# frozen_string_literal: true require 'tty-prompt' namespace :mastodon do desc 'Configure the instance for production use' task :setup do prompt = TTY::Prompt.new env = {} # When the application code gets loaded, it runs `lib/mastodon/redis_configuration.rb`. # This happens before application environment configuration and sets REDIS_URL etc. # These variables are then used even when REDIS_HOST etc. are changed, so clear them # out so they don't interfere with our new configuration. ENV.delete('REDIS_URL') ENV.delete('CACHE_REDIS_URL') ENV.delete('SIDEKIQ_REDIS_URL') begin prompt.say('Your instance is identified by its domain name. Changing it afterward will break things.') env['LOCAL_DOMAIN'] = prompt.ask('Domain name:') do |q| q.required true q.modify :strip q.validate(/\A[a-z0-9\.\-]+\z/i) q.messages[:valid?] = 'Invalid domain. If you intend to use unicode characters, enter punycode here' end prompt.say "\n" prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.') env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false) %w(SECRET_KEY_BASE OTP_SECRET).each do |key| env[key] = SecureRandom.hex(64) end vapid_key = Webpush.generate_key env['VAPID_PRIVATE_KEY'] = vapid_key.private_key env['VAPID_PUBLIC_KEY'] = vapid_key.public_key prompt.say "\n" using_docker = prompt.yes?('Are you using Docker to run Mastodon?') db_connection_works = false prompt.say "\n" loop do env['DB_HOST'] = prompt.ask('PostgreSQL host:') do |q| q.required true q.default using_docker ? 'db' : '/var/run/postgresql' q.modify :strip end env['DB_PORT'] = prompt.ask('PostgreSQL port:') do |q| q.required true q.default 5432 q.convert :int end env['DB_NAME'] = prompt.ask('Name of PostgreSQL database:') do |q| q.required true q.default using_docker ? 'postgres' : 'mastodon_production' q.modify :strip end env['DB_USER'] = prompt.ask('Name of PostgreSQL user:') do |q| q.required true q.default using_docker ? 'postgres' : 'mastodon' q.modify :strip end env['DB_PASS'] = prompt.ask('Password of PostgreSQL user:') do |q| q.echo false end # The chosen database may not exist yet. Connect to default database # to avoid "database does not exist" error. db_options = { adapter: :postgresql, database: 'postgres', host: env['DB_HOST'], port: env['DB_PORT'], user: env['DB_USER'], password: env['DB_PASS'], } begin ActiveRecord::Base.establish_connection(db_options) ActiveRecord::Base.connection prompt.ok 'Database configuration works! 🎆' db_connection_works = true break rescue StandardError => e prompt.error 'Database connection could not be established with this configuration, try again.' prompt.error e.message break unless prompt.yes?('Try again?') end end prompt.say "\n" loop do env['REDIS_HOST'] = prompt.ask('Redis host:') do |q| q.required true q.default using_docker ? 'redis' : 'localhost' q.modify :strip end env['REDIS_PORT'] = prompt.ask('Redis port:') do |q| q.required true q.default 6379 q.convert :int end env['REDIS_PASSWORD'] = prompt.ask('Redis password:') do |q| q.required false q.default nil q.modify :strip end redis_options = { host: env['REDIS_HOST'], port: env['REDIS_PORT'], password: env['REDIS_PASSWORD'], driver: :hiredis, } begin redis = Redis.new(redis_options) redis.ping prompt.ok 'Redis configuration works! 🎆' break rescue StandardError => e prompt.error 'Redis connection could not be established with this configuration, try again.' prompt.error e.message break unless prompt.yes?('Try again?') end end prompt.say "\n" if prompt.yes?('Do you want to store uploaded files on the cloud?', default: false) case prompt.select('Provider', ['DigitalOcean Spaces', 'Amazon S3', 'Wasabi', 'Minio', 'Google Cloud Storage']) when 'DigitalOcean Spaces' env['S3_ENABLED'] = 'true' env['S3_PROTOCOL'] = 'https' env['S3_BUCKET'] = prompt.ask('Space name:') do |q| q.required true q.default "files.#{env['LOCAL_DOMAIN']}" q.modify :strip end env['S3_REGION'] = prompt.ask('Space region:') do |q| q.required true q.default 'nyc3' q.modify :strip end env['S3_HOSTNAME'] = prompt.ask('Space endpoint:') do |q| q.required true q.default 'nyc3.digitaloceanspaces.com' q.modify :strip end env['S3_ENDPOINT'] = "https://#{env['S3_HOSTNAME']}" env['AWS_ACCESS_KEY_ID'] = prompt.ask('Space access key:') do |q| q.required true q.modify :strip end env['AWS_SECRET_ACCESS_KEY'] = prompt.ask('Space secret key:') do |q| q.required true q.modify :strip end when 'Amazon S3' env['S3_ENABLED'] = 'true' env['S3_PROTOCOL'] = 'https' env['S3_BUCKET'] = prompt.ask('S3 bucket name:') do |q| q.required true q.default "files.