Добавлен профиль Mastodon

1 year ago · 7a8efe59ce
parent 38cac57301
commit 7a8efe59ce
46 changed files with 2966 additions and 0 deletions
--- a/profiles/mastodon/amd64/20/parent
+++ b/profiles/mastodon/amd64/20/parent
@ -0,0 +1,2 @@
+calculate:default/amd64/20/server
+../..
--- a/profiles/mastodon/amd64/parent
+++ b/profiles/mastodon/amd64/parent
@ -0,0 +1,2 @@
+../../../../calculate/profiles/default/amd64/18/server
+..
--- a/profiles/mastodon/calculate.env
+++ b/profiles/mastodon/calculate.env
@ -0,0 +1,3 @@
+[main]
+os_linux_name = 'Calculate Mastodon'
+os_linux_shortname = 'mastodon'
--- a/profiles/mastodon/parent
+++ b/profiles/mastodon/parent
@ -0,0 +1 @@
+..
--- a/profiles/profiles.desc
+++ b/profiles/profiles.desc
@ -8,6 +8,7 @@

 # AMD64 Profiles
 amd64		scratch/amd64/20				stable
+amd64		mastodon/amd64/20				dev
 amd64		taiga/amd64/20					dev

 # vim: set ts=8
--- a/profiles/templates/mastodon/.calculate_directory
+++ b/profiles/templates/mastodon/.calculate_directory
@ -0,0 +1 @@
+# Calculate os_linux_shortname==mastodon cl_name==calculate-core append=skip
--- a/profiles/templates/mastodon/mastodon/.calculate_directory
+++ b/profiles/templates/mastodon/mastodon/.calculate_directory
@ -0,0 +1 @@
+# Calculate env=install ac_install_merge==on mergepkg(www-servers/nginx)!= append=skip
--- a/profiles/templates/mastodon/mastodon/0-etc.mastodon.group
+++ b/profiles/templates/mastodon/mastodon/0-etc.mastodon.group
@ -0,0 +1,2 @@
+# Calculate append=after path=/etc name=#-cut(2,.)-# grep(/etc/#-cut(2,.)-#,#-cut(1,.)-#)== protected
+mastodon:x:1000:
--- a/profiles/templates/mastodon/mastodon/0-etc.mastodon.passwd
+++ b/profiles/templates/mastodon/mastodon/0-etc.mastodon.passwd
@ -0,0 +1,2 @@
+# Calculate append=after path=/etc name=#-cut(2,.)-# grep(/etc/#-cut(2,.)-#,#-cut(1,.)-#)== protected
+mastodon:x:1000:1000::/var/calculate/www/mastodon:/bin/bash
--- a/profiles/templates/mastodon/mastodon/0-etc.mastodon.shadow
+++ b/profiles/templates/mastodon/mastodon/0-etc.mastodon.shadow
@ -0,0 +1,2 @@
+# Calculate append=after path=/etc name=#-cut(2,.)-# grep(/etc/#-cut(2,.)-#,#-cut(1,.)-#)== protected
+mastodon:!:19425:0:99999:7:::
--- a/profiles/templates/mastodon/mastodon/0-mastodon.bashrc
+++ b/profiles/templates/mastodon/mastodon/0-mastodon.bashrc
@ -0,0 +1,4 @@
+# Calculate path=/var/calculate/www/mastodon name=.bashrc comment=# chown=mastodon:mastodon
+source ~/.node-live/bin/activate
+export PATH="$HOME/.rbenv/bin:$PATH"
+eval "$(rbenv init -)"
--- a/profiles/templates/mastodon/mastodon/env.production
+++ b/profiles/templates/mastodon/mastodon/env.production
@ -0,0 +1,68 @@
+# Calculate path=/var/calculate/www/mastodon/live name=.env.production chown=mastodon:mastodon comment=# exists(/var/calculate/www/mastodon/live/.env.production.sample)!= protected
+# https://docs.joinmastodon.org/admin/config/ for the full documentation.
