From 864612e0baa3222e61e3f4e382244dd1b998d741 Mon Sep 17 00:00:00 2001
From: Mayel de Borniol <git@mayel.space>
Date: Wed, 9 Mar 2022 18:36:53 +1300
Subject: [PATCH] first working version :)

---
 .env.sample        | 24 ++++++++++++++----------
 README.md          | 15 +++++++--------
 abra.sh            |  1 +
 compose.yml        | 23 ++++++++++-------------
 entrypoint.sh.tmpl | 36 ++++++++++++------------------------
 secrets.sh         | 11 +++++++++++
 6 files changed, 55 insertions(+), 55 deletions(-)
 create mode 100755 secrets.sh

diff --git a/.env.sample b/.env.sample
index 1cbd9e3..c41c343 100644
--- a/.env.sample
+++ b/.env.sample
@@ -3,9 +3,13 @@ TYPE=bonfire
 # choose what flavour of Bonfire to run
 FLAVOUR=classic
 
-# different flavours may require different database servers:
-DB_DOCKER_IMAGE=postgres:12-alpine
+# different flavours/forks or architectures may require different builds of bonfire:
+APP_DOCKER_IMAGE=bonfirenetworks/bonfire:latest-${FLAVOUR}
+
+# different flavours or architectures may require different postgres builds:
+# DB_DOCKER_IMAGE=postgres:12-alpine
 # DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine
+DB_DOCKER_IMAGE=odidev/postgis:12-3.1-alpine
 
 # enter your instance's domain name
 DOMAIN=bonfire.example.com
@@ -52,13 +56,14 @@ GITHUB_TOKEN=xyz
 
 # ====================================
 # these secrets will be autogenerated/managed by abra and docker"
-postgres_password_secret_version=v1
-secret_key_base_secret_version=v1
-signing_salt_secret_version=v1
-encryption_salt_secret_version=v1
-meili_master_key_secret_version=v1
-seeds_pw_secret_version=v1
-livebook_password_secret_version=v1
+SECRET_POSTGRES_PASSWORD_VERSION=v1
+SECRET_MEILI_MASTER_KEY_VERSION=v1
+SECRET_SEEDS_PW_VERSION=v1
+SECRET_LIVEBOOK_PASSWORD_VERSION=v1
+
+SECRET_SECRET_KEY_BASE_VERSION=v2
+SECRET_SIGNING_SALT_VERSION=v2
+SECRET_ENCRYPTION_SALT_VERSION=v2
 
 # ====================================
 # You should not have to edit any of the following ones:
@@ -73,4 +78,3 @@ SHOW_DEBUG_IN_DEV=true
 MIX_ENV=prod
 LETS_ENCRYPT_ENV=production
 HOSTNAME=$DOMAIN
-APP_ENTRYPOINT_VERSION=v1
\ No newline at end of file
diff --git a/README.md b/README.md
index fe0e925..e3ea84c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # bonfire
 
-TODO
+A coop-cloud recipe for deploying https://bonfirenetwork.org
 
 <!-- metadata -->
 * **Category**: Apps
@@ -16,13 +16,12 @@ TODO
 ## Basic usage
 
 1. Set up Docker Swarm and [`abra`]
-2. Deploy [`coop-cloud/traefik`]
-3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
-   to save secrets in `pass`)
-4. `abra app config YOUR_APP_NAME` 
-5. Be sure to change `$HOSTNAME` to something that resolves to your Docker swarm box, check/edit the other config keys
-5. `abra app deploy YOUR_APP_NAME `
-6. Open the configured domain in your browser and sign up! 
+2. Deploy the [`coop-cloud/traefik`] proxy if you haven't already
+3. `abra app new ${REPO_NAME}` 
+4. Generate secrets with `./secrets.sh YOUR_APP_NAME`
+5. `abra app config YOUR_APP_NAME` to edit your config. Be sure to change `$DOMAIN` to something that resolves to your Docker swarm box, check/edit the other config keys
+6. `abra app deploy YOUR_APP_NAME`
+7. Open the configured domain in your browser and sign up! 
 
