Increase start_period to allow slow migrations

- includes plugins

.drone.yml

@@ -10,7 +10,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -1,5 +1,8 @@
 TYPE=karrot
 
+# For more information about these options
+# see https://docs.karrot.world/self-host/options
+
 DOMAIN=karrot.example.com
 
 COMPOSE_FILE="compose.yml"
@@ -42,6 +45,8 @@ EMAIL_BACKEND=console
 
 # For web push set this, and the vapid private key secret
 # You need to generate a valid vapid keypair
+# You can generate one by running:
+# docker run --rm codeberg.org/karrot/generate-vapid-keypair
 #VAPID_PUBLIC_KEY=
 #VAPID_ADMIN_EMAIL=
 #SECRET_VAPID_PRIVATE_KEY_VERSION=v1
@@ -51,6 +56,7 @@ EMAIL_BACKEND=console
 #MEET_LIVEKIT_API_KEY=
 #SECRET_LIVEKIT_API_SECRET_VERSION=v1
 
+# You probably don't need to touch these
 SITE_URL=https://${DOMAIN}
 LETS_ENCRYPT_ENV=production
 CSRF_TRUSTED_ORIGINS=${SITE_URL}

README.md

@@ -6,9 +6,9 @@ Karrot is a free and open-source tool for grassroots initiatives and groups of p
 
 * **Category**: Utilities
 * **Status**: 3, stable
-* **Image**: [`karrot-backend`](https://hub.docker.com/r/vlafvlaf/karrot_backend),4,upstream
+* **Image**: [`karrot-frontend`](https://codeberg.org/karrot/-/packages/container/karrot-backend)/[`karrot-frontend`](https://codeberg.org/karrot/-/packages/container/karrot-backend),4,upstream
 * **Healthcheck**: Yes
-* **Backups**: No
+* **Backups**: Yes
 * **Email**: Yes
 * **Tests**: No
 * **SSO**:  No
@@ -22,6 +22,8 @@ Karrot is a free and open-source tool for grassroots initiatives and groups of p
 3. `abra app config <karrot app name>`
 4. `abra app deploy <karrot app name>`
 
+See [Karrot Self-hosting docs](https://docs.karrot.world/self-host/coop-cloud/getting-started) for more information.
+
 ## Configuration options
 
 `MAXMIND_ACCOUNT_ID` and `MAXMIND_ACCOUNT_KEY` are API credentials from maxmind.com. You need an account there to get GeoIP data for Karrot.

abra.sh

@@ -1,2 +1,17 @@
-export NGINX_CONFIG_VERSION=v23
-export GEOIP_CONFIG_VERSION=v1
+fix-permissions() {
+  if [ "$(whoami)" != "root" ]; then
+    echo "error: you must be root to fix permissions"
+    echo "Try adding '--user root'"
+    exit 1
+  fi
+  
+  echo "Fixing permissions"
+  
+  echo "Making karrot the owner of uploads"
+  chown -R karrot:karrot /app/uploads
+
+  echo "Making karrot the owner of plugins"
+  chown -R karrot:karrot /app/plugins
+
+  echo "Done"
+}

compose.geoip.yml

@@ -4,7 +4,6 @@ services:
   app:
     volumes:
       - "geoip_data:/var/lib/GeoIP"
-      - "app_data:/app/uploads"
 
   worker:
     volumes:
@@ -17,10 +16,10 @@ services:
     secrets:
       - maxmind_license_key
     environment:
-      - GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country
-      - GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-}
-      - GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key
-      - GEOIPUPDATE_FREQUENCY=72
+      - "GEOIPUPDATE_EDITION_IDS=GeoLite2-City GeoLite2-Country"
+      - "GEOIPUPDATE_ACCOUNT_ID=${MAXMIND_ACCOUNT_ID:-}"
+      - "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key"
+      - "GEOIPUPDATE_FREQUENCY=72"
 
 secrets:
   maxmind_license_key:

compose.yml

@@ -2,7 +2,7 @@ version: "3.8"
 
 services:
   web:
-    image: "codeberg.org/karrot/karrot-frontend:v14.0.1"
+    image: "codeberg.org/karrot/karrot-frontend:v17.1.0"
     depends_on:
       - app
     environment:
@@ -35,7 +35,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
 
