Finish up Garage S3 config for kosmos.social
This commit is contained in:
Râu Cao
parent
345ba14f0e
commit
f777af22b8
GPG Key ID:
15E65F399D084BA9
|
|
@ -1,107 +1,79 @@
|
|||
{
|
||||
"id": "mastodon",
|
||||
"paperclip_secret": {
|
||||
"encrypted_data": "RRiNnMXWGcqh6aXl1rDPA93+6Pqw08Uc1s3wGpNXquryCYW47ndbakl4tjc0\nOW4yDhfiBF02nkXSt86vtvaxEm1jXlSTtP3EWHD1ZqzMZHceyIC2HVjYiwlM\nOXiWdMUIlLQnGkSP6R8NldPXjy5Rf5C5VomfQHF7WuTft1vSQ/gPfBm9iVtg\nyOFZR6WVeNtLsFGy\n",
|
||||
"iv": "w2a3L+3fB6xD8b3m\n",
|
||||
"auth_tag": "knC7vpB4x1e10IIFgvrTGQ==\n",
|
||||
"encrypted_data": "orOIbqFANPCkd4sUTCyyoh4z1o6SBudgH4wKJudTo9dANaHGhWcBUFKrhZi1\nMJTBQx/d0hiDI1P2XN3h+hROCg3JJ8OClUSJH9CfN5GlbWvXh0Nhq7hqy8L3\nLAPL+uigiXI6ObrnKQoD8LeJIB46233uwaCA/7zB6gah0ExJ2DXGH6qq9JSS\nqmTFiy+hT+VHGrUo\n",
|
||||
"iv": "U4E4NLYLkP0/tTTs\n",
|
||||
"auth_tag": "WKQ+pDPZp7B791lhC5j3iQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"secret_key_base": {
|
||||
"encrypted_data": "Mv7ohwLtwz7KDfvGjrXgNlcfWqm8QlbmPxDv6Tw1Lu+ZH9JRC9TPW3WQw0en\n6/9btymY8mcYbI8/Uyrv6CoE4UgJRHYs/cKwG20B9TZX+RpvcZtBS6JSPQsj\niXBEj6WhT1CapME9HPDV9gYmpUviU1giLYcvMbNkAkTDSELNUNDiSQ9UoHsl\nxqmztU3Frq1RPn1m\n",
|
||||
"iv": "BRAk4pjKsqvuEzFM\n",
|
||||
"auth_tag": "lglc926SSnA8hKHrlZUbNw==\n",
|
||||
"encrypted_data": "vweClhdY8SqQkK+p0OYUL2B6Fsz5eQDpEYWCtd/eRJfwwYAObbLcMWRC6MwE\neQVMw59bOqYc3RBuv/+WPLtENazA1bYCXBXQr1J6xqjJAz0Mo6KbRyxy5n78\nv8q6RSiao1VVIUXohtFlQgWeV6x5sz34bJxjlHinKvKsgiGXiuVBxYUUfzWQ\nuzrGug09cpZBqfpc\n",
|
||||
"iv": "Z0/csEBH5/X1+MR+\n",
|
||||
"auth_tag": "fTvBN6eovi3JVEK0ZX97Nw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"otp_secret": {
|
||||
"encrypted_data": "nZXLF6bijukzuBJQ1RZUT0+Zju127OYezkKL5bcWMzY8cWuEFFsvCcHPy6Ww\nkFm8mdvGpNlyuIRPipwJkTPn5NVuIrmcYFzLtoTFnF9yLQAPSmDdKO0wgd8D\nEOUF7w33o4ZJKHRVPsibou1T43YIpiLtbe7ukP7+8haGKsJApPduqd9jIlwo\n/cAkq+pMbTdo83Lg\n",
|
||||
"iv": "+bP/nOnccCqc3StV\n",
|
||||
"auth_tag": "Y2qZigfjTrtdfH/Klp1FzQ==\n",
|
||||
"encrypted_data": "o1ts1bUgPIzFQXjJ2MpBMLntWkyPxDaJAaU1K3WzmNMXnw5MVlkKKCEFVccd\nPss/MwDuBkbNPhri3ZkH48m9SiayWETVYvw5GZzcVsw4TeMu915O44lfl9tX\nW3XHU+DBps1BVH9535R4X9M1aFW4W4XfwHtS5wcrZqtVhNhS3NSgE4JpN/Dz\nFdcFAOhflnt8fIAN\n",
|
||||
"iv": "QLsxmIlX1NpxMyHz\n",
|
||||
"auth_tag": "j1h/PvIoqshTBN5c5IaAsA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"aws_access_key_id": {
|
||||
"encrypted_data": "/t8K7WOjAftE/lj2uqGXEC51HTWZLnlDXgzEwHqaUlNEiSSpSRJV\n",
|
||||
"iv": "JrbDzUUKm7RvpfgV\n",
|
||||
"auth_tag": "W5yJGIkALe1zi+7Ah6woIw==\n",
|
||||
"encrypted_data": "YQHUx0GugKu0AtlbGLRGocFEhTGAghWA0DUs1Nxs4Hd3bTIp4lyM\n",
|
||||
"iv": "54zt2tkQhHtpY7sO\n",
|
||||
"auth_tag": "ofBJx3QDsjHe66ga3nji8g==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"aws_secret_access_key": {
