# Mastodon

Mastodon is a free, open-source social network server based on ActivityPub. It allows you to run your own instance of a decentralized social media platform.

## Version

This package deploys Mastodon v4.5.3 (released July 8, 2025).

## Dependencies

- **PostgreSQL**: Database for storing application data
- **Redis**: Used for caching and background job queuing

## Configuration

### VAPID Keys

Mastodon requires VAPID (Voluntary Application Server Identification) keys for Web Push notifications. These keys use Elliptic Curve P-256 cryptography.

**The Wild Cloud API automatically generates proper VAPID keys when you add the Mastodon app.** No manual configuration is required!

### Database

The database is automatically initialized with:
- Database: `mastodon_production`
- User: `mastodon` with auto-generated password
- All necessary privileges granted

The db-init job handles creating the database and user, and automatically updates the user password if it changes.

### Storage

Mastodon uses two persistent volumes:
- **Assets** (10Gi): Stores compiled assets and static files
- **System** (100Gi): Stores user uploads, media files, and other system data

Both volumes use ReadWriteMany access mode to allow multiple pods to access them simultaneously.

## Components

Mastodon runs three separate services:

- **Web (Puma)**: Main web server for the Mastodon web interface
- **Streaming (Node.js)**: Real-time streaming API for live updates
- **Sidekiq**: Background job processor for async tasks

## Access

After deployment, Mastodon will be available at:
- https://mastodon.{your-cloud-domain}

The ingress automatically routes:
- `/api/v1/streaming` → Streaming service
- All other paths → Web service

## First-Time Setup

1. Add and deploy the app:
   ```bash
   wild app add mastodon
   wild app deploy mastodon
   ```

2. Generate and configure VAPID keys (see above)

3. Access your instance in a browser and create the first admin user account

4. Configure additional settings through the Mastodon admin interface

## Security

All containers run as non-root user (UID 991) with:
- No privilege escalation
- All capabilities dropped
- Compliant with Pod Security Standards

## Notes

- SMTP configuration is inherited from your Wild Cloud instance settings
- Database credentials are auto-generated and stored in your instance's `secrets.yaml`
- The Active Record Encryption keys are auto-generated for Rails 8.0.3 compatibility