Compare commits
5 Commits
83e1c78b6a
...
ad652a2815
Author | SHA1 | Date |
---|---|---|
Nick Sellen | ad652a2815 | |
Nick Sellen | 036e5b33eb | |
Nick Sellen | 7937f686f2 | |
Nick Sellen | 30df8b46d0 | |
Nick Sellen | 1f46da81a0 |
|
@ -1,5 +1,8 @@
|
|||
TYPE=karrot
|
||||
|
||||
# For more information about these options
|
||||
# see https://docs.karrot.world/self-host/options
|
||||
|
||||
DOMAIN=karrot.example.com
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
@ -42,6 +45,8 @@ EMAIL_BACKEND=console
|
|||
|
||||
# For web push set this, and the vapid private key secret
|
||||
# You need to generate a valid vapid keypair
|
||||
# You can generate one by running:
|
||||
# docker run --rm codeberg.org/karrot/generate-vapid-keypair
|
||||
#VAPID_PUBLIC_KEY=
|
||||
#VAPID_ADMIN_EMAIL=
|
||||
#SECRET_VAPID_PRIVATE_KEY_VERSION=v1
|
||||
|
@ -51,6 +56,7 @@ EMAIL_BACKEND=console
|
|||
#MEET_LIVEKIT_API_KEY=
|
||||
#SECRET_LIVEKIT_API_SECRET_VERSION=v1
|
||||
|
||||
# You probably don't need to touch these
|
||||
SITE_URL=https://${DOMAIN}
|
||||
LETS_ENCRYPT_ENV=production
|
||||
CSRF_TRUSTED_ORIGINS=${SITE_URL}
|
||||
|
|
18
abra.sh
18
abra.sh
|
@ -1,2 +1,16 @@
|
|||
export NGINX_CONFIG_VERSION=v23
|
||||
export GEOIP_CONFIG_VERSION=v1
|
||||
fix-permissions() {
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo "error: you must be root to fix permissions"
|
||||
echo "Try adding '--user root'"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -d /app/uploads ]; then
|
||||
echo "error: no uploads dir!"
|
||||
echo "Make sure to run it on the 'app' service"
|
||||
exit 1
|
||||
fi
|
||||
echo "Fixing upload permissions"
|
||||
echo "Making karrot the owner of uploads"
|
||||
chown -R karrot:karrot /app/uploads
|
||||
echo "Done"
|
||||
}
|
||||
|
|
|
@ -4,7 +4,6 @@ services:
|
|||
app:
|
||||
volumes:
|
||||
- "geoip_data:/var/lib/GeoIP"
|
||||
- "app_data:/app/uploads"
|
||||
|
||||
worker:
|
||||
volumes:
|
||||
|
@ -17,10 +16,10 @@ services:
|
|||
secrets:
|
||||
- maxmind_license_key
|
||||
environment:
|
||||
- GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country
|
||||
- GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-}
|
||||
- GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key
|
||||
- GEOIPUPDATE_FREQUENCY=72
|
||||
- "GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country"
|
||||
- "GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-}"
|
||||
- "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key"
|
||||
- "GEOIPUPDATE_FREQUENCY=72"
|
||||
|
||||
secrets:
|
||||
maxmind_license_key:
|
||||
|
|
|
@ -48,7 +48,6 @@ services:
|
|||
- vapid_private_key
|
||||
- livekit_api_secret
|
||||
volumes:
|
||||
- "geoip_data:/var/lib/GeoIP"
|
||||
- "app_data:/app/uploads/"
|
||||
environment:
|
||||
- CSRF_TRUSTED_ORIGINS
|
||||
|
@ -102,7 +101,7 @@ services:
|
|||
start_period: 45s
|
||||
deploy:
|
||||
labels:
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.10+13.0.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+14.0.1"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/app/uploads"
|
||||
|
||||
|
@ -110,8 +109,6 @@ services:
|
|||
image: "codeberg.org/karrot/karrot-backend:v14.0.1"
|
||||
depends_on:
|
||||
- app
|
||||
volumes:
|
||||
- "geoip_data:/var/lib/GeoIP"
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
|
@ -212,7 +209,6 @@ secrets:
|
|||
name: ${STACK_NAME}_livekit_api_secret_${SECRET_LIVEKIT_API_SECRET_VERSION}
|
||||
|
||||
volumes:
|
||||
geoip_data:
|
||||
app_data:
|
||||
postgres_data:
|
||||
redis_data:
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
Major upgrade because this switches to new set of docker images with new python version.
|
||||
|
||||
Full release info available here: https://codeberg.org/karrot/karrot/releases/tag/v14.0.1
|
||||
|
||||
## Fix to uploaded file permissions
|
||||
|
||||
We now run the container as non-root user which means the file permissions need updating.
|
||||
|
||||
After you deployment you can fix that by running:
|
||||
|
||||
```
|
||||
abra app cmd <domain> app fix-permissions --user root
|
||||
```
|
||||
|
||||
(Note: we need `--user root` there, as we need to be `root` in the container to change the permissions)
|
||||
|
||||
## geoip changes
|
||||
|
||||
Now the geoip update server is run using an additional compose file config, so if you are using geoip with a maxmind account, modify your config to include:
|
||||
|
||||
```
|
||||
COMPOSE_FILE="compose.yml"
|
||||
COMPOSE_FILE="$COMPOSE_FILE:compose.geoip.yml"
|
||||
MAXMIND_ACCOUNT_ID=youraccountid
|
||||
SECRET_MAXMIND_LICENSE_KEY_VERSION=v1
|
||||
```
|
||||
|
||||
And ensure you have the `maxmind_license_key` secret set, which you can do with:
|
||||
|
||||
```
|
||||
abra app secret insert <domain> maxmind_license_key v1 <key>
|
||||
```
|
Loading…
Reference in New Issue