coop-cloud/loomio
coop-cloud/loomio
1
0
Fork 0
Code Issues 3 Pull Requests 2 Projects Releases Wiki Activity

store DB password in secret. make entrypoint more robust.
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
stevensting 2025-02-09 17:59:02 +01:00
parent 4df10ce60d
commit 6004522de6
5 changed files with 43 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.sample
View File

@ -42,6 +42,7 @@ USE_RACK_ATTACK=1
SECRET_DEVISE_SECRET_VERSION=v1 #length=64 SECRET_DEVISE_SECRET_VERSION=v1 #length=64
SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64 SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
SECRET_DB_PASSWORD_VERSION=v1
# Send catch up email (missed yesterday) weekly # Send catch up email (missed yesterday) weekly
# EMAIL_CATCH_UP_WEEKLY=1 # EMAIL_CATCH_UP_WEEKLY=1

21
README.md
View File

@ -8,23 +8,18 @@
* **Image**: [`loomio/*`](https://hub.docker.com/r/loomio) * **Image**: [`loomio/*`](https://hub.docker.com/r/loomio)
* **Healthcheck**: No * **Healthcheck**: No
* **Backups**: No * **Backups**: No
* **Email**: ? * **Email**: Outgoing yes, incoming no
* **Tests**: No * **Tests**: No
* **SSO**: No * **SSO**: No
<!-- endmetadata --> <!-- endmetadata -->
## Basic usage ## Basic usage
1. Set up Docker Swarm and [`abra`] * `abra app new loomio --secrets ` (optionally with `--pass` if you'd like to save secrets in `pass`)
2. Deploy [`coop-cloud/traefik`] * `abra app config <app-name>`
3. `abra app new loomio` (optionally with `--pass` if you'd like * insert your smtp password with `abra app secret insert <app-name> smtp_password v1 "<your-password>"`
to save secrets in `pass`) * `abra app deploy <app-name>`
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to * Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
your Docker swarm box * Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
5. `abra app deploy YOURAPPDOMAIN`
6. This should be automated but you also need to run `abra app run loomio_some_domain app rake db:migrate`
7. Open the configured domain in your browser to finish set-up
8. Give yourself admin rights by running `User.last.update(is_admin: true)`
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra For more, see [docs.coopcloud.tech](https://docs.coopcloud.tech).
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik

7
abra.sh
View File

@ -1 +1,6 @@
export LOOMIO_ENTRYPOINT_VERSION=v3 export LOOMIO_ENTRYPOINT_VERSION=v4
function make_last_user_admin()
{
SECRET_KEY_BASE=$(rake secret) rails runner "User.last.update(is_admin: true)"
}

22
compose.yml
View File

@ -1,8 +1,13 @@
--- ---
version: "3.8" version: "3.8"
x-db-env: &db-env
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_DB: loomio_production
POSTGRES_USER: postgres
x-environment: &default-env x-environment: &default-env
DATABASE_URL: postgresql://postgres:password@db/loomio_production <<: *db-env
REDIS_URL: redis://redis:6379 REDIS_URL: redis://redis:6379
CANONICAL_HOST: ${DOMAIN} CANONICAL_HOST: ${DOMAIN}
VIRTUAL_HOST: ${DOMAIN} VIRTUAL_HOST: ${DOMAIN}
@ -43,6 +48,7 @@ services:
secrets: secrets:
- devise_secret - devise_secret
- secret_cookie_token - secret_cookie_token
- db_password
volumes: volumes:
- loomio_uploads:/loomio/public/system - loomio_uploads:/loomio/public/system
- loomio_storage:/loomio/storage - loomio_storage:/loomio/storage
@ -76,6 +82,7 @@ services:
secrets: secrets:
- devise_secret - devise_secret
- secret_cookie_token - secret_cookie_token
- db_password
networks: networks:
- backend - backend
environment: environment:
@ -94,11 +101,11 @@ services:
- backend - backend
volumes: volumes:
- pgdata:/pgdata - pgdata:/pgdata
- pgdumps:/pgdumps secrets:
- db_password
environment: environment:
- POSTGRES_PASSWORD=password <<: *db-env
- POSTGRES_DB=loomio_production PGDATA: /pgdata
- PGDATA=/pgdata
redis: redis:
image: redis:5.0 image: redis:5.0
networks: networks:
@ -130,6 +137,7 @@ services:
secrets: secrets:
- devise_secret - devise_secret
- secret_cookie_token - secret_cookie_token
- db_password
volumes: volumes:
- loomio_uploads:/loomio/public/system - loomio_uploads:/loomio/public/system
- loomio_storage:/loomio/storage - loomio_storage:/loomio/storage
@ -160,7 +168,6 @@ volumes:
loomio_plugins: loomio_plugins:
loomio_import: loomio_import:
pgdata: pgdata:
pgdumps:
configs: configs:
entrypoint: entrypoint:
@ -174,3 +181,6 @@ secrets:
secret_cookie_token: secret_cookie_token:
external: true external: true
name: ${STACK_NAME}_secret_cookie_token_${SECRET_SECRET_COOKIE_TOKEN_VERSION} name: ${STACK_NAME}_secret_cookie_token_${SECRET_SECRET_COOKIE_TOKEN_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}

17
entrypoint.sh
View File

@ -23,16 +23,23 @@ file_env() {
file_env "DEVISE_SECRET" file_env "DEVISE_SECRET"
file_env "SECRET_COOKIE_TOKEN" file_env "SECRET_COOKIE_TOKEN"
file_env "POSTGRES_PASSWORD"
export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
if test ! -f /loomio/storage/migrations_ran; then
echo "first deploy, running migrations..."
rake db:setup
touch /loomio/storage/migrations_ran
fi
if [ -n "$1" ]; then if [ -n "$1" ]; then
echo "Running '$1'" echo "Running '$1'"
$1 $1
else else
if [ ! -f /loomio/storage/migrations_ran ] && [ "${TASK:-}" = "worker" ]; then
echo "first deploy, running DB setup..."
rake db:setup
touch /loomio/storage/migrations_ran
fi
echo "running DB migrations..."
rake db:migrate
echo "DB migrations finished"
echo "starting loomio!" echo "starting loomio!"
/loomio/docker_start.sh /loomio/docker_start.sh
fi fi