feat: very basic but functional mastodon packaging

2021-05-08 21:41:57 +01:00 · 2021-05-08 21:41:57 +01:00 · 8f88c180d9
parent f98bf5489e
commit 8f88c180d9
2 changed files with 208 additions and 14 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,6 +1,84 @@
 TYPE=mastodon

-DOMAIN=mastodon.example.com
+DOMAIN=mastodon.swarm-test.autonomic.zone
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.mastodon.example.com`'
 LETS_ENCRYPT_ENV=production
+
+# Please look at https://docs.joinmastodon.org/admin/config/ for the full documentation.
+
+# Federation
+# This identifies your server and cannot be changed safely later
+LOCAL_DOMAIN=$DOMAIN
+
+# Use this only if you need to run mastodon on a different domain than the one used for federation.
+# You can read more about this option on https://docs.joinmastodon.org/admin/config/#web-domain
+# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
+#WEB_DOMAIN=
+
+# Use this if you want to have several aliases handler@example1.com
+# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
+# be added. Comma separated values
+#ALTERNATE_DOMAINS=$EXTRA_DOMAINS
+
+# https://docs.joinmastodon.org/admin/config/#authorized_fetch
+AUTHORIZED_FETCH=false
+
+# https://docs.joinmastodon.org/admin/config/#limited_federation_mode
+LIMITED_FEDERATION_MODE=false
+
+# Deployment
+RAILS_ENV=production
+RAILS_SERVE_STATIC_FILES=true # might need this for traefik, need to test
+#TRUSTED_PROXY_IP=
+
+# PostgreSQL
+# ----------
+DB_HOST=db
+DB_USER=mastodon
+DB_NAME=mastodon_production
+DB_PASS=
+DB_PORT=5432
+
+REDIS_HOST=redis
+REDIS_PORT=6379
+
+# ElasticSearch (optional)
+# ------------------------
+ES_ENABLED=false
+# ES_HOST=localhost
+# ES_PORT=9200
+
+# Secrets
+SECRET_KEY_BASE=
+OTP_SECRET=
+
+# Web Push
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=
+
+# Limits
+SINGLE_USER_MODE=false
+# EMAIL_DOMAIN_ALLOWLIST=
+# EMAIL_DOMAIN_DENYLIST=
+DEFAULT_LOCALE=en
+# MAX_SESSION_ACTIVATIONS=
+# USER_ACTIVE_DAYS=
+
+# Sending mail
+# ------------
+# SMTP_SERVER=smtp.mailgun.org
+# SMTP_PORT=587
+# SMTP_LOGIN=
+# SMTP_PASSWORD=
+# SMTP_FROM_ADDRESS=notificatons@example.com
+
+# File storage (optional)
+# -----------------------
+# CDN_HOST=
+
+S3_ENABLED=false
+# S3_BUCKET=files.example.com
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_ALIAS_HOST=files.example.com
--- a/compose.yml
+++ b/compose.yml
@ -2,30 +2,146 @@
 version: "3.8"

 services:
-  app:
-    image: nginx:1.19.2
-    networks:
+
+  db:
+    image: postgres:9.6-alpine
+    networks: &internalNetwork
+      - internal_network
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "postgres"]
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    environment: 
+      - POSTGRES_PASSWORD=${DB_PASS}
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_DB=${DB_NAME}
+
+  redis:
+    image: redis:6.0-alpine
+    networks: *internalNetwork
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+    volumes:
+      - redis:/data
+
+#  es:
+#    restart: always
+#    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10
+#    environment:
+#      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+#      - "cluster.name=es-mastodon"
+#      - "discovery.type=single-node"
+#      - "bootstrap.memory_lock=true"
+#    networks:
+#      - internal_network
+#    healthcheck:
+#      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
+#    volumes:
+#      - ./elasticsearch:/usr/share/elasticsearch/data
+#    ulimits:
+#      memlock:
+#        soft: -1
+#        hard: -1
+
+  web:
+    image: &image tootsuite/mastodon:v3.3.0
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
+    networks: &bothNetworks
      - proxy
+      - internal_network
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}_web.loadbalancer.server.port=3000"
+        - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+    depends_on:
+      - db
+      - redis
+#      - es
+    volumes: &appVolume
+      - app:/mastodon/public/system
+    # secrets: &secrets
+    #   - secret_key_base
+    #   - otp_secret
+    environment: &env
+      - DB_HOST
+      - DB_USER
+      - DB_NAME
+      - DB_PASS
+      - DB_PORT
+      - REDIS_HOST
+      - REDIS_PORT
+      - VAPID_PRIVATE_KEY
+      - VAPID_PUBLIC_KEY
+      - OTP_SECRET
+      - SECRET_KEY_BASE
+      - LOCAL_DOMAIN

+  streaming:
+    image: *image
+    command: node ./streaming
+    networks: *bothNetworks
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}_streaming.loadbalancer.server.port=4000"
+        - "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
+        - "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
+        ## Redirect from EXTRA_DOMAINS to DOMAIN
+        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+    depends_on:
+      - db
+      - redis
+    environment: *env
+    volumes: *appVolume # used to make sure this volume is created
+    
+  sidekiq:
+    image: *image
+    command: bundle exec sidekiq
+    deploy:
+      restart_policy:
+        condition: on-failure
+    depends_on:
+      - db
+      - redis
+    networks: *bothNetworks
+    volumes: *appVolume
+    environment: *env
+    
+# secrets:
+#   secret_key_base:
+#     name: ${STACK_NAME}_secret_key_base_${SECRET_DB_PASSWORD_VERSION}
+#     external: true
+#   otp_secret:
+#     name: ${STACK_NAME}_otp_secret_${SECRET_DB_ROOT_PASSWORD_VERSION}
+#     external: true
+volumes:
+  app:
+  redis:
+  postgres:
 networks:
  proxy:
    external: true
+  internal_network:
+    internal: true