From e52fb2c61aa3df088611971a3cb1a2e6b89c9f37 Mon Sep 17 00:00:00 2001 From: Nick Sellen Date: Mon, 25 Mar 2024 00:44:35 +0000 Subject: [PATCH 1/5] Move geoip to seperate compose file --- compose.geoip.yml | 29 +++++++++++++++++++++++++++++ compose.yml | 46 +++++++++++++--------------------------------- geoip.conf.tmpl | 3 --- 3 files changed, 42 insertions(+), 36 deletions(-) create mode 100644 compose.geoip.yml delete mode 100644 geoip.conf.tmpl diff --git a/compose.geoip.yml b/compose.geoip.yml new file mode 100644 index 0000000..01bf9d0 --- /dev/null +++ b/compose.geoip.yml @@ -0,0 +1,29 @@ +version: "3.8" + +services: + app: + volumes: + - "geoip_data:/var/lib/GeoIP" + - "app_data:/app/uploads" + + worker: + volumes: + - "geoip_data:/var/lib/GeoIP" + + geoip: + image: "ghcr.io/maxmind/geoipupdate:v6" + volumes: + - "geoip_data:/usr/share/GeoIP" + secrets: + - maxmind_license_key + environment: + - GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country + - GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-} + - GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key + - GEOIPUPDATE_FREQUENCY=72 + +secrets: + maxmind_license_key: + +volumes: + geoip_data: diff --git a/compose.yml b/compose.yml index 2a629e8..842e42a 100644 --- a/compose.yml +++ b/compose.yml @@ -2,15 +2,16 @@ version: "3.8" services: web: - image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-frontend" - configs: - - source: nginx_config - target: /etc/nginx/conf.d/default.conf + image: "codeberg.org/karrot/karrot-frontend:v14.0.0" depends_on: - app environment: - DOMAIN - FILE_UPLOAD_MAX_SIZE + - FILE_UPLOAD_DIR=/app/uploads/ + - CSP_CONNECT_SRC + - LISTEN=80 + - BACKEND=app:8000 healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] interval: 15s @@ -34,25 +35,19 @@ services: - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" app: - image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend" + image: "codeberg.org/karrot/karrot-backend:v14.0.0" networks: - internal depends_on: - db - redis - configs: - - source: geoip_conf - target: /etc/GeoIP.conf - mode: 0555 secrets: - db_password - secret_key - - maxmind_license_key - smtp_password - vapid_private_key - livekit_api_secret volumes: - - "shiv_data:/root/.shiv" - "geoip_data:/var/lib/GeoIP" - "app_data:/app/uploads" environment: @@ -66,13 +61,13 @@ services: - EMAIL_BACKEND - EMAIL_FROM - EMAIL_REPLY_DOMAIN - - FILE_UPLOAD_DIR=/app/uploads + - FILE_UPLOAD_DIR=/app/uploads/ + - FILE_UPLOAD_USE_ACCEL_REDIRECT=true - FILE_UPLOAD_MAX_SIZE - FORUM_BANNER_TOPIC_ID - FORUM_DISCUSSIONS_FEED - LISTEN_HOST=0.0.0.0 - LISTEN_SERVER=uvicorn - - MAXMIND_ACCOUNT_ID - MODE=prod - POSTAL_API_KEY - POSTAL_API_URL @@ -97,6 +92,8 @@ services: - MEET_LIVEKIT_ENDPOINT - MEET_LIVEKIT_API_KEY - MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret + - MIGRATE=yes + command: server healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"] interval: 10s @@ -110,13 +107,11 @@ services: - "backupbot.backup.path=/app/uploads" worker: - image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend" + #image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend" + image: "codeberg.org/karrot/karrot-backend:v14.0.0" depends_on: - # shiv + geoip data gets loaded on the first run of the app - # so to ensure it's available in the worker too, we need to wait - app volumes: - - "shiv_data:/root/.shiv" - "geoip_data:/var/lib/GeoIP" networks: - internal @@ -136,7 +131,6 @@ services: - EMAIL_BACKEND - EMAIL_FROM - EMAIL_REPLY_DOMAIN - - IS_WORKER=1 - LISTEN_HOST=0.0.0.0 - LISTEN_SERVER=uvicorn - MODE=prod @@ -162,6 +156,7 @@ services: - MEET_LIVEKIT_ENDPOINT - MEET_LIVEKIT_API_KEY - MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret + command: worker redis: image: "redis:6-alpine" @@ -199,17 +194,6 @@ services: backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.path: "/var/lib/postgresql/data/" - - -configs: - nginx_config: - name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION} - file: nginx.conf.tmpl - template_driver: golang - geoip_conf: - name: ${STACK_NAME}_geoip_conf_${GEOIP_CONFIG_VERSION} - file: geoip.conf.tmpl - template_driver: golang secrets: db_password: @@ -218,9 +202,6 @@ secrets: secret_key: external: true name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION} - maxmind_license_key: - external: true - name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION} smtp_password: external: true