diff --git a/.env.sample b/.env.sample index 47bcbb4..1ed981f 100644 --- a/.env.sample +++ b/.env.sample @@ -2,17 +2,22 @@ TYPE=karrot DOMAIN=karrot.example.com +COMPOSE_FILE="compose.yml" + +SITE_NAME=karrot dev +SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png + SECRET_DB_PASSWORD_VERSION=v1 SECRET_SECRET_KEY_VERSION=v1 SECRET_SMTP_PASSWORD_VERSION=v1 # account id for maxmind (for GeoIP) +# uncomment if using maxmind account +# make sure to add the maxmind_license_key secret too +#COMPOSE_FILE="$COMPOSE_FILE:compose.geoip.yml" #MAXMIND_ACCOUNT_ID= SECRET_MAXMIND_LICENSE_KEY_VERSION=v1 -SITE_NAME=karrot dev -SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png - FILE_UPLOAD_MAX_SIZE=10m # postal,smtp,console @@ -48,4 +53,4 @@ EMAIL_BACKEND=console SITE_URL=https://${DOMAIN} LETS_ENCRYPT_ENV=production -CSRF_TRUSTED_ORIGINS=${SITE_URL} \ No newline at end of file +CSRF_TRUSTED_ORIGINS=${SITE_URL} diff --git a/compose.geoip.yml b/compose.geoip.yml new file mode 100644 index 0000000..44c5949 --- /dev/null +++ b/compose.geoip.yml @@ -0,0 +1,31 @@ +version: "3.8" + +services: + app: + volumes: + - "geoip_data:/var/lib/GeoIP" + - "app_data:/app/uploads" + + worker: + volumes: + - "geoip_data:/var/lib/GeoIP" + + geoip: + image: "ghcr.io/maxmind/geoipupdate:v6" + volumes: + - "geoip_data:/usr/share/GeoIP" + secrets: + - maxmind_license_key + environment: + - GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country + - GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-} + - GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key + - GEOIPUPDATE_FREQUENCY=72 + +secrets: + maxmind_license_key: + external: true + name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION} + +volumes: + geoip_data: diff --git a/compose.yml b/compose.yml index 2a629e8..2c7a707 100644 --- a/compose.yml +++ b/compose.yml @@ -2,15 +2,16 @@ version: "3.8" services: web: - image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-frontend" - configs: - - source: nginx_config - target: /etc/nginx/conf.d/default.conf + image: "codeberg.org/karrot/karrot-frontend:v14.0.1" depends_on: - app environment: - DOMAIN - FILE_UPLOAD_MAX_SIZE + - FILE_UPLOAD_DIR=/app/uploads/ + - CSP_CONNECT_SRC=${CSP_CONNECT_SRC:-} + - LISTEN=80 + - BACKEND=app:8000 healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] interval: 15s @@ -21,7 +22,7 @@ services: - internal - proxy volumes: - - "app_data:/app/uploads" + - "app_data:/app/uploads/" deploy: update_config: failure_action: rollback @@ -34,27 +35,21 @@ services: - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" app: - image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend" + image: "codeberg.org/karrot/karrot-backend:v14.0.1" networks: - internal depends_on: - db - redis - configs: - - source: geoip_conf - target: /etc/GeoIP.conf - mode: 0555 secrets: - db_password - secret_key - - maxmind_license_key - smtp_password - vapid_private_key - livekit_api_secret volumes: - - "shiv_data:/root/.shiv" - "geoip_data:/var/lib/GeoIP" - - "app_data:/app/uploads" + - "app_data:/app/uploads/" environment: - CSRF_TRUSTED_ORIGINS - DATABASE_CONN_MAX_AGE @@ -66,13 +61,13 @@ services: - EMAIL_BACKEND - EMAIL_FROM - EMAIL_REPLY_DOMAIN - - FILE_UPLOAD_DIR=/app/uploads + - FILE_UPLOAD_DIR=/app/uploads/ + - FILE_UPLOAD_USE_ACCEL_REDIRECT=true - FILE_UPLOAD_MAX_SIZE - FORUM_BANNER_TOPIC_ID - FORUM_DISCUSSIONS_FEED - LISTEN_HOST=0.0.0.0 - LISTEN_SERVER=uvicorn - - MAXMIND_ACCOUNT_ID - MODE=prod - POSTAL_API_KEY - POSTAL_API_URL @@ -97,6 +92,8 @@ services: - MEET_LIVEKIT_ENDPOINT - MEET_LIVEKIT_API_KEY - MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret + - MIGRATE=yes + command: server healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"] interval: 10s @@ -110,13 +107,10 @@ services: - "backupbot.backup.path=/app/uploads" worker: - image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend" + image: "codeberg.org/karrot/karrot-backend:v14.0.1" depends_on: - # shiv + geoip data gets loaded on the first run of the app - # so to ensure it's available in the worker too, we need to wait - app volumes: - - "shiv_data:/root/.shiv" - "geoip_data:/var/lib/GeoIP" networks: - internal @@ -136,7 +130,6 @@ services: - EMAIL_BACKEND - EMAIL_FROM - EMAIL_REPLY_DOMAIN - - IS_WORKER=1 - LISTEN_HOST=0.0.0.0 - LISTEN_SERVER=uvicorn - MODE=prod @@ -162,6 +155,7 @@ services: - MEET_LIVEKIT_ENDPOINT - MEET_LIVEKIT_API_KEY - MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret + command: worker redis: image: "redis:6-alpine" @@ -199,17 +193,6 @@ services: backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.path: "/var/lib/postgresql/data/" - - -configs: - nginx_config: - name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION} - file: nginx.conf.tmpl - template_driver: golang - geoip_conf: - name: ${STACK_NAME}_geoip_conf_${GEOIP_CONFIG_VERSION} - file: geoip.conf.tmpl - template_driver: golang secrets: db_password: @@ -218,9 +201,6 @@ secrets: secret_key: external: true name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION} - maxmind_license_key: - external: true - name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION} smtp_password: external: true name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} @@ -232,7 +212,6 @@ secrets: name: ${STACK_NAME}_livekit_api_secret_${SECRET_LIVEKIT_API_SECRET_VERSION} volumes: - shiv_data: geoip_data: app_data: postgres_data: diff --git a/geoip.conf.tmpl b/geoip.conf.tmpl deleted file mode 100644 index 17c7f37..0000000 --- a/geoip.conf.tmpl +++ /dev/null @@ -1,3 +0,0 @@ -EditionIDs GeoLite2-City GeoLite2-Country -AccountID {{ env "MAXMIND_ACCOUNT_ID" }} -LicenseKey {{ secret "maxmind_license_key" }}