Add configuration for GoToSocial
This adds a basic GoToSocial setup with a default configured administrator, to be used as a small environment for trusted users.
This commit is contained in:
parent
d452ccec1b
commit
1b71debe96
|
@ -25,6 +25,7 @@ ignition:
|
|||
- local: service/grafana/spec.ign
|
||||
- local: service/gitea/spec.ign
|
||||
- local: service/lldap/spec.ign
|
||||
- local: service/gotosocial/spec.ign
|
||||
|
||||
passwd:
|
||||
users:
|
||||
|
@ -125,6 +126,14 @@ systemd:
|
|||
[Service]
|
||||
Environment=UPSTREAM_HOST=lldap UPSTREAM_PORT=8080
|
||||
|
||||
- name: nginx-proxy-http@social.localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
- name: gotosocial-upstream.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment=UPSTREAM_HOST=gotosocial UPSTREAM_PORT=8080
|
||||
|
||||
- name: letsencrypt-dns-register@localhost.service
|
||||
enabled: true
|
||||
dropins:
|
||||
|
|
|
@ -64,3 +64,9 @@ LLDAP_ADMIN_PASSWORD=password
|
|||
|
||||
# Configuration for Hugo.
|
||||
HUGO_DEPLOY_SECRET=password
|
||||
|
||||
# Configuration for GoToSocial.
|
||||
GOTOSOCIAL_HOST=social.localhost
|
||||
GOTOSOCIAL_ACCOUNT_DOMAIN=localhost
|
||||
GOTOSOCIAL_DEFAULT_USERNAME=default
|
||||
GOTOSOCIAL_SMTP_FROM=noreply@social.localhost
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
FROM docker.io/debian:bullseye-slim
|
||||
ARG VERSION=0.5.2
|
||||
|
||||
RUN apt-get update -y && apt-get upgrade -y && \
|
||||
apt-get install -y --no-install-recommends curl ca-certificates gettext gosu
|
||||
|
||||
ENV PACKAGE_URL https://github.com/superseriousbusiness/gotosocial/releases/download/v${VERSION}/gotosocial_${VERSION}_linux_amd64.tar.gz
|
||||
RUN mkdir -p /opt/gotosocial && curl -L ${PACKAGE_URL} | tar -C /opt/gotosocial --no-same-owner -xvzf - && \
|
||||
mv /opt/gotosocial/gotosocial /bin/gotosocial && chmod +x /bin/gotosocial
|
||||
|
||||
RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false curl
|
||||
|
||||
RUN addgroup --system --gid 10000 gotosocial
|
||||
RUN adduser --system --uid 10000 --ingroup gotosocial --home /var/lib/gotosocial gotosocial
|
||||
|
||||
COPY container/config /etc/gotosocial
|
||||
COPY container/run-gotosocial /run-gotosocial
|
||||
|
||||
EXPOSE 8080
|
||||
ENTRYPOINT ["/run-gotosocial"]
|
|
@ -0,0 +1,124 @@
|
|||
###########################
|
||||
##### GENERAL CONFIG ######
|
||||
###########################
|
||||
|
||||
# The user that will be shown instead of the landing page. if no user is set, the landing page will be shown.
|
||||
landing-page-user: "${GOTOSOCIAL_DEFAULT_USERNAME}"
|
||||
|
||||
# Hostname that this server will be reachable at. Defaults to localhost for local testing,
|
||||
# but you should *definitely* change this when running for real, or your server won't work at all.
|
||||
# DO NOT change this after your server has already run once, or you will break things!
|
||||
host: "${GOTOSOCIAL_HOST}"
