Mastodon customisations for queer.party
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
queer.party/qp.yaml

830 lines
19 KiB

version: '3.8'
services:
#
# mastodon containers
# web
#
web:
image: maffsie/qp-mastodon:v3.5.0
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:3000/health || exit 1"]
interval: 30s
timeout: 30s
retries: 9
start_period: 1m
deploy:
mode: replicated
replicas: 2
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
resources:
limits:
memory: 786M
reservations:
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.no-www.redirectregex.permanent=true"
- "traefik.http.middlewares.no-www.redirectregex.regex=^https://www.queer.party/(.*)"
- "traefik.http.middlewares.no-www.redirectregex.replacement=https://queer.party/$${1}"
- "traefik.http.routers.qpweb.entrypoints=web"
- "traefik.http.routers.qpweb.middlewares=no-www@docker"
- "traefik.http.routers.qpweb.rule=Host(`queer.party`) || Host(`www.queer.party`)"
- "traefik.http.routers.qpweb.tls=true"
- "traefik.http.routers.qpweb.tls.certresolver=lecer"
- "traefik.http.services.qpweb.loadbalancer.healthcheck.path=/health"
- "traefik.http.services.qpweb.loadbalancer.server.port=3000"
volumes:
- qp_pubsys:/mastodon/public/system
environment:
ROLE: web
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mastodon
target: /configs/mastodon
- source: mail
target: /configs/mail
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
- source: mail
target: /secrets/mail
networks:
internal:
expose:
depends_on:
- db
- redis
- statecache
#
# streaming server
#
stream:
image: maffsie/qp-mastodon:v3.5.0
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
interval: 30s
timeout: 30s
retries: 9
start_period: 1m
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
resources:
limits:
memory: 384M
reservations:
memory: 256M
labels:
- "traefik.enable=true"
- "traefik.http.routers.qpstream.entrypoints=web"
- "traefik.http.routers.qpstream.rule=Host(`queer.party`) && PathPrefix(`/api/v1/streaming`)"
- "traefik.http.routers.qpstream.tls=true"
- "traefik.http.routers.qpstream.tls.certresolver=lecer"
- "traefik.http.services.qpstream.loadbalancer.healthcheck.path=/api/v1/streaming/health"
- "traefik.http.services.qpstream.loadbalancer.server.port=4000"
networks:
internal:
expose:
environment:
ROLE: stream
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
depends_on:
- db
- redis
- statecache
#
# message queue processors
# main
#
skdefault:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
environment:
ROLE: sidekiq
QUEUE: main
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mastodon
target: /configs/mastodon
- source: mail
target: /configs/mail
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mastodon
target: /secrets/mastodon
- source: mail
target: /secrets/mail
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
depends_on:
- db
- redis
#
# push tasks
#
skschd:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
environment:
ROLE: sidekiq
QUEUE: schd
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
depends_on:
- db
- redis
#
# push tasks
#
skpush:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
environment:
ROLE: sidekiq
QUEUE: push
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
depends_on:
- db
- redis
#
# pull tasks
#
skpull:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
environment:
ROLE: sidekiq
QUEUE: pull
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
depends_on:
- db
- redis
#
# mail tasks
#
skmail:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
environment:
ROLE: sidekiq
QUEUE: mail
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mail
target: /configs/mail
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mail
target: /secrets/mail
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
depends_on:
- db
- redis
#
# routine maintenance tasks
# remove stale federated media periodically
#
maintmedia:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
delay: 4h
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
environment:
ROLE: maintenance
MTASK: media
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mail
target: /configs/mail
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mail
target: /secrets/mail
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
depends_on:
- db
- cdn
#
# remove old cards periodically
#
maintcards:
image: maffsie/qp-mastodon:v3.5.0
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
delay: 24h
volumes:
- qp_pubsys:/mastodon/public/system
networks:
internal:
environment:
ROLE: maintenance
MTASK: cards
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mail
target: /configs/mail
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mail
target: /secrets/mail
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
depends_on:
- db
- cdn
#
# supporting services
# db
#
db:
image: postgres:14-alpine
healthcheck:
test: ["CMD", "pg_isready", "-U", "postgres"]
start_period: 5m
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
resources:
reservations:
memory: 786M
networks:
internal:
volumes:
- qp_pg14:/var/lib/postgresql/data
- qp_pg14replica:/replica
#
# prune task
# removes old replication files
#
dbr-prune:
image: alpine
command: "find /replica -type f -mtime +7 -a ! -name '*.backup' -exec rm -v {} +"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: 24h
volumes:
- qp_pg14replica:/replica
#
# database backup service
# installs the Zstandard compressor,
# dumps the database schema and associated info such as usernames and stuff,
# performs a basebackup,
# tars and pipes into zstd,
# removes the basebackup and moves the zstd-compressed backup to the completed folder to be picked up by duplicity
# runs every 56 hours
#
db-backup:
