first working version :)

This commit is contained in:
Mayel de Borniol 2022-03-09 18:36:53 +13:00
parent 39b5d94356
commit 864612e0ba
6 changed files with 55 additions and 55 deletions

View File

@ -3,9 +3,13 @@ TYPE=bonfire
# choose what flavour of Bonfire to run # choose what flavour of Bonfire to run
FLAVOUR=classic FLAVOUR=classic
# different flavours may require different database servers: # different flavours/forks or architectures may require different builds of bonfire:
DB_DOCKER_IMAGE=postgres:12-alpine APP_DOCKER_IMAGE=bonfirenetworks/bonfire:latest-${FLAVOUR}
# different flavours or architectures may require different postgres builds:
# DB_DOCKER_IMAGE=postgres:12-alpine
# DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine # DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine
DB_DOCKER_IMAGE=odidev/postgis:12-3.1-alpine
# enter your instance's domain name # enter your instance's domain name
DOMAIN=bonfire.example.com DOMAIN=bonfire.example.com
@ -52,13 +56,14 @@ GITHUB_TOKEN=xyz
# ==================================== # ====================================
# these secrets will be autogenerated/managed by abra and docker" # these secrets will be autogenerated/managed by abra and docker"
postgres_password_secret_version=v1 SECRET_POSTGRES_PASSWORD_VERSION=v1
secret_key_base_secret_version=v1 SECRET_MEILI_MASTER_KEY_VERSION=v1
signing_salt_secret_version=v1 SECRET_SEEDS_PW_VERSION=v1
encryption_salt_secret_version=v1 SECRET_LIVEBOOK_PASSWORD_VERSION=v1
meili_master_key_secret_version=v1
seeds_pw_secret_version=v1 SECRET_SECRET_KEY_BASE_VERSION=v2
livebook_password_secret_version=v1 SECRET_SIGNING_SALT_VERSION=v2
SECRET_ENCRYPTION_SALT_VERSION=v2
# ==================================== # ====================================
# You should not have to edit any of the following ones: # You should not have to edit any of the following ones:
@ -73,4 +78,3 @@ SHOW_DEBUG_IN_DEV=true
MIX_ENV=prod MIX_ENV=prod
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
HOSTNAME=$DOMAIN HOSTNAME=$DOMAIN
APP_ENTRYPOINT_VERSION=v1

View File

@ -1,6 +1,6 @@
# bonfire # bonfire
TODO A coop-cloud recipe for deploying https://bonfirenetwork.org
<!-- metadata --> <!-- metadata -->
* **Category**: Apps * **Category**: Apps
@ -16,13 +16,12 @@ TODO
## Basic usage ## Basic usage
1. Set up Docker Swarm and [`abra`] 1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`] 2. Deploy the [`coop-cloud/traefik`] proxy if you haven't already
3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like 3. `abra app new ${REPO_NAME}`
to save secrets in `pass`) 4. Generate secrets with `./secrets.sh YOUR_APP_NAME`
4. `abra app config YOUR_APP_NAME` 5. `abra app config YOUR_APP_NAME` to edit your config. Be sure to change `$DOMAIN` to something that resolves to your Docker swarm box, check/edit the other config keys
5. Be sure to change `$HOSTNAME` to something that resolves to your Docker swarm box, check/edit the other config keys 6. `abra app deploy YOUR_APP_NAME`
5. `abra app deploy YOUR_APP_NAME ` 7. Open the configured domain in your browser and sign up!
6. Open the configured domain in your browser and sign up!
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra [`abra`]: https://git.coopcloud.tech/coop-cloud/abra

View File

@ -0,0 +1 @@
export APP_ENTRYPOINT_VERSION=v1

View File

@ -14,7 +14,6 @@ services:
- POSTGRES_DB=bonfire_db - POSTGRES_DB=bonfire_db
- PUBLIC_PORT=443 - PUBLIC_PORT=443
- HOSTNAME - HOSTNAME
- MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
secrets: secrets:
- postgres_password - postgres_password
- secret_key_base - secret_key_base
@ -30,7 +29,7 @@ services:
- internal - internal
ports: ports:
- "4000:4000" # make sure this is commented in production - "4000:4000" # make sure this is commented in production
entrypoint: "/docker-entrypoint.sh" entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]
configs: configs:
- source: app_entrypoint - source: app_entrypoint
target: /docker-entrypoint.sh target: /docker-entrypoint.sh
@ -40,7 +39,7 @@ services:
condition: on-failure condition: on-failure
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
@ -71,15 +70,13 @@ services:
search: search:
image: getmeili/meilisearch:latest image: getmeili/meilisearch:latest
environment:
- MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
secrets: secrets:
- meili_master_key - meili_master_key
volumes: volumes:
- "search-data:/data.ms" - "search-data:/data.ms"
networks: networks:
- internal - internal
entrypoint: ["tini", "--", "bash", "/docker-entrypoint.sh"] entrypoint: ["tini", "--", "/docker-entrypoint.sh", "./meilisearch"]
configs: configs:
- source: app_entrypoint - source: app_entrypoint
target: /docker-entrypoint.sh target: /docker-entrypoint.sh
@ -104,22 +101,22 @@ configs:
secrets: secrets:
postgres_password: postgres_password:
external: true external: true
name: ${STACK_NAME}_postgres_password_${postgres_password_secret_version} name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
secret_key_base: secret_key_base:
external: true external: true
name: ${STACK_NAME}_secret_key_base_${secret_key_base_secret_version} name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
signing_salt: signing_salt:
external: true external: true
name: ${STACK_NAME}_signing_salt_${signing_salt_secret_version} name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}
encryption_salt: encryption_salt:
external: true external: true
name: ${STACK_NAME}_encryption_salt_${encryption_salt_secret_version} name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}
meili_master_key: meili_master_key:
external: true external: true
name: ${STACK_NAME}_meili_master_key_${meili_master_key_secret_version} name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}
seeds_pw: seeds_pw:
external: true external: true
name: ${STACK_NAME}_seeds_pw_${seeds_pw_secret_version} name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}
livebook_password: livebook_password:
external: true external: true
name: ${STACK_NAME}_livebook_password_${livebook_password_secret_version} name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}

View File

@ -1,27 +1,15 @@
#!/bin/bash #!/bin/sh
set -e # put secrets from files into env
export MEILI_MASTER_KEY=$(cat /run/secrets/meili_master_key)
export POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
export SIGNING_SALT=$(cat /run/secrets/signing_salt)
export ENCRYPTION_SALT=$(cat /run/secrets/encryption_salt)
export SEEDS_PW=$(cat /run/secrets/seeds_pw)
export LIVEBOOK_PASSWORD=$(cat /run/secrets/livebook_password)
file_env() { echo "....Secrets have been loaded, now run $@...."
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then # This will exec the CMD from your Dockerfile
echo >&2 "error: both $var and $fileVar are set (but are exclusive)" exec "$@"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "MEILI_MASTER_KEY"

11
secrets.sh Executable file
View File

@ -0,0 +1,11 @@
#/bin/sh
abra app secret generate --all $1
s1=$(openssl rand -base64 128)
s2=$(openssl rand -base64 128)
s3=$(openssl rand -base64 128)
abra app secret insert $1 secret_key_base v2 "$s1"
abra app secret insert $1 signing_salt v2 "$s2"
abra app secret insert $1 encryption_salt v2 "$s3"