Compare commits
22 Commits
Author | SHA1 | Date |
---|---|---|
decentral1se | 2ca92dd55f | |
3wc | 080fcd7a2d | |
3wc | 556d73cce8 | |
3wc | f6c2527182 | |
3wc | 953faaca83 | |
knoflook | 547cefbd19 | |
Nick Sellen | 91ed3cf439 | |
Nick Sellen | 6f31be3458 | |
3wc | 4e8ae43423 | |
3wc | 2e46a01082 | |
3wc | 1155b3cc50 | |
3wordchant | 66adadea97 | |
Nick Sellen | e776970066 | |
Nick Sellen | eab512222a | |
knoflook | 9d5e427b80 | |
knoflook | c1ca15ff87 | |
knoflook | f4ad09c3b2 | |
3wordchant | 3fc213854f | |
Sarma | 7cec462a60 | |
Nick Sellen | acee84e403 | |
nicksellen | 307037b36b | |
nicksellen | 86bef2441d |
|
@ -1,6 +1,6 @@
|
|||
TYPE=hometown
|
||||
|
||||
DOMAIN={{ .Domain }}
|
||||
DOMAIN=hometown.example.com
|
||||
# Enables WEB_DOMAIN if set (FOR FUTURE USE)
|
||||
# USER_DOMAIN=
|
||||
|
||||
|
@ -30,6 +30,7 @@ LOCAL_DOMAIN=$DOMAIN
|
|||
|
||||
# ALTERNATE_DOMAINS=$EXTRA_DOMAINS
|
||||
AUTHORIZED_FETCH=false
|
||||
DISALLOW_UNAUTHENTICATED_API_ACCESS=false
|
||||
LIMITED_FEDERATION_MODE=false
|
||||
|
||||
# Deployment
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
> A supported fork of Mastodon that provides local posting and a wider range of content types.
|
||||
|
||||
The configuration aims to stay as close as possible to [coop-cloud/mastodon](https://git.autonomic.zone/coop-cloud/mastodon).
|
||||
The configuration aims to stay as close as possible to [coop-cloud/mastodon](https://git.coopcloud.tech/coop-cloud/mastodon).
|
||||
At some point, ideally, we could merge them. We don't have enough folks running
|
||||
both Mastodon & Hometown to understand if that is a good idea right now. To be
|
||||
discussed.
|
||||
|
@ -11,7 +11,7 @@ discussed.
|
|||
|
||||
* **Category**: Apps
|
||||
* **Status**: 1
|
||||
* **Image**: [`decentral1se/hometown`](https://hub.docker.com/r/decentral1se/hometown)
|
||||
* **Image**: [`hometown`](https://git.coopcloud.tech/coop-cloud-chaos-patchs/docker-hometown), 1, Co-op Cloud custom image
|
||||
* **Healthcheck**: No
|
||||
* **Backups**: No
|
||||
* **Email**: Yes
|
||||
|
|
138
abra.sh
138
abra.sh
|
@ -1,70 +1,92 @@
|
|||
#!/bin/bash
|
||||
|
||||
export ENTRYPOINT_CONF_VERSION=v6
|
||||
export ENTRYPOINT_CONF_VERSION=v8
|
||||
|
||||
assets() {
|
||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
||||
export DB_PASS=$(cat /run/secrets/db_password)
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
RAILS_ENV=production bundle exec rails assets:precompile
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
declare -x -g "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
setup() {
|
||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
||||
export DB_PASS=$(cat /run/secrets/db_password)
|
||||
environment() {
|
||||
# for sidekiq service bundle exec env var threading
|
||||
file_env "OTP_SECRET"
|
||||
file_env "SECRET_KEY_BASE"
|
||||
file_env "DB_PASS"
|
||||
file_env "SMTP_PASSWORD"
|
||||
file_env "VAPID_PRIVATE_KEY"
|
||||
|
||||
RAILS_ENV=production bundle exec rake db:setup
|
||||
declare -x RAILS_ENV=production
|
||||
}
|
||||
|
||||
admin() {
|
||||
export OTP_SECRET=$(cat /run/secrets/otp_secret)
|
||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
||||
export DB_PASS=$(cat /run/secrets/db_password)
|
||||
|
||||
RAILS_ENV=production bin/tootctl accounts create "$1" --email "$2" --confirmed --role admin
|
||||
setup_admin() {
|
||||
## Create an admin user
|
||||
environment
|
||||
accounts create "$1" --email "$2" --confirmed --role admin
|
||||
}
|
||||
|
||||
secrets() {
|
||||
docker context use default > /dev/null 2>&1
|
||||
|
||||
echo "Generating secrets for new Hometown deployment..."