#{env['LOCAL_DOMAIN']}" q.modify :strip end env['S3_REGION'] = prompt.ask('S3 region:') do |q| q.required true q.default 'us-east-1' q.modify :strip end env['S3_HOSTNAME'] = prompt.ask('S3 hostname:') do |q| q.required true q.default 's3-us-east-1.amazonaws.com' q.modify :strip end env['AWS_ACCESS_KEY_ID'] = prompt.ask('S3 access key:') do |q| q.required true q.modify :strip end env['AWS_SECRET_ACCESS_KEY'] = prompt.ask('S3 secret key:') do |q| q.required true q.modify :strip end when 'Wasabi' env['S3_ENABLED'] = 'true' env['S3_PROTOCOL'] = 'https' env['S3_REGION'] = 'us-east-1' env['S3_HOSTNAME'] = 's3.wasabisys.com' env['S3_ENDPOINT'] = 'https://s3.wasabisys.com/' env['S3_BUCKET'] = prompt.ask('Wasabi bucket name:') do |q| q.required true q.default "files.#{env['LOCAL_DOMAIN']}" q.modify :strip end env['AWS_ACCESS_KEY_ID'] = prompt.ask('Wasabi access key:') do |q| q.required true q.modify :strip end env['AWS_SECRET_ACCESS_KEY'] = prompt.ask('Wasabi secret key:') do |q| q.required true q.modify :strip end when 'Minio' env['S3_ENABLED'] = 'true' env['S3_PROTOCOL'] = 'https' env['S3_REGION'] = 'us-east-1' env['S3_ENDPOINT'] = prompt.ask('Minio endpoint URL:') do |q| q.required true q.modify :strip end env['S3_PROTOCOL'] = env['S3_ENDPOINT'].start_with?('https') ? 'https' : 'http' env['S3_HOSTNAME'] = env['S3_ENDPOINT'].gsub(/\Ahttps?:\/\//, '') env['S3_BUCKET'] = prompt.ask('Minio bucket name:') do |q| q.required true q.default "files.#{env['LOCAL_DOMAIN']}" q.modify :strip end env['AWS_ACCESS_KEY_ID'] = prompt.ask('Minio access key:') do |q| q.required true q.modify :strip end env['AWS_SECRET_ACCESS_KEY'] = prompt.ask('Minio secret key:') do |q| q.required true q.modify :strip end when 'Google Cloud Storage' env['S3_ENABLED'] = 'true' env['S3_PROTOCOL'] = 'https' env['S3_HOSTNAME'] = 'storage.googleapis.com' env['S3_ENDPOINT'] = 'https://storage.googleapis.com' env['S3_MULTIPART_THRESHOLD'] = 50.megabytes env['S3_BUCKET'] = prompt.ask('GCS bucket name:') do |q| q.required true q.default "files.#{env['LOCAL_DOMAIN']}" q.modify :strip end env['S3_REGION'] = prompt.ask('GCS region:') do |q| q.required true q.default 'us-west1' q.modify :strip end env['AWS_ACCESS_KEY_ID'] = prompt.ask('GCS access key:') do |q| q.required true q.modify :strip end env['AWS_SECRET_ACCESS_KEY'] = prompt.ask('GCS secret key:') do |q| q.required true q.modify :strip end end if prompt.yes?('Do you want to access the uploaded files from your own domain?') env['S3_ALIAS_HOST'] = prompt.ask('Domain for uploaded files:') do |q| q.required true q.default "files.#{env['LOCAL_DOMAIN']}" q.modify :strip end end end prompt.say "\n" loop do if prompt.yes?('Do you want to send e-mails from localhost?', default: false) env['SMTP_SERVER'] = 'localhost' env['SMTP_PORT'] = 25 env['SMTP_AUTH_METHOD'] = 'none' env['SMTP_OPENSSL_VERIFY_MODE'] = 'none' env['SMTP_ENABLE_STARTTLS'] = 'auto' else env['SMTP_SERVER'] = prompt.ask('SMTP server:') do |q| q.required true q.default 'smtp.mailgun.org' q.modify :strip end env['SMTP_PORT'] = prompt.ask('SMTP port:') do |q| q.required true q.default 587 q.convert :int end env['SMTP_LOGIN'] = prompt.ask('SMTP username:') do |q| q.modify :strip end env['SMTP_PASSWORD'] = prompt.ask('SMTP password:') do |q| q.echo false end env['SMTP_AUTH_METHOD'] = prompt.ask('SMTP authentication:') do |q| q.required q.default 'plain' q.modify :strip end env['SMTP_OPENSSL_VERIFY_MODE'] = prompt.select('SMTP OpenSSL verify mode:', %w(none peer client_once fail_if_no_peer_cert)) env['SMTP_ENABLE_STARTTLS'] = prompt.select('Enable STARTTLS:', %w(auto always never)) end env['SMTP_FROM_ADDRESS'] = prompt.ask('E-mail address to send e-mails "from":') do |q| q.required true q.default "Mastodon <notifications@#{env['LOCAL_DOMAIN']}>" q.modify :strip end break unless prompt.yes?