diff --git a/.env.sample b/.env.sample index 0f41533..fcf2dbb 100644 --- a/.env.sample +++ b/.env.sample @@ -13,14 +13,9 @@ FEDWIKI_VOLUME="fedwiki" # custom wiki.cafe image, for working oauth2 support #COMPOSE_FILE="$COMPOSE_FILE:compose.wikicafe.yml" -# Predefined "owner" security -#COMPOSE_FILE="$COMPOSE_FILE:compose.owner.yml" - # persistent lib volume / node_modules directory, e.g. for plugmatic #COMPOSE_FILE="$COMPOSE_FILE:compose.lib.yml" -COOKIE_SECRET="asflkjqpweoriuwpeogdjgbpdofigh" -AUTHOR="Baja Colorado" -ADMIN_KEY="" - -FEDWIKI_IS_PRIVATE=0 +# Note(3wc): If you change this after initial deployment, you will need to +# manually copy the new value from `conf/config.initial.json` +SECRET_COOKIE_SECRET_VERSION=v1 # length=30 diff --git a/abra.sh b/abra.sh index 7ae0733..96897a7 100644 --- a/abra.sh +++ b/abra.sh @@ -1,23 +1,2 @@ -export INSTALL_SH_VERSION=v9 -export CONFIG_JSON_VERSION=v7 -export CONFIG_OWNER_JSON_VERSION=v4 - -abra_backup_app() { - _abra_backup_dir "app:/home/node/.wiki" -} - -abra_restore_app() { - # shellcheck disable=SC2034 - { - abra__src_="-" - abra__dst_="app:/home/node/.wiki" - } - - zcat "$@" | sub_app_cp - - success "Restored 'app'" -} - -abra_backup() { - abra_backup_app -} +export ENTRYPOINT_SH_VERSION=v1 +export CONFIG_INITIAL_JSON_VERSION=v1 diff --git a/compose.owner.yml b/compose.owner.yml deleted file mode 100644 index 678205a..0000000 --- a/compose.owner.yml +++ /dev/null @@ -1,15 +0,0 @@ - ---- -version: "3.8" - -services: - app: - configs: - - source: config_owner_json_conf - target: /home/node/config/config.owner.json - -configs: - config_owner_json_conf: - name: ${STACK_NAME}_config_owner_json_${CONFIG_OWNER_JSON_VERSION} - file: config.owner.json.tmpl - template_driver: golang diff --git a/compose.yml b/compose.yml index fd79e82..2776e04 100644 --- a/compose.yml +++ b/compose.yml @@ -4,23 +4,26 @@ version: "3.8" services: app: image: dobbs/farm:1.0.19 - command: /bin/sh config/install.sh + command: /bin/sh entrypoint.sh volumes: - - "fedwiki_friends:/home/node/config" - "${FEDWIKI_VOLUME}:/home/node/.wiki" networks: - proxy configs: - - source: install_sh_conf - target: /home/node/config/install.sh - - source: config_json_conf - target: /home/node/config/config.json + - source: entrypoint_sh_conf + target: /home/node/entrypoint.sh + - source: config_json_initial_conf + target: /home/node/initial-config/config.json + secrets: + - cookie_secret environment: - DOMAIN - COOKIE_SECRET - AUTHOR - ADMIN_KEY deploy: + update_config: + order: start-first restart_policy: condition: on-failure labels: @@ -38,26 +41,32 @@ services: - "backupbot.backup=true" - "backupbot.backup.path=/home/node/.wiki" - "coop-cloud.${STACK_NAME}.version=1.0.2+1.0.19" - # healthcheck: - # test: ["CMD", "curl", "-f", "http://localhost"] - # interval: 30s - # timeout: 10s - # retries: 10 - # start_period: 1m + healthcheck: + test: "node -e 'var http = require(\"http\"); var options = { host : \"localhost\", port : \"3000\", timeout : 2000, path : \"/welcome-visitors.html\" }; var request = http.request(options, (res) + => { console.log(`STATUS: $${res.statusCode}`); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } }); request.on(\"error\", function(err) { console.log('ERROR'); +process.exit(1); }); request.end();'" + interval: 10s + timeout: 2s + retries: 2 + start_period: 30s volumes: fedwiki: - fedwiki_friends: networks: proxy: external: true +secrets: + cookie_secret: + external: true + name: ${STACK_NAME}_cookie_secret_${SECRET_COOKIE_SECRET_VERSION} + configs: - install_sh_conf: - name: ${STACK_NAME}_install_sh_${INSTALL_SH_VERSION} - file: install.sh - config_json_conf: - name: ${STACK_NAME}_config_json_${CONFIG_JSON_VERSION} - file: config.json.tmpl + entrypoint_sh_conf: + name: ${STACK_NAME}_entrypoint_sh_${ENTRYPOINT_SH_VERSION} + file: entrypoint.sh + config_json_initial_conf: + name: ${STACK_NAME}_config_initial_json_${CONFIG_INITIAL_JSON_VERSION} + file: config.initial.json.tmpl template_driver: golang diff --git a/config.initial.json.tmpl b/config.initial.json.tmpl new file mode 100644 index 0000000..b9c46a6 --- /dev/null +++ b/config.initial.json.tmpl @@ -0,0 +1,6 @@ +{ + "farm": true, + "cookieSecret": "{{ secret "cookie_secret" }}", + "secure_cookie": true, + "security_type": "friends" +} diff --git a/config.json.tmpl b/config.json.tmpl deleted file mode 100644 index 01a9642..0000000 --- a/config.json.tmpl +++ /dev/null @@ -1,14 +0,0 @@ -{ - "admin": "{{ env "ADMIN_KEY" }}", - "farm": true, - "cookieSecret": "{{ env "COOKIE_SECRET" }}", - "secure_cookie": true, - "security_type": "friends" - {{ if eq (env "FEDWIKI_IS_PRIVATE") "1" }}, - "wikiDomains": { - "$DOMAIN": { - "id": "/home/node/.wiki/config.owner.json" - } - } - {{ end }} -} diff --git a/config.owner.json.tmpl b/config.owner.json.tmpl deleted file mode 100644 index 0dae8e9..0000000 --- a/config.owner.json.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "{{ env "AUTHOR" }}", - "friend": { - "secret": "{{ env "PASSWORD" }}" - } -} diff --git a/install.sh b/entrypoint.sh similarity index 51% rename from install.sh rename to entrypoint.sh index 62b588a..fe1d99c 100644 --- a/install.sh +++ b/entrypoint.sh @@ -4,8 +4,4 @@ if [ ! -f .wiki/config.json ]; then cp config/config.json .wiki/config.json fi -if [ ! -f .wiki/config.owner.json ]; then - cp config/config.owner.json .wiki/config.owner.json -fi - wiki --farm