generated from coop-cloud/example
Compare commits
19 Commits
1.0.0+v4.3
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 52a0626ec8 | |||
| c05f3c615a | |||
| c2df07e146 | |||
| f40559dcf0 | |||
| ba632b7d61 | |||
| d79abf04ad | |||
| 72f3ac9af4 | |||
| 6b6fc44d33 | |||
| b23d6f874e | |||
| f2c781b20c | |||
| bc57af62d4 | |||
| 1547cddb7c | |||
| 7bb4a5d2e4 | |||
| adc02f9cac | |||
| 4b8a571128 | |||
| c498ba28cb | |||
|
a919e1553b | ||
|
|
74109d293b | ||
|
|
8b860ead6c |
@ -38,7 +38,7 @@ steps:
|
|||||||
from_secret: drone_abra-bot_token
|
from_secret: drone_abra-bot_token
|
||||||
fork: true
|
fork: true
|
||||||
repositories:
|
repositories:
|
||||||
- coop-cloud/auto-recipes-catalogue-json
|
- toolshed/auto-recipes-catalogue-json
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event: tag
|
event: tag
|
||||||
|
|||||||
10
.env.sample
10
.env.sample
@ -15,6 +15,10 @@ LETS_ENCRYPT_ENV=production
|
|||||||
|
|
||||||
COMPOSE_FILE="compose.yml"
|
COMPOSE_FILE="compose.yml"
|
||||||
|
|
||||||
|
# Set the maximum length for toots (posts). Longer posts from other servers will still be displayed, this limit only applies to users on this instance.
|
||||||
|
#MAX_CHARS=500
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.character-limit.yml"
|
||||||
|
|
||||||
# Federation
|
# Federation
|
||||||
# ----------
|
# ----------
|
||||||
# DO NOT CHANGE DOMAIN VARIABLES AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
|
# DO NOT CHANGE DOMAIN VARIABLES AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
|
||||||
@ -79,9 +83,9 @@ SECRET_OTP_SECRET_VERSION=v1
|
|||||||
SECRET_VAPID_PRIVATE_KEY_VERSION=v1
|
SECRET_VAPID_PRIVATE_KEY_VERSION=v1
|
||||||
SECRET_DB_PASSWORD_VERSION=v1
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
SECRET_SMTP_PASSWORD_VERSION=v1
|
SECRET_SMTP_PASSWORD_VERSION=v1
|
||||||
SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION=v1
|
SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
|
||||||
SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION=v1
|
SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
|
||||||
SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION=v1
|
SECRET_ARE_PRIMARY_KEY_VERSION=v1
|
||||||
|
|
||||||
# Web Push
|
# Web Push
|
||||||
# ========
|
# ========
|
||||||
|
|||||||
@ -22,10 +22,10 @@ the [`abra.sh`](./abra.sh) for more.
|
|||||||
|
|
||||||
1. `abra app new mastodon`
|
1. `abra app new mastodon`
|
||||||
1. `abra app cmd --local <domain> secrets`
|
1. `abra app cmd --local <domain> secrets`
|
||||||
|
1. `abra app cmd --local <domain> secrets_activerecord`
|
||||||
1. `abra app secret insert <domain> smtp_password v1 <password>`
|
1. `abra app secret insert <domain> smtp_password v1 <password>`
|
||||||
1. `abra app config <domain>` (uncomment SMTP details)
|
1. `abra app config <domain>` (uncomment SMTP details)
|
||||||
1. `abra app deploy <domain>`
|
1. `abra app deploy <domain>`
|
||||||
1. `abra app cmd <domain> streaming setup`
|
|
||||||
|
|
||||||
Then, on your host (outside of the containers), you'll need to fix permissions
|
Then, on your host (outside of the containers), you'll need to fix permissions
|
||||||
for the volume (see [#10](https://git.coopcloud.tech/coop-cloud/mastodon/issues/10)):
|
for the volume (see [#10](https://git.coopcloud.tech/coop-cloud/mastodon/issues/10)):
|
||||||
@ -37,7 +37,7 @@ chown -R 991:991 /var/lib/docker/volumes/<domain>_app/_data
|
|||||||
And finally, within the `app` container, create an admin account:
|
And finally, within the `app` container, create an admin account:
|
||||||
|
|
||||||
```
|
```
|
||||||
abra app cmd <domain> admin -- <username> <email>
|
abra app cmd <domain> app admin -- <username> <email>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Tips & tricks
|
## Tips & tricks
|
||||||
|
|||||||
45
abra.sh
45
abra.sh
@ -1,6 +1,18 @@
|
|||||||
export ENTRYPOINT_CONF_VERSION=v5
|
export ENTRYPOINT_CONF_VERSION=v6
|
||||||
export ENTRYPOINT_STREAMING_CONF_VERSION=v1
|
export ENTRYPOINT_STREAMING_CONF_VERSION=v1
|
||||||
|
|
||||||
|
grep=grep
|
||||||
|
if ! $grep -P --version 2>/dev/null 1>/dev/null
|
||||||
|
then
|
||||||
|
echo "$grep doesn't have -P option, trying ggrep"
|
||||||
|
grep=ggrep
|
||||||
|
if ! $grep -P --version 2>/dev/null 1>/dev/null
|
||||||
|
then
|
||||||
|
echo "If you're on a mac try running \`brew install grep\`"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
file_env() {
|
file_env() {
|
||||||
local var="$1"
|
local var="$1"
|
||||||
local fileVar="${var}_FILE"
|
local fileVar="${var}_FILE"
|
||||||
@ -45,6 +57,7 @@ admin() {
|
|||||||
environment
|
environment
|
||||||
|
|
||||||
bin/tootctl accounts create "$1" --email "$2" --confirmed --role Owner