+
+# Federation
+# ----------
+# This identifies your server and cannot be changed safely later
+# ----------
+LOCAL_DOMAIN=example.com
+
+# Redis
+# -----
+REDIS_HOST=localhost
+REDIS_PORT=6379
+
+# PostgreSQL
+# ----------
+DB_HOST=/var/run/postgresql
+DB_USER=mastodon
+DB_NAME=mastodon_production
+DB_PASS=
+DB_PORT=5432
+
+# Elasticsearch (optional)
+# ------------------------
+#ES_ENABLED=true
+#ES_HOST=localhost
+#ES_PORT=9200
+# Authentication for ES (optional)
+#ES_USER=
+#ES_PASS=
+
+# Secrets
+# -------
+# Make sure to use `rake secret` to generate secrets
+# -------
+SECRET_KEY_BASE=
+OTP_SECRET=
+
+# Web Push
+# --------
+# Generate with `rake mastodon:webpush:generate_vapid_key`
+# --------
+VAPID_PRIVATE_KEY=
+VAPID_PUBLIC_KEY=
+
+# Sending mail
+# ------------
+SMTP_SERVER=
+SMTP_PORT=587
+SMTP_LOGIN=
+SMTP_PASSWORD=
+SMTP_FROM_ADDRESS=notifications@example.com
+
+# File storage (optional)
+# -----------------------
+#S3_ENABLED=true
+#S3_BUCKET=files.example.com
+#AWS_ACCESS_KEY_ID=
+#AWS_SECRET_ACCESS_KEY=
+#S3_ALIAS_HOST=files.example.com
+
+# IP and session retention
+# -----------------------
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
+# -----------------------
+#IP_RETENTION_PERIOD=31556952
+#SESSION_RETENTION_PERIOD=31556952
--- a/profiles/templates/mastodon/mastodon/ini.env
+++ b/profiles/templates/mastodon/mastodon/ini.env
@ -0,0 +1,15 @@
+# Calculate format=samba path=/var/calculate chmod=600 chown=mastodon:mastodon grep(/var/calculate/ini.env,local_domain)== protected
+
+[mastodon]
+local_domain=calculate.social
+node=16.18.0
+git_tag=4.1.1
+ruby=3.0.4
+login=owner
+smtp_from_address=Mastodon <support@calculate.ru>
+smtp_login=
+smtp_password=
+smtp_port=465
+smtp_server=mail.spb.calculate.ru
+
+
--- a/profiles/templates/mastodon/mastodon/init.mastodon-sidekiq
+++ b/profiles/templates/mastodon/mastodon/init.mastodon-sidekiq
@ -0,0 +1,22 @@
+# Calculate path=/etc/init.d name=#-cut(1,.)-# chmod=755 comment=# exists(/var/calculate/www/mastodon/.node-live)!=
+#!/sbin/openrc-run
+
+name="Mastodon Sidekiq daemon"
+description=""
+pidfile=/run/mastodon-sidekiq.pid
+command_user=mastodon
+output_log=/var/log/mastodon-sidekiq.log
+error_log=/var/log/mastodon-sidekiq.log
+directory=/var/calculate/www/mastodon/live
+start_stop_daemon_args="-e RAILS_ENV=production -e DB_POOL=25 -e MALLOC_ARENA_MAX=2"
+command=/var/calculate/www/mastodon/.rbenv/shims/bundle
+command_args="exec sidekiq -c 25"
+command_background=true
+
+depend() {
+    use postgresql net redis
+}
+
+start_pre() {
+    checkpath -f -o mastodon -m 0600 /var/log/mastodon-sidekiq.log
+}
--- a/profiles/templates/mastodon/mastodon/init.mastodon-streaming
+++ b/profiles/templates/mastodon/mastodon/init.mastodon-streaming
@ -0,0 +1,21 @@
+# Calculate path=/etc/init.d name=#-cut(1,.)-# chmod=755 comment=# exists(/var/calculate/www/mastodon/.node-live)!=
+#!/sbin/openrc-run
+name="Mastodon streaming daemon"
+description=""
+pidfile=/run/mastodon-streaming.pid
+command_user=mastodon
+output_log=/var/log/mastodon-streaming.log
+error_log=/var/log/mastodon-streaming.log
+directory=/var/calculate/www/mastodon/live
+start_stop_daemon_args="-e NODE_ENV=production -e PORT=4000 -e STREAMING_CLUSTER_NUM=1"
+command=/var/calculate/www/mastodon/.node-live/bin/node