|
||||
echo ""
|
||||
|
||||
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
|
||||
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
||||
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
||||
echo ""
|
||||
|
||||
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
|
||||
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
||||
echo "OTP_SECRET = $OTP_SECRET"
|
||||
echo ""
|
||||
|
||||
docker run \
|
||||
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
||||
-e OTP_SECRET="$OTP_SECRET" \
|
||||
--rm tootsuite/mastodon:v3.4.0 \
|
||||
bundle exec rake mastodon:webpush:generate_vapid_key \
|
||||
> /tmp/key.txt
|
||||
|
||||
VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
||||
VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
||||
rm -rf /tmp/key.txt
|
||||
|
||||
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
||||
echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
|
||||
echo ""
|
||||
|
||||
abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
|
||||
echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
|
||||
echo ""
|
||||
|
||||
abra app secret generate "$APP_NAME" db_password v1
|
||||
echo ""
|
||||
|
||||
echo "don't forget to insert your smtp_password! your deployment won't work without it"
|
||||
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
|
||||
echo ""
|
||||
shell() {
|
||||
## Run a shell with proper environment
|
||||
environment
|
||||
bash $@
|
||||
}
|
||||
|
||||
generate_secrets() {
|
||||
## Run `abra app cmd -l <yourdomain> generate_secrets` to use Docker to generate secrets you'll need to deploy
|
||||
## your new instance (and create the secrets on target app).
|
||||
docker context use default > /dev/null 2>&1
|
||||
|
||||
echo "Generating secrets for new Hometown deployment..."
|
||||
echo ""
|
||||
|
||||
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
|
||||
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
||||
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
||||
echo ""
|
||||
|
||||
OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
|
||||
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
||||
echo "OTP_SECRET = $OTP_SECRET"
|
||||
echo ""
|
||||
|
||||
docker run \
|
||||
-e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
||||
-e OTP_SECRET="$OTP_SECRET" \
|
||||
--rm tootsuite/mastodon:v3.4.0 \
|
||||
bundle exec rake mastodon:webpush:generate_vapid_key \
|
||||
> /tmp/key.txt
|
||||
|
||||
VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
||||
VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
||||
rm -rf /tmp/key.txt
|
||||
|
||||
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
||||
echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
|
||||
echo ""
|
||||
|
||||
abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
|
||||
echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
|
||||
echo ""
|
||||
|
||||
abra app secret generate "$APP_NAME" db_password v1
|
||||
echo ""
|
||||
|
||||
echo "don't forget to insert your smtp_password! your deployment won't work without it"
|
||||
echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
|
||||
echo ""
|
||||
}
|
||||
|
|
|
@ -2,6 +2,22 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
es:
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
|
||||
environment:
|
||||
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
- "cluster.name=es-mastodon"
|
||||
- "discovery.type=single-node"
|
||||
- "bootstrap.memory_lock=true"
|
||||
networks:
|
||||
- internal_network
|
||||
volumes:
|
||||
- es:/usr/share/elasticsearch/data
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
|
||||
app:
|
||||
environment: &es-env
|
||||
- ES_ENABLED=true
|
||||
|
@ -13,3 +29,6 @@ services:
|
|||
|
||||
sidekiq:
|
||||
environment: *es-env
|
||||
|
||||
volumes:
|
||||
es:
|
|
@ -16,6 +16,8 @@ services:
|
|||
