about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--.env.nanobox30
-rw-r--r--boxfile.yml82
-rw-r--r--nanobox/nginx-web.conf.erb7
3 files changed, 95 insertions, 24 deletions
diff --git a/.env.nanobox b/.env.nanobox
index 7920c47b9..48204a6bf 100644
--- a/.env.nanobox
+++ b/.env.nanobox
@@ -35,6 +35,17 @@ PAPERCLIP_SECRET=$PAPERCLIP_SECRET
 SECRET_KEY_BASE=$SECRET_KEY_BASE
 OTP_SECRET=$OTP_SECRET
 
+# VAPID keys (used for push notifications)
+# You can generate the keys using the following command (first is the private key, second is the public one)
+# You should only generate this once per instance. If you later decide to change it, all push subscription will
+# be invalidated, requiring the users to access the website again to resubscribe.
+#
+# Generate with `rake mastodon:webpush:generate_vapid_key` task (`nanobox run bundle exec rake mastodon:webpush:generate_vapid_key`)
+#
+# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html
+VAPID_PRIVATE_KEY=$VAPID_PRIVATE_KEY
+VAPID_PUBLIC_KEY=$VAPID_PUBLIC_KEY
+
 # Registrations
 # Single user mode will disable registrations and redirect frontpage to the first profile
 # SINGLE_USER_MODE=true
@@ -62,7 +73,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
 #SMTP_OPENSSL_VERIFY_MODE=peer
 #SMTP_ENABLE_STARTTLS_AUTO=true
-
+#SMTP_TLS=true
 
 # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
 # PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
@@ -91,6 +102,23 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
 # S3_ENDPOINT=
 # S3_SIGNATURE_VERSION=
 
+# Swift (optional)
+# SWIFT_ENABLED=true
+# SWIFT_USERNAME=
+# For Keystone V3, the value for SWIFT_TENANT should be the project name
+# SWIFT_TENANT=
+# SWIFT_PASSWORD=
+# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid
+# issues with token rate-limiting during high load.
+# SWIFT_AUTH_URL=
+# SWIFT_CONTAINER=
+# SWIFT_OBJECT_URL=
+# SWIFT_REGION=
+# Defaults to 'default'
+# SWIFT_DOMAIN_NAME=
+# Defaults to 60 seconds. Set to 0 to disable
+# SWIFT_CACHE_TTL=
+
 # Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
 # S3_CLOUDFRONT_HOST=
 
diff --git a/boxfile.yml b/boxfile.yml
index 59a66d87b..6b904e07d 100644
--- a/boxfile.yml
+++ b/boxfile.yml
@@ -42,6 +42,7 @@ run.config:
 
   fs_watch: true
 
+
 deploy.config:
   extra_steps:
     - NODE_ENV=production bundle exec rake assets:precompile
@@ -60,6 +61,7 @@ deploy.config:
     web.web:
       - bundle exec rake db:migrate:setup
 
+
 web.web:
   start:
     nginx: nginx -c /app/nanobox/nginx-web.conf
@@ -78,6 +80,7 @@ web.web:
     data.storage:
       - public/system
 
+
 web.stream:
   start:
     nginx: nginx -c /app/nanobox/nginx-stream.conf
@@ -91,8 +94,13 @@ web.stream:
   writable_dirs:
     - tmp
 
+
 worker.sidekiq:
-  start: bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push -L /app/log/sidekiq.log
+  start:
+    default: bundle exec sidekiq -c 5 -q default -L /app/log/sidekiq.log
+    mailers: bundle exec sidekiq -c 5 -q mailers -L /app/log/sidekiq.log
+    pull: bundle exec sidekiq -c 5 -q pull -L /app/log/sidekiq.log
+    push: bundle exec sidekiq -c 5 -q push -L /app/log/sidekiq.log
 
   writable_dirs:
     - tmp
@@ -105,50 +113,78 @@ worker.sidekiq:
     data.storage:
       - public/system
 
-  cron:
-    - id: generate_static_gifs
-      schedule: '*/15 * * * *'
-      command: 'bundle exec rake mastodon:maintenance:add_static_avatars'
 
-    - id: update_counter_caches
-      schedule: '50 * * * *'
-      command: 'bundle exec rake mastodon:maintenance:update_counter_caches'
+worker.cron_only:
+  start: sleep 365d
+
+  writable_dirs:
+    - tmp
+
+  log_watch:
+    rake: 'log/production.log'
 
