From d0c11881d929ec1582cad180fae34939022c8af8 Mon Sep 17 00:00:00 2001
From: Dejavu Moe <admin@dejavu.moe>
Date: Wed, 10 May 2023 20:57:59 +0800
Subject: add mastodon

---
 mastodon/.gitkeep                        |   0
 mastodon/README.md                       |   0
 mastodon/docker-compose.yml              | 130 ++++++++++++++++++++++++++++++
 mastodon/elasticsearch/.gitkeep          |   0
 mastodon/maintenance.sh                  |  14 ++++
 mastodon/mastodon.env                    |  96 ++++++++++++++++++++++
 mastodon/mastodon.nginx                  | 131 +++++++++++++++++++++++++++++++
 mastodon/mastodon/public/assets/.gitkeep |   0
 mastodon/mastodon/public/packs/.gitkeep  |   0
 mastodon/mastodon/public/system/.gitkeep |   0
 mastodon/postgres/.gitkeep               |   0
 mastodon/redis/.gitkeep                  |   0
 12 files changed, 371 insertions(+)
 create mode 100644 mastodon/.gitkeep
 create mode 100644 mastodon/README.md
 create mode 100644 mastodon/docker-compose.yml
 create mode 100644 mastodon/elasticsearch/.gitkeep
 create mode 100755 mastodon/maintenance.sh
 create mode 100644 mastodon/mastodon.env
 create mode 100644 mastodon/mastodon.nginx
 create mode 100644 mastodon/mastodon/public/assets/.gitkeep
 create mode 100644 mastodon/mastodon/public/packs/.gitkeep
 create mode 100644 mastodon/mastodon/public/system/.gitkeep
 create mode 100644 mastodon/postgres/.gitkeep
 create mode 100644 mastodon/redis/.gitkeep

diff --git a/mastodon/.gitkeep b/mastodon/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/README.md b/mastodon/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/docker-compose.yml b/mastodon/docker-compose.yml
new file mode 100644
index 0000000..bdefc66
--- /dev/null
+++ b/mastodon/docker-compose.yml
@@ -0,0 +1,130 @@
+version: '3.5'
+services:
+  db:
+    restart: always
+    image: postgres:14-alpine
+    container_name: mastodon-db
+    shm_size: 512mb
+    command: postgres -c 'shared_preload_libraries=pg_stat_statements' -c 'pg_stat_statements.track=all'
+    networks:
+      - internal_network
+    healthcheck:
+      test: ['CMD', 'pg_isready', '-U', 'postgres']
+    volumes:
+      - './postgres:/var/lib/postgresql/data'
+    environment:
+      - 'POSTGRES_HOST_AUTH_METHOD=trust'
+
+  redis:
+    restart: always
+    image: redis:alpine
+    container_name: mastodon-redis
+    networks:
+      - internal_network
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+    volumes:
+      - './redis:/data'
+
+  elasticsearch:
+    restart: always
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
+    container_name: elasticsearch
+    environment:
+      #- 'ES_JAVA_OPTS=-Xms2g -Xmx2g -Des.enforce.bootstrap.checks=true'
+      - 'ES_JAVA_OPTS=-Xms2g -Xmx2g'
+      - 'xpack.license.self_generated.type=basic'
+      - 'xpack.security.enabled=false'
+      - 'xpack.watcher.enabled=false'
+      - 'xpack.graph.enabled=false'
+      - 'xpack.ml.enabled=false'
+      - 'bootstrap.memory_lock=true'
+      - 'cluster.name=es-mastodon'
+      - 'discovery.type=single-node'
+      - 'thread_pool.write.queue_size=1000'
+      - 'ingest.geoip.downloader.enabled=false'
+    networks:
+       - external_network
+       - internal_network
+    healthcheck:
+       test: ['CMD-SHELL', 'curl --silent --fail localhost:9200/_cluster/health || exit 1']
+    volumes:
+       - ./elasticsearch:/usr/share/elasticsearch/data
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+
+  web:
+    image: ghcr.io/glitch-soc/mastodon
+    container_name: mastodon-web
