1 Commits

Author SHA1 Message Date
c1fbaa3540 chore: publish 0.4.0+v2.21.2 release 2023-11-10 10:14:38 -05:00
11 changed files with 57 additions and 184 deletions

View File

@ -18,10 +18,6 @@ steps:
STACK_NAME: loomio
LETS_ENCRYPT_ENV: production
LOOMIO_ENTRYPOINT_VERSION: v1
SECRET_DEVISE_SECRET_VERSION: v1
SECRET_SECRET_COOKIE_TOKEN_VERSION: v1
SECRET_DB_PASSWORD_VERSION: v1
SECRET_SMTP_PASSWORD_VERSION: v1
trigger:
branch:
- main
@ -37,7 +33,7 @@ steps:
from_secret: drone_abra-bot_token
fork: true
repositories:
- toolshed/auto-recipes-catalogue-json
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

View File

@ -1,29 +1,31 @@
TYPE=loomio
COMPOSE_FILE="compose.yml"
DOMAIN=loomio.example.com
## Domain aliases
#EXTRA_DOMAINS=', `www.loomio.example.com`'
LETS_ENCRYPT_ENV=production
# mail setup
COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
# the number of dots in your hostname
TLD_LENGTH=3
# TODO 3wc: is this needed?
SUPPORT_EMAIL=noreply@example.com
SMTP_AUTH=plain
SMTP_DOMAIN=example.com
SMTP_SERVER=example.com
SMTP_PORT=587
SMTP_USERNAME=noreply@example.com
SMTP_PASSWORD=password
SMTP_USE_SSL=1
# to disable SSL comment out line rather than changing to 0
SECRET_SMTP_PASSWORD_VERSION=v1
# From field for notification e-mails
# Whyyyy does this need to be set separately
NOTIFICATIONS_EMAIL_ADDRESS=noreply@example.com
# reply-to in email notifications
REPLY_HOSTNAME=$DOMAIN
REPLY_HOSTNAME=loomio.example.com
# helper bot is the account which welcomes people to their groups.
HELPER_BOT_EMAIL=noreply@loomio.example.com
RAILS_ENV=production
# Number of webserver processes and threads
@ -40,8 +42,6 @@ USE_RACK_ATTACK=1
SECRET_DEVISE_SECRET_VERSION=v1 #length=64
SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
SECRET_DB_PASSWORD_VERSION=v1
SECRET_REDIS_PASSWORD_VERSION=v1
# Send catch up email (missed yesterday) weekly
# EMAIL_CATCH_UP_WEEKLY=1

View File

@ -4,31 +4,27 @@
<!-- metadata -->
* **Category**: Apps
* **Status**: 3, work-in-progress
* **Image**: [`loomio/*`](https://hub.docker.com/r/loomio), 4, upstream
* **Healthcheck**: Yes
* **Backups**: Yes
* **Email**: Outgoing yes, incoming no
* **Status**: 0, work-in-progress
* **Image**: [`loomio/*`](https://hub.docker.com/r/loomio)
* **Healthcheck**: No
* **Backups**: No
* **Email**: ?
* **Tests**: No
* **SSO**: No
<!-- endmetadata -->
## Basic usage
* `abra app new loomio --secrets ` (optionally with `--pass` if you'd like to save secrets in `pass`)
* `abra app config <app-name>`
* insert your smtp password with `abra app secret insert <app-name> smtp_password v1 "<your-password>"`
* `abra app deploy <app-name>`
* Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
* Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new loomio` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app deploy YOURAPPDOMAIN`
6. This should be automated but you also need to run `abra app run loomio_some_domain app rake db:migrate`
7. Open the configured domain in your browser to finish set-up
8. Give yourself admin rights by running `User.last.update(is_admin: true)`
## Manuel migration steps when upgrading from 0.6.0+v2.25.2 and earlier to 1.0.0+v2.25.2 and later
* adapt your env file with the new vars, especially SECRET_DB_PASSWORD_VERSION=v1 and SECRET_SMTP_PASSWORD_VERSION=v1
* insert your smtp password with `abra app secret insert <app-name> smtp_password v1 "<your-password>"`
* `abra app secret generate <app-name> db_password v1`
* `abra app deploy <app-name>`
* set the new password in DB: `abra app cmd <app-name> db set_new_db_password`
* redeploy if necessary
For more, see [docs.coopcloud.tech](https://docs.coopcloud.tech).
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik

