amras/szurubooru
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First Working build

Browse Source 
Fixed a few network+volume issues, so the service actually starts up.

Also added a handful of permissions env variables to start with
This commit is contained in:
Sarma
2023-10-07 20:08:43 +00:00
parent 2f6a9c7c15
commit 1a525a89ff
4 changed files with 159 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.env.sample
View File

@ -31,13 +31,18 @@ SECRET_DB_PASSWORD_VERSION: v1
SECRET_SMTP_PASSWORD_VERSION: v1
SECRET_SALT_VERSION: v1
# External Services
# =================
# Postgres
# --------
DB_HOST=db
DB_USER=szuru
DB_NAME=szuru
DB_PORT=5432
LOG_SQL=0
# Privileges
# ----------
# allowed values: anonymous - regular - power - moderator - administrator
PRIVILEGE_CREATE_USER=anonymous # =administrator disables registration
PRIVILEGE_LIST_POSTS=anonymous
PRIVILEGE_VIEW_POSTS=anonymous
PRIVILEGE_VIEW_FEATURED_POSTS=anonymous

47
compose.yml
View File

@ -1,4 +1,4 @@
version: '3.8'
version: "3.8"
services:
app:
@ -10,7 +10,7 @@ services:
- BASE_URL
- BUILD_INFO=2.5
volumes:
- app:/data:ro
- data:/data:ro
deploy:
labels:
- "traefik.enable=true"
@ -20,20 +20,27 @@ services:
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "coop-cloud.${STACK_NAME}.version=0.0.1+2.5"
networks:
- internal_network
- proxy
server:
image: szurubooru/server:2.5
depends_on:
- db
volumes:
- server:/data
- data:/data
deploy:
update_config:
failure_action: rollback
order: start-first
configs:
- source: server_entrypoint
target: /entrypoint.sh
mode: 0555
- source: server_config
target: /opt/app/config.yaml
- source: server_entrypoint
target: /usr/local/bin/entrypoint.sh
mode: 0555
entrypoint: /usr/local/bin/entrypoint.sh
secrets:
- db_password
- smtp_password
@ -46,6 +53,20 @@ services:
- LOG_SQL
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
- THREADS
- DOMAIN
- WEBSITE_NAME
- SMTP_HOST
- SMTP_PORT
- SMTP_USER
- SMTP_FROM
- CONTACT_EMAIL
- PRIVILEGE_CREATE_USER
- PRIVILEGE_LIST_POSTS
- PRIVILEGE_VIEW_POSTS
- PRIVILEGE_VIEW_FEATURED_POSTS
entrypoint: /entrypoint.sh
networks:
- internal_network
db:
image: postgres:11-alpine
@ -56,6 +77,8 @@ services:
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
volumes:
- postgres:/var/lib/postgresql/data
networks:
- internal_network
configs:
server_config:
@ -63,7 +86,7 @@ configs:
file: server.conf.tmpl
template_driver: golang
server_entrypoint:
name: ${STACK_NAME}_server_entrypoint_${SERVER_ENTRYPOINT_VERSION}
name: ${STACK_NAME}_entrypoint_${SERVER_ENTRYPOINT_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
@ -79,6 +102,12 @@ secrets:
name: ${STACK_NAME}_salt_${SECRET_SALT_VERSION}
volumes:
app:
server:
data:
postgres:
networks:
proxy:
external: true
internal_network:
internal: true

32
entrypoint.sh.tmpl
View File

@ -1,28 +1,8 @@
#!/bin/bash
#!/bin/sh
echo "Running Entrypoint"
set -e
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# for sidekiq service bundle exec env var threading
file_env "SMTP_PASSWORD"
file_env "POSTGRES_PASSWORD"
export "POSTGRES_PASSWORD=`cat $POSTGRES_PASSWORD_FILE`"
cd /opt/app/
exec ./docker-start.sh $@

