templates/docker-compose.yml.j2 index 2369765c..8ea62da1 100644 --- a/roles/web-app-mastodon/templates/docker-compose.yml.j2 +++ b/roles/web-app-mastodon/templates/docker-compose.yml.j2 @@ -1,9 +1,10 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - web: + mastodon: +{% set service_name = 'mastodon' %} {% set container_port = 3000 %} {% set container_healthcheck = 'health' %} - container_name: {{ MASTODON_NAME }} + container_name: {{ MASTODON_CONTAINER }} image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}" {% include 'roles/docker-container/templates/base.yml.j2' %} command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}" @@ -16,9 +17,10 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} streaming: +{% set service_name = 'streaming' %} {% set container_port = 4000 %} {% set container_healthcheck = 'api/v1/streaming/health' %} - container_name: {{ MASTODON_STREAMING_NAME }} + container_name: {{ MASTODON_STREAMING_CONTAINER }} image: "{{ MASTODON_STREAMING_IMAGE }}:{{ MASTODON_STREAMING_VERSION }}" {% include 'roles/docker-container/templates/base.yml.j2' %} command: node ./streaming @@ -29,7 +31,8 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} sidekiq: - container_name: {{ MASTODON_SIDEKIQ_NAME }} +{% set service_name = 'sidekiq' %} + container_name: {{ MASTODON_SIDEKIQ_CONTAINER }} image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}" {% include 'roles/docker-container/templates/base.yml.j2' %} command: bundle exec sidekiq diff --git a/roles/web-app-mastodon/templates/env.j2 b/roles/web-app-mastodon/templates/env.j2 index 71418471..a3b5f907 100644 --- a/roles/web-app-mastodon/templates/env.j2 +++ b/roles/web-app-mastodon/templates/env.j2 @@ -8,6 +8,8 @@ ALTERNATE_DOMAINS="{{ domains['web-app-mastodon'][1:] | join(',') }}" SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode') }} ALLOWED_PRIVATE_ADDRESSES="{{ MASTODON_ALLOWED_PRIVATE_ADDRESSES }}" +RAILS_ENV={{ ENVIRONMENT }} + # Debug {% if MODE_DEBUG | bool %} RAILS_LOG_LEVEL=debug diff --git a/roles/web-app-mastodon/vars/main.yml b/roles/web-app-mastodon/vars/main.yml index 754250f1..f33ebe2b 100644 --- a/roles/web-app-mastodon/vars/main.yml +++ b/roles/web-app-mastodon/vars/main.yml @@ -5,10 +5,10 @@ database_type: "postgres" # Mastodon Specific MASTODON_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version') }}" MASTODON_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image') }}" -MASTODON_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}" +MASTODON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}" MASTODON_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" MASTODON_STREAMING_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version') }}" MASTODON_STREAMING_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image') }}" -MASTODON_STREAMING_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}" -MASTODON_SIDEKIQ_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq" +MASTODON_STREAMING_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}" +MASTODON_SIDEKIQ_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq" MASTODON_ALLOWED_PRIVATE_ADDRESSES: "{{ networks.local['svc-db-postgres'].subnet if 'web-app-chess' in group_names else ''}}" \ No newline at end of file