18
abra.sh
View File

@ -1,17 +1 @@
export LOOMIO_ENTRYPOINT_VERSION=v5
export REDIS_ENTRYPOINT_VERSION=v1
# cannot be integrated into entrypoint.sh as it requires the operator to create a user first
function make_last_user_admin()
{
export DATABASE_URL="postgresql://${POSTGRES_USER}:$(cat /run/secrets/db_password)@db/${POSTGRES_DB}"
SECRET_KEY_BASE=$(rake secret) rails runner "User.last.update(is_admin: true)"
}
# only run when upgrading from 0.6.0+v2.25.2 and earlier to 1.0.0+v2.25.2 and later
function set_new_db_password()
{
echo "setting new password for db user..."
psql -U $POSTGRES_USER -c "ALTER USER $POSTGRES_USER PASSWORD '$(cat /run/secrets/db_password)';"
echo "done"
}
export LOOMIO_ENTRYPOINT_VERSION=v3

View File

@ -1,28 +0,0 @@
version: "3.8"
x-mail-env: &mail-env
SMTP_AUTH: ${SMTP_AUTH}
SMTP_DOMAIN: ${SMTP_DOMAIN}
SMTP_SERVER: ${SMTP_SERVER}
SMTP_PORT: ${SMTP_PORT}
SMTP_USERNAME: ${SMTP_USERNAME}
SMTP_PASSWORD:
SMTP_PASSWORD_FILE: /run/secrets/smtp_password
SMTP_USE_SSL: ${SMTP_USE_SSL}
services:
app:
secrets:
- smtp_password
environment:
*mail-env
worker:
secrets:
- smtp_password
environment:
*mail-env
secrets:
smtp_password:
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
external: true

View File

@ -1,24 +1,24 @@
---
version: "3.8"
x-db-env: &db-env
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_DB: loomio_production
POSTGRES_USER: postgres
x-redis-env: &redis-env
REDIS_PASSWORD_FILE: /run/secrets/redis_password
REDIS_URL: redis://:{REDIS_PASSWORD}@redis:6379
x-environment: &default-env
<<: *db-env
<<: *redis-env
DATABASE_URL: postgresql://postgres:password@db/loomio_production
REDIS_URL: redis://redis:6379
CANONICAL_HOST: ${DOMAIN}
VIRTUAL_HOST: ${DOMAIN}
CHANNELS_URI: wss://channels.${DOMAIN}
TLD_LENGTH: ${TLD_LENGTH}
SUPPORT_EMAIL: ${SUPPORT_EMAIL}
SMTP_AUTH: ${SMTP_AUTH}
SMTP_DOMAIN: ${SMTP_DOMAIN}
SMTP_SERVER: ${SMTP_SERVER}
SMTP_PORT: ${SMTP_PORT}
SMTP_USERNAME: ${SMTP_USERNAME}
SMTP_PASSWORD: ${SMTP_PASSWORD}
SMTP_USE_SSL: ${SMTP_USE_SSL}
NOTIFICATIONS_EMAIL_ADDRESS: ${NOTIFICATIONS_EMAIL_ADDRESS}
REPLY_HOSTNAME: ${REPLY_HOSTNAME}
HELPER_BOT_EMAIL: ${HELPER_BOT_EMAIL}
RAILS_ENV: ${RAILS_ENV}
PUMA_WORKERS: ${PUMA_WORKERS}
MIN_THREADS: ${MIN_THREADS}
@ -34,7 +34,7 @@ x-environment: &default-env
services:
app:
image: loomio/loomio:v2.25.3
image: loomio/loomio:v2.21.2
configs:
- source: entrypoint
target: /entrypoint.sh
@ -43,8 +43,6 @@ services:
secrets:
- devise_secret
- secret_cookie_token
- db_password
- redis_password
volumes:
- loomio_uploads:/loomio/public/system
- loomio_storage:/loomio/storage
@ -58,12 +56,6 @@ services:
- db
- redis
environment: *default-env
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 10
start_period: 2m
deploy:
restart_policy:
condition: on-failure
@ -73,10 +65,9 @@ services:
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "coop-cloud.${STACK_NAME}.version=2.0.0+v2.25.3"
- "backupbot.backup:=${ENABLE_BACKUPS:-true}"
- "coop-cloud.${STACK_NAME}.version=0.4.0+v2.21.2"
worker:
image: loomio/loomio:v2.25.3
image: loomio/loomio:v2.21.2
configs:
- source: entrypoint
target: /entrypoint.sh
@ -85,8 +76,6 @@ services:
secrets:
- devise_secret
- secret_cookie_token
- db_password
- redis_password
networks:
- backend
environment:
@ -100,38 +89,20 @@ services:
- loomio_files:/loomio/public/files
- loomio_plugins:/loomio/plugins/docker
db:
image: pgautoupgrade/pgautoupgrade:17-debian
image: postgres:12.14
networks:
- backend
volumes:
- pgdata:/pgdata
secrets:
- db_password
- pgdumps:/pgdumps
environment:
<<: *db-env
PGDATA: /pgdata
deploy:
labels:
backupbot.backup: "${ENABLE_BACKUPS:-true}"
backupbot.backup.pre-hook: sh -c 'pg_dump -U "$$POSTGRES_USER" -Fc "$$POSTGRES_DB" | gzip > "/postgres.dump.gz"'
backupbot.backup.path: "/postgres.dump.gz"
backupbot.backup.post-hook: "rm -f /postgres.dump.gz"
backupbot.restore: "true"
backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
- POSTGRES_PASSWORD=password
- POSTGRES_DB=loomio_production
- PGDATA=/pgdata
redis:
image: redis:7.4
image: redis:5.0
networks:
- backend
command: /bin/sh -c "redis-server redis.conf --loglevel debug"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
secrets:
- redis_password
configs:
- source: entrypoint_redis
target: /entrypoint.sh
mode: 0555
entrypoint: /entrypoint.sh
#mailin:
# image: loomio/mailin-docker:latest
# networks:
@ -146,23 +117,19 @@ services:
- backend
depends_on:
- redis
secrets:
- redis_password
environment:
<<: *redis-env
- REDIS_URL=redis://redis:6379
cron:
image: loomio/loomio:v2.25.3
image: loomio/loomio:v2.21.2
configs:
- source: entrypoint
target: /entrypoint.sh
mode: 0555
entrypoint: [ "/entrypoint.sh", "rake loomio:hourly_tasks" ]
entrypoint: [ "/entrypoint.sh", "rake", "loomio:hourly_tasks" ]
environment: *default-env
secrets:
- devise_secret
- secret_cookie_token
- db_password
- redis_password
volumes:
- loomio_uploads:/loomio/public/system
- loomio_storage:/loomio/storage
@ -193,14 +160,12 @@ volumes:
loomio_plugins:
loomio_import:
pgdata:
pgdumps:
configs:
entrypoint:
name: ${STACK_NAME}_entrypoint_${LOOMIO_ENTRYPOINT_VERSION}
file: entrypoint.sh
entrypoint_redis:
name: ${STACK_NAME}_entrypoint_redis_${REDIS_ENTRYPOINT_VERSION}
file: entrypoint.redis.sh
secrets:
devise_secret:
@ -209,9 +174,3 @@ secrets:
secret_cookie_token:
external: true
name: ${STACK_NAME}_secret_cookie_token_${SECRET_SECRET_COOKIE_TOKEN_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
redis_password:
external: true
name: ${STACK_NAME}_redis_password_${SECRET_REDIS_PASSWORD_VERSION}

