diff --git a/.env.sample b/.env.sample index b0780c4..b1c3721 100644 --- a/.env.sample +++ b/.env.sample @@ -6,7 +6,62 @@ DOMAIN=mobilizon.example.com #EXTRA_DOMAINS=', `www.{{ .Name }}.example.com`' LETS_ENCRYPT_ENV=production -# Instance configuration -MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false -MOBILIZON_INSTANCE_NAME="My Mobilizon Instance" -MOBILIZON_INSTANCE_HOST=mobilizon.lan +COMPOSE_FILE="compose.yml" + +# –––––––––––––––– REQUIRED –––––––––––––––– + +SECRET_DB_PASSWORD_VERSION=v1 +SECRET_SMTP_PASSWORD_VERSION=v1 +SECRET_SECRET_KEY_VERSION=v1 # length=64 +SECRET_SECRET_KEY_BASE_VERSION=v1 # length=64 + +###################################################### +# Instance configuration # +###################################################### + +# The name for your instance +MOBILIZON_INSTANCE_NAME=My Mobilizon Instance + +# Whether registrations are opened or closed. Can be changed in the admin settings UI as well. +# Make sure to moderate actively your instance if registrations are opened. +MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true + +# From which email will the emails be sent +MOBILIZON_INSTANCE_EMAIL=noreply@example.com + +# To which email with the replies be sent +MOBILIZON_REPLY_EMAIL=noreply@example.com + +# The loglevel setting. +# You can find accepted values here: https://hexdocs.pm/logger/Logger.html#module-levels +# Defaults to error +MOBILIZON_LOGLEVEL=error + +###################################################### +# Email settings # +###################################################### + +# The SMTP server +# Defaults to localhost +MOBILIZON_SMTP_SERVER=localhost + +# The SMTP port +# Usual values: 25, 465, 587 +# If using a local mail server, make sure the appropriate port is exposed in the docker-compose configuration as well +# Defaults to 25 +MOBILIZON_SMTP_PORT=25 + +# The SMTP username +# Defaults to nil +MOBILIZON_SMTP_USERNAME=noreply@example.com + +# Whether to use SSL for SMTP. +# Boolean +# Defaults to false +MOBILIZON_SMTP_SSL=false + +# Whether to use TLS for SMTP. +# Allowed values: always (TLS), never (Clear) and if_available (STARTTLS) +# Make sure to match the port value as well +# Defaults to "if_available" +MOBILIZON_SMTP_TLS=if_available diff --git a/compose.yml b/compose.yml index c3b3f8a..2f5f18b 100644 --- a/compose.yml +++ b/compose.yml @@ -3,32 +3,44 @@ version: "3.8" services: app: - image: framasoft/mobilizon + image: framasoft/mobilizon:4.1.0 environment: - MOBILIZON_INSTANCE_NAME - - MOBILIZON_INSTANCE_HOST=$DOMAIN - - MOBILIZON_INSTANCE_PORT=4000 + - MOBILIZON_INSTANCE_HOST=https://$DOMAIN + - MOBILIZON_INSTANCE_LISTEN_IP + - MOBILIZON_INSTANCE_PORT - MOBILIZON_INSTANCE_EMAIL - - MOBILIZON_INSTANCE_LISTEN_IP=0.0.0.0 - MOBILIZON_REPLY_EMAIL - - MOBILIZON_ADMIN_EMAIL - MOBILIZON_INSTANCE_REGISTRATIONS_OPEN - MOBILIZON_DATABASE_USERNAME=mobilizon - - MOBILIZON_DATABASE_PASSWORD=mobilizon - MOBILIZON_DATABASE_DBNAME=mobilizon - MOBILIZON_DATABASE_HOST=db - - MOBILIZON_INSTANCE_SECRET_KEY_BASE - - MOBILIZON_INSTANCE_SECRET_KEY + - MOBILIZON_DATABASE_PORT + - MOBILIZON_DATABASE_SSL + - MOBILIZON_LOGLEVEL - MOBILIZON_SMTP_SERVER - - MOBILIZON_SMTP_HOSTNAME - MOBILIZON_SMTP_PORT - MOBILIZON_SMTP_SSL + - MOBILIZON_SMTP_TLS - MOBILIZON_SMTP_USERNAME - - MOBILIZON_SMTP_PASSWORD + - MOBILIZON_UPLOADS + - MOBILIZON_UPLOADS_EXPORTS + - MOBILIZON_TIMEZONES_DIR + - MOBILIZON_TZDATA_DIR + secrets: + - secret_key_base + - secret_key + - smtp_password + - db_password volumes: - "uploads:/var/lib/mobilizon/uploads" # - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro - # - ${PWD}/GeoLite2-City.mmdb:/var/lib/mobilizon/geo_db/GeoLite2-City.mmdb + entrypoint: /custom-entrypoint.sh + # entrypoint: ["/bin/sh", "-c", "sleep 10000000000000000"] + configs: + - source: app_entrypoint + target: /custom-entrypoint.sh + mode: 0555 networks: - proxy - backend @@ -41,6 +53,7 @@ services: - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "coop-cloud.${STACK_NAME}.version=0.1.0+4.1.0" ## Redirect from EXTRA_DOMAINS to DOMAIN #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" @@ -53,15 +66,22 @@ services: # start_period: 1m db: + deploy: + labels: + backupbot.backup: "true" + backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U postgres $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql" + backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql" networks: - backend - image: postgis/postgis:13-3.1 + secrets: + - db_password + image: postgis/postgis:15-3.4 volumes: - "db:/var/lib/postgresql/data" environment: - - POSTGRES_USER=mobilizon - - POSTGRES_PASSWORD=mobilizon - - POSTGRES_DB=mobilizon + POSTGRES_DB: mobilizon + POSTGRES_USER: mobilizon + POSTGRES_PASSWORD_FILE: /run/secrets/db_password volumes: uploads: @@ -71,3 +91,23 @@ networks: proxy: external: true backend: + +secrets: + db_password: + external: true + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} + secret_key: + external: true + name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION} + secret_key_base: + external: true + name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION} + smtp_password: + external: true + name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} + +configs: + app_entrypoint: + name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION} + file: entrypoint.sh.tmpl + template_driver: golang \ No newline at end of file