+command_args="./streaming"
+command_background=true
+
+depend() {
+    use postgresql net redis
+}
+
+start_pre() {
+        checkpath -f -o mastodon -m 0600 /var/log/mastodon-streaming.log
+}
--- a/profiles/templates/mastodon/mastodon/init.mastodon-web
+++ b/profiles/templates/mastodon/mastodon/init.mastodon-web
@ -0,0 +1,29 @@
+# Calculate path=/etc/init.d name=#-cut(1,.)-# chmod=755 comment=# exists(/var/calculate/www/mastodon/.node-live)!=
+#!/sbin/openrc-run
+name="Mastodon Web daemon"
+description=""
+pidfile=/run/mastodon-web.pid
+extra_commands="reload"
+command_user=mastodon
+output_log=/var/log/mastodon-web.log
+error_log=/var/log/mastodon-web.log
+directory=/var/calculate/www/mastodon/live
+start_stop_daemon_args="-e RAILS_ENV=production -e PORT=3000"
+command=/var/calculate/www/mastodon/.rbenv/shims/bundle
+command_args="exec puma -C config/puma.rb"
+command_background=true
+
+depend() {
+    need nginx postgresql
+    need mastodon-streaming mastodon-sidekiq
+}
+
+start_pre() {
+    checkpath -f -o mastodon -m 0600 /var/log/mastodon-web.log
+}
+
+reload() {
+    einfo "Reload $name"
+    kill -USR1 $(cat $pidfile)
+}
+
--- a/profiles/templates/mastodon/mastodon/link.cl-setup
+++ b/profiles/templates/mastodon/mastodon/link.cl-setup
@ -0,0 +1 @@
+# Calculate path=/usr/sbin name=#-cut(1,.)-# link=/var/db/repos/container/scripts/mastodon/setup.sh symbolic protected
--- a/profiles/templates/mastodon/mastodon/runlevel.mastodon-sidekiq
+++ b/profiles/templates/mastodon/mastodon/runlevel.mastodon-sidekiq
@ -0,0 +1 @@
+# Calculate path=/etc/runlevels/default name=#-cut(1,.)-# link=/etc/init.d/#-cut(1,.)-# protected symbolic exists(/var/calculate/www/mastodon/.node-live)!=
--- a/profiles/templates/mastodon/mastodon/runlevel.mastodon-streaming
+++ b/profiles/templates/mastodon/mastodon/runlevel.mastodon-streaming
@ -0,0 +1 @@
+# Calculate path=/etc/runlevels/default name=#-cut(1,.)-# link=/etc/init.d/#-cut(1,.)-# protected symbolic exists(/var/calculate/www/mastodon/.node-live)!=
--- a/profiles/templates/mastodon/mastodon/runlevel.mastodon-web
+++ b/profiles/templates/mastodon/mastodon/runlevel.mastodon-web
@ -0,0 +1 @@
+# Calculate path=/etc/runlevels/default name=#-cut(1,.)-# link=/etc/init.d/#-cut(1,.)-# protected symbolic exists(/var/calculate/www/mastodon/.node-live)!=
--- a/profiles/templates/mastodon/mastodon/www/.calculate_directory
+++ b/profiles/templates/mastodon/mastodon/www/.calculate_directory
@ -0,0 +1 @@
+# Calculate path=/var/calculate
--- a/profiles/templates/mastodon/mastodon/www/mastodon/.calculate_directory
+++ b/profiles/templates/mastodon/mastodon/www/mastodon/.calculate_directory
@ -0,0 +1 @@
+# Calculate chmod=750 chown=mastodon:nginx
--- a/profiles/templates/mastodon/nginx/.calculate_directory
+++ b/profiles/templates/mastodon/nginx/.calculate_directory
@ -0,0 +1 @@
+# Calculate env=install ac_install_merge==on mergepkg(www-servers/nginx)!= append=skip
--- a/profiles/templates/mastodon/nginx/mastodon.conf
+++ b/profiles/templates/mastodon/nginx/mastodon.conf
@ -0,0 +1,161 @@
+# Calculate path=/etc/nginx/sites-enabled exists(/etc/nginx/sites-enabled/#-cut()-#)== comment=#
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+upstream backend {
+    server 127.0.0.1:3000 fail_timeout=0;
+}
+