214
server.conf.tmpl
View File

@ -2,13 +2,13 @@ name: {{ env "WEBSITE_NAME" }}
domain: https://{{ env "DOMAIN" }}
# used to salt the users' password hashes and generate filenames for static content
# secret: {{ secret "salt" }}
secret: {{ secret "salt" }}
thumbnails:
# avatar_width: 300
# avatar_height: 300
# post_width: 300
# post_height: 300
avatar_width: 300
avatar_height: 300
post_width: 300
post_height: 300
# settings used to download files from the web on behalf of the api users
# user_agent:
@ -16,12 +16,12 @@ thumbnails:
# automatically convert animated GIF uploads to video formats
convert:
# gif:
# to_webm: false
# to_mp4: false
gif:
to_webm: false
to_mp4: false
# allow posts to be uploaded even if some image processing errors occur
# allow_broken_uploads: false
allow_broken_uploads: false
smtp:
host: {{ env "SMTP_HOST" }}
@ -56,104 +56,104 @@ webhooks:
# default_rank: regular
privileges:
# 'users:create:self': anonymous # Registration permission
# 'users:create:any': administrator
# 'users:list': regular
# 'users:view': regular
# 'users:edit:any:name': moderator
# 'users:edit:any:pass': moderator
# 'users:edit:any:email': moderator
# 'users:edit:any:avatar': moderator
# 'users:edit:any:rank': moderator
# 'users:edit:self:name': regular
# 'users:edit:self:pass': regular
# 'users:edit:self:email': regular
# 'users:edit:self:avatar': regular
# 'users:edit:self:rank': moderator # one can't promote themselves or anyone to upper rank than their own.
# 'users:delete:any': administrator
# 'users:delete:self': regular
# 'user_tokens:list:any': administrator
# 'user_tokens:list:self': regular
# 'user_tokens:create:any': administrator
# 'user_tokens:create:self': regular
# 'user_tokens:edit:any': administrator
# 'user_tokens:edit:self': regular
# 'user_tokens:delete:any': administrator
# 'user_tokens:delete:self': regular
# 'posts:create:anonymous': regular
# 'posts:create:identified': regular
# 'posts:list': anonymous
# 'posts:reverse_search': regular
# 'posts:view': anonymous
# 'posts:view:featured': anonymous
# 'posts:edit:content': power
# 'posts:edit:flags': regular
# 'posts:edit:notes': regular
# 'posts:edit:relations': regular
# 'posts:edit:safety': power
# 'posts:edit:source': regular
# 'posts:edit:tags': regular
# 'posts:edit:thumbnail': power
# 'posts:feature': moderator
# 'posts:delete': moderator
# 'posts:score': regular
# 'posts:merge': moderator
# 'posts:favorite': regular
# 'posts:bulk-edit:tags': power
# 'posts:bulk-edit:safety': power
# 'posts:bulk-edit:delete': power
# 'tags:create': regular
# 'tags:edit:names': power
# 'tags:edit:category': power
# 'tags:edit:description': power
# 'tags:edit:implications': power
# 'tags:edit:suggestions': power
# 'tags:list': regular
# 'tags:view': anonymous
# 'tags:merge': moderator
# 'tags:delete': moderator
# 'tag_categories:create': moderator
# 'tag_categories:edit:name': moderator
# 'tag_categories:edit:color': moderator
# 'tag_categories:edit:order': moderator
# 'tag_categories:list': anonymous
# 'tag_categories:view': anonymous
# 'tag_categories:delete': moderator
# 'tag_categories:set_default': moderator
'users:create:self': {{ env "PRIVILEGE_CREATE_USER" }} # Registration permission
'users:create:any': administrator
'users:list': regular
'users:view': regular
'users:edit:any:name': moderator
'users:edit:any:pass': moderator
'users:edit:any:email': moderator
'users:edit:any:avatar': moderator
'users:edit:any:rank': moderator
'users:edit:self:name': regular
'users:edit:self:pass': regular
'users:edit:self:email': regular
'users:edit:self:avatar': regular
'users:edit:self:rank': moderator # one can't promote themselves or anyone to upper rank than their own.
'users:delete:any': administrator
'users:delete:self': regular
# 'pools:create': regular
# 'pools:edit:names': power
# 'pools:edit:category': power
# 'pools:edit:description': power
# 'pools:edit:posts': power
# 'pools:list': regular
# 'pools:view': anonymous
# 'pools:merge': moderator
# 'pools:delete': moderator
'user_tokens:list:any': administrator
'user_tokens:list:self': regular
'user_tokens:create:any': administrator
'user_tokens:create:self': regular
'user_tokens:edit:any': administrator
'user_tokens:edit:self': regular
'user_tokens:delete:any': administrator
'user_tokens:delete:self': regular
# 'pool_categories:create': moderator
# 'pool_categories:edit:name': moderator
# 'pool_categories:edit:color': moderator
# 'pool_categories:list': anonymous
# 'pool_categories:view': anonymous
# 'pool_categories:delete': moderator
# 'pool_categories:set_default': moderator
# 'comments:create': regular
# 'comments:delete:any': moderator
# 'comments:delete:own': regular
# 'comments:edit:any': moderator
# 'comments:edit:own': regular
# 'comments:list': regular
# 'comments:view': regular
# 'comments:score': regular
# 'snapshots:list': power
# 'uploads:create': regular
# 'uploads:use_downloader': power
'posts:create:anonymous': regular
'posts:create:identified': regular
'posts:list': {{ env "PRIVILEGE_LIST_POSTS" }}
'posts:reverse_search': regular
'posts:view': {{ env "PRIVILEGE_VIEW_POSTS" }}
'posts:view:featured': {{ env "PRIVILEGE_VIEW_FEATURED_POSTS" }}
'posts:edit:content': power
'posts:edit:flags': regular
'posts:edit:notes': regular
'posts:edit:relations': regular
'posts:edit:safety': power
'posts:edit:source': regular
'posts:edit:tags': regular
'posts:edit:thumbnail': power
'posts:feature': moderator
'posts:delete': moderator
'posts:score': regular
'posts:merge': moderator
'posts:favorite': regular
'posts:bulk-edit:tags': power
'posts:bulk-edit:safety': power
'posts:bulk-edit:delete': power
'tags:create': regular
'tags:edit:names': power
'tags:edit:category': power
'tags:edit:description': power
'tags:edit:implications': power
'tags:edit:suggestions': power
'tags:list': regular
'tags:view': anonymous
'tags:merge': moderator
'tags:delete': moderator
'tag_categories:create': moderator
'tag_categories:edit:name': moderator
'tag_categories:edit:color': moderator
'tag_categories:edit:order': moderator
'tag_categories:list': anonymous
'tag_categories:view': anonymous
'tag_categories:delete': moderator
'tag_categories:set_default': moderator
'pools:create': regular
'pools:edit:names': power
'pools:edit:category': power
'pools:edit:description': power
'pools:edit:posts': power
'pools:list': regular
'pools:view': anonymous
'pools:merge': moderator
'pools:delete': moderator
'pool_categories:create': moderator
'pool_categories:edit:name': moderator
'pool_categories:edit:color': moderator
'pool_categories:list': anonymous
'pool_categories:view': anonymous
'pool_categories:delete': moderator
'pool_categories:set_default': moderator
'comments:create': regular
'comments:delete:any': moderator
'comments:delete:own': regular
'comments:edit:any': moderator
'comments:edit:own': regular
'comments:list': regular
'comments:view': regular
'comments:score': regular
'snapshots:list': power
'uploads:create': regular
'uploads:use_downloader': power