An all-in-one Mastodon provisioner party in a box
Find a file
2024-02-09 05:30:30 -08:00
ansible Add phanpy and fix deprecated http2 for nginx while we're there 2024-02-08 21:32:23 -08:00
terraform How did we not add permissions to the s3 bucket before? 2024-02-09 05:30:30 -08:00
.gitignore Back up old config file on running .configure 2024-01-26 16:42:37 -08:00
config.mk.in SES credentials work now!!! Wow that was a pain in the butt!! 2024-01-24 19:30:24 -08:00
configure Back up old config file on running .configure 2024-01-26 16:42:37 -08:00
Makefile SES credentials work now!!! Wow that was a pain in the butt!! 2024-01-24 19:30:24 -08:00
README.md Also topology things 2024-01-30 12:04:30 -08:00

masto-aio

An all-in-one Mastodon provisioner party in a box

Provisions, builds, and configures a full Mastodon server, with all the trimmings.

There's a lot of rote work involved in setting up a Mastodon server, and this simplifies things a lot.

THIS IS NOT YET READY FOR PRODUCTION USE! But it's getting close!

What does it do?

It configures...

  • A server in AWS EC2
  • DNS zone data at AWS Route53 as well as nameserver configuration at the registrar
  • SES to deliver outbound mail, setting everything up to verify your domain
  • SSH keys for the instance, and AWS SSM to manage SSH connections without having to open port 22
  • nginx reverse proxy
  • certbot to manage TLS certificates automatically
  • an S3 bucket for media storage
  • Mastodon
  • fediblockhole to auto-block bad servers by default
  • Probably some other stuff I'm forgetting

At present it creates a fully functioning server, but it blocks access to everyone except the network address that built it. So you can reach it but nobody else can.

Requirements

Setup

You need a working set of AWS credentials to set up the server. Head to aws.amazon.com and click the sign-up button. AWS is a paid service and you will be charged for the resources this sets up.

  • ./configure and answer the questions it asks you
  • make

Once SES is configured, you need to manually go to the AWS console and request that your account be moved from the sandbox to production, before it will deliver mail.

A step will be added soon to move your server into "production" and open it to public access up once you're satisfied with it. Until then it will not federate properly, so please don't try using it yet.

Additional usage

make ssh to initiate an SSH connection to the server

make reboot does what it says on the tin

Roadmap

Some missing features for the first release:

  • postfix inbound to relay mail from SES back to the administrator
  • Support for migrating Mastodon to newer versions, including database schema updates
  • AWS Secrets Manager support for various credentials
  • Backups! (ha!)
  • ActivityPub relay subscription (if desired)

More features that are coming:

  • Vagrant and existing-server support for people not wanting to use AWS
  • Phanpy
  • Synapse and Element, using Mastodon for OpenID auth
  • SMTP and IMAP services for users: postfix/dovecot/rspamd/pigeonhole! Maybe!
  • Configurable topology: the option to do monolith instance installs or split services into HA groups

Other work that still needs doing:

  • Converting from docker to podman
  • non-root access for Ansible
  • A more configurable server topology with HA and autoscaling for larger sites