diff --git a/.drone.yml b/.drone.yml index f4fdb08..a99a207 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,43 +14,20 @@ steps: DOMAIN: gotosocial.swarm-test.autonomic.zone STACK_NAME: gotosocial LETS_ENCRYPT_ENV: production - - - name: notify coopcloud-dev on failure - image: plugins/matrix - settings: - homeserver: https://matrix.autonomic.zone - roomid: "IFazIpLtxiScqbHqoa:autonomic.zone" - userid: "@autono-bot:autonomic.zone" - accesstoken: - from_secret: autono_bot_access_token - depends_on: - - deployment - when: - status: - - failure + GTS_ACCOUNTS_OPEN_REGISTRATION: false + GTS_ACCOUNTS_APPROVAL_REQUIRED: true + GTS_ACCOUNTS_REASON_REQUIRED: true + APP_ENTRYPOINT_VERSION: v1 trigger: branch: - main - --- kind: pipeline name: recipe release steps: - name: release a new version - image: decentral1se/drone-abra:latest + image: thecoopcloud/drone-abra:latest settings: command: recipe gotosocial release deploy_key: from_secret: abra_bot_deploy_key - - - name: trigger downstream builds - image: plugins/downstream - settings: - server: https://drone.autonomic.zone - token: - from_secret: decentral1se_token - fork: true - repositories: - - coop-cloud/auto-apps-json - depends_on: - - release a new version \ No newline at end of file diff --git a/.env.sample b/.env.sample index 77c73b6..0cd64cc 100644 --- a/.env.sample +++ b/.env.sample @@ -1,6 +1,10 @@ TYPE=gotosocial DOMAIN=gotosocial.example.com -## Domain aliases -#EXTRA_DOMAINS=', `www.gotosocial.example.com`' LETS_ENCRYPT_ENV=production + +GTS_ACCOUNTS_OPEN_REGISTRATION=false +GTS_ACCOUNTS_APPROVAL_REQUIRED=true +GTS_ACCOUNTS_REASON_REQUIRED=true + +SECRET_DB_PASSWORD_VERSION=v1 diff --git a/README.md b/README.md index 253d7ba..194b2e0 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,18 @@ -# Gotosocial +# gotosocial Golang fediverse server. -* **Category**: -* **Status**: -* **Image**: [`gotosocial`](https://hub.docker.com/r/gotosocial/gotosocial) -* **Healthcheck**: -* **Backups**: -* **Email**: -* **Tests**: -* **SSO**: + +- **Category**: +- **Status**: +- **Image**: [`decentral1se/gotosocial`](https://hub.docker.com/r/decentral1se/gotosocial) +- **Healthcheck**: +- **Backups**: +- **Email**: +- **Tests**: +- **SSO**: + ## Basic usage diff --git a/abra.sh b/abra.sh new file mode 100644 index 0000000..7c5fe57 --- /dev/null +++ b/abra.sh @@ -0,0 +1 @@ +export APP_ENTRYPOINT_VERSION=v1 diff --git a/compose.yml b/compose.yml index 662a96c..a8c4de0 100644 --- a/compose.yml +++ b/compose.yml @@ -3,29 +3,76 @@ version: "3.8" services: app: - image: nginx:1.19.2 + image: decentral1se/gotosocial:latest + secrets: + - db_password + environment: + - GTS_ACCOUNTS_APPROVAL_REQUIRED + - GTS_ACCOUNTS_OPEN_REGISTRATION + - GTS_ACCOUNTS_REASON_REQUIRED + - GTS_DB_ADDRESS=db + - GTS_DB_DATABASE=gotosocial + - GTS_DB_PASSWORD_FILE=/run/secrets/db_password + - GTS_DB_PORT=5432 + - GTS_DB_TYPE=postgres + - GTS_DB_USER=gotosocial + - GTS_HOST=${DOMAIN} + - GTS_LETSENCRYPT_ENABLED=false + - GTS_STORAGE_SERVE_HOST=${DOMAIN} + configs: + - source: entrypoint + target: /entrypoint.sh + mode: 0555 + networks: + - proxy + - internal + command: server start + entrypoint: /entrypoint.sh + volumes: + - app:/gotosocial/storage + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + + db: + image: postgres:10-alpine + environment: + - POSTGRES_USER=gotosocial + - POSTGRES_PASSWORD_FILE=/run/secrets/db_password + - POSTGRES_DB=gotosocial + secrets: + - db_password + volumes: + - db:/var/lib/postgresql/data networks: - - proxy + - internal deploy: - restart_policy: - condition: on-failure labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - ## Redirect from EXTRA_DOMAINS to DOMAIN - #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] - interval: 30s - timeout: 10s - retries: 10 - start_period: 1m + - "coop-cloud.${STACK_NAME}.db.version=10-alpine-131220fe" + +secrets: + db_password: + external: true + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} networks: + internal: + internal: true proxy: external: true + +configs: + entrypoint: + name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION} + file: entrypoint.sh + +volumes: + app: + db: diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..e06a0ef --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +file_env "GTS_DB_PASSWORD" + +exec "$@"