Add Sonic search overlay

.env.sample

@@ -149,7 +149,6 @@ OAUTH_ISSUER=https://${DOMAIN}
 WITH_LV_NATIVE=0
 WITH_IMAGE_VIX=1
 WITH_AI=0
-LIVE_DASHBOARD_LOGGER=false
 
 # error reporting:
 # SENTRY_DSN=

README.md

@@ -25,12 +25,6 @@ A [coop-cloud](https://coopcloud.tech) recipe for deploying [Bonfire](https://bo
 ## Upgrades 
 `abra app deploy --force your-server.domain.name`
 
-NOTE: we recommend switching to the new `sonic` search backend (instead of the deprecated `meilisearch`):
-1. comment the `COMPOSE_FILE` line that contains `compose.meilisearch.yml` in the `.env` file for your bonfire instancem and replace with a line like `COMPOSE_FILE="compose.yml:compose.sonic.yml"`
-2. add `SONIC_PASSWORD=a-super-secret-password` to the same file (make sure to change the password after pasting!)
-3. redeploy with `abra app deploy --force your-server.domain.name`
-
-
 [`abra`]: https://docs.coopcloud.tech/abra/
 [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
 

abra.sh

@@ -1,5 +1,5 @@
-export APP_ENTRYPOINT_VERSION=v3
-export PG_BACKUP_VERSION=v6
+export APP_ENTRYPOINT_VERSION=v2
+export PG_BACKUP_VERSION=v4
 export MEILI_BACKUP_VERSION=v4
 export SONIC_CFG_VERSION=v1
 export SONIC_ENTRYPOINT_VERSION=v1

compose.mail.yml

@@ -9,7 +9,7 @@ services:
 secrets:
   mail_password:
     external: true
-    name: ${STACK_NAME}_mail_password_${SECRET_MAIL_PASSWORD_VERSION:-v1}
+    name: ${STACK_NAME}_mail_password_${SECRET_MAIL_PASSWORD_VERSION}
   mail_key:
     external: true
-    name: ${STACK_NAME}_mail_key_${SECRET_MAIL_KEY_VERSION:-v1}
+    name: ${STACK_NAME}_mail_key_${SECRET_MAIL_KEY_VERSION}

compose.meilisearch.yml

@@ -40,5 +40,5 @@ volumes:
    
 configs:
   meili_backup:
-    name: ${STACK_NAME}_meili_backup_${MEILI_BACKUP_VERSION:-v4}
+    name: ${STACK_NAME}_meili_backup_${MEILI_BACKUP_VERSION}
     file: meili_backup.sh

compose.sonic.yml

@@ -9,41 +9,39 @@ services:
       - SEARCH_ADAPTER=sonic
       - SONIC_HOST=${STACK_NAME}_search
       - SONIC_PORT=1491
-      - SONIC_PASSWORD
-      # - SONIC_PASSWORD_FILE=/run/secrets/sonic_password
-    # secrets:
-    #   - sonic_password
+      - SONIC_PASSWORD_FILE=/run/secrets/sonic_password
+    secrets:
+      - sonic_password
       
   search:
-    image: valeriansaliou/sonic:v1.5.1
-    # secrets:
-    #   - sonic_password
+    image: valeriansaliou/sonic:v1.4.9
+    secrets:
+      - sonic_password
     volumes:
       - "sonic-data:/var/lib/sonic/store"
     networks:
       - internal
-    # NOTE: latest versions of Sonic (v1.5.1+) don't have a shell, so we can't have a custom entrypoint script that does pre-startup configuration, so we just need to store the PW in env for now
-    # entrypoint: ["/docker-entrypoint.sh"]
+    entrypoint: ["/docker-entrypoint.sh"]
     configs:
       - source: sonic_cfg
         target: /etc/sonic.cfg
         mode: 0444
-      # - source: sonic_entrypoint
-      #   target: /docker-entrypoint.sh
-      #   mode: 0555
+      - source: sonic_entrypoint
+        target: /docker-entrypoint.sh
+        mode: 0555
         
 volumes:
   sonic-data:
    
 configs:
   sonic_cfg:
-    name: ${STACK_NAME}_sonic_cfg_${SONIC_CFG_VERSION:-v1}
+    name: ${STACK_NAME}_sonic_cfg_${SONIC_CFG_VERSION}
     file: sonic.cfg
-  # sonic_entrypoint:
-  #   name: ${STACK_NAME}_sonic_entrypoint_${SONIC_ENTRYPOINT_VERSION:-v1}
-  #   file: sonic_entrypoint.sh
+  sonic_entrypoint:
+    name: ${STACK_NAME}_sonic_entrypoint_${SONIC_ENTRYPOINT_VERSION}
+    file: sonic_entrypoint.sh
 
