Compare commits
1 Commits
main
...
fix/new_ya
Author | SHA1 | Date | |
---|---|---|---|
5d0db921e2 |
@ -22,7 +22,6 @@ steps:
|
|||||||
SECRET_SECRET_COOKIE_TOKEN_VERSION: v1
|
SECRET_SECRET_COOKIE_TOKEN_VERSION: v1
|
||||||
SECRET_DB_PASSWORD_VERSION: v1
|
SECRET_DB_PASSWORD_VERSION: v1
|
||||||
SECRET_SMTP_PASSWORD_VERSION: v1
|
SECRET_SMTP_PASSWORD_VERSION: v1
|
||||||
SECRET_OAUTH_APP_SECRET_VERSION: v1
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
- main
|
- main
|
||||||
|
14
.env.sample
14
.env.sample
@ -90,17 +90,3 @@ SECRET_DB_PASSWORD_VERSION=v1
|
|||||||
# THEME_ACCENT_COLOR=rgb(0,188,212)
|
# THEME_ACCENT_COLOR=rgb(0,188,212)
|
||||||
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
|
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
|
||||||
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
|
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
|
||||||
|
|
||||||
# env variables needed to enable OAuth2 authentication
|
|
||||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
|
|
||||||
# OAUTH_ENABLED=1
|
|
||||||
# OAUTH_AUTH_URL=
|
|
||||||
# OAUTH_TOKEN_URL=
|
|
||||||
# OAUTH_PROFILE_URL=
|
|
||||||
# OAUTH_SCOPE=
|
|
||||||
# OAUTH_APP_KEY=
|
|
||||||
# OAUTH_ATTR_UID=
|
|
||||||
# OAUTH_ATTR_NAME=
|
|
||||||
# OAUTH_ATTR_EMAIL=
|
|
||||||
# OAUTH_LOGIN_PROVIDER_NAME=
|
|
||||||
# SECRET_OAUTH_APP_SECRET_VERSION=v1
|
|
||||||
|
@ -21,7 +21,6 @@
|
|||||||
* `abra app deploy <app-name>`
|
* `abra app deploy <app-name>`
|
||||||
* Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
|
* Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
|
||||||
* Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
|
* Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
|
||||||
* Deploy [swarm-cronjob](https://recipes.coopcloud.tech/swarm-cronjob) on your server if it is not running yet. This is needed for loomios cron container to be started to do hourly chores.
|
|
||||||
|
|
||||||
## Migration guide
|
## Migration guide
|
||||||
|
|
||||||
|
2
abra.sh
2
abra.sh
@ -1,4 +1,4 @@
|
|||||||
export LOOMIO_ENTRYPOINT_VERSION=v7
|
export LOOMIO_ENTRYPOINT_VERSION=v6
|
||||||
|
|
||||||
# cannot be integrated into entrypoint.sh as it requires the operator to create a user first
|
# cannot be integrated into entrypoint.sh as it requires the operator to create a user first
|
||||||
function make_last_user_admin()
|
function make_last_user_admin()
|
||||||
|
@ -1,25 +0,0 @@
|
|||||||
version: "3.8"
|
|
||||||
|
|
||||||
x-oauth-env: &oauth-env
|
|
||||||
OAUTH_AUTH_URL:
|
|
||||||
OAUTH_TOKEN_URL:
|
|
||||||
OAUTH_PROFILE_URL:
|
|
||||||
OAUTH_SCOPE:
|
|
||||||
OAUTH_APP_KEY:
|
|
||||||
OAUTH_APP_SECRET_FILE: /run/secrets/oauth_app_secret
|
|
||||||
OAUTH_ATTR_UID:
|
|
||||||
OAUTH_ATTR_NAME:
|
|
||||||
OAUTH_ATTR_EMAIL:
|
|
||||||
OAUTH_LOGIN_PROVIDER_NAME:
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
environment:
|
|
||||||
*oauth-env
|
|
||||||
secrets:
|
|
||||||
- oauth_app_secret
|
|
||||||
|
|
||||||
secrets:
|
|
||||||
oauth_app_secret:
|
|
||||||
name: ${STACK_NAME}_oauth_app_secret_${SECRET_OAUTH_APP_SECRET_VERSION}
|
|
||||||
external: true
|
|
28
compose.yml
28
compose.yml
@ -32,7 +32,7 @@ x-environment: &default-env
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: loomio/loomio:v3.0.0
|
image: loomio/loomio:v2.25.3
|
||||||
configs:
|
configs:
|
||||||
- source: entrypoint
|
- source: entrypoint
|
||||||