+upstream streaming {
+    server 127.0.0.1:4000 fail_timeout=0;
+}
+
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name calculate.social;
+  root /var/calculate/www/mastodon/live/public/;
+  location /.well-known/acme-challenge/ { allow all; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name calculate.social;
+
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off;
+
+  # Uncomment these lines once you acquire a certificate:
+   ssl_certificate     /etc/nginx/ssl/fullchain.pem;
+   ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 80m;
+
+  root /var/calculate/www/mastodon/live/public/;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
+
+  location / {
+    try_files $uri @proxy;
+  }
+
+  # If Docker is used for deployment and Rails serves static files,
+  # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
+  location = /sw.js {
+    add_header Cache-Control "public, max-age=604800, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/assets/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/avatars/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/emoji/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/headers/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/packs/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/shortcuts/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/sounds/ {
+    add_header Cache-Control "public, max-age=2419200, must-revalidate";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ~ ^/system/ {
+    add_header Cache-Control "public, max-age=2419200, immutable";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    try_files $uri =404;
+  }
+
+  location ^~ /api/v1/streaming {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+
+    proxy_pass http://streaming;
+    proxy_buffering off;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+
+    tcp_nodelay on;
+  }
+
+  location @proxy {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+    proxy_pass_header Server;
+
+    proxy_pass http://backend;
+    proxy_buffering on;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_cache CACHE;
+    proxy_cache_valid 200 7d;
+    proxy_cache_valid 410 24h;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    add_header X-Cached $upstream_cache_status;
+
+    tcp_nodelay on;
+  }
+
+  error_page 404 500 501 502 503 504 /500.html;
+}
+
--- a/profiles/templates/mastodon/nginx/openssl
+++ b/profiles/templates/mastodon/nginx/openssl
@ -0,0 +1,5 @@
+# Calculate exec=/bin/bash exists(/etc/nginx/ssl/privkey.pem)==||exists(/etc/nginx/ssl/fullchain.pem)==
+
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj '/CN=calculate.social' -keyout /etc/nginx/ssl/privkey.pem -out /etc/nginx/ssl/fullchain.pem  &>/dev/null
+
+true
--- a/profiles/templates/mastodon/nginx/runlevel.nginx
+++ b/profiles/templates/mastodon/nginx/runlevel.nginx
@ -0,0 +1 @@
+# Calculate path=/etc/runlevels/default name=#-cut(1,.)-# link=/etc/init.d/#-cut(1,.)-# protected symbolic exists(/var/calculate/www/mastodon/live/)!=
--- a/profiles/templates/mastodon/postgresql/.calculate_directory
+++ b/profiles/templates/mastodon/postgresql/.calculate_directory
@ -0,0 +1 @@
+# Calculate env=install ac_install_merge==on mergepkg(dev-db/postgresql)!= append=skip
--- a/profiles/templates/mastodon/postgresql/0-get_ver