-# secrets:
-#   sonic_password:
-#     external: true
-#     name: ${STACK_NAME}_sonic_password_${SECRET_SONIC_PASSWORD_VERSION:-v1}
+secrets:
+  sonic_password:
+    external: true
+    name: ${STACK_NAME}_sonic_password_${SECRET_SONIC_PASSWORD_VERSION}

compose.yml

@@ -33,7 +33,6 @@ services:
       - WITH_LV_NATIVE
       - WITH_IMAGE_VIX
       - WITH_AI
-      - LIVE_DASHBOARD_LOGGER
       
       - DB_SLOW_QUERY_MS
       - DB_STATEMENT_TIMEOUT
@@ -181,8 +180,7 @@ services:
     # -c statement_timeout=1800000
     # -c pg_stat_statements.track=all
     #entrypoint: ['tail', '-f', '/dev/null'] # uncomment when the Postgres DB is corrupted and won't start
-    deploy:
-      labels:
+    labels:
         backupbot.backup: ${ENABLE_BACKUPS:-true}
         # backupbot.backup.volumes.db-data: false
         backupbot.backup.volumes.db-data.path: "backup.sql"
@@ -205,32 +203,32 @@ networks:
 
 configs:
   app_entrypoint:
-    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION:-v3}
+    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
   pg_backup:
-    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION:-v4}
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
     file: pg_backup.sh
 
 secrets:
   postgres_password:
     external: true
-    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION:-v1}
+    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
   secret_key_base:
     external: true
-    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION:-v1}
+    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
   signing_salt:
     external: true
-    name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION:-v1}
+    name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}
   encryption_salt:
     external: true
-    name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION:-v1}
+    name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}
   meili_master_key:
     external: true
-    name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION:-v1}
+    name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}
   seeds_pw:
     external: true
-    name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION:-v1}
+    name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}
   livebook_password:
     external: true
-    name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION:-v1}
+    name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}

pg_backup.sh

@@ -6,17 +6,18 @@ BACKUP_PATH="/var/lib/postgresql/data"
 LATEST_BACKUP_FILE="${BACKUP_PATH}/backup.sql"
 
 function backup {
+  FILE_WITH_DATE="${BACKUP_PATH}/backup_$(date +%F).sql"
+  
   if [ -f "$POSTGRES_PASSWORD_FILE" ]; then
     export PGPASSWORD=$(cat "$POSTGRES_PASSWORD_FILE")
   fi
-
-  # Keep a single backup.sql (restic handles versioning); write to a temp file and move
-  # atomically so a failed dump never clobbers the last good backup.
-  echo "Creating backup at ${LATEST_BACKUP_FILE}..."
-  rm -f "${LATEST_BACKUP_FILE}.tmp"
-  pg_dump -U "${POSTGRES_USER:-postgres}" "${POSTGRES_DB:-postgres}" > "${LATEST_BACKUP_FILE}.tmp"
-  mv -f "${LATEST_BACKUP_FILE}.tmp" "${LATEST_BACKUP_FILE}"
-
+  
+  echo "Creating backup at ${FILE_WITH_DATE}..."
+  pg_dump -U "${POSTGRES_USER:-postgres}" "${POSTGRES_DB:-postgres}" > "${FILE_WITH_DATE}"
+  
+  echo "Copying to ${LATEST_BACKUP_FILE}..."
+  cp -f "${FILE_WITH_DATE}" "${LATEST_BACKUP_FILE}"
+  
   echo "Backup done. You will find it at ${LATEST_BACKUP_FILE}"
 }