Merge branch 'testing' into ldap

6 files changed, 80 insertions, 55 deletions

diff --git a/conf/.env.production.sample b/conf/.env.production.sample
index c55d99b..d2f4b91 100644
--- a/conf/.env.production.sample
+++ b/conf/.env.production.sample
@@ -69,6 +69,7 @@ SMTP_PORT=25
 #SMTP_LOGIN=
 #SMTP_PASSWORD=
 SMTP_FROM_ADDRESS=__SMTP_FROM_ADDRESS__
+#SMTP_REPLY_TO=
 #SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
 SMTP_DELIVERY_METHOD=sendmail # delivery method can also be smtp
 SMTP_AUTH_METHOD=none
@@ -114,6 +115,20 @@ SMTP_OPENSSL_VERIFY_MODE=none
 # S3_ENDPOINT=
 # S3_SIGNATURE_VERSION=
 
+# Google Cloud Storage (optional)
+# Use S3 compatible API. Since GCS does not support Multipart Upload,
+# increase the value of S3_MULTIPART_THRESHOLD to disable Multipart Upload.
+# The attachment host must allow cross origin request - see the description
+# above.
+# S3_ENABLED=true
+# AWS_ACCESS_KEY_ID=
+# AWS_SECRET_ACCESS_KEY=
+# S3_REGION=
+# S3_PROTOCOL=https
+# S3_HOSTNAME=storage.googleapis.com
+# S3_ENDPOINT=https://storage.googleapis.com
+# S3_MULTIPART_THRESHOLD=52428801 # 50.megabytes
+
 # Swift (optional)
 # The attachment host must allow cross origin request - see the description
 # above.
@@ -208,8 +223,8 @@ LDAP_TLS_NO_VERIFY=true
 
 # Optional SAML authentication (cf. omniauth-saml)
 # SAML_ENABLED=true
-# SAML_ACS_URL=
-# SAML_ISSUER=http://localhost:3000/auth/auth/saml/callback
+# SAML_ACS_URL=http://localhost:3000/auth/auth/saml/callback
+# SAML_ISSUER=https://example.com
 # SAML_IDP_SSO_TARGET_URL=https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
 # SAML_IDP_CERT=
 # SAML_IDP_CERT_FINGERPRINT=
@@ -232,3 +247,13 @@ LDAP_TLS_NO_VERIFY=true
 # http_proxy=http://gateway.local:8118
 # Access control for hidden service.
 # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
+
+# Authorized fetch mode (optional)
+# Require remote servers to authentify when fetching toots, see
+# https://docs.joinmastodon.org/admin/config/#authorized_fetch
+# AUTHORIZED_FETCH=true
+
+# Whitelist mode (optional)
+# Only allow federation with whitelisted domains, see
+# https://docs.joinmastodon.org/admin/config/#whitelist_mode
+# WHITELIST_MODE=true
diff --git a/conf/app.src b/conf/app.src
index 0973ab9..fc275ee 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/tootsuite/mastodon/archive/v2.9.2.tar.gz
-SOURCE_SUM=b46f5f2b2032b531997acf942005ce5f88c9389fc3e5b307a281854179d64878 
+SOURCE_URL=https://github.com/tootsuite/mastodon/archive/v3.1.2.tar.gz
+SOURCE_SUM=c12fd8c1b426861825d37d2eab1d6356be05b2b321eae0c1b87f80fcc11b0da7 
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
diff --git a/conf/cron b/conf/cron
index 6463d70..9a984a3 100644
--- a/conf/cron
+++ b/conf/cron
@@ -1,2 +1,2 @@
 RAILS_ENV=production
-@daily cd __FINAL__PATH__/live && /opt/rbenv/versions/2.6.1/bin/bundle exec rake __USER__:media:remove_remote
+@daily cd __FINAL__PATH__/live && /opt/rbenv/versions/2.6.5/bin/bundle exec rake __USER__:media:remove_remote
diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service
index cd7db81..d5fc7e1 100644
--- a/conf/mastodon-sidekiq.service
+++ b/conf/mastodon-sidekiq.service
@@ -9,7 +9,7 @@
  Environment="RAILS_ENV=production"
  Environment="DB_POOL=25"
  Environment="MALLOC_ARENA_MAX=2"
- ExecStart=/opt/rbenv/versions/2.6.1/bin/bundle exec sidekiq -c 25
+ ExecStart=/opt/rbenv/versions/2.6.5/bin/bundle exec sidekiq -c 25
  TimeoutSec=15
  Restart=always
  StandardError=syslog
diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service
index d2f5fdd..bb65afe 100644
--- a/conf/mastodon-web.service
+++ b/conf/mastodon-web.service
@@ -8,7 +8,7 @@
  WorkingDirectory=__FINALPATH__/live
  Environment="RAILS_ENV=production"
  Environment="PORT=__PORT_WEB__"
- ExecStart=/opt/rbenv/versions/2.6.1/bin/bundle exec puma -C config/puma.rb
+ ExecStart=/opt/rbenv/versions/2.6.5/bin/bundle exec puma -C config/puma.rb
  ExecReload=/bin/kill -SIGUSR1 $MAINPID
  TimeoutSec=15
  Restart=always
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 190c650..7fa7b87 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -6,70 +6,70 @@ root __FINALPATH__/live/public;
 