+++ b/profiles/templates/mastodon/postgresql/0-get_ver
@ -0,0 +1,5 @@
+# Calculate run=/bin/bash
+
+ver=$(ls -d /var/db/pkg/dev-db/postgresql-*)
+ver=${ver#*postgresql-}
+echo ${ver%%.*} > /tmp/pgsqlver
--- a/profiles/templates/mastodon/postgresql/database/.calculate_directory
+++ b/profiles/templates/mastodon/postgresql/database/.calculate_directory
@ -0,0 +1 @@
+# Calculate path=/var/calculate name=postgresql chmod=700 chown=postgres:postgres
--- a/profiles/templates/mastodon/postgresql/etc/.calculate_directory
+++ b/profiles/templates/mastodon/postgresql/etc/.calculate_directory
@ -0,0 +1 @@
+# Calculate path=/etc name=postgresql-#-load(char,/tmp/pgsqlver)-#
--- a/profiles/templates/mastodon/postgresql/etc/pg_hba.conf
+++ b/profiles/templates/mastodon/postgresql/etc/pg_hba.conf
@ -0,0 +1,10 @@
+# Calculate chmod=600 comment=# chown=postgres:postgres
+
+# TYPE	DATABASE	USER		ADDRESS		METHOD
+
+# "local" is for Unix domain socket connections only
+local	all		all				password
+# IPv4 local connections:
+host	all		all		127.0.0.1/32	password
+# IPv6 local connections:
+host	all		all		::1/128		password
--- a/profiles/templates/mastodon/postgresql/etc/pg_ident.conf
+++ b/profiles/templates/mastodon/postgresql/etc/pg_ident.conf
@ -0,0 +1 @@
+# Calculate chmod=600 comment=# chown=postgres:postgres
--- a/profiles/templates/mastodon/postgresql/etc/postgresql.conf
+++ b/profiles/templates/mastodon/postgresql/etc/postgresql.conf
@ -0,0 +1,18 @@
+# Calculate chmod=600 comment=# chown=postgres:postgres
+
+max_connections = 100			# (change requires restart)
+shared_buffers = 128MB			# min 128kB
+dynamic_shared_memory_type = posix	# the default is the first option
+max_wal_size = 1GB
+min_wal_size = 80MB
+log_timezone = 'W-SU'
+datestyle = 'iso, dmy'
+timezone = 'W-SU'
+lc_messages = 'ru_RU.UTF-8'		# locale for system error message
+lc_monetary = 'ru_RU.UTF-8'		# locale for monetary formatting
+lc_numeric = 'C'			# locale for number formatting
+lc_time = 'ru_RU.UTF-8'			# locale for time formatting
+default_text_search_config = 'pg_catalog.russian'
+plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+
+listen_addresses = '127.0.0.1'
--- a/profiles/templates/mastodon/postgresql/ini.env
+++ b/profiles/templates/mastodon/postgresql/ini.env
@ -0,0 +1,6 @@
+# Calculate format=samba chown=mastodon:mastodon path=/var/calculate grep(/var/calculate/ini.env,postgresql)== comment=# protected
+[postgresql]
+postgres_password = #-rnd(pas,12)-#
+mastodon_user = mastodon
+mastodon_password = #-rnd(pas,12)-#
+mastodon_database = mastodon_production
--- a/profiles/templates/mastodon/postgresql/link.database
+++ b/profiles/templates/mastodon/postgresql/link.database
@ -0,0 +1 @@
+# Calculate path=/var/lib name=postgresql link=/var/calculate/postgresql symbolic protected
--- a/profiles/templates/mastodon/postgresql/pgpass
+++ b/profiles/templates/mastodon/postgresql/pgpass
@ -0,0 +1,3 @@
+# Calculate path=/root name=.pgpass chmod=600 comment=# protected
+localhost:*:*:postgres:#-ini(postgresql.postgres_password)-#
+localhost:*:*:mastodon:#-ini(postgresql.mastodon_password)-#
--- a/profiles/templates/mastodon/redis/.calculate_directory
+++ b/profiles/templates/mastodon/redis/.calculate_directory
@ -0,0 +1 @@
