kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-24 11:06:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

mastodon: tighten resources, robust exec tasks, and env defaults

Browse Source 
- resources: per-service cpus/mem/pids for mastodon/streaming/sidekiq/redis/db
- compose: rename service key to "mastodon" (was: web), set service_name blocks
- tasks(01_setup): run rails db:migrate via docker exec (non-tty, login shell)
- tasks(02_administrator): healthchecks for 'mastodon', sed with absolute path,
  tootctl as user 'mastodon' (non-tty), optional re-health wait
- env.j2: add RAILS_ENV={{ ENVIRONMENT | default('production') }}
- resource.yml.j2: fix get_app_conf path (service_name default spacing)
- docs: remove outdated Installation/Administration files

Context: https://chatgpt.com/share/68d332a0-ae98-800f-b418-c0d0262eaa2e
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-24 01:52:18 +02:00
parent 426ba32c11
commit 9bf77e1e35
10 changed files with 51 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/docker-container/templates/resource.yml.j2
View File

@@ -1,4 +1,4 @@
cpus: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'cpus' ] |join('.'), False, RESOURCE_CPUS) }} cpus: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'cpus' ] |join('.'), False, RESOURCE_CPUS) }}
mem_reservation: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'mem_reservation' ] |join('.'), False, RESOURCE_MEM_RESERVATION) }} mem_reservation: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'mem_reservation' ] |join('.'), False, RESOURCE_MEM_RESERVATION) }}
mem_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'mem_limit' ] |join('.'), False, RESOURCE_MEM_LIMIT) }} mem_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'mem_limit' ] |join('.'), False, RESOURCE_MEM_LIMIT) }}
pids_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name|default(application_id | get_entity_name ), 'pids_limit' ] |join('.'), False, RESOURCE_PIDS_LIMIT) }} pids_limit: {{ applications | get_app_conf( application_id, [ 'docker', 'services', service_name | default(application_id | get_entity_name ), 'pids_limit' ] |join('.'), False, RESOURCE_PIDS_LIMIT) }}

39
roles/web-app-mastodon/Administration.md
View File

@@ -1,39 +0,0 @@
# Administration
## 🗑️ Cleanup (Remove Instance & Volumes)
```bash
cd {{ PATH_DOCKER_COMPOSE_INSTANCES }}mastodon/
docker-compose down
docker volume rm mastodon_data mastodon_database mastodon_redis
cd {{ PATH_DOCKER_COMPOSE_INSTANCES }} &&
rm -vR {{ PATH_DOCKER_COMPOSE_INSTANCES }}mastodon
```
## 🔍 Access Mastodon Terminal
```bash
docker-compose exec -it web /bin/bash
```
## 🛠️ Set File Permissions
After setting up Mastodon, apply the correct file permissions:
```bash
docker-compose exec -it -u root web chown -R 991:991 public
```
# 📦 Database Management
## 🏗️ Running Database Migrations
Ensure all required database structures are up to date:
```bash
docker compose exec -it web bash -c "RAILS_ENV=production bin/rails db:migrate"
```
# 🚀 Performance Optimization
## 🗑️ Delete Cache & Recompile Assets
```bash
docker-compose exec web bundle exec rails assets:precompile
docker-compose restart
```
This ensures your Mastodon instance is loading the latest assets after updates.

22
roles/web-app-mastodon/Installation.md
View File

@@ -1,22 +0,0 @@
# ⚙️ Configuration & Setup
## 🔧 Create Credentials
Run the following command to generate a new configuration setup:
```bash
docker pull ghcr.io/mastodon/mastodon:latest
# Secret Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
# Vapid Key Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails mastodon:webpush:generate_vapid_key
# ACTIVE_RECORD_ENCRYPTION Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bin/rails db:encryption:init
```
## 🔄 Setup with an Existing Configuration
```bash
docker-compose run --rm web bundle exec rails db:migrate
```
## 🔐 OIDC (OpenID Connect) Authentication Support
This Mastodon role now **fully supports OpenID Connect (OIDC)**, allowing seamless authentication via identity providers like **Keycloak, Auth0, Google, or other OIDC-compliant services**.