image: postgres:14-alpine
command: "sh -c 'apk add zstd;mkdir /pgbase/in-progress/basebackup;pg_dumpall --host=db --database=postgres --username=postgres --clean --if-exists --schema-only --file=/pgbase/completed/schema.psql --verbose;pg_basebackup --host=db --username=postgres --pgdata=/pgbase/in-progress/basebackup --format=plain --write-recovery-conf --wal-method=stream --verbose;tar cf /dev/stdout . -C /pgbase/in-progress/basebackup/|zstd --no-progress -o /pgbase/in-progress/basebackup.tar.zstd /dev/stdin;rm -rf /pgbase/in-progress/basebackup;mv /pgbase/in-progress/basebackup.tar.zstd /pgbase/completed/'"
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: any
delay: 56h
networks:
internal:
volumes:
- qp_pgbackup:/pgbase
#
# redis
#
redis:
image: redis:alpine
healthcheck:
test: ["CMD", "redis-cli", "ping"]
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
resources:
limits:
memory: 448M
reservations:
memory: 192M
networks:
internal:
volumes:
- qp_redis:/data
#
# CDN service
#
cdn:
image: minio/minio:latest
command: server /cdn-content --console-address ":9004"
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 30s
restart_policy:
condition: any
labels:
- "traefik.enable=true"
- "traefik.http.routers.qpcdn.entrypoints=web"
- "traefik.http.routers.qpcdn.rule=Host(`content.queer.party`)"
- "traefik.http.routers.qpcdn.tls=true"
- "traefik.http.routers.qpcdn.tls.certresolver=lecer"
- "traefik.http.services.qpcdn.loadbalancer.healthcheck.path=/minio/health/ready"
- "traefik.http.services.qpcdn.loadbalancer.server.port=9000"
networks:
internal:
expose:
volumes:
- qp_cdn:/cdn-content
depends_on:
- db
- redis
#
# caching redis
#
statecache:
image: redis:alpine
healthcheck:
test: ["CMD", "redis-cli", "ping"]
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
order: start-first
delay: 1m
restart_policy:
condition: any
resources:
limits:
memory: 448M
reservations:
memory: 192M
networks:
internal:
#
# utility tasks
# shell - mastodon
#
mastoscratch:
image: maffsie/qp-mastodon:latest
stdin_open: true
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: none
volumes:
- qp_pubsys:/mastodon/public/system
environment:
ROLE: maintenance
MTASK: scratch
configs:
- source: cdn
target: /configs/sg
- source: db
target: /configs/db
- source: es
target: /configs/es
- source: mail
target: /configs/mail
- source: mastodon
target: /configs/mastodon
secrets:
- source: cdn
target: /secrets/sg
- source: db
target: /secrets/db
- source: mail
target: /secrets/mail
- source: mastodon
target: /secrets/mastodon
- source: paperclip
target: /secrets/paperclip
- source: vapid
target: /secrets/vapid
networks:
internal:
depends_on:
- db
#
# shell - postgres
#
pgscratch:
image: postgres:14-alpine
stdin_open: true
command: sh -c "cat /dev/stdin"
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: none
volumes:
- qp_pgbackup:/var/lib/postgresql/backup
- qp_pg14:/var/lib/postgresql/data
- qp_pg14replica:/var/lib/postgresql/replica
networks:
internal:
depends_on:
- db
#
# load-balancer
# traefik2-based
# uses hostports because otherwise IP addresses aren't correctly proxied
#
loadbalancer:
image: traefik:latest
deploy:
mode: replicated
replicas: 1
update_config:
parallelism: 1
delay: 10s
order: stop-first
restart_policy:
condition: any
#todo: http3 will need udp
ports:
- mode: host
target: 80
published: 80
protocol: tcp
- mode: host
target: 443
published: 443
protocol: tcp
command:
- --api.debug=false
- --log.level=INFO
- --providers.docker=true
- --providers.docker.watch=true
- --providers.docker.swarmmode=true
- --providers.docker.swarmmoderefreshseconds=10
- --providers.docker.exposedbydefault=false
- --providers.docker.network=expose
- --entrypoints.web-ins.address=:80
- --entrypoints.web-ins.http.redirections.entrypoint.to=web
- --entrypoints.web-ins.http.redirections.entrypoint.scheme=https
- --entrypoints.web.address=:443
- --certificatesresolvers.lecer.acme.httpchallenge.entrypoint=web-ins
- --certificatesresolvers.lecer.acme.email=le-hv-c@queer.party
- --certificatesresolvers.lecer.acme.storage=/letsencrypt/acme.json
volumes:
- lb_cer:/letsencrypt
#todo: is there a way of doing this without giving the public-facing loadbalancer read access to dockersock
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
expose:
# elasticsearch disabled entirely because it's hongery
# es:
# image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.3
# healthcheck:
# test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
# environment:
# - "ES_JAVA_OPTS=-Xms256m -Xmx256m"
# deploy:
# mode: replicated
# replicas: 0
# restart_policy:
# condition: any
# resources:
# limits:
# memory: 1024M
# reservations:
# memory: 448M
# networks:
# internal:
# volumes:
# - /mnt/data/qp/elasticsearch:/usr/share/elasticsearch/data
networks:
internal:
driver: overlay
attachable: true
expose:
external: true
volumes:
qp_cdn:
external: true
qp_pg14:
external: true
qp_pg14replica:
external: true
qp_pgbackup:
external: true
qp_pubsys:
external: true
qp_redis:
external: true
lb_cer:
external: true
configs:
cdn:
external: true
name: qp_cdn_2
db:
external: true
name: qp_db_1
es:
external: true
name: qp_es_1
mail:
external: true
name: qp_mail_2
mastodon:
external: true
name: qp_mastodon_1
secrets:
cdn:
external: true
name: qp_cdn_1
db:
external: true
name: qp_db_1
mail:
external: true
name: qp_mail_2
mastodon:
external: true
name: qp_mastodon_1
paperclip:
external: true
name: qp_paperclip_1
vapid:
external: true
name: qp_vapid_1