- S3_OVERRIDE_PATH_STYLE
|
||||
- S3_OPEN_TIMEOUT
|
||||
- S3_READ_TIMEOUT
|
||||
- S3_FORCE_SINGLE_REQUEST
|
||||
- S3_ALIAS_HOST
|
||||
secrets: &s3-secrets
|
||||
- aws_secret_access_key
|
||||
|
||||
|
|
35
compose.yml
35
compose.yml
|
@ -3,8 +3,8 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.6-hometown-1.1.1
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.15-hometown-1.1.1
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rake db:migrate; bundle exec rails s -p 3000"
|
||||
networks: &bothNetworks
|
||||
- proxy
|
||||
- internal_network
|
||||
|
@ -19,7 +19,7 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+v4.0.6-hometown-1.1.1"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.1.9+v4.0.15-hometown-1.1.1"
|
||||
configs: &configs
|
||||
- source: entrypoint_sh
|
||||
target: /usr/local/bin/entrypoint.sh
|
||||
|
@ -45,7 +45,9 @@ services:
|
|||
- DB_NAME
|
||||
- DB_PORT
|
||||
- DB_USER
|
||||
- DB_PASS_FILE=/run/secrets/db_password
|
||||
- DEFAULT_LOCALE
|
||||
- DISALLOW_UNAUTHENTICATED_API_ACCESS
|
||||
- EMAIL_DOMAIN_ALLOWLIST
|
||||
- EMAIL_DOMAIN_DENYLIST
|
||||
- LDAP_BASE
|
||||
|
@ -89,6 +91,7 @@ services:
|
|||
- OIDC_TOKEN_ENDPOINT
|
||||
- OIDC_UID_FIELD
|
||||
- OIDC_USER_INFO_ENDPOINT
|
||||
- OTP_SECRET_FILE=/run/secrets/otp_secret
|
||||
- PAPERCLIP_ROOT_PATH
|
||||
- PAPERCLIP_ROOT_URL
|
||||
- RAILS_ENV
|
||||
|
@ -117,6 +120,7 @@ services:
|
|||
- SAML_SECURITY_WANT_ASSERTION_ENCRYPTED
|
||||
- SAML_SECURITY_WANT_ASSERTION_SIGNED
|
||||
- SAML_UID_ATTRIBUTE
|
||||
- SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
|
||||
- SINGLE_USER_MODE
|
||||
- SMTP_AUTH_METHOD
|
||||
- SMTP_CA_FILE
|
||||
|
@ -139,7 +143,7 @@ services:
|
|||
- WEB_DOMAIN
|
||||
|
||||
streaming:
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.6-hometown-1.1.1
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.15-hometown-1.1.1
|
||||
command: node ./streaming
|
||||
configs: *configs
|
||||
entrypoint: *entrypoint
|
||||
|
@ -160,7 +164,7 @@ services:
|
|||
volumes: *appVolume # used to make sure this volume is created
|
||||
|
||||
sidekiq:
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.6-hometown-1.1.1
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.15-hometown-1.1.1
|
||||
secrets: *secrets
|
||||
command: bundle exec sidekiq
|
||||
configs: *configs
|
||||
|
@ -174,7 +178,7 @@ services:
|
|||
environment: *env
|
||||
|
||||
db:
|
||||
image: postgres:14.5-alpine
|
||||
image: postgres:14.10-alpine
|
||||
networks: &internalNetwork
|
||||
- internal_network
|
||||
volumes:
|
||||
|
@ -187,29 +191,13 @@ services:
|
|||
- POSTGRES_USER=${DB_USER}
|
||||
|
||||
redis:
|
||||
image: redis:7.0-alpine
|
||||
image: redis:7.2-alpine
|
||||
networks: *internalNetwork
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
volumes:
|
||||
- redis:/data
|
||||
|
||||
es:
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
|
||||
environment:
|
||||
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
- "cluster.name=es-mastodon"
|
||||
- "discovery.type=single-node"
|
||||
- "bootstrap.memory_lock=true"
|
||||
networks:
|
||||
- internal_network
|
||||
volumes:
|
||||
- es:/usr/share/elasticsearch/data
|
||||
ulimits:
|
||||
memlock:
|
||||
soft: -1
|
||||
hard: -1
|
||||
|
||||
secrets:
|
||||
secret_key_base:
|
||||
name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
|
||||
|
@ -231,7 +219,6 @@ volumes:
|
|||
app:
|
||||
redis:
|
||||
postgres:
|
||||
es:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
|
|
@ -23,9 +23,8 @@ file_env() {
|
|||
unset "$fileVar"
|
||||
}
|
||||
|
||||
export DB_PASS=$(cat /run/secrets/db_password)
|
||||
|
||||
# for sidekiq service bundle exec env var threading
|
||||
file_env "DB_PASS"
|
||||
file_env "OTP_SECRET"
|
||||
file_env "SECRET_KEY_BASE"
|
||||
file_env "SMTP_PASSWORD"
|
||||
|
|
Loading…
Reference in New Issue