store DB password in secret. make entrypoint more robust.
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
4df10ce60d
commit
6004522de6
@ -42,6 +42,7 @@ USE_RACK_ATTACK=1
|
||||
|
||||
SECRET_DEVISE_SECRET_VERSION=v1 #length=64
|
||||
SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# Send catch up email (missed yesterday) weekly
|
||||
# EMAIL_CATCH_UP_WEEKLY=1
|
||||
|
||||
21
README.md
21
README.md
@ -8,23 +8,18 @@
|
||||
* **Image**: [`loomio/*`](https://hub.docker.com/r/loomio)
|
||||
* **Healthcheck**: No
|
||||
* **Backups**: No
|
||||
* **Email**: ?
|
||||
* **Email**: Outgoing yes, incoming no
|
||||
* **Tests**: No
|
||||
* **SSO**: No
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
|
||||
1. Set up Docker Swarm and [`abra`]
|
||||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new loomio` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. This should be automated but you also need to run `abra app run loomio_some_domain app rake db:migrate`
|
||||
7. Open the configured domain in your browser to finish set-up
|
||||
8. Give yourself admin rights by running `User.last.update(is_admin: true)`
|
||||
* `abra app new loomio --secrets ` (optionally with `--pass` if you'd like to save secrets in `pass`)
|
||||
* `abra app config <app-name>`
|
||||
* insert your smtp password with `abra app secret insert <app-name> smtp_password v1 "<your-password>"`
|
||||
* `abra app deploy <app-name>`
|
||||
* Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
|
||||
* Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
|
||||
|
||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
For more, see [docs.coopcloud.tech](https://docs.coopcloud.tech).
|
||||
|
||||
7
abra.sh
7
abra.sh
@ -1 +1,6 @@
|
||||
export LOOMIO_ENTRYPOINT_VERSION=v3
|
||||
export LOOMIO_ENTRYPOINT_VERSION=v4
|
||||
|
||||
function make_last_user_admin()
|
||||
{
|
||||
SECRET_KEY_BASE=$(rake secret) rails runner "User.last.update(is_admin: true)"
|
||||
}
|
||||
22
compose.yml
22
compose.yml
@ -1,8 +1,13 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
x-db-env: &db-env
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
POSTGRES_DB: loomio_production
|
||||
POSTGRES_USER: postgres
|
||||
|
||||
x-environment: &default-env
|
||||
DATABASE_URL: postgresql://postgres:password@db/loomio_production
|
||||
<<: *db-env
|
||||
REDIS_URL: redis://redis:6379
|
||||
CANONICAL_HOST: ${DOMAIN}
|
||||
VIRTUAL_HOST: ${DOMAIN}
|
||||
@ -43,6 +48,7 @@ services:
|
||||
secrets:
|
||||
- devise_secret
|
||||
- secret_cookie_token
|
||||
- db_password
|
||||
volumes:
|
||||
- loomio_uploads:/loomio/public/system
|
||||
- loomio_storage:/loomio/storage
|
||||
@ -76,6 +82,7 @@ services:
|
||||
secrets:
|
||||
- devise_secret
|
||||
- secret_cookie_token
|
||||
- db_password
|
||||
networks:
|
||||
- backend
|
||||
environment:
|
||||
@ -94,11 +101,11 @@ services:
|
||||
- backend
|
||||
volumes:
|
||||
- pgdata:/pgdata
|
||||
- pgdumps:/pgdumps
|
||||
secrets:
|
||||
- db_password
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=password
|
||||
- POSTGRES_DB=loomio_production
|
||||
- PGDATA=/pgdata
|
||||
<<: *db-env
|
||||
PGDATA: /pgdata
|
||||
redis:
|
||||
image: redis:5.0
|
||||
networks:
|
||||
@ -130,6 +137,7 @@ services:
|
||||
secrets:
|
||||
- devise_secret
|
||||
- secret_cookie_token
|
||||
- db_password
|
||||
volumes:
|
||||
- loomio_uploads:/loomio/public/system
|
||||
- loomio_storage:/loomio/storage
|
||||
@ -160,7 +168,6 @@ volumes:
|
||||
loomio_plugins:
|
||||
loomio_import:
|
||||
pgdata:
|
||||
pgdumps:
|
||||
|
||||
configs:
|
||||
entrypoint:
|
||||
@ -174,3 +181,6 @@ secrets:
|
||||
secret_cookie_token:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_cookie_token_${SECRET_SECRET_COOKIE_TOKEN_VERSION}
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
|
||||
@ -23,16 +23,23 @@ file_env() {
|
||||
|
||||
file_env "DEVISE_SECRET"
|
||||
file_env "SECRET_COOKIE_TOKEN"
|
||||
file_env "POSTGRES_PASSWORD"
|
||||
export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
|
||||
|
||||
if test ! -f /loomio/storage/migrations_ran; then
|
||||
echo "first deploy, running migrations..."
|
||||
rake db:setup
|
||||
touch /loomio/storage/migrations_ran
|
||||
fi
|
||||
if [ -n "$1" ]; then
|
||||
echo "Running '$1'"
|
||||
$1
|
||||
else
|
||||
if [ ! -f /loomio/storage/migrations_ran ] && [ "${TASK:-}" = "worker" ]; then
|
||||
echo "first deploy, running DB setup..."
|
||||
rake db:setup
|
||||
touch /loomio/storage/migrations_ran
|
||||
fi
|
||||
|
||||
echo "running DB migrations..."
|
||||
rake db:migrate
|
||||
echo "DB migrations finished"
|
||||
|
||||
echo "starting loomio!"
|
||||
/loomio/docker_start.sh
|
||||
fi
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user