+# Calculate env=install ac_install_merge==on mergepkg(dev-db/redis)!= append=skip
--- a/profiles/templates/mastodon/redis/redis.conf
+++ b/profiles/templates/mastodon/redis/redis.conf
@ -0,0 +1,73 @@
+# Calculate path=/etc/redis exists(/etc/redis/#-cut()-#)== comment=#
+bind 127.0.0.1 -::1
+protected-mode yes
+port 6379
+tcp-backlog 511
+timeout 0
+tcp-keepalive 300
+daemonize no
+pidfile /run/redis/redis.pid
+loglevel notice
+logfile /var/log/redis/redis.log
+databases 16
+always-show-logo no
+set-proc-title yes
+proc-title-template "{title} {listen-addr} {server-mode}"
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+rdb-del-sync-files no
+dir /var/lib/redis/
+replica-serve-stale-data yes
+replica-read-only yes
+repl-diskless-sync yes
+repl-diskless-sync-delay 5
+repl-diskless-sync-max-replicas 0
+repl-diskless-load disabled
+repl-disable-tcp-nodelay no
+replica-priority 100
+acllog-max-len 128
+maxmemory 1024MB
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+replica-lazy-flush no
+lazyfree-lazy-user-del no
+lazyfree-lazy-user-flush no
+oom-score-adj no
+oom-score-adj-values 0 200 800
+disable-thp yes
+appendonly no
+appendfilename "appendonly.aof"
+appenddirname "appendonlydir"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble yes
+aof-timestamp-enabled no
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-listpack-entries 512
+hash-max-listpack-value 64
+list-max-listpack-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+zset-max-listpack-entries 128
+zset-max-listpack-value 64
+hll-sparse-max-bytes 3000
+stream-node-max-bytes 4096
+stream-node-max-entries 100
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit replica 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+dynamic-hz yes
+aof-rewrite-incremental-fsync yes
+rdb-save-incremental-fsync yes
+jemalloc-bg-thread yes
--- a/profiles/templates/mastodon/redis/redis.conf.example
+++ b/profiles/templates/mastodon/redis/redis.conf.example
--- a/profiles/templates/mastodon/redis/runlevel.redis
+++ b/profiles/templates/mastodon/redis/runlevel.redis
@ -0,0 +1 @@
+# Calculate path=/etc/runlevels/default name=#-cut(1,.)-# link=/etc/init.d/#-cut(1,.)-# protected symbolic
--- a/profiles/templates/mastodon/world
+++ b/profiles/templates/mastodon/world
@ -0,0 +1,12 @@
+# Calculate env=update ac_update_sync==on path=/var/lib/portage cl_update_world==merge||cl_update_world==rebuild format=world
+dev-db/postgresql:14
+dev-python/nodeenv
+dev-python/setuptools
+sys-devel/gettext
+dev-db/redis
+media-gfx/imagemagick
+media-video/ffmpeg
+www-servers/nginx
+dev-util/pkgconf
+dev-libs/protobuf
+net-dns/libidn
--- a/scripts/mastodon/setup.sh
+++ b/scripts/mastodon/setup.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+
+export PATH="/lib/rc/bin:$PATH"
+set -ueo pipefail
+scriptpath=$(dirname $(readlink -f $0))
+
+. /var/db/repos/calculate/scripts/ini.sh
+
+echo "Mastodon setup"
+
+test -f /run/redis/redis.pid && /etc/init.d/redis start
+
+for script in $scriptpath/stages/*.sh; do
+        "$script"
+done
+
+/etc/init.d/redis restart
+rc-update -u
+openrc
+
+echo -e "\nAll is done! Open the link https://${ini[mastodon.local_domain]} on your browser after adding ${ini[mastodon.local_domain]} to dns"
--- a/scripts/mastodon/stages/1-install.sh
+++ b/scripts/mastodon/stages/1-install.sh