|
||||
|
||||
# Domain to use when federating profiles. This is useful when you want your server to be at
|
||||
# eg., "gts.example.org", but you want the domain on accounts to be "example.org" because it looks better
|
||||
# or is just shorter/easier to remember.
|
||||
#
|
||||
# To make this setting work properly, you need to redirect requests at "example.org/.well-known/webfinger"
|
||||
# to "gts.example.org/.well-known/webfinger" so that GtS can handle them properly.
|
||||
#
|
||||
# You should also redirect requests at "example.org/.well-known/nodeinfo" in the same way.
|
||||
# An empty string (ie., not set) means that the same value as 'host' will be used.
|
||||
#
|
||||
# DO NOT change this after your server has already run once, or you will break things!
|
||||
#
|
||||
# Please read the appropriate section of the installation guide before you go messing around with this setting:
|
||||
# https://docs.gotosocial.org/installation_guide/advanced/#can-i-host-my-instance-at-fediexampleorg-but-have-just-exampleorg-in-my-username
|
||||
account-domain: "${GOTOSOCIAL_ACCOUNT_DOMAIN}"
|
||||
|
||||
# CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy.
|
||||
# If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
|
||||
# or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
|
||||
trusted-proxies:
|
||||
- "127.0.0.1/32"
|
||||
- "::1"
|
||||
- "10.89.0.0/16"
|
||||
|
||||
############################
|
||||
##### DATABASE CONFIG ######
|
||||
############################
|
||||
|
||||
# Database type.
|
||||
db-type: "sqlite"
|
||||
|
||||
# Database address or parameters.
|
||||
#
|
||||
# For Sqlite, this should be the path to your sqlite database file. Eg., /opt/gotosocial/sqlite.db.
|
||||
# If the file doesn't exist at the specified path, it will be created.
|
||||
db-address: "/var/lib/gotosocial/gotosocial.db"
|
||||
|
||||
######################
|
||||
##### WEB CONFIG #####
|
||||
######################
|
||||
|
||||
# Directory from which gotosocial will attempt to load html templates (.tmpl files).
|
||||
web-template-base-dir: "/opt/gotosocial/web/template/"
|
||||
|
||||
# Directory from which gotosocial will attempt to serve static web assets (images, scripts).
|
||||
web-asset-base-dir: "/opt/gotosocial/web/assets/"
|
||||
|
||||
###########################
|
||||
##### ACCOUNTS CONFIG #####
|
||||
###########################
|
||||
|
||||
# Do we want people to be able to just submit sign up requests, or do we want invite only?
|
||||
accounts-registration-open: ${GOTOSOCIAL_ACCOUNT_REGISTRATION_OPEN}
|
||||
|
||||
# Allow accounts on this instance to set custom CSS for their profile pages and statuses.
|
||||
# Enabling this setting will allow accounts to upload custom CSS via the /user settings page,
|
||||
# which will then be rendered on the web view of the account's profile and statuses.
|
||||
#
|
||||
# For instances with public sign ups, it is **HIGHLY RECOMMENDED** to leave this setting on 'false',
|
||||
# since setting it to true allows malicious accounts to make their profile pages misleading, unusable
|
||||
# or even dangerous to visitors. In other words, you should only enable this setting if you trust
|
||||
# the users on your instance not to produce harmful CSS.
|
||||
#
|
||||
# Regardless of what this value is set to, any uploaded CSS will not be federated to other instances,
|
||||
# it will only be shown on profiles and statuses on *this* instance.
|
||||
accounts-allow-custom-css: true
|
||||
|
||||
########################
|
||||
##### MEDIA CONFIG #####
|
||||
########################
|
||||
|
||||
# Maximum allowed image upload size in bytes.
|
||||
media-image-max-size: 10485760 # 10MB
|
||||
|
||||
# Maximum allowed video upload size in bytes.
|
||||
media-video-max-size: 31457280 # 30MB
|
||||
|
||||
##########################
|
||||
##### STORAGE CONFIG #####
|
||||
##########################
|
||||
|
||||
# Type of storage backend to use.
|
||||
storage-backend: "local"
|
||||
|
||||
# Directory to use as a base path for storing files.
|
||||
# Make sure whatever user/group gotosocial is running as has permission to access
|
||||
# this directory, and create new subdirectories and files within it.
|
||||
# Only required when running with the local storage backend.
|
||||
storage-local-base-path: "/var/lib/gotosocial/storage"
|
||||
|
||||
#######################
|
||||
##### SMTP CONFIG #####
|
||||
#######################
|
||||
|
||||
# The hostname of the smtp server you want to use.
|
||||
# If this is not set, smtp will not be used to send emails, and you can ignore the other settings.
|
||||
smtp-host: "${GOTOSOCIAL_SMTP_HOST}"
|
||||
|
||||
# Port to use to connect to the smtp server.
|
||||
smtp-port: ${GOTOSOCIAL_SMTP_PORT}
|
||||
|
||||
# Username to use when authenticating with the smtp server.
|
||||
# This should have been provided to you by your smtp host.
|
||||
# This is often, but not always, an email address.
|
||||
smtp-username: "${GOTOSOCIAL_SMTP_USERNAME}"