|
||||
"encrypted_data": "YSVaIe4sCuSAA31YwOpD3+Z58rkfbmPAlJPF8NRMOjSZcfvuLGFhnZN7kejv\nRqvO5iy9ueIO+W7a1nw=\n",
|
||||
"iv": "oo7xeDu7KncEYEFA\n",
|
||||
"auth_tag": "V1DmNizGIsXwFP3AzTr/aw==\n",
|
||||
"encrypted_data": "FAz6xZ+wsCz/KFA+DK6f4V04rxJt+9U/yXUGF9tvce0VqB3scH+T0KDDn1/n\nZ/0G0Tbxt2urRPbPUdI=\n",
|
||||
"iv": "iapSpeM6lfDMIfNk\n",
|
||||
"auth_tag": "HlkwUnNeJlOUrZ3ieN5xAQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"smtp_user_name": {
|
||||
"encrypted_data": "aMuLejWLobxi328xuv0uXetne11bD1qFOagyLSdOSoGuDeotxzeOTWgDVW94\naA==\n",
|
||||
"iv": "V+VYYRqFeisHm0eD\n",
|
||||
"auth_tag": "kH9ONcISn8+2cG6JzcdO6Q==\n",
|
||||
"encrypted_data": "ivB09/mCRrUaz9X4NFRBiqytjgy/vxN5Nha7gopFq5eSu9v4K9MkaLRqHh1I\nYw==\n",
|
||||
"iv": "a8WKhRKsUjqBtfmn\n",
|
||||
"auth_tag": "ib5WJNNaO7bRIspdACmOLw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"smtp_password": {
|
||||
"encrypted_data": "UutnfD7NSaYOg9DgfV9/W+VhJ2YyIYWlv/eSZOvfuu96n4qkAgEKlpyOTvum\n1SiYX5Dl\n",
|
||||
"iv": "71kKako2q3MicELe\n",
|
||||
"auth_tag": "jBUwyud5MK2Lqch6Ms2CSw==\n",
|
||||
"encrypted_data": "FxPz2e7fUNqcAu+DDJKlqn8rcSBLmnzigTFf5moZlQ1zz4YVl6pqHisa22Qz\nbfUx9rjU\n",
|
||||
"iv": "GvRlNDV/b1WawtOP\n",
|
||||
"auth_tag": "kyRCGfSJQelIwThDT4iQQQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"vapid_private_key": {
|
||||
"encrypted_data": "6Bzjkm3V/dCO3c+Qj0eHHiepusSvN2Dn4wMZTOBmh3ZWlYKmf0pw2eq5bzbU\nr5rzqtJBRbShplD8jDOFK9Bw\n",
|
||||
"iv": "8Z/Xc9zzqCQaB6MX\n",
|
||||
"auth_tag": "myIe7oeKMvAVBSLKgcEBcA==\n",
|
||||
"encrypted_data": "DlbEAhd+SkSJoOSuwGhd5bdFlJADnT0w4u0+6m8AJoWJjoSCGAnzzmdHWT/k\nVUDkwiBCkqmEPK0oTvxnl/a8\n",
|
||||
"iv": "6e0Gay7GVrQad1rI\n",
|
||||
"auth_tag": "jjVundJ/ITxP/oYgEgzElg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"vapid_public_key": {
|
||||
"encrypted_data": "tIS/6Y/TNj0h+vNNxEXXj23mjqWWBEzeR0yofjOb7EFJUxNLFVjkuke9Qui8\nSCA4SID/prw8mcDLt4+jjEIEfhFEb+jxUQCokhbR7XmXMhp/FsUHz9/hBTZm\nN3JiDNU+NUHAH0D5lqbZ/0U=\n",
|
||||
"iv": "8Y6tR83eJEWDyhuF\n",
|
||||
"auth_tag": "G0o5ecKQvK/QE7BWmpzGOQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_endpoint": {
|
||||
"encrypted_data": "uBpzs/4P6IKvmeosEMVtFq/Icd5P/xmlY9/015A9fc26\n",
|
||||
"iv": "69rwf193xvQr+mEU\n",
|
||||
"auth_tag": "ZSY3tnqSuBq2EOZnGddFOQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_region": {
|
||||
"encrypted_data": "dSI1bDfpTcmkcEzRDSewrPOvAOStjOCX/g==\n",
|
||||
"iv": "UfD0qpF2oJNuPPiq\n",
|
||||
"auth_tag": "Vmgbe8hbkerTGXcgtBEIbA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_bucket": {
|
||||
"encrypted_data": "qLBEu9Op+m1oXqpUd+Nom0+znTB4lUycpC/cygA210E=\n",
|
||||
"iv": "h+6FTstMBoeTnlyA\n",
|
||||
"auth_tag": "MyHbvnq5EnHC+bqL6y2pAg==\n",