6
roles/web-app-mastodon/README.md
View File

@@ -8,12 +8,6 @@ Dive into a decentralized social experience with Mastodon, a vibrant platform th
This role deploys Mastodon using Docker, streamlining the installation and configuration of a full-featured social networking platform. Mastodon is built to support federation across multiple instances, offering robust content moderation, real-time updates, and flexible API integrations. Its advanced architecture—including separate services for the web frontend, streaming API, and background job processing—ensures high performance and scalability for large communities. This role deploys Mastodon using Docker, streamlining the installation and configuration of a full-featured social networking platform. Mastodon is built to support federation across multiple instances, offering robust content moderation, real-time updates, and flexible API integrations. Its advanced architecture—including separate services for the web frontend, streaming API, and background job processing—ensures high performance and scalability for large communities.
For detailed configuration and operational instructions, please refer to the following files in this directory:
- [Installation.md](./Installation.md)
- [Administration.md](./Administration.md)
- [Upgrade.md](./Upgrade.md)
- [User_Administration.md](./User_Administration.md)
## Features ## Features
- **Decentralized Network:** Connect with users across multiple instances in a federated social media ecosystem. - **Decentralized Network:** Connect with users across multiple instances in a federated social media ecosystem.

39
roles/web-app-mastodon/config/main.yml
View File

@@ -18,18 +18,39 @@ server:
docker: docker:
services: services:
redis: redis:
enabled: true enabled: true
cpus: "0.3"
mem_reservation: "256m"
mem_limit: "512m"
pids_limit: 256
database: database:
enabled: true enabled: true
cpus: "1.0"
mem_reservation: "2g"
mem_limit: "3g"
pids_limit: 512
mastodon: mastodon:
image: "ghcr.io/mastodon/mastodon" image: "ghcr.io/mastodon/mastodon"
version: latest version: latest
backup: backup:
no_stop_required: true no_stop_required: true
name: "mastodon" name: "mastodon"
cpus: "1.0"
mem_reservation: "1.5g"
mem_limit: "2g"
pids_limit: 512
streaming: streaming:
image: "ghcr.io/mastodon/mastodon-streaming" image: "ghcr.io/mastodon/mastodon-streaming"
version: latest version: latest
name: "mastodon-streaming" name: "mastodon-streaming"
cpus: "0.3"
mem_reservation: "256m"
mem_limit: "512m"
pids_limit: 256
sidekiq:
cpus: "0.8"
mem_reservation: "1g"
mem_limit: "1.5g"
pids_limit: 512
volumes: volumes:
data: "mastodon_data" data: "mastodon_data"

3
roles/web-app-mastodon/tasks/01_setup.yml
View File

@@ -1,7 +1,6 @@
- name: "Execute migration for '{{ application_id }}'" - name: "Execute migration for '{{ application_id }}'"
command: command:
cmd: "docker-compose run --rm web bundle exec rails db:migrate" cmd: "docker exec {{ MASTODON_CONTAINER }} bundle exec rails db:migrate"
chdir: "{{ docker_compose.directories.instance }}"
- name: "Include administrator routines for '{{ application_id }}'" - name: "Include administrator routines for '{{ application_id }}'"
include_tasks: 02_administrator.yml include_tasks: 02_administrator.yml

11
roles/web-app-mastodon/tasks/02_administrator.yml
View File

@@ -14,7 +14,7 @@
delay: 5 delay: 5
until: healthcheck.stdout == "healthy" until: healthcheck.stdout == "healthy"
loop: loop:
- web - mastodon
- streaming - streaming
- sidekiq - sidekiq
loop_control: loop_control:
@@ -23,14 +23,12 @@
- name: Remove line containing "- administrator" from config/settings.yml to allow creating administrator account - name: Remove line containing "- administrator" from config/settings.yml to allow creating administrator account
command: command:
cmd: "docker compose exec -u root web sed -i '/- administrator/d' config/settings.yml" cmd: "docker exec -u root {{ MASTODON_CONTAINER }} sed -i '/- administrator/d' config/settings.yml"
chdir: "{{ docker_compose.directories.instance }}"
when: users.administrator.username == "administrator" when: users.administrator.username == "administrator"
- name: Create admin account via tootctl - name: Create admin account via tootctl
command: command:
cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"' cmd: 'docker exec -u root {{ MASTODON_CONTAINER }} bash -c "bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"'
chdir: "{{ docker_compose.directories.instance }}"
register: tootctl_create register: tootctl_create
changed_when: tootctl_create.rc == 0 changed_when: tootctl_create.rc == 0
failed_when: > failed_when: >
@@ -41,7 +39,6 @@
- name: Approve the administrator account in Mastodon - name: Approve the administrator account in Mastodon
command: command:
cmd: docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts modify {{users.administrator.username}} --approve" cmd: docker exec -u root {{ MASTODON_CONTAINER }} bash -c "bin/tootctl accounts modify {{users.administrator.username}} --approve"
chdir: "{{ docker_compose.directories.instance }}"
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"