 
 [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
diff --git a/abra.sh b/abra.sh
index e69de29..7c5fe57 100644
--- a/abra.sh
+++ b/abra.sh
@@ -0,0 +1 @@
+export APP_ENTRYPOINT_VERSION=v1
diff --git a/compose.yml b/compose.yml
index cf973b5..070cc4c 100644
--- a/compose.yml
+++ b/compose.yml
@@ -14,7 +14,6 @@ services:
       - POSTGRES_DB=bonfire_db
       - PUBLIC_PORT=443
       - HOSTNAME
-      - MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
     secrets: 
       - postgres_password
       - secret_key_base
@@ -30,7 +29,7 @@ services:
       - internal
     ports:
       - "4000:4000" # make sure this is commented in production
-    entrypoint: "/docker-entrypoint.sh"
+    entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]
     configs:
       - source: app_entrypoint
         target: /docker-entrypoint.sh
@@ -40,7 +39,7 @@ services:
         condition: on-failure
       labels:
         - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
@@ -71,15 +70,13 @@ services:
     
   search:
     image: getmeili/meilisearch:latest
-    environment:
-      - MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
     secrets: 
       - meili_master_key
     volumes:
       - "search-data:/data.ms"
     networks:
       - internal
-    entrypoint: ["tini", "--", "bash", "/docker-entrypoint.sh"]
+    entrypoint: ["tini", "--", "/docker-entrypoint.sh", "./meilisearch"]
     configs:
       - source: app_entrypoint
         target: /docker-entrypoint.sh
@@ -104,22 +101,22 @@ configs:
 secrets:
   postgres_password:
     external: true
-    name: ${STACK_NAME}_postgres_password_${postgres_password_secret_version}
+    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
   secret_key_base:
     external: true
-    name: ${STACK_NAME}_secret_key_base_${secret_key_base_secret_version}
+    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
   signing_salt:
     external: true
-    name: ${STACK_NAME}_signing_salt_${signing_salt_secret_version}
+    name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}
   encryption_salt:
     external: true
-    name: ${STACK_NAME}_encryption_salt_${encryption_salt_secret_version}
+    name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}
   meili_master_key:
     external: true
-    name: ${STACK_NAME}_meili_master_key_${meili_master_key_secret_version}
+    name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}
   seeds_pw:
     external: true
-    name: ${STACK_NAME}_seeds_pw_${seeds_pw_secret_version}
+    name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}
   livebook_password:
     external: true
-    name: ${STACK_NAME}_livebook_password_${livebook_password_secret_version}
+    name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 01fd22b..ea186ac 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -1,27 +1,15 @@
-#!/bin/bash
+#!/bin/sh
 
-set -e
+# put secrets from files into env
+export MEILI_MASTER_KEY=$(cat /run/secrets/meili_master_key)
+export POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)
+export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
+export SIGNING_SALT=$(cat /run/secrets/signing_salt)
+export ENCRYPTION_SALT=$(cat /run/secrets/encryption_salt)
+export SEEDS_PW=$(cat /run/secrets/seeds_pw)
+export LIVEBOOK_PASSWORD=$(cat /run/secrets/livebook_password)
 
-file_env() {
-   local var="$1"
-   local fileVar="${var}_FILE"
-   local def="${2:-}"
+echo "....Secrets have been loaded, now run $@...."
 
-   if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-      echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-      exit 1
-   fi
-
-   local val="$def"
-
-   if [ "${!var:-}" ]; then
-      val="${!var}"
-   elif [ "${!fileVar:-}" ]; then
-      val="$(< "${!fileVar}")"
-   fi
-
-   export "$var"="$val"
-   unset "$fileVar"
-}
-
-file_env "MEILI_MASTER_KEY"
+# This will exec the CMD from your Dockerfile
+exec "$@"
\ No newline at end of file
diff --git a/secrets.sh b/secrets.sh
new file mode 100755
index 0000000..590209a
--- /dev/null
+++ b/secrets.sh
@@ -0,0 +1,11 @@
+#/bin/sh
+
+abra app secret generate --all $1 
+
+s1=$(openssl rand -base64 128)
+s2=$(openssl rand -base64 128)
+s3=$(openssl rand -base64 128)
+
+abra app secret insert $1 secret_key_base v2 "$s1"
+abra app secret insert $1 signing_salt v2 "$s2"
+abra app secret insert $1 encryption_salt v2 "$s3"