mirror of
https://github.com/bonfire-networks/bonfire-deploy.git
synced 2025-07-04 20:54:04 +00:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 5f610c96ce | |||
| 1bdd42fa9f | |||
| 4195dafa38 | |||
| 4371d2fedf | |||
| 0c1f6038d6 | |||
| e0291cb1fa | |||
| 966c717638 |
30
.env.sample
30
.env.sample
@ -40,9 +40,6 @@ ENABLE_BACKUPS=true
|
||||
# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets.env
|
||||
MAIL_BACKEND=none
|
||||
|
||||
# require an email address to be invited before being able to sign up? (true or false)
|
||||
INVITE_ONLY=true
|
||||
|
||||
# uncomment in order to NOT automatically change the database schema when you upgrade the app
|
||||
# DISABLE_DB_AUTOMIGRATION=true
|
||||
|
||||
@ -62,8 +59,6 @@ LOG_LEVEL=info
|
||||
# and do not check your env file into any public git repo
|
||||
# change ALL the values:
|
||||
|
||||
# if `INVITE_ONLY` is true, what should be the secret code to sign up?
|
||||
# INVITE_KEY=123
|
||||
|
||||
# signup to an email service and edit with relevant info, see: https://docs.bonfirenetworks.org/Bonfire.Mailer.html
|
||||
# MAIL_DOMAIN=mgo.example.com
|
||||
@ -92,20 +87,41 @@ LOG_LEVEL=info
|
||||
# UPLOADS_S3_HOST=s3.fr-par.scw.cloud
|
||||
# UPLOADS_S3_SCHEME=https://
|
||||
# UPLOADS_S3_URL=
|
||||
# UPLOADS_S3_DEFAULT_URL=
|
||||
# AWS_ROLE_ARN=
|
||||
# AWS_WEB_IDENTITY_TOKEN_FILE=
|
||||
|
||||
# OpenID Connect:
|
||||
# Enable using Bonfire as an SSO provider for external apps to sign in with?
|
||||
# ENABLE_SSO_PROVIDER=false
|
||||
|
||||
# OpenID Connect: connect as a client to the OpenID Connect provider with callback url https://yourinstance.tld/oauth/client/openid_1
|
||||
# OPENID_1_DISCOVERY=
|
||||
# OPENID_1_DISPLAY_NAME=
|
||||
# OPENID_1_CLIENT_ID=
|
||||
# OPENID_1_CLIENT_SECRET=
|
||||
# OPENID_1_SCOPE=
|
||||
# OPENID_1_RESPONSE_TYPE=code
|
||||
# OPENID_1_ENABLE_SIGNUP=false
|
||||
# ^ can be code, token or id_token
|
||||
|
||||
# orcid.org SSO: connect as a client to the orcid.org OpenID Connect provider with callback url https://yourinstance.tld/oauth/client/orcid
|
||||
# ORCID_CLIENT_ID=
|
||||
# ORCID_CLIENT_SECRET=
|
||||
|
||||
# Bonfire extensions configs:
|
||||
# OAuth2 provider: connect as a client to the OAuth2 provider with callback url https://yourinstance.tld/oauth/client/oauth_1
|
||||
# OAUTH_1_DISPLAY_NAME=
|
||||
# OAUTH_1_CLIENT_ID=
|
||||
# OAUTH_1_CLIENT_SECRET=
|
||||
# OAUTH_1_AUTHORIZE_URI=
|
||||
# OAUTH_1_ACCESS_TOKEN_URI=
|
||||
# OAUTH_1_USER_INFO_URI=
|
||||
# OAUTH_1_ENABLE_SIGNUP=false
|
||||
|
||||
# github.com SSO: connect as a client to the github.com OAuth2 provider with callback url https://yourinstance.tld/oauth/client/github
|
||||
# GITHUB_APP_CLIENT_ID=
|
||||
# GITHUB_CLIENT_SECRET=
|
||||
|
||||
# More Bonfire extensions configs:
|
||||
# WEB_PUSH_SUBJECT=mailto:admin@example.com
|
||||
# WEB_PUSH_PUBLIC_KEY=xyz
|
||||
# WEB_PUSH_PRIVATE_KEY=abc
|
||||
|
||||
@ -9,7 +9,7 @@ services:
|
||||
- SEARCH_MEILI_INSTANCE=http://${STACK_NAME}_search:7700
|
||||
|
||||
search:
|
||||