target: /entrypoint.sh
|
target: /entrypoint.sh
|
||||||
@ -70,16 +70,10 @@ services:
|
|||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=5.1.1+v3.0.0"
|
- "coop-cloud.${STACK_NAME}.version=4.0.0+v2.25.3"
|
||||||
- "backupbot.backup:=${ENABLE_BACKUPS:-true}"
|
- "backupbot.backup:=${ENABLE_BACKUPS:-true}"
|
||||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}"
|
|
||||||
- "traefik.http.middlewares.${STACK_NAME}.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
|
|
||||||
- "traefik.http.middlewares.${STACK_NAME}.headers.accesscontrolallowheaders=*"
|
|
||||||
- "traefik.http.middlewares.${STACK_NAME}.headers.accessControlAllowOriginList=https://*.${DOMAIN}"
|
|
||||||
- "traefik.http.middlewares.${STACK_NAME}.headers.accesscontrolmaxage=100"
|
|
||||||
- "traefik.http.middlewares.${STACK_NAME}.headers.addvaryheader=true"
|
|
||||||
worker:
|
worker:
|
||||||
image: loomio/loomio:v3.0.0
|
image: loomio/loomio:v2.25.3
|
||||||
configs:
|
configs:
|
||||||
- source: entrypoint
|
- source: entrypoint
|
||||||
target: /entrypoint.sh
|
target: /entrypoint.sh
|
||||||
@ -122,7 +116,7 @@ services:
|
|||||||
backupbot.restore: "true"
|
backupbot.restore: "true"
|
||||||
backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
|
backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
|
||||||
redis:
|
redis:
|
||||||
image: redis:8.0
|
image: redis:5.0
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@ -139,24 +133,12 @@ services:
|
|||||||
image: loomio/loomio_channel_server
|
image: loomio/loomio_channel_server
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
- proxy
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
environment:
|
environment:
|
||||||
<<: *redis-env
|
<<: *redis-env
|
||||||
VIRTUAL_HOST: channels.${DOMAIN}
|
|
||||||
deploy:
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.docker.network=proxy"
|
|
||||||
- "traefik.http.routers.channels${STACK_NAME}.rule=Host(`channels.${DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.channels${STACK_NAME}.tls=true"
|
|
||||||
- "traefik.http.routers.channels${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
||||||
- "traefik.http.services.channels${STACK_NAME}.loadbalancer.server.port=5000"
|
|
||||||
- "traefik.http.routers.channels${STACK_NAME}.entrypoints=web-secure"
|
|
||||||
|
|
||||||
cron:
|
cron:
|
||||||
image: loomio/loomio:v3.0.0
|
image: loomio/loomio:v2.25.3
|
||||||
configs:
|
configs:
|
||||||
- source: entrypoint
|
- source: entrypoint
|
||||||
target: /entrypoint.sh
|
target: /entrypoint.sh
|
||||||
|
@ -25,11 +25,6 @@ file_env "DEVISE_SECRET"
|
|||||||
file_env "SECRET_COOKIE_TOKEN"
|
file_env "SECRET_COOKIE_TOKEN"
|
||||||
file_env "POSTGRES_PASSWORD"
|
file_env "POSTGRES_PASSWORD"
|
||||||
file_env "SMTP_PASSWORD"
|
file_env "SMTP_PASSWORD"
|
||||||
|
|
||||||
{{ if eq (env "OAUTH_ENABLED") "1" }}
|
|
||||||
file_env "OAUTH_APP_SECRET"
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
export DB_HOST="db"
|
export DB_HOST="db"
|
||||||
export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
|
export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
|
||||||
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
Add support for OAuth2. To use this feature copy and populate the new oauth2 env variables from the .env.sample to your locale .env config and insert the oauth2_app_secret secret into your recipe:
|
|
Reference in New Issue
Block a user