View File

@ -1,6 +0,0 @@
#!/usr/bin/env bash
set -e
echo "creating redis.conf..."
echo "requirepass $(cat /run/secrets/redis_password)" > redis.conf
echo "redis.conf created"

View File

@ -23,24 +23,16 @@ file_env() {
file_env "DEVISE_SECRET"
file_env "SECRET_COOKIE_TOKEN"
file_env "POSTGRES_PASSWORD"
file_env "SMTP_PASSWORD"
export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
if test ! -f /loomio/storage/migrations_ran; then
echo "first deploy, running migrations..."
rake db:setup
touch /loomio/storage/migrations_ran
fi
if [ -n "$1" ]; then
echo "Running '$1'"
$1
else
if [ ! -f /loomio/storage/migrations_ran ] && [ "${TASK:-}" = "worker" ]; then
echo "first deploy, running DB setup..."
rake db:setup
touch /loomio/storage/migrations_ran
fi
echo "running DB migrations..."
rake db:migrate
echo "DB migrations finished"
echo "starting loomio!"
/loomio/docker_start.sh
fi

View File

@ -1,9 +0,0 @@
Loomio seems to have added a new setting, NOTIFICATIONS_EMAIL_ADDRESS, to
define what address transactional emails should come from.
If you don't set it, it will default to notifications@$MAIL_DOMAIN, which is
unlikely to work in many cases.
If you find that transactional emails aren't working, try setting
NOTIFICATIONS_EMAIL_ADDRESS to the same value as SUPPORT_EMAIL,
HELPER_BOT_EMAIL, or SMTP_USERNAME.

View File

@ -1,9 +0,0 @@
In this release the passwords for smtp and postgres DB were moved into docker secrets. Therefore a few manual steps need to be performed (also available in recipe documentation)
* adapt your env file with the new vars, especially SECRET_DB_PASSWORD_VERSION=v1 and SECRET_SMTP_PASSWORD_VERSION=v1
* insert your smtp password with abra app secret insert <app-name> smtp_password v1 "<your-password>"
* abra app secret generate <app-name> db_password v1
* abra app deploy <app-name>
* set the new password in DB: abra app cmd <app-name> db set_new_db_password
* redeploy

View File

@ -1,2 +0,0 @@
The major change in this release is the upgrade of postgres db from 10 to 17. As we use a container with automatic migration, this should work seemlessly without operator intervention.
NEVERTHELESS, please create a BACKUP before you upgrade to this version!