@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -eo pipefail
+export PATH="/lib/rc/bin:$PATH"
+
+SCRIPT=$(readlink -f $0)
+[[ $UID == 0 ]] && exec su - mastodon -c "$SCRIPT"
+
+
+. /var/db/repos/container/scripts/functions.sh
+. /var/db/repos/calculate/scripts/ini.sh
+
+cd ~/
+
+if [[ ! -e ~/.node-live ]]
+then
+	einfo 'Install Node.js'
+	cd ~
+	nodeenv --node=${ini[mastodon.node]} .node-${ini[mastodon.node]%%.*}
+	ln -sfT .node-${ini[mastodon.node]%%.*} .node-live
+	set +u
+	source .node-live/bin/activate
+	set -u
+	einfo 'Install yarn'
+	npm install -g yarn
+	corepack enable
+	yarn set version classic
+fi
+
+if [[ ! -e ~/.rbenv ]]; then
+	einfo 'Rbenv Setup: Get the code'
+	git clone --single-branch --depth 1 https://github.com/rbenv/rbenv.git ~/.rbenv
+	eend
+fi
+
+if [[ ! -e ~/.rbenv/plugins/ruby-build ]]; then
+	einfo 'Ruby Setup: Get the code'
+	git clone --single-branch --depth 1 https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
+	eend
+fi
+
+export PATH="$HOME/.rbenv/bin:$PATH"
+eval "$(rbenv init -)"
+
+if [[ ! -e ~/live ]]; then
+	einfo 'Mastodon Setup: Get the code'
+	git config --global advice.detachedHead false
+	git clone -b v${ini[mastodon.git_tag]} --single-branch --depth 1 https://github.com/tootsuite/mastodon.git ~/live
+	einfo 'Install Ruby'
+	RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install ${ini[mastodon.ruby]}
+	rbenv global ${ini[mastodon.ruby]}
+	gem install bundler --no-document
+	cd ~/live
+	bundle config deployment 'true'
+	bundle config without 'development test'
+	einfo 'Install gems'
+	bundle install -j$(nproc)
+	eend
+fi
+
--- a/scripts/mastodon/stages/2-postgresql.sh
+++ b/scripts/mastodon/stages/2-postgresql.sh
@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -ueo pipefail
+
+export PATH="/lib/rc/bin:$PATH"
+
+[[ -n "$(ls -A /var/lib/postgresql)" ]] && exit
+
+. /var/db/repos/container/scripts/functions.sh
+. /var/db/repos/calculate/scripts/ini.sh
+
+pgver() {
+        local ver=$(ls -d /var/db/pkg/dev-db/postgresql-*)
+        ver=${ver#*postgresql-}
+        if [[ ${1:-} == 'slot' ]]; then
+                echo ${ver%%.*}
+        else
+                echo ${ver%%-*}
+        fi
+}
+
+emerge --config dev-db/postgresql
+
+/etc/init.d/postgresql-$(pgver slot) start
+
+psql -U postgres -c "ALTER USER postgres WITH PASSWORD '${ini[postgresql.postgres_password]}'"
+psql -U postgres -c "CREATE ROLE ${ini[postgresql.mastodon_user]} WITH login createdb"
+psql -U postgres -c "ALTER USER ${ini[postgresql.mastodon_user]} WITH PASSWORD '${ini[postgresql.mastodon_password]}'"
+
+cl-core-setup -n postgresql -f
+/etc/init.d/postgresql-$(pgver slot) restart
--- a/scripts/mastodon/stages/3-config.sh
+++ b/scripts/mastodon/stages/3-config.sh
@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -ueo pipefail
+export PATH="/lib/rc/bin:$PATH"
+
+. /var/db/repos/container/scripts/functions.sh
+. /var/db/repos/calculate/scripts/ini.sh
+
+cl-setup-system
+
+cd /var/calculate/www/mastodon
+configure_conf() {
+	local config=$1
+	einfo "Setting up $config ..."
+	test -f $config.old || cp $config $config.old
+	for (( i=0; i < ${#replace[@]}; i += 2 )); do
+		var=${replace[$i]}
+		val=${replace[$i+1]}
+		grep -qE "^([#;]\s*)?\s*?$var\s*[:=]" $config || eerror "Parametr '$var' is not found."