|
||||
"encrypted_data": "+m37w/eWYqdEjsEYQw27FvQC+37ucruOFjZAjo0OgCwA0SoVz4VHX2eSA2AK\njX4CnM91cY4e/WG/ZHKlOMN1PftyQn2bdGaw35nXDanep8z0ROa01JEEi5DE\nUFRKvBmPInTeR6xvemuj7GM=\n",
|
||||
"iv": "loYbGrAsWGLUZ+BK\n",
|
||||
"auth_tag": "lAfpEEVQq+n7MLLm/kpmIA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_key_id": {
|
||||
"encrypted_data": "JvWesI6gnTDr2+61c7D+NT3Q642sfuvUWJA1asEElMAbszLDJUJN4T/H46WX\n",
|
||||
"iv": "8cK5seIY64yKWeQf\n",
|
||||
"auth_tag": "h7NTnbwCJzc6/ZjqPMiYag==\n",
|
||||
"encrypted_data": "4B8OQ0iVCCna4FvC+EuS5prEUWaHRm1+tzXGmFoCQ4WZfhUA1HwT3x651e/R\n",
|
||||
"iv": "1/zGwcQPQQQCiXIs\n",
|
||||
"auth_tag": "siK9ph1q3/VVEycy91wkqQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_secret_key": {
|
||||
"encrypted_data": "/e6HPASZHxTf0JTOeX9X4nlzmhitaFaFK8FqGzLjE2FF2clDJQPEdUzfVrz6\n0yiS7QWWKmycSesC+2qEwmKqF1vt5qQcvg/+z5iKXZ6VmlZx0yc=\n",
|
||||
"iv": "nGlsRUGt4f8M9vaD\n",
|
||||
"auth_tag": "OyOoxjwUaXZAYzprTW8/oA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_alias_host": {
|
||||
"encrypted_data": "3JLiHJi7SZojYtrtoXY8rp3Ez6BSIV3Fjaw6J1kW7dCpCLQ=\n",
|
||||
"iv": "O11DxH8WrjNM1QkZ\n",
|
||||
"auth_tag": "i8FB/f0+MzsKc3LISKLX7Q==\n",
|
||||
"encrypted_data": "BSAc8dE/rQUiVvTGV6Ee/ZUDpq4HZlpoaCZ+lbQAbcnxui4ib0OTLPFwhVJ9\n4OQWahtSzkqxMc6MKWpadLT1a3oTnvnae9b3u40X5b2P3VyZYCM=\n",
|
||||
"iv": "bqw8GTqLMTs5vD5n\n",
|
||||
"auth_tag": "+e48L1lYVNda7VE3uLOAHA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,10 @@
|
|||
}
|
||||
},
|
||||
"kosmos-mastodon": {
|
||||
"s3_endpoint": "localhost:3900",
|
||||
"s3_region": "garage",
|
||||
"s3_bucket": "kosmos-social",
|
||||
"s3_alias_host": "s3.kosmos.social",
|
||||
"alternate_domains": [
|
||||
"mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion"
|
||||
]
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
"ipaddress": "192.168.122.161",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"garage_gateway",
|
||||
"mastodon",
|
||||
"postgresql_client"
|
||||
],
|
||||
|
|
@ -21,6 +22,9 @@
|
|||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_garage",
|
||||
"kosmos_garage::default",
|
||||
"kosmos_garage::firewall_rpc",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-mastodon",
|
||||
"kosmos-mastodon::default",
|
||||
|
|
@ -39,6 +43,8 @@
|
|||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"firewall::default",
|
||||
"chef-sugar::default",
|
||||
"kosmos-nodejs::default",
|
||||
"nodejs::nodejs_from_package",
|
||||
"nodejs::repo",
|
||||
|
|
@ -55,8 +61,6 @@
|
|||
"redisio::disable_os_default",
|
||||
"redisio::configure",
|
||||
"redisio::enable",
|
||||
"firewall::default",
|
||||
"chef-sugar::default",
|
||||
"nodejs::npm",
|
||||
"nodejs::install",
|
||||