image: getmeili/meilisearch:v1.11 # WIP: upgrade from v1.11 to 1.14
|
||||
image: getmeili/meilisearch:v1.14 # WIP: upgrade from v1.11 to 1.14
|
||||
secrets:
|
||||
- meili_master_key
|
||||
volumes:
|
||||
|
||||
46
compose.yml
46
compose.yml
@ -19,7 +19,6 @@ services:
|
||||
- MIX_ENV=prod
|
||||
|
||||
- HOSTNAME
|
||||
- INVITE_ONLY
|
||||
- INSTANCE_DESCRIPTION
|
||||
- DISABLE_DB_AUTOMIGRATION
|
||||
- UPLOAD_LIMIT
|
||||
@ -79,6 +78,12 @@ services:
|
||||
- UPLOADS_S3_HOST
|
||||
- UPLOADS_S3_SCHEME
|
||||
- UPLOADS_S3_URL
|
||||
- UPLOADS_S3_DEFAULT_URL
|
||||
- UPLOADS_S3_URL_EXPIRATION_TTL
|
||||
- AWS_ROLE_ARN
|
||||
- AWS_WEB_IDENTITY_TOKEN_FILE
|
||||
|
||||
- ENABLE_SSO_PROVIDER
|
||||
|
||||
- OPENID_1_DISPLAY_NAME
|
||||
- OPENID_1_DISCOVERY
|
||||
@ -86,6 +91,18 @@ services:
|
||||
- OPENID_1_CLIENT_SECRET
|
||||
- OPENID_1_SCOPE
|
||||
- OPENID_1_RESPONSE_TYPE
|
||||
- OPENID_1_ENABLE_SIGNUP
|
||||
|
||||
- OAUTH_1_DISPLAY_NAME
|
||||
- OAUTH_1_CLIENT_ID
|
||||
- OAUTH_1_CLIENT_SECRET
|
||||
- OAUTH_1_AUTHORIZE_URI
|
||||
- OAUTH_1_ACCESS_TOKEN_URI
|
||||
- OAUTH_1_USER_INFO_URI
|
||||
- OAUTH_1_ENABLE_SIGNUP
|
||||
|
||||
- GITHUB_APP_CLIENT_ID
|
||||
- GITHUB_CLIENT_SECRET
|
||||
|
||||
- ORCID_CLIENT_ID
|
||||
- ORCID_CLIENT_SECRET
|
||||
@ -113,20 +130,19 @@ services:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
backupbot.backup: ${ENABLE_BACKUPS:-true}
|
||||
# backupbot.backup.volumes.upload-data: "true"
|
||||
# backupbot.backup.volumes.upload-data.path: "/opt/app/data/uploads"
|
||||
traefik.enable: "true"
|
||||
traefik.http.services.${STACK_NAME}.loadbalancer.server.port: "4000"
|
||||
traefik.http.routers.${STACK_NAME}.rule: Host(`${DOMAIN}`${EXTRA_DOMAINS})
|
||||
traefik.http.routers.${STACK_NAME}.entrypoints: web-secure
|
||||
traefik.http.routers.${STACK_NAME}.tls.certresolver: ${LETS_ENCRYPT_ENV}
|
||||
#traefik.http.routers.${STACK_NAME}.middlewares: error-pages-middleware
|
||||
#traefik.http.services.${STACK_NAME}.loadbalancer.server.port: 80
|
||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
#traefik.http.routers.${STACK_NAME}.middlewares: ${STACK_NAME}-redirect
|
||||
#traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost: true
|
||||
#traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost: ${DOMAIN}
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
#- backupbot.backup.volumes.upload-data: "true"
|
||||
#- backupbot.backup.volumes.upload-data.path: "/opt/app/data/uploads"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=error-pages-middleware"
|
||||
#- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
# healthcheck:
|
||||
# test: ["CMD", "curl", "-f", "http://localhost"]
|
||||
# interval: 30s
|
||||
|
||||
@ -24,7 +24,7 @@ function backup {
|
||||
function restore {
|
||||
echo "Restoring database from ${LATEST_BACKUP_FILE}..."
|
||||
|
||||
cd /var/lib/postgresql/data/
|
||||
cd ${BACKUP_PATH}
|
||||
|
||||
function restore_config {
|
||||
echo "Restoring original pg_hba.conf configuration..."
|
||||
|
||||
Reference in New Issue
Block a user