thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1108 Commits
1 Branch
Tree: 08462f5d86
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '08462f5d86'
${ noResults }
sovereign/roles/mastodon/templates/home_mastodon_mastodon_env.j2

home_mastodon_mastodon_env.j2 8.2KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 
  1. REDIS_HOST=localhost

  2. REDIS_PORT=6379

  3. 

  4. DB_HOST=localhost

  5. DB_USER={{ mastodon_db_username }}

  6. DB_NAME={{ mastodon_db_database }}

  7. DB_PASS={{ mastodon_db_password }}

  8. DB_PORT=5432

  9. 

  10. # Federation

  11. # Note: Changing LOCAL_DOMAIN at a later time will cause unwanted side effects, including breaking all existing federation.

  12. # LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.

  13. LOCAL_DOMAIN={{ domain }}

  14. 

  15. # Use this only if you need to run mastodon on a different domain than the one used for federation.

  16. # You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md

  17. # DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.

  18. WEB_DOMAIN={{ mastodon_domain }}

  19. 

  20. # Use this if you want to have several aliases handler@example1.com

  21. # handler@example2.com etc. for the same user. LOCAL_DOMAIN should not

  22. # be added. Comma separated values

  23. ALTERNATE_DOMAINS={{ virtual_domains | json_query('[?name != `' + domain + '`].name') | join(',') }}

  24. 

  25. # Application secrets

  26. # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)

  27. SECRET_KEY_BASE={{ mastodon_secret_key_base }}

  28. OTP_SECRET={{ mastodon_otp_secret }}

  29. 

  30. # VAPID keys (used for push notifications)

  31. # You can generate the keys using the following command (first is the private key, second is the public one)

  32. # You should only generate this once per instance. If you later decide to change it, all push subscription will

  33. # be invalidated, requiring the users to access the website again to resubscribe.

  34. #

  35. # Generate with `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web rake mastodon:webpush:generate_vapid_key` if you use docker compose)

  36. #

  37. # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html

  38. #VAPID_PRIVATE_KEY=

  39. #VAPID_PUBLIC_KEY=

  40. # These values have been generated and appended to the end of this file by ansible!

  41. 

  42. # Registrations

  43. # Single user mode will disable registrations and redirect frontpage to the first profile

  44. # SINGLE_USER_MODE=true

  45. # Prevent registrations with following e-mail domains

  46. # EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc

  47. # Only allow registrations with the following e-mail domains

  48. EMAIL_DOMAIN_WHITELIST={{ virtual_domains | json_query('[*].name') | join('|') }}

  49. 

  50. # Optionally change default language

  51. # DEFAULT_LOCALE=de

  52. 

  53. # E-mail configuration

  54. # Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers

  55. # If you want to use an SMTP server without authentication (e.g local Postfix relay)

  56. # then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and

  57. # *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).

  58. SMTP_SERVER=localhost

  59. SMTP_PORT=25

  60. #SMTP_LOGIN=

  61. #SMTP_PASSWORD=

  62. SMTP_FROM_ADDRESS=mastodon@{{ domain }}

  63. #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN

  64. #SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail

  65. SMTP_AUTH_METHOD=none

  66. #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt

  67. SMTP_OPENSSL_VERIFY_MODE=none

  68. #SMTP_ENABLE_STARTTLS_AUTO=true

  69. #SMTP_TLS=true

  70. 

  71. # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.

  72. PAPERCLIP_ROOT_PATH=/data/mastodon/public-system

  73. PAPERCLIP_ROOT_URL=/system

  74. 

  75. # Optional asset host for multi-server setups

  76. # The asset host must allow cross origin request from WEB_DOMAIN or LOCAL_DOMAIN

  77. # if WEB_DOMAIN is not set. For example, the server may have the

  78. # following header field:

  79. # Access-Control-Allow-Origin: https://example.com/

  80. # CDN_HOST=https://assets.example.com

  81. 

  82. # S3 (optional)

  83. # The attachment host must allow cross origin request from WEB_DOMAIN or

  84. # LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the

  85. # following header field:

  86. # Access-Control-Allow-Origin: https://192.168.1.123:9000/

  87. # S3_ENABLED=true

  88. # S3_BUCKET=

  89. # AWS_ACCESS_KEY_ID=

  90. # AWS_SECRET_ACCESS_KEY=

  91. # S3_REGION=

  92. # S3_PROTOCOL=http

  93. # S3_HOSTNAME=192.168.1.123:9000

  94. 

  95. # S3 (Minio Config (optional) Please check Minio instance for details)

  96. # The attachment host must allow cross origin request - see the description

  97. # above.

  98. # S3_ENABLED=true

  99. # S3_BUCKET=

  100. # AWS_ACCESS_KEY_ID=

  101. # AWS_SECRET_ACCESS_KEY=

  102. # S3_REGION=

  103. # S3_PROTOCOL=https

  104. # S3_HOSTNAME=

  105. # S3_ENDPOINT=

  106. # S3_SIGNATURE_VERSION=

  107. 

  108. # Swift (optional)

  109. # The attachment host must allow cross origin request - see the description

  110. # above.

  111. # SWIFT_ENABLED=true

  112. # SWIFT_USERNAME=

  113. # For Keystone V3, the value for SWIFT_TENANT should be the project name

  114. # SWIFT_TENANT=

  115. # SWIFT_PASSWORD=

  116. # Some OpenStack V3 providers require PROJECT_ID (optional)

  117. # SWIFT_PROJECT_ID=

  118. # Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid

  119. # issues with token rate-limiting during high load.

