78 lines
2.6 KiB
Markdown
78 lines
2.6 KiB
Markdown
# masto-aio
|
|
|
|
An all-in-one Mastodon provisioner party in a box
|
|
|
|
|
|
Provisions, builds, and configures a full Mastodon server, with all the trimmings.
|
|
|
|
There's a lot of rote work involved in setting up a Mastodon server, and this simplifies things a lot.
|
|
|
|
THIS IS NOT YET READY FOR PRODUCTION USE! But it's getting close!
|
|
|
|
## What does it do?
|
|
|
|
It configures...
|
|
* A server in AWS EC2
|
|
* DNS zone data at AWS Route53 as well as nameserver configuration at the registrar
|
|
* SES to deliver outbound mail, setting everything up to verify your domain
|
|
* SSH keys for the instance, and AWS SSM to manage SSH connections without having to open port 22
|
|
* nginx reverse proxy
|
|
* certbot to manage TLS certificates automatically
|
|
* an S3 bucket for media storage
|
|
* Mastodon
|
|
* fediblockhole to auto-block bad servers by default
|
|
* Probably some other stuff I'm forgetting
|
|
|
|
At present it creates a fully functioning server, but it blocks access to everyone except the network address that
|
|
built it. So you can reach it but nobody else can.
|
|
|
|
## Requirements
|
|
|
|
* GNU Make
|
|
* Ansible
|
|
* Terraform
|
|
* AWS CLI
|
|
* AWS SessionManager plugin (http://docs.aws.amazon.com/console/systems-manager/session-manager-plugin-not-found)
|
|
* Python 3.6+ for credentials
|
|
* python3-bs4 (BeautifulSoup 4)
|
|
|
|
## Setup
|
|
|
|
You need a working set of AWS credentials to set up the server. Head to `aws.amazon.com` and click the sign-up
|
|
button. AWS is a paid service and you will be charged for the resources this sets up.
|
|
|
|
* `./configure` and answer the questions it asks you
|
|
* `make`
|
|
|
|
Once SES is configured, you need to manually go to the AWS console and request that your account be moved from the
|
|
sandbox to production, before it will deliver mail.
|
|
|
|
A step will be added soon to move your server into "production" and open it to public access up once you're
|
|
satisfied with it. Until then it will not federate properly, so please don't try using it yet.
|
|
|
|
## Additional usage
|
|
|
|
`make ssh` to initiate an SSH connection to the server
|
|
|
|
`make reboot` does what it says on the tin
|
|
|
|
## Roadmap
|
|
|
|
Some missing features:
|
|
|
|
* postfix inbound to relay main from SES back to the administrator
|
|
* SMTP and IMAP services for users: postfix/dovecot/rspamd/pigeonhole! Maybe!
|
|
* Support for migrating Mastodon to newer versions, including database upgrades
|
|
* AWS Secrets Manager support for various credentials
|
|
* Phanpy
|
|
* Synapse and Element
|
|
* Backups! (ha!)
|
|
* Vagrant and existing-server support for people not wanting to use AWS
|
|
* ActivityPub relay subscription (if desired)
|
|
|
|
|
|
Other work that still needs doing:
|
|
* Converting from docker to podman
|
|
* non-root access for Ansible
|
|
* A more configurable server topology with HA and autoscaling for larger sites
|
|
|