|
||||
|
||||
# Password to use when authenticating with the smtp server.
|
||||
# This should have been provided to you by your smtp host.
|
||||
smtp-password: "${GOTOSOCIAL_SMTP_PASSWORD}"
|
||||
|
||||
# 'From' address for sent emails.
|
||||
smtp-from: "${GOTOSOCIAL_SMTP_FROM}"
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
# Create configuration file from collected templates.
|
||||
envsubst < /etc/gotosocial/config.yaml.template > /etc/gotosocial/config.yaml
|
||||
|
||||
# Create data directories and correct permissions for data files.
|
||||
install --owner gotosocial --group gotosocial --mode 700 --directory /var/lib/gotosocial
|
||||
chown -R gotosocial:gotosocial /etc/gotosocial /var/lib/gotosocial
|
||||
|
||||
# Initialize default condiguration if needed.
|
||||
if ! test -f /var/lib/gotosocial/gotosocial.db; then
|
||||
(
|
||||
password="$(dd if=/dev/urandom | tr -dc '[:alnum:]' | head -c 50)"
|
||||
gosu gotosocial /bin/gotosocial --config-path /etc/gotosocial/config.yaml admin account create \
|
||||
--username "$GOTOSOCIAL_DEFAULT_USERNAME" --password "$password" \
|
||||
--email "${GOTOSOCIAL_DEFAULT_USERNAME}@${GOTOSOCIAL_ACCOUNT_DOMAIN}"
|
||||
gosu gotosocial /bin/gotosocial --config-path /etc/gotosocial/config.yaml admin account confirm \
|
||||
--username "$GOTOSOCIAL_DEFAULT_USERNAME"
|
||||
gosu gotosocial /bin/gotosocial --config-path /etc/gotosocial/config.yaml admin account promote \
|
||||
--username "$GOTOSOCIAL_DEFAULT_USERNAME"
|
||||
echo "Created an administrator user with username '$GOTOSOCIAL_DEFAULT_USERNAME' and password '$password'."
|
||||
echo "Make sure to change this immediately after logging in for the first time!"
|
||||
)
|
||||
fi
|
||||
|
||||
# Run entrypoint under specific user.
|
||||
gosu gotosocial /bin/gotosocial --config-path /etc/gotosocial/config.yaml server start "$@"
|
|
@ -0,0 +1,14 @@
|
|||
# Application settings.
|
||||
GOTOSOCIAL_HOST=${GOTOSOCIAL_HOST}
|
||||
GOTOSOCIAL_ACCOUNT_DOMAIN=${GOTOSOCIAL_ACCOUNT_DOMAIN}
|
||||
|
||||
# User and authentication settings.
|
||||
GOTOSOCIAL_DEFAULT_USERNAME=${GOTOSOCIAL_DEFAULT_USERNAME}
|
||||
GOTOSOCIAL_ACCOUNT_REGISTRATION_OPEN=false
|
||||
|
||||
# SMTP mailer settings.
|
||||
GOTOSOCIAL_SMTP_HOST=${POSTFIX_HOST}
|
||||
GOTOSOCIAL_SMTP_PORT=587
|
||||
GOTOSOCIAL_SMTP_USERNAME=${POSTFIX_LOCAL_SMTP_USERNAME}
|
||||
GOTOSOCIAL_SMTP_PASSWORD=${POSTFIX_LOCAL_SMTP_PASSWORD}
|
||||
GOTOSOCIAL_SMTP_FROM=${GOTOSOCIAL_SMTP_FROM}
|
|
@ -0,0 +1,12 @@
|
|||
variant: fcos
|
||||
version: 1.3.0
|
||||
storage:
|
||||
trees:
|
||||
- path: /etc/coreos-home-server/gotosocial
|
||||
local: service/gotosocial/
|
||||
- path: /etc/systemd/system
|
||||
local: service/gotosocial/systemd/
|
||||
systemd:
|
||||
units:
|
||||
- name: gotosocial.service
|
||||
enabled: true
|
|
@ -0,0 +1,20 @@
|
|||
[Unit]
|
||||
Description=GoToSocial ActivityPub Server
|
||||
Wants=container-build@%N.service container-volume@%N.service
|
||||
After=container-build@%N.service container-volume@%N.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
SyslogIdentifier=%N
|
||||
Restart=on-failure
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
||||
--env-file %E/coreos-home-server/%N/%N.env \
|
||||
--volume %N:/var/lib/%N:z \
|
||||
localhost/%N:latest
|
||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue