From 6d17eb600b3525509c6bf101017901bece73d5d0 Mon Sep 17 00:00:00 2001
From: Philipp Rothmann <philipprothmann@posteo.de>
Date: Wed, 8 Mar 2023 16:45:31 +0100
Subject: [PATCH] init

---
 .env.sample                              |  28 +++++-
 README.md                                |   1 +
 abra.sh                                  |   5 +
 apache-sites-available-default.conf.tmpl |  20 ++++
 civicrm.settings.php                     |  71 +++++++++++++
 compose.yml                              | 123 +++++++++++++++++++++--
 entrypoint.sh                            |  44 ++++++++
 7 files changed, 284 insertions(+), 8 deletions(-)
 create mode 100644 abra.sh
 create mode 100644 apache-sites-available-default.conf.tmpl
 create mode 100644 civicrm.settings.php
 create mode 100644 entrypoint.sh

diff --git a/.env.sample b/.env.sample
index 5b1ce41..cca5ab8 100644
--- a/.env.sample
+++ b/.env.sample
@@ -5,4 +5,30 @@ DOMAIN=civicrm.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.civicrm.example.com`'
 
-LETS_ENCRYPT_ENV=production
+LETS_ENCRYPT_ENV=productionaber
+
+PROJECT_NAME=example
+
+CIVICRM_DB_NAME=civicrm
+CIVICRM_DB_USER=civicrm
+CIVICRM_DB_PASS=xxx
+CIVICRM_DB_HOST=mysql
+CIVICRM_DB_PORT=3306
+
+WORDPRESS_DB_NAME=wordpress
+WORDPRESS_DB_USER=wordpress
+WORDPRESS_DB_PASS=xxx
+WORDPRESS_DB_HOST=mysql
+WORDPRESS_DB_PORT=3306
+# WORDPRESS_TABLE_PREFIX
+
+SMTP_HOST=maildev
+SMTP_MAILDOMAIN=example.org
+
+PHP_DATE_TIMEZONE="UTC"
+
+SECRET_DB_PASSWORD_VERSION=v1
+SECRET_DB_ROOT_PASSWORD_VERSION=v1
+SECRET_CIVICRM_SITE_KEY_VERSION=v1 # length=16
+SECRET_CIVICRM_CRED_KEY_VERSION=v1 # length=32
+SECRET_CIVICRM_SIGN_KEY_VERSION=v1 # length=32
\ No newline at end of file
diff --git a/README.md b/README.md
index 65d0f93..c13830a 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,4 @@
 * `abra app deploy <app-name>`
 
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
+
diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..b49c887
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+export APACHE_SITES_AVAILABLE_CONF_VERSION=v1
+export CIVICRM_SETTINGS_PHP_VERSION=v1
+export ENTRYPOINT_VERSION=v1
\ No newline at end of file
diff --git a/apache-sites-available-default.conf.tmpl b/apache-sites-available-default.conf.tmpl
new file mode 100644
index 0000000..2223a82
--- /dev/null
+++ b/apache-sites-available-default.conf.tmpl
@@ -0,0 +1,20 @@
+<VirtualHost *:80>
+
+    ServerAdmin webmaster@localhost
+    DocumentRoot /var/www/html
+
+    # We are behind a proxy and using remoteip
+    # See https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
+    RemoteIPHeader X-Forwarded-For
+    # TODO: Fix override with something more useful?
+    # RemoteIPInternalProxy traefik
+
+    # Combined log format with %h replaced by %a as we are behind a proxy
+    # See https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
+    # for more details of custom log formats.
+    LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" remoteip_combined
+    CustomLog ${APACHE_LOG_DIR}/access.log remoteip_combined
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+
+</VirtualHost>
diff --git a/civicrm.settings.php b/civicrm.settings.php
new file mode 100644
index 0000000..ca1abe1
--- /dev/null
+++ b/civicrm.settings.php
@@ -0,0 +1,71 @@
+<?php
+global $civicrm_root, $civicrm_setting, $civicrm_paths;
+
+// CMS specific stuff
+define('CIVICRM_UF', 'WordPress');
+$civicrm_root = '/var/www/html/wp-content/plugins/civicrm/civicrm/';
+define('CIVICRM_TEMPLATE_COMPILEDIR', '/var/www/html/wp-content/uploads/civicrm/templates_c/');
+define('CIVICRM_PLUGIN_DIR', '/var/www/html/wp-content/plugins/civicrm/civicrm/');
+define('CIVICRM_PLUGIN_URL',  getenv('BASE_URL') . '/wp-content/plugins/civicrm/civicrm/');
+
+// Constants set by env variables
+define('CIVICRM_DSN', 'mysql://' . getenv('CIVICRM_DB_USER') . ':' . getenv('CIVICRM_DB_PASS') . '@' . getenv('CIVICRM_DB_HOST') . '/' . getenv('CIVICRM_DB_NAME') . '?new_link=true');
+define('CIVICRM_UF_DSN', 'mysql://' . getenv('WORDPRESS_DB_USER') . ':' . getenv('WORDPRESS_DB_PASS') . '@' . getenv('WORDPRESS_DB_HOST') . '/' . getenv('WORDPRESS_DB_NAME') . '?new_link=true');
+define('CIVICRM_UF_BASEURL', getenv('BASE_URL'));
+define('CIVICRM_SITE_KEY', getenv('CIVICRM_SITE_KEY'));
+define('CIVICRM_CRED_KEYS', getenv('CIVICRM_CRED_KEYS'));
+define('CIVICRM_SIGN_KEYS', getenv('CIVICRM_SIGN_KEYS'));
+
+// Predefined constants
+define('CIVICRM_LOGGING_DSN', CIVICRM_DSN);
+define('CIVICRM_DOMAIN_ID', 1);
+define('CIVICRM_MAIL_SMARTY', 0);
+define('CIVICRM_DB_CACHE_CLASS', 'ArrayCache');
+define('CIVICRM_PSR16_STRICT', FALSE);
+define('CIVICRM_DEADLOCK_RETRIES', 3);
+define('CIVICRM_EXCLUDE_DIRS_PATTERN', '@/(\.|node_modules|js/|css/|bower_components|packages/|sites/default/files/private)@');
+
+// Include path
+$include_path = '.' . PATH_SEPARATOR .
+  $civicrm_root . PATH_SEPARATOR .
+  $civicrm_root . DIRECTORY_SEPARATOR . 'packages' . PATH_SEPARATOR .
+  get_include_path();
+if (set_include_path($include_path) === FALSE) {
+  echo "Could not set the include path<p>";
+  exit();
+}
+
+// Clean URLs
+if (!defined('CIVICRM_CLEANURL')) {
+  if (function_exists('variable_get') && variable_get('clean_url', '0') != '0') {
+    define('CIVICRM_CLEANURL', 1);
+  }
+  elseif (function_exists('config_get') && config_get('system.core', 'clean_url') != 0) {
+    define('CIVICRM_CLEANURL', 1);
+  }
+  elseif (function_exists('get_option') && get_option('permalink_structure') != '') {
+    define('CIVICRM_CLEANURL', 1);
+  }
+  else {
+    define('CIVICRM_CLEANURL', 0);
+  }
+}
+
+// More stuff that probably shouldn't be in a settings file
+ini_set('auto_detect_line_endings', '1');
+$memLimitString = trim(ini_get('memory_limit'));
+$memLimitUnit   = strtolower(substr($memLimitString, -1));
+$memLimit       = (int) $memLimitString;
+switch ($memLimitUnit) {
+  case 'g':
+    $memLimit *= 1024;
+  case 'm':
+    $memLimit *= 1024;
+  case 'k':
+    $memLimit *= 1024;
+}
+if ($memLimit >= 0 and $memLimit < 134217728) {
+  ini_set('memory_limit', '128M');
+}
+require_once $civicrm_root . '/CRM/Core/ClassLoader.php';
+CRM_Core_ClassLoader::singleton()->register();
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index a2c3805..ed6cf78 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,9 +3,47 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.20.0
+    image: michaelmcandrew/civicrm:5.56.0-wordpress-php7.4
+    hostname: civicrm
+    environment:
+      - PROJECT_NAME
+      - BASE_URL=https://${DOMAIN}
+      - CIVICRM_DB_NAME=civicrm
+      - CIVICRM_DB_USER=civicrm
+      - CIVICRM_DB_PASS_FILE=/run/secrets/db_password
+      - CIVICRM_DB_HOST=db-civicrm
+      - CIVICRM_DB_PORT=3306
+      - WORDPRESS_DB_NAME=wordpress
+      - WORDPRESS_DB_USER=wordpress
+      - WORDPRESS_DB_PASS_FILE=/run/secrets/db_password
+      - WORDPRESS_DB_HOST=db
+      - WORDPRESS_DB_PORT=3306
+      - SMTP_HOST
+      - SMTP_MAILDOMAIN
+      - CIVICRM_SITE_KEY_FILE=/run/secrets/civicrm_site_key
+      - CIVICRM_CRED_KEYS_FILE=/run/secrets/civicrm_cred_key
+      - CIVICRM_SIGN_KEYS_FILE=/run/secrets/civicrm_sign_key
+    secrets:
+      - db_password
+      - civicrm_site_key
+      - civicrm_cred_key
+      - civicrm_sign_key
+    volumes:
+      - uploads:/var/www/html/wp-content/uploads
+      # - ./.bash_history:/home/civicrm/.bash_history
+      # - ./state:/state
     networks:
+      - default
       - proxy
+    configs:
+      - source: apache-sites-available-conf
+        target: /etc/apache2/sites-available/000-default.conf
+      - source: entrypoint
+        target: /usr/local/bin/entrypoint.sh
+        mode: 0555
+      - source: civicrm-settings-php
+        target: /usr/local/etc/civicrm/civicrm.settings.php
+    entrypoint: /usr/local/bin/entrypoint.sh
     deploy:
       restart_policy:
         condition: on-failure
@@ -20,13 +58,84 @@ services:
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "coop-cloud.${STACK_NAME}.version="
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 10
+    #   start_period: 1m
+
+
+  db:
+    image: "mariadb:10.8"
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    environment:
+      - MYSQL_DATABASE=wordpress
+      - MYSQL_USER=wordpress
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    secrets:
+      - db_password
+      - db_root_password
+    # deploy:
+    #   labels:
+    #     backupbot.backup: "true"
+    #     backupbot.backup.path: "/tmp/dump.sql.gz"
+    #     backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'"
+    #     backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
+    #     backupbot.restore: "true"
+    #     backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
+
+  db-civicrm:
+    image: "mariadb:10.8"
+    volumes:
+      - "db-civicrm:/var/lib/mysql"
+    environment:
+      - MYSQL_DATABASE=civicrm
+      - MYSQL_USER=civicrm
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    secrets:
+      - db_password
+      - db_root_password
 