+    restart: always
+    env_file: mastodon.env
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Asia/Shanghai
+      - RAILS_ENV=production
+      - NODE_ENV=production
+    
+    command: bash -c 'rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000'
+    networks:
+      - external_network
+      - internal_network
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
+    ports:
+      - '127.0.0.1:3000:3000'
+    depends_on:
+      - db
+      - redis
+      - elasticsearch
+    volumes:
+      - ./mastodon/public/system:/mastodon/public/system
+
+  streaming:
+    image: ghcr.io/glitch-soc/mastodon
+    restart: always
+    env_file: mastodon.env
+    command: node ./streaming
+    networks:
+      - external_network
+      - internal_network
+    healthcheck:
+      # prettier-ignore
+      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
+    ports:
+      - '127.0.0.1:4000:4000'
+    depends_on:
+      - db
+      - redis
+
+  sidekiq:
+    image: ghcr.io/glitch-soc/mastodon
+    restart: always
+    env_file: mastodon.env
+    logging:
+      driver: json-file
+      options:
+        max-size: '50m'
+        max-file: '50'
+    command: bundle exec sidekiq
+    depends_on:
+      - db
+      - redis
+    networks:
+      - external_network
+      - internal_network
+    volumes:
+      - ./mastodon/public/system:/mastodon/public/system
+    healthcheck:
+      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
+
+networks:
+  external_network:
+  internal_network:
+    internal: true
diff --git a/mastodon/elasticsearch/.gitkeep b/mastodon/elasticsearch/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/maintenance.sh b/mastodon/maintenance.sh
new file mode 100755
index 0000000..df0f475
--- /dev/null
+++ b/mastodon/maintenance.sh
@@ -0,0 +1,14 @@
+sudo docker exec mastodon-web tootctl account cull --concurrency 4
+sudo docker exec mastodon-web tootctl cache clear
+sudo docker exec mastodon-web tootctl cache recount accounts --concurrency 4 --verbose
+sudo docker exec mastodon-web tootctl cache recount statuses --concurrency 4 --verbose
+sudo docker exec mastodon-web tootctl feeds clear
+sudo docker exec mastodon-web tootctl feeds build --concurrency 4 --verbose
+sudo docker exec mastodon-web tootctl media remove --days 7 --concurrency 4
+sudo docker exec mastodon-web tootctl statuses remove --days 7
+sudo docker exec mastodon-web tootctl preview_cards remove --days 7 --concurrency 4 --verbose
+sudo docker exec mastodon-web tootctl media remove-orphans
+sudo docker exec mastodon-web tootctl media refresh
+sudo docker exec mastodon-web tootctl accounts refresh --all --concurrency 4 --verbose
+sudo docker exec mastodon-web tootctl search deploy --concurrency 4
+sudo docker exec mastodon-web tootctl media usage
diff --git a/mastodon/mastodon.env b/mastodon/mastodon.env
new file mode 100644
index 0000000..62dea64
--- /dev/null
+++ b/mastodon/mastodon.env
@@ -0,0 +1,96 @@
+# This is a sample configuration file. You can generate your configuration
+# with the  interactive setup wizard, but to customize
+# your setup even further, you'll need to edit it manually. This sample does
+# not demonstrate all available configuration options. Please look at
+# https://docs.joinmastodon.org/admin/config/ for the full documentation.
+
+# Note that this file accepts slightly different syntax depending on whether
+# you are using  or not. In particular, if you use
+# , the value of each declared variable will be taken verbatim,
+# including surrounding quotes.