-    # runs feeds:clear, media:clear, users:clear, and push:refresh
-    - id: do_daily_tasks
-      schedule: '00 00 * * *'
-      command: 'bundle exec rake mastodon:daily'
+  network_dirs:
+    data.storage:
+      - public/system
 
-    - id: clear_silenced_media
-      schedule: '10 00 * * *'
-      command: 'bundle exec rake mastodon:media:remove_silenced'
+  cron:
+    # 20:00 (8 pm), server time: send out the daily digest emails to everyone
+    # who opted to receive one
+    - id: send_digest_emails
+      schedule: '00 20 * * *'
+      command: 'bundle exec rake mastodon:emails:digest'
 
+    # 00:10 (ten past midnight), server time: remove local copies of remote
+    # users' media once they are older than a certain age (use NUM_DAYS evar to
+    # change this from the default of 7 days)
     - id: clear_remote_media
-      schedule: '20 00 * * *'
+      schedule: '10 00 * * *'
       command: 'bundle exec rake mastodon:media:remove_remote'
 
+    # 00:20 (twenty past midnight), server time: remove subscriptions to remote
+    # users that nobody follows locally (anymore)
     - id: clear_unfollowed_subs
-      schedule: '30 00 * * *'
+      schedule: '20 00 * * *'
       command: 'bundle exec rake mastodon:push:clear'
 
-    - id: send_digest_emails
-      schedule: '00 20 * * *'
-      command: 'bundle exec rake mastodon:emails:digest'
-
+    # 00:30 (half past midnight), server time: update local copies of remote
+    # users' avatars to match whatever they currently have set on their profile
+    - id: update_remote_avatars
+      schedule: '30 00 * * *'
+      command: 'bundle exec rake mastodon:media:redownload_avatars'
+
+    ############################################################################
+    # This task is one you might want to enable, or might not. It keeps disk
+    # usage low, but makes "shadow bans" (scenarios where the user is silenced,
+    # but not intended to be made aware that the silencing has occurred) much
+    # more difficult to put in place, as users would then notice their media is
+    # vanishing on a regular basis. Enable it if you aren't worried about users
+    # knowing they've been silenced (on the instance level), and want to save
+    # disk space. Leave it disabled otherwise.
+    ############################################################################
+    # # 00:00 (midnight), server time: remove media posted by silenced users
+    # - id: clear_silenced_media
+    #   schedule: '00 00 * * *'
+    #   command: 'bundle exec rake mastodon:media:remove_silenced'
+
+    ############################################################################
     # The following two tasks can be uncommented to automatically open and close
     # registrations on a schedule. The format of 'schedule' is a standard cron
     # time expression: minute hour day month day-of-week; search for "cron
     # time expressions" for more info on how to set these up. The examples here
     # open registration only from 8 am to 4 pm, server time.
-    #
+    ############################################################################
+    # # 08:00 (8 am), server time: open registrations so new users can join
     # - id: open_registrations
     #   schedule: '00 08 * * *'
     #   command: 'bundle exec rake mastodon:settings:open_registrations'
     #
+    # # 16:00 (4 pm), server time: close registrations so new users *can't* join
     # - id: close_registrations
     #   schedule: '00 16 * * *'
     #   command: 'bundle exec rake mastodon:settings:close_registrations'
 
+
 data.db:
   image: nanobox/postgresql:9.5
 
@@ -170,6 +206,7 @@ data.db:
           curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/${file} -X DELETE
         done
 
+
 data.redis:
   image: nanobox/redis:3.0
 
@@ -189,6 +226,7 @@ data.redis:
           curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/${file} -X DELETE
         done
 
+
 data.storage:
   image: nanobox/unfs:0.9
 
diff --git a/nanobox/nginx-web.conf.erb b/nanobox/nginx-web.conf.erb
index 24cd17cff..a839f3036 100644
--- a/nanobox/nginx-web.conf.erb
+++ b/nanobox/nginx-web.conf.erb
@@ -42,7 +42,12 @@ http {
             try_files $uri @rails;
         }
 
-        location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) {
+        location /sw.js {
+            add_header Cache-Control "public, max-age=0";
+            try_files $uri @rails;
+        }
+
+        location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) {
             add_header Cache-Control "public, max-age=31536000, immutable";
             try_files $uri @rails;
         }