('Send a test e-mail with this configuration right now?') send_to = prompt.ask('Send test e-mail to:', required: true) begin enable_starttls = nil enable_starttls_auto = nil case env['SMTP_ENABLE_STARTTLS'] when 'always' enable_starttls = true when 'never' enable_starttls = false when 'auto' enable_starttls_auto = true else enable_starttls_auto = env['SMTP_ENABLE_STARTTLS_AUTO'] != 'false' end ActionMailer::Base.smtp_settings = { port: env['SMTP_PORT'], address: env['SMTP_SERVER'], user_name: env['SMTP_LOGIN'].presence, password: env['SMTP_PASSWORD'].presence, domain: env['LOCAL_DOMAIN'], authentication: env['SMTP_AUTH_METHOD'] == 'none' ? nil : env['SMTP_AUTH_METHOD'] || :plain, openssl_verify_mode: env['SMTP_OPENSSL_VERIFY_MODE'], enable_starttls: enable_starttls, enable_starttls_auto: enable_starttls_auto, } ActionMailer::Base.default_options = { from: env['SMTP_FROM_ADDRESS'], } mail = ActionMailer::Base.new.mail to: send_to, subject: 'Test', body: 'Mastodon SMTP configuration works!' mail.deliver break rescue StandardError => e prompt.error 'E-mail could not be sent with this configuration, try again.' prompt.error e.message break unless prompt.yes?('Try again?') end end prompt.say "\n" prompt.say 'This configuration will be written to .env.production' if prompt.yes?('Save configuration?') incompatible_syntax = false env_contents = env.each_pair.map do |key, value| if value.is_a?(String) && value =~ /[\s\#\\"]/ incompatible_syntax = true if value =~ /[']/ value = value.to_s.gsub(/[\\"\$]/) { |x| "\\#{x}" } "#{key}=\"#{value}\"" else "#{key}='#{value}'" end else "#{key}=#{value}" end end.join("\n") generated_header = "# Generated with mastodon:setup on #{Time.now.utc}\n\n".dup if incompatible_syntax generated_header << "# Some variables in this file will be interpreted differently whether you are\n" generated_header << "# using docker-compose or not.\n\n" end File.write(Rails.root.join('.env.production'), "#{generated_header}#{env_contents}\n") if using_docker prompt.ok 'Below is your configuration, save it to an .env.production file outside Docker:' prompt.say "\n" prompt.say "#{generated_header}#{env.each_pair.map { |key, value| "#{key}=#{value}" }.join("\n")}" prompt.say "\n" prompt.ok 'It is also saved within this container so you can proceed with this wizard.' end prompt.say "\n" prompt.say 'Now that configuration is saved, the database schema must be loaded.' prompt.warn 'If the database already exists, this will erase its contents.' if prompt.yes?('Prepare the database now?') prompt.say 'Running `RAILS_ENV=production rails db:setup` ...' prompt.say "\n\n" if !system(env.transform_values(&:to_s).merge({ 'RAILS_ENV' => 'production', 'SAFETY_ASSURED' => '1' }), 'rails db:setup') prompt.error 'That failed! Perhaps your configuration is not right' else prompt.ok 'Done!' end end unless using_docker prompt.say "\n" prompt.say 'The final step is compiling CSS/JS assets.' prompt.say 'This may take a while and consume a lot of RAM.' if prompt.yes?('Compile the assets now?') prompt.say 'Running `RAILS_ENV=production rails assets:precompile` ...' prompt.say "\n\n" if !system(env.transform_values(&:to_s).merge({ 'RAILS_ENV' => 'production' }), 'rails assets:precompile') prompt.error 'That failed! Maybe you need swap space?' else prompt.say 'Done!' end end end prompt.say "\n" prompt.ok 'All done! You can now power on the Mastodon server 🐘' prompt.say "\n" if db_connection_works && prompt.yes?('Do you want to create an admin user straight away?') env.each_pair do |key, value| ENV[key] = value.to_s end require_relative '../../config/environment' disable_log_stdout! username = prompt.ask('Username:') do |q| q.required true q.default 'admin' q.validate(/\A[a-z0-9_]+\z/i) q.modify :strip end email = prompt.ask('E-mail:') do |q| q.required true q.modify :strip end password = SecureRandom.hex(16) owner_role = UserRole.find_by(name: 'Owner') user = User.new(email: email, password: password, confirmed_at: Time.now.utc, account_attributes: { username: username }, bypass_invite_request_check: true, role: owner_role) user.save(validate: false) Setting.site_contact_username = username prompt.ok "You can login with the password: #{password}" prompt.warn 'You can change your password once you login.' end else prompt.warn 'Nothing saved. Bye!' end rescue TTY::Reader::InputInterrupt prompt.ok 'Aborting. Bye!' end end namespace :webpush do desc 'Generate VAPID key' task :generate_vapid_key do vapid_key = Webpush.generate_key puts "VAPID_PRIVATE_KEY=#{vapid_key.private_key}" puts "VAPID_PUBLIC_KEY=#{vapid_key.public_key}" end end end def disable_log_stdout! dev_null = Logger.new('/dev/null') Rails.logger = dev_null ActiveRecord::Base.logger = dev_null HttpLog.configuration.logger = dev_null Paperclip.options[:log] = false end