   app:
-    image: "codeberg.org/karrot/karrot-backend:v14.0.1"
+    image: "codeberg.org/karrot/karrot-backend:v17.1.0"
     networks:
       - internal
     depends_on:
@@ -48,9 +48,10 @@ services:
       - vapid_private_key
       - livekit_api_secret
     volumes:
-      - "geoip_data:/var/lib/GeoIP"
       - "app_data:/app/uploads/"
+      - "plugins_data:/app/plugins/"
     environment:
+      - ADMIN_EMAILS
       - CSRF_TRUSTED_ORIGINS
       - DATABASE_CONN_MAX_AGE
       - DATABASE_HOST=db
@@ -73,6 +74,7 @@ services:
       - POSTAL_API_URL
       - POSTAL_WEBHOOK_KEY
       - PROXY_DISCOURSE_URL
+      - PLUGIN_DIR=/app/plugins/
       - REDIS_DB=0
       - REDIS_HOST=redis
       - REDIS_PORT=6379
@@ -95,23 +97,22 @@ services:
       - MIGRATE=yes
     command: server
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"]
+      test: ["CMD", "curl", "-f", "http://localhost:8000/api/settings/"]
       interval: 10s
       timeout: 3s
       retries: 3 
-      start_period: 45s
+      # sometimes migrations can take their time..
+      start_period: 600s
     deploy:
       labels:
-        - "coop-cloud.${STACK_NAME}.version=0.1.10+13.0.0"
+        - "coop-cloud.${STACK_NAME}.version=3.1.1+17.1.0"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/app/uploads"
 
   worker:
-    image: "codeberg.org/karrot/karrot-backend:v14.0.1"
+    image: "codeberg.org/karrot/karrot-backend:v17.1.0"
     depends_on:
       - app
-    volumes:
-      - "geoip_data:/var/lib/GeoIP"
     networks:
       - internal
     secrets:
@@ -120,7 +121,11 @@ services:
       - smtp_password
       - vapid_private_key
       - livekit_api_secret
+    volumes:
+      - "app_data:/app/uploads/"
+      - "plugins_data:/app/plugins/"
     environment:
+      - ADMIN_EMAILS
       - DATABASE_CONN_MAX_AGE
       - DATABASE_HOST=db
       - DATABASE_NAME=karrot
@@ -136,6 +141,7 @@ services:
       - POSTAL_API_KEY
       - POSTAL_API_URL
       - POSTAL_WEBHOOK_KEY
+      - PLUGIN_DIR=/app/plugins/
       - REDIS_DB=0
       - REDIS_HOST=redis
       - REDIS_PORT=6379
@@ -212,8 +218,8 @@ secrets:
     name: ${STACK_NAME}_livekit_api_secret_${SECRET_LIVEKIT_API_SECRET_VERSION}
 
 volumes:
-  geoip_data:
   app_data:
+  plugins_data:
   postgres_data:
   redis_data:
 

release/1.0.0+14.0.1

@@ -0,0 +1,32 @@
+Major upgrade because this switches to new set of docker images with new python version.
+
+Full release info available here: https://codeberg.org/karrot/karrot/releases/tag/v14.0.1
+
+## Fix to uploaded file permissions
+
+We now run the container as non-root user which means the file permissions need updating.
+
+After you deployment you can fix that by running:
+
+```
+abra app cmd --user root <domain> app fix-permissions
+```
+
+(Note: we need `--user root` there, as we need to be `root` in the container to change the permissions)
+
+## geoip changes
+
+Now the geoip update server is run using an additional compose file config, so if you are using geoip with a maxmind account, modify your config to include:
+
+```
+COMPOSE_FILE="compose.yml"
+COMPOSE_FILE="$COMPOSE_FILE:compose.geoip.yml"
+MAXMIND_ACCOUNT_ID=youraccountid
+SECRET_MAXMIND_LICENSE_KEY_VERSION=v1
+```
+
+And ensure you have the `maxmind_license_key` secret set, which you can do with:
+
+```
+abra app secret insert <domain> maxmind_license_key v1 <key>
+```