 location / {
 
-	if ($scheme = http) {
-	rewrite ^ https://$server_name$request_uri? permanent;
-	}
+  # Force usage of https
+  if ($scheme = http) {
+    rewrite ^ https://$server_name$request_uri? permanent;
+  }
 
-	proxy_set_header Accept-Encoding "";
-	try_files $uri @proxy;
+  proxy_set_header Accept-Encoding "";
+  try_files $uri @proxy;
 
-	# Include SSOWAT user panel.
-	include conf.d/yunohost_panel.conf.inc;
+  # Include SSOWAT user panel.
+  include conf.d/yunohost_panel.conf.inc;
 }
 
 location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
-    add_header Cache-Control "public, max-age=31536000, immutable";
-    add_header Strict-Transport-Security "max-age=31536000";
-    try_files $uri @proxy;
+  add_header Cache-Control "public, max-age=31536000, immutable";
+  add_header Strict-Transport-Security "max-age=31536000";
+  try_files $uri @proxy;
 }
 
 location /sw.js {
-    add_header Cache-Control "public, max-age=0";
-    add_header Strict-Transport-Security "max-age=31536000";
-    try_files $uri @proxy;
+  add_header Cache-Control "public, max-age=0";
+  add_header Strict-Transport-Security "max-age=31536000";
+  try_files $uri @proxy;
 }
 
 location @proxy {
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_set_header Proxy "";
-    proxy_pass_header Server;
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header Proxy "";
+  proxy_pass_header Server;
 
-    proxy_pass http://127.0.0.1:3000;
-    proxy_buffering on;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
+  proxy_pass http://127.0.0.1:3000;
+  proxy_buffering on;
+  proxy_redirect off;
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
 
-    #proxy_cache CACHE;
-    proxy_cache_valid 200 7d;
-    proxy_cache_valid 410 24h;
-    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-    add_header X-Cached $upstream_cache_status;
-    add_header Strict-Transport-Security "max-age=31536000";
+  #proxy_cache CACHE;
+  proxy_cache_valid 200 7d;
+  proxy_cache_valid 410 24h;
+  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+  add_header X-Cached $upstream_cache_status;
+  add_header Strict-Transport-Security "max-age=31536000";
 
-    tcp_nodelay on;
+  tcp_nodelay on;
 }
 
 location /api/v1/streaming {
-	proxy_set_header Host $host;
-	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header X-Forwarded-Proto https;
-	proxy_set_header Proxy "";
-	
-	proxy_pass http://127.0.0.1:4000;
-	proxy_buffering off;
-	proxy_redirect off;
-	proxy_http_version 1.1;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection "upgrade";
-	
-	tcp_nodelay on;
-}
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header Proxy "";
+
+  proxy_pass http://127.0.0.1:4000;
+  proxy_buffering off;
+  proxy_redirect off;
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
 
+  tcp_nodelay on;
+}
 
-error_page 500 501 502 503 504 /500.html;
\ No newline at end of file
+error_page 500 501 502 503 504 /500.html;