name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} @@ -232,7 +213,6 @@ secrets: name: ${STACK_NAME}_livekit_api_secret_${SECRET_LIVEKIT_API_SECRET_VERSION} volumes: - shiv_data: geoip_data: app_data: postgres_data: diff --git a/geoip.conf.tmpl b/geoip.conf.tmpl deleted file mode 100644 index 17c7f37..0000000 --- a/geoip.conf.tmpl +++ /dev/null @@ -1,3 +0,0 @@ -EditionIDs GeoLite2-City GeoLite2-Country -AccountID {{ env "MAXMIND_ACCOUNT_ID" }} -LicenseKey {{ secret "maxmind_license_key" }} From 2c9c054a3c3a2cb071459cec88c462e9595fd0c6 Mon Sep 17 00:00:00 2001 From: Nick Sellen Date: Mon, 25 Mar 2024 01:02:19 +0000 Subject: [PATCH 2/5] Fixups --- compose.geoip.yml | 2 ++ compose.yml | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/compose.geoip.yml b/compose.geoip.yml index 01bf9d0..44c5949 100644 --- a/compose.geoip.yml +++ b/compose.geoip.yml @@ -24,6 +24,8 @@ services: secrets: maxmind_license_key: + external: true + name: ${STACK_NAME}_maxmind_license_key_${SECRET_MAXMIND_LICENSE_KEY_VERSION} volumes: geoip_data: diff --git a/compose.yml b/compose.yml index 842e42a..5a5ebdf 100644 --- a/compose.yml +++ b/compose.yml @@ -9,7 +9,7 @@ services: - DOMAIN - FILE_UPLOAD_MAX_SIZE - FILE_UPLOAD_DIR=/app/uploads/ - - CSP_CONNECT_SRC + - CSP_CONNECT_SRC=${CSP_CONNECT_SRC:-} - LISTEN=80 - BACKEND=app:8000 healthcheck: @@ -22,7 +22,7 @@ services: - internal - proxy volumes: - - "app_data:/app/uploads" + - "app_data:/app/uploads/" deploy: update_config: failure_action: rollback @@ -49,7 +49,7 @@ services: - livekit_api_secret volumes: - "geoip_data:/var/lib/GeoIP" - - "app_data:/app/uploads" + - "app_data:/app/uploads/" environment: - CSRF_TRUSTED_ORIGINS - DATABASE_CONN_MAX_AGE From df863e057eb9f906852a758e3c39cbce6058394e Mon Sep 17 00:00:00 2001 From: Nick Sellen Date: Mon, 25 Mar 2024 12:36:22 +0000 Subject: [PATCH 3/5] Document geoip compose file --- .env.sample | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.env.sample b/.env.sample index 47bcbb4..6703508 100644 --- a/.env.sample +++ b/.env.sample @@ -2,17 +2,20 @@ TYPE=karrot DOMAIN=karrot.example.com +SITE_NAME=karrot dev +SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png + SECRET_DB_PASSWORD_VERSION=v1 SECRET_SECRET_KEY_VERSION=v1 SECRET_SMTP_PASSWORD_VERSION=v1 # account id for maxmind (for GeoIP) +# uncomment if using maxmind account +# make sure to add the maxmind_license_key secret too +#COMPOSE_FILE="$COMPOSE_FILE:compose.geoip.yml" #MAXMIND_ACCOUNT_ID= SECRET_MAXMIND_LICENSE_KEY_VERSION=v1 -SITE_NAME=karrot dev -SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png - FILE_UPLOAD_MAX_SIZE=10m # postal,smtp,console @@ -48,4 +51,4 @@ EMAIL_BACKEND=console SITE_URL=https://${DOMAIN} LETS_ENCRYPT_ENV=production -CSRF_TRUSTED_ORIGINS=${SITE_URL} \ No newline at end of file +CSRF_TRUSTED_ORIGINS=${SITE_URL} From 2a472504eafab08d6425fbdba350c0e8d7e9bd7c Mon Sep 17 00:00:00 2001 From: Nick Sellen Date: Mon, 25 Mar 2024 17:55:26 +0000 Subject: [PATCH 4/5] Switch to v14.0.1 image --- compose.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/compose.yml b/compose.yml index 5a5ebdf..2c7a707 100644 --- a/compose.yml +++ b/compose.yml @@ -2,7 +2,7 @@ version: "3.8" services: web: - image: "codeberg.org/karrot/karrot-frontend:v14.0.0" + image: "codeberg.org/karrot/karrot-frontend:v14.0.1" depends_on: - app environment: @@ -35,7 +35,7 @@ services: - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" app: - image: "codeberg.org/karrot/karrot-backend:v14.0.0" + image: "codeberg.org/karrot/karrot-backend:v14.0.1" networks: - internal depends_on: @@ -107,8 +107,7 @@ services: - "backupbot.backup.path=/app/uploads" worker: - #image: "ghcr.io/karrot-dev/karrot-docker-images:13.0.0-backend" - image: "codeberg.org/karrot/karrot-backend:v14.0.0" + image: "codeberg.org/karrot/karrot-backend:v14.0.1" depends_on: - app volumes: From a707991df9a1834d15159bcc31ef7b1186886bd5 Mon Sep 17 00:00:00 2001 From: Nick Sellen Date: Mon, 25 Mar 2024 18:33:43 +0000 Subject: [PATCH 5/5] Add initial compose file declaration Other ones don't seem to have it, but it wouldn't work on mine without it :/ --- .env.sample | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.env.sample b/.env.sample index 6703508..1ed981f 100644 --- a/.env.sample +++ b/.env.sample @@ -2,6 +2,8 @@ TYPE=karrot DOMAIN=karrot.example.com +COMPOSE_FILE="compose.yml" + SITE_NAME=karrot dev SITE_LOGO=https://user-images.githubusercontent.com/31616/36565633-517373a4-1821-11e8-9948-5bf6887c667e.png