11
roles/web-app-mastodon/templates/docker-compose.yml.j2
View File

@@ -1,9 +1,10 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %} {% include 'roles/docker-compose/templates/base.yml.j2' %}
web: mastodon:
{% set service_name = 'mastodon' %}
{% set container_port = 3000 %} {% set container_port = 3000 %}
{% set container_healthcheck = 'health' %} {% set container_healthcheck = 'health' %}
container_name: {{ MASTODON_NAME }} container_name: {{ MASTODON_CONTAINER }}
image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}" image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}"
{% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/base.yml.j2' %}
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}" command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
@@ -16,9 +17,10 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %}
streaming: streaming:
{% set service_name = 'streaming' %}
{% set container_port = 4000 %} {% set container_port = 4000 %}
{% set container_healthcheck = 'api/v1/streaming/health' %} {% set container_healthcheck = 'api/v1/streaming/health' %}
container_name: {{ MASTODON_STREAMING_NAME }} container_name: {{ MASTODON_STREAMING_CONTAINER }}
image: "{{ MASTODON_STREAMING_IMAGE }}:{{ MASTODON_STREAMING_VERSION }}" image: "{{ MASTODON_STREAMING_IMAGE }}:{{ MASTODON_STREAMING_VERSION }}"
{% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/base.yml.j2' %}
command: node ./streaming command: node ./streaming
@@ -29,7 +31,8 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %}
sidekiq: sidekiq:
container_name: {{ MASTODON_SIDEKIQ_NAME }} {% set service_name = 'sidekiq' %}
container_name: {{ MASTODON_SIDEKIQ_CONTAINER }}
image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}" image: "{{ MASTODON_IMAGE }}:{{ MASTODON_VERSION }}"
{% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/base.yml.j2' %}
command: bundle exec sidekiq command: bundle exec sidekiq

2
roles/web-app-mastodon/templates/env.j2
View File

@@ -8,6 +8,8 @@ ALTERNATE_DOMAINS="{{ domains['web-app-mastodon'][1:] | join(',') }}"
SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode') }} SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode') }}
ALLOWED_PRIVATE_ADDRESSES="{{ MASTODON_ALLOWED_PRIVATE_ADDRESSES }}" ALLOWED_PRIVATE_ADDRESSES="{{ MASTODON_ALLOWED_PRIVATE_ADDRESSES }}"
RAILS_ENV={{ ENVIRONMENT }}
# Debug # Debug
{% if MODE_DEBUG | bool %} {% if MODE_DEBUG | bool %}
RAILS_LOG_LEVEL=debug RAILS_LOG_LEVEL=debug

6
roles/web-app-mastodon/vars/main.yml
View File

@@ -5,10 +5,10 @@ database_type: "postgres"
# Mastodon Specific # Mastodon Specific
MASTODON_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version') }}" MASTODON_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version') }}"
MASTODON_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image') }}" MASTODON_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image') }}"
MASTODON_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}" MASTODON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}"
MASTODON_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" MASTODON_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
MASTODON_STREAMING_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version') }}" MASTODON_STREAMING_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version') }}"
MASTODON_STREAMING_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image') }}" MASTODON_STREAMING_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image') }}"
MASTODON_STREAMING_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}" MASTODON_STREAMING_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name') }}"
MASTODON_SIDEKIQ_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq" MASTODON_SIDEKIQ_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name') }}_sidekiq"
MASTODON_ALLOWED_PRIVATE_ADDRESSES: "{{ networks.local['svc-db-postgres'].subnet if 'web-app-chess' in group_names else ''}}" MASTODON_ALLOWED_PRIVATE_ADDRESSES: "{{ networks.local['svc-db-postgres'].subnet if 'web-app-chess' in group_names else ''}}"