"backup::default",
|
||||
|
|
@ -81,6 +85,7 @@
|
|||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[garage_gateway]",
|
||||
"role[mastodon]"
|
||||
]
|
||||
}
|
||||
|
|
@ -8,8 +8,15 @@ node.default["kosmos-mastodon"]["server_name"] = "kosmos.social"
|
|||
node.default["kosmos-mastodon"]["alternate_domains"] = []
|
||||
node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/0"
|
||||
node.default["kosmos-mastodon"]["sidekiq_threads"] = 25
|
||||
|
||||
node.default["kosmos-mastodon"]["onion_address"] = nil
|
||||
|
||||
# Allocate this amount of RAM to the Java heap for Elasticsearch
|
||||
node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m"
|
||||
|
||||
node.default["kosmos-mastodon"]["s3_endpoint"] = nil
|
||||
node.default["kosmos-mastodon"]["s3_region"] = nil
|
||||
node.default["kosmos-mastodon"]["s3_bucket"] = nil
|
||||
node.default["kosmos-mastodon"]["s3_alias_host"] = nil
|
||||
|
||||
node.override["redisio"]["version"] = "6.2.6"
|
||||
|
|
|
|||
|
|
@ -166,10 +166,12 @@ application mastodon_path do
|
|||
smtp_login: mastodon_credentials['smtp_user_name'],
|
||||
smtp_password: mastodon_credentials['smtp_password'],
|
||||
smtp_from_address: "mail@#{node['kosmos-mastodon']['server_name']}",
|
||||
s3_bucket: "kosmos-social",
|
||||
aws_access_key_id: mastodon_credentials['aws_access_key_id'],
|
||||
aws_secret_access_key: mastodon_credentials['aws_secret_access_key'],
|
||||
s3_region: "eu-west-1",
|
||||
s3_endpoint: node["kosmos-mastodon"]["s3_endpoint"],
|
||||
s3_region: node["kosmos-mastodon"]["s3_region"],
|
||||
s3_bucket: node["kosmos-mastodon"]["s3_bucket"],
|
||||
s3_alias_host: node["kosmos-mastodon"]["s3_alias_host"],
|
||||
aws_access_key_id: mastodon_credentials['s3_key_id'],
|
||||
aws_secret_access_key: mastodon_credentials['s3_secret_key'],
|
||||
vapid_private_key: mastodon_credentials['vapid_private_key'],
|
||||
vapid_public_key: mastodon_credentials['vapid_public_key'],
|
||||
db_pass: postgresql_data_bag_item['mastodon_user_password'],
|
||||
|
|
|
|||
|
|
@ -35,12 +35,16 @@ SMTP_FROM_ADDRESS=<%= @smtp_from_address %>
|
|||
# Serve static files (to nginx proxy)
|
||||
RAILS_SERVE_STATIC_FILES=true
|
||||
|
||||
<% if @s3_endpoint %>
|
||||
# S3 (optional)
|
||||
S3_ENABLED=true
|
||||
S3_ENDPOINT=<%= @s3_endpoint %>
|
||||
S3_REGION=<%= @s3_region %>
|
||||
S3_BUCKET=<%= @s3_bucket %>
|
||||
S3_ALIAS_HOST=<%= @s3_alias_host %>
|
||||
AWS_ACCESS_KEY_ID=<%= @aws_access_key_id %>
|
||||
AWS_SECRET_ACCESS_KEY=<%= @aws_secret_access_key %>
|
||||
S3_REGION=<%= @s3_region %>
|
||||
<% end %>
|
||||
|
||||
# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
|
||||
# S3_CLOUDFRONT_HOST=
|
||||
|
|
|
|||
Loading…
Reference in New Issue