Initial import

.envrc.sample

@@ -0,0 +1,8 @@
+export SERVICE=codimd
+export STACK_NAME=codimd
+
+export DOMAIN=codimd.example.com
+export LETS_ENCRYPT_ENV=production
+
+export DB_ROOT_PASSWORD_VERSION=v1
+export ENTRYPOINT_CONF_VERSION=v1

README.md

@@ -0,0 +1,22 @@
+# CodiMD
+
+[CodiMD][codimd] using Coöp Cloud ♥
+
+1. Set up Docker Swarm and [`abra`][abra]
+2. Deploy [`compose-stacks/traefik`][compose-traefik]
+3. `cp .envrc.sample .envrc`
+4. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
+   your Docker swarm box
+5. `direnv allow` (or `. .envrc`)
+6. `abra secret_generate db_password v1`
+7. `abra deploy`
+9. Create initial user:
+	```
+	abra run codimd bash
+	. /docker-entrypoint2.sh -e
+	bin/manage_users
+	```
+
+[selfoss]: https://www.selfoss.aditu.de/
+[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
+[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik

compose.yml

@@ -0,0 +1,77 @@
+---
+version: "3.8"
+
+services:
+  postgres:
+    image: postgres:11.6-alpine
+    environment:
+      - POSTGRES_USER=codimd
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - POSTGRES_DB=codimd
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    secrets:
+      - db_password
+    networks:
+      - internal
+
+  codimd:
+    image: nabo.codimd.dev/hackmdio/hackmd:2.1.0
+    environment:
+      - CMD_USECDN=false
+      - CMD_DB_NAME=codimd
+      - CMD_DB_USER=codimd
+      - CMD_DB_HOST=postgres
+      - CMD_DB_PASSWORD_FILE=/run/secrets/db_password
+      - CMD_OAUTH2_PROVIDERNAME
+      - CMD_OAUTH2_BASEURL
+      - CMD_OAUTH2_CLIENT_ID
+      - CMD_OAUTH2_CLIENT_SECRET
+      - CMD_OAUTH2_AUTHORIZATION_URL
+      - CMD_OAUTH2_TOKEN_URL
+      - CMD_OAUTH2_USER_PROFILE_URL
+    depends_on:
+      - postgres
+    networks:
+      - proxy
+      - internal
+    volumes:
+      - codimd_uploads:/home/hackmd/app/public/uploads
+    secrets:
+      - db_password
+    entrypoint: /docker-entrypoint2.sh
+    configs:
+      - source: entrypoint2_conf
+        target: /docker-entrypoint2.sh
+        mode: 0555
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.${STACK_NAME}.tls=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+
+volumes:
+  postgres:
+  codimd_uploads:
+
+secrets:
+  db_password:    
+    external: true 
+    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+configs:
+  entrypoint2_conf:
+    name: ${STACK_NAME}_entrypoint2_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang

entrypoint.sh.tmpl

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+file_env() {
+	# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
+	# 	https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+load_vars() {
+	file_env "CMD_DB_PASSWORD"
+}
+
+main() {
+	set -eu
+
+	load_vars
+}
+
+main
+
+export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST/$CMD_DB_NAME
+
+if [ ! "${1-}" == "-e" ]; then
+	# 3wc: upstream ENTRYPOINT
+	# https://github.com/hackmdio/codimd/blob/develop/deployments/Dockerfile
+	/home/hackmd/app/docker-entrypoint.sh
+fi
+
+set +eu