 networks:
   proxy:
     external: true
+
+volumes:
+  mariadb:
+  db-civicrm:
+  uploads:
+
+configs:
+  apache-sites-available-conf:
+    name: ${STACK_NAME}_apache_sites_available_conf_${APACHE_SITES_AVAILABLE_CONF_VERSION}
+    file: apache-sites-available-default.conf.tmpl
+    template_driver: golang
+  civicrm-settings-php:
+    name: ${STACK_NAME}_civicrm_settings_php_${CIVICRM_SETTINGS_PHP_VERSION}
+    file: civicrm.settings.php
+    template_driver: golang
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    file: entrypoint.sh
+    template_driver: golang
+
+secrets:
+  db_root_password:
+    external: true
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+  civicrm_site_key:
+    external: true
+    name: ${STACK_NAME}_civicrm_site_key_${SECRET_CIVICRM_SITE_KEY_VERSION}
+  civicrm_cred_key:
+    external: true
+    name: ${STACK_NAME}_civicrm_cred_key_${SECRET_CIVICRM_CRED_KEY_VERSION}
+  civicrm_sign_key:
+    external: true
+    name: ${STACK_NAME}_civicrm_sign_key_${SECRET_CIVICRM_SIGN_KEY_VERSION}
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..7c7005b
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -eu
+
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+file_env "WORDPRESS_DB_PASS"
+file_env "CIVICRM_DB_PASS"
+file_env "CIVICRM_SITE_KEY"
+file_env "CIVICRM_CRED_KEYS"
+file_env "CIVICRM_SIGN_KEYS"
+
+until mysql -e '\q' -h db -p"${WORDPRESS_DB_PASS}" && mysql -e '\q' -h db-civicrm -p"${CIVICRM_DB_PASS}"; do
+  echo "Waiting for db container to come up"
+  sleep 1
+done;
+
+echo "=== Running Docker Entrypoint"
+/usr/local/bin/civicrm-docker-entrypoint
+
+echo "=== Running Civicrm Docker Install"
+su civicrm -c /usr/local/bin/civicrm-docker-install
+
+echo "=== Running Apache2"
+exec apache2-foreground