+		sed -i -E "s|^([#;]\s*)?(\s*)(${var})(\s*)([:=])(\s*)?.*$|\2\3\4\5\6${val}|g" \
+			$config
+	done
+	eend
+}
+
+replace=(
+	LOCAL_DOMAIN			"${ini[mastodon.local_domain]}"
+	DB_USER				"${ini[postgresql.mastodon_user]}"
+	DB_PASS				"${ini[postgresql.mastodon_password]}"
+	SMTP_FROM_ADDRESS		"${ini[mastodon.smtp_from_address]}"
+	SMTP_PORT			"${ini[mastodon.smtp_port]}"
+
+)
+configure_conf live/.env.production
+
+/etc/init.d/redis restart
--- a/scripts/mastodon/stages/4-migrate.sh
+++ b/scripts/mastodon/stages/4-migrate.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+
+#set -ueo pipefail
+
+SCRIPT=$(readlink -f $0)
+[[ $UID == 0 ]] && exec su - mastodon -c "$SCRIPT"
+
+
+
+. /var/db/repos/container/scripts/functions.sh
+. /var/db/repos/calculate/scripts/ini.sh
+
+set +u
+source ~/.node-live/bin/activate
+set -u
+export PATH="$HOME/.rbenv/bin:$PATH"
+eval "$(rbenv init -)"
+
+cd ~/live
+
+get_variables(){
+	SECRET_KEY_BASE=$(RAILS_ENV=production bundle exec rake secret)
+	OTP_SECRET=$(RAILS_ENV=production bundle exec rake secret)
+	vapid_array=($(RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key))
+	VAPID_PRIVATE_KEY=$(echo ${vapid_array[0]} | cut -d= -f2,3,4)
+	VAPID_PUBLIC_KEY=$(echo ${vapid_array[1]} | cut -d= -f2,3,4)
+
+	sed -i -E "s|(SECRET_KEY_BASE=).*|\1${SECRET_KEY_BASE}|g" ~/live/.env.production 
+	sed -i -E "s|(OTP_SECRET=).*|\1${OTP_SECRET}|g" ~/live/.env.production
+	sed -i -E "s|(VAPID_PRIVATE_KEY=).*|\1${VAPID_PRIVATE_KEY}|g" ~/live/.env.production
+	sed -i -E "s|(VAPID_PUBLIC_KEY=).*|\1${VAPID_PUBLIC_KEY}|g" ~/live/.env.production
+}
+
+migrate_pgsql(){
+	RAILS_ENV=production bundle exec rake db:setup
+	RAILS_ENV=production bundle exec rake assets:precompile
+	RAILS_ENV=production bin/tootctl accounts create ${ini[mastodon.login]} \
+	--email ${ini[mastodon.smtp_from_address]} \
+	--confirmed  --role Owner
+
+	einfo Mail: ${ini[mastodon.smtp_from_address]} 
+	einfo Login: ${ini[mastodon.login]}
+}
+
+check_migrate(){
+	data=$(RAILS_ENV=production bundle exec rake db:migrate:status 2>/dev/null)
+}
+
+data={:-}
+
+#if [[ -z $data ]]; then
+	get_variables
+	migrate_pgsql
+#else 
+	check_migrate
+#fi
				`@ -0,0 +1 @@`
				`# Calculate os_linux_shortname==mastodon cl_name==calculate-core append=skip`
				`@ -0,0 +1 @@`
				`# Calculate env=install ac_install_merge==on mergepkg(www-servers/nginx)!= append=skip`
				`@ -0,0 +1 @@`
				`# Calculate path=/usr/sbin name=#-cut(1,.)-# link=/var/db/repos/container/scripts/mastodon/setup.sh symbolic protected`
				`@ -0,0 +1 @@`
				`# Calculate path=/etc/runlevels/default name=#-cut(1,.)-# link=/etc/init.d/#-cut(1,.)-# protected symbolic exists(/var/calculate/www/mastodon/.node-live)!=`
				`@ -0,0 +1 @@`
				`# Calculate path=/var/calculate name=postgresql chmod=700 chown=postgres:postgres`
				`@ -0,0 +1 @@`
				`# Calculate path=/etc name=postgresql-#-load(char,/tmp/pgsqlver)-#`
				`@ -0,0 +1 @@`
				`# Calculate chmod=600 comment=# chown=postgres:postgres`
				`@ -0,0 +1 @@`
				`# Calculate path=/var/lib name=postgresql link=/var/calculate/postgresql symbolic protected`