  120. # SWIFT_AUTH_URL=

  121. # SWIFT_CONTAINER=

  122. # SWIFT_OBJECT_URL=

  123. # SWIFT_REGION=

  124. # Defaults to 'default'

  125. # SWIFT_DOMAIN_NAME=

  126. # Defaults to 60 seconds. Set to 0 to disable

  127. # SWIFT_CACHE_TTL=

  128. 

  129. # Optional alias for S3 (e.g. to serve files on a custom domain, possibly using Cloudfront or Cloudflare)

  130. # S3_ALIAS_HOST=

  131. 

  132. # Streaming API integration

  133. # STREAMING_API_BASE_URL=

  134. 

  135. # Advanced settings

  136. # If you need to use pgBouncer, you need to disable prepared statements:

  137. # PREPARED_STATEMENTS=false

  138. 

  139. # Cluster number setting for streaming API server.

  140. # If you comment out following line, cluster number will be `numOfCpuCores - 1`.

  141. STREAMING_CLUSTER_NUM=1

  142. 

  143. # Docker mastodon user

  144. # If you use Docker, you may want to assign UID/GID manually.

  145. # UID=1000

  146. # GID=1000

  147. 

  148. # LDAP authentication (optional)

  149. # LDAP_ENABLED=true

  150. # LDAP_HOST=localhost

  151. # LDAP_PORT=389

  152. # LDAP_METHOD=simple_tls

  153. # LDAP_BASE=

  154. # LDAP_BIND_DN=

  155. # LDAP_PASSWORD=

  156. # LDAP_UID=cn

  157. # LDAP_SEARCH_FILTER="%{uid}=%{email}"

  158. 

  159. # PAM authentication (optional)

  160. # PAM authentication uses for the email generation the "email" pam variable

  161. # and optional as fallback PAM_DEFAULT_SUFFIX

  162. # The pam environment variable "email" is provided by:

  163. # https://github.com/devkral/pam_email_extractor

  164. # PAM_ENABLED=true

  165. # Fallback email domain for email address generation (LOCAL_DOMAIN by default)

  166. # PAM_EMAIL_DOMAIN=example.com

  167. # Name of the pam service (pam "auth" section is evaluated)

  168. # PAM_DEFAULT_SERVICE=rpam

  169. # Name of the pam service used for checking if an user can register (pam "account" section is evaluated) (nil (disabled) by default)

  170. # PAM_CONTROLLED_SERVICE=rpam

  171. 

  172. # Global OAuth settings (optional) :

  173. # If you have only one strategy, you may want to enable this

  174. # OAUTH_REDIRECT_AT_SIGN_IN=true

  175. 

  176. # Optional CAS authentication (cf. omniauth-cas) :

  177. # CAS_ENABLED=true

  178. # CAS_URL=https://sso.myserver.com/

  179. # CAS_HOST=sso.myserver.com/

  180. # CAS_PORT=443

  181. # CAS_SSL=true

  182. # CAS_VALIDATE_URL=

  183. # CAS_CALLBACK_URL=

  184. # CAS_LOGOUT_URL=

  185. # CAS_LOGIN_URL=

  186. # CAS_UID_FIELD='user'

  187. # CAS_CA_PATH=

  188. # CAS_DISABLE_SSL_VERIFICATION=false

  189. # CAS_UID_KEY='user'

  190. # CAS_NAME_KEY='name'

  191. # CAS_EMAIL_KEY='email'

  192. # CAS_NICKNAME_KEY='nickname'

  193. # CAS_FIRST_NAME_KEY='firstname'

  194. # CAS_LAST_NAME_KEY='lastname'

  195. # CAS_LOCATION_KEY='location'

  196. # CAS_IMAGE_KEY='image'

  197. # CAS_PHONE_KEY='phone'

  198. 

  199. # Optional SAML authentication (cf. omniauth-saml)

  200. # SAML_ENABLED=true

  201. # SAML_ACS_URL=

  202. # SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback

  203. # SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO

  204. # SAML_IDP_CERT=

  205. # SAML_IDP_CERT_FINGERPRINT=

  206. # SAML_NAME_IDENTIFIER_FORMAT=

  207. # SAML_CERT=

  208. # SAML_PRIVATE_KEY=

  209. # SAML_SECURITY_WANT_ASSERTION_SIGNED=true

  210. # SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=true

  211. # SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true

  212. # SAML_ATTRIBUTES_STATEMENTS_UID="urn:oid:0.9.2342.19200300.100.1.1"

  213. # SAML_ATTRIBUTES_STATEMENTS_EMAIL="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"

  214. # SAML_ATTRIBUTES_STATEMENTS_FULL_NAME="urn:oid:2.16.840.1.113730.3.1.241"

  215. # SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME="urn:oid:2.5.4.42"

  216. # SAML_ATTRIBUTES_STATEMENTS_LAST_NAME="urn:oid:2.5.4.4"

  217. # SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"

  218. # SAML_ATTRIBUTES_STATEMENTS_VERIFIED=

  219. # SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=

  220. 

  221. # Use HTTP proxy for outgoing request (optional)

  222. # http_proxy=http://gateway.local:8118

  223. # Access control for hidden service.

  224. # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true

  225. 

  226. 

  227. # VAPID keys (used for push notifications)

  228. # (added automatically by ansible)