+# See: https://github.com/mastodon/mastodon/issues/16895
+
+# General
+# -------
+DEFAULT_LOCALE=zh-CN
+RAILS_LOG_LEVEL=warn
+RAILS_SERVE_STATIC_FILES=true
+SINGLE_USER_MODE=false
+CDN_HOST=https://mastodon.yourdomain.com
+# -------
+
+# Scaling Options
+# ---------------
+SIDEKIQ_CONCURRENCY=8
+WEB_CONCURRENCY=4
+MAX_THREADS=10
+PERSISTENT_TIMEOUT=25
+STREAMING_API_BASE_URL=https://mastodon.yourdomain.com
+STREAMING_CLUSTER_NUM=4
+# ---------------
+
+# Federation
+# ----------
+# This identifies your server and cannot be changed safely later
+# ----------
+LOCAL_DOMAIN=mastodon.yourdomain.com
+
+# Redis
+# -----
+REDIS_HOST=redis
+REDIS_PORT=6379
+
+# PostgreSQL
+# ----------
+DB_HOST=db
+DB_USER=mastodon
+DB_NAME=mastodon
+DB_PASS=
+DB_PORT=5432
+
+# Elasticsearch (optional)
+# ------------------------
+ES_ENABLED=true
+ES_HOST=elasticsearch
+ES_PORT=9200
+# Authentication for ES (optional)
+#ES_USER=elastic
+#ES_PASS=password
+
+# Secrets
+# -------
+SECRET_KEY_BASE=
+# MFA secret
+OTP_SECRET=f
+
+# Web Push
+# --------
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=
+
+# Sending mail
+# ------------
+SMTP_SERVER=smtp.xxx.com
+SMTP_PORT=465
+SMTP_LOGIN=mastodon@xxx.com
+SMTP_PASSWORD=
+SMTP_TLS=true
+SMTP_FROM_ADDRESS='Mastodon <mastodon@xxx.com>'
+
+# File storage (optional)
+# -----------------------
+S3_ENABLED=true
+S3_PROTOCOL=https
+S3_ENDPOINT=https://s3.xxx.com
+S3_ALIAS_HOST=cdn.xxx.com
+S3_BUCKET=
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+
+# IP and session retention
+# -----------------------
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
+# -----------------------
+IP_RETENTION_PERIOD=31556952
+SESSION_RETENTION_PERIOD=31556952
diff --git a/mastodon/mastodon.nginx b/mastodon/mastodon.nginx
new file mode 100644
index 0000000..49695b9
--- /dev/null
+++ b/mastodon/mastodon.nginx
@@ -0,0 +1,131 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+upstream backend {
+    server 127.0.0.1:3000 fail_timeout=0;
+}
+
+upstream streaming {
+    server 127.0.0.1:4000 fail_timeout=0;
+}
+
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name mastodon.yourdomain.com;
+  root /home/mastodon/mastodon/public;
+  #location /.well-known/acme-challenge/ { allow all; }
+  location / { 
+    return 301 https://$host$request_uri; 
+  }
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name mastodon.yourdomain.com;
+
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off;
+
+  # Uncomment these lines once you acquire a certificate:
+  ssl_certificate     /etc/nginx/cert/mastodon.yourdomain.com.pem;
+  ssl_certificate_key /etc/nginx/cert/mastodon.yourdomain.com.key;
+  
+  access_log  /var/log/nginx/mastodon.access.log;
+  error_log  /var/log/nginx/mastodon.error.log;
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 99M;
+
+  root /home/mastodon/mastodon/public;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
+
+  location / {
+    try_files $uri @proxy;
+  }
+
+  # If Docker is used for deployment and Rails serves static files,
+  # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
+  location = /sw.js {
+    add_header Cache-Control "public, max-age=604800, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/(assets|avatars|emoji|headers|packs|shortcuts|sounds)/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/system/ {
+    add_header Cache-Control "public, max-age=2419200, immutable";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri @proxy;
+  }
+
+  location ^~ /api/v1/streaming {
+    # edit
+    proxy_set_header Accept-Encoding "";
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+
+    proxy_pass http://streaming;
+    proxy_buffering off;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+
+    tcp_nodelay on;
+  }
+
+  location @proxy {
+    proxy_set_header Accept-Encoding "";
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+    proxy_pass_header Server;
+
+    proxy_pass http://backend;
+    proxy_buffering on;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_cache CACHE;
+    proxy_cache_valid 200 7d;
+    proxy_cache_valid 410 24h;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    add_header X-Cached $upstream_cache_status;
+
+    tcp_nodelay on;
+  }
+
+  error_page 404 500 501 502 503 504 /500.html;
+}
\ No newline at end of file
diff --git a/mastodon/mastodon/public/assets/.gitkeep b/mastodon/mastodon/public/assets/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/mastodon/public/packs/.gitkeep b/mastodon/mastodon/public/packs/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/mastodon/public/system/.gitkeep b/mastodon/mastodon/public/system/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/postgres/.gitkeep b/mastodon/postgres/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/mastodon/redis/.gitkeep b/mastodon/redis/.gitkeep
new file mode 100644
index 0000000..e69de29
-- 
cgit v1.2.3-54-g00ecf