|
bin/tootctl accounts create "$1" --email "$2" --confirmed --role Owner
|
||||||
|
bin/tootctl accounts approve "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
shell() {
|
shell() {
|
||||||
@ -53,28 +66,22 @@ shell() {
|
|||||||
bash $@
|
bash $@
|
||||||
}
|
}
|
||||||
|
|
||||||
setup() {
|
|
||||||
environment
|
|
||||||
|
|
||||||
RAILS_ENV=production bundle exec rake db:setup
|
|
||||||
}
|
|
||||||
|
|
||||||
secrets() {
|
secrets() {
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
docker context use default > /dev/null 2>&1
|
docker context use default > /dev/null 2>&1
|
||||||
|
|
||||||
MASTO_VERSION="v4.3.1"
|
MASTO_VERSION="v4.3.8"
|
||||||
|
|
||||||
echo "Generating secrets for a new Mastodon deployment..."
|
echo "Generating secrets for a new Mastodon deployment..."
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:$MASTO_VERSION bundle exec rake secret)
|
SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:$MASTO_VERSION bundle exec rails secret)
|
||||||
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
|
||||||
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
OTP_SECRET=$(docker run --rm tootsuite/mastodon:$MASTO_VERSION bundle exec rake secret)
|
OTP_SECRET=$(docker run --rm tootsuite/mastodon:$MASTO_VERSION bundle exec rails secret)
|
||||||
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
|
||||||
echo "OTP_SECRET = $OTP_SECRET"
|
echo "OTP_SECRET = $OTP_SECRET"
|
||||||
echo ""
|
echo ""
|
||||||
@ -86,8 +93,8 @@ secrets() {
|
|||||||
bundle exec rake mastodon:webpush:generate_vapid_key \
|
bundle exec rake mastodon:webpush:generate_vapid_key \
|
||||||
> /tmp/key.txt
|
> /tmp/key.txt
|
||||||
|
|
||||||
VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
VAPID_PRIVATE_KEY=$($grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
|
||||||
VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
VAPID_PUBLIC_KEY=$($grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
|
||||||
rm -rf /tmp/key.txt
|
rm -rf /tmp/key.txt
|
||||||
|
|
||||||
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
|
||||||
@ -111,7 +118,7 @@ secrets_activerecord() {
|
|||||||
|
|
||||||
docker context use default > /dev/null 2>&1
|
docker context use default > /dev/null 2>&1
|
||||||
|
|
||||||
MASTO_VERSION="v4.3.1"
|
MASTO_VERSION="v4.3.8"
|
||||||
|
|
||||||
echo "Generating activerecord secrets for an updated deployment"
|
echo "Generating activerecord secrets for an updated deployment"
|
||||||
echo ""
|
echo ""
|
||||||
@ -123,18 +130,18 @@ secrets_activerecord() {
|
|||||||
bundle exec rake db:encryption:init \
|
bundle exec rake db:encryption:init \
|
||||||
> /tmp/activerecord.txt
|
> /tmp/activerecord.txt
|
||||||
|
|
||||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$(grep ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
||||||
abra app secret insert "$APP_NAME" active_record_encryption_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
abra app secret insert "$APP_NAME" are_deterministic_key v1 "$ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
||||||
echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY = $ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
echo "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY = $ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(grep ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT /tmp/activerecord.txt | cut -d'=' -f2)
|
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=$($grep ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT /tmp/activerecord.txt | cut -d'=' -f2)
|
||||||
abra app secret insert "$APP_NAME" active_record_encryption_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
abra app secret insert "$APP_NAME" are_key_derivation_salt v1 "$ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
||||||
echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT = $ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
echo "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT = $ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$(grep ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=$($grep ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY /tmp/activerecord.txt | cut -d'=' -f2)
|
||||||
abra app secret insert "$APP_NAME" active_record_encryption_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
abra app secret insert "$APP_NAME" are_primary_key v1 "$ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
||||||
echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY = $ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
echo "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY = $ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
|
|||||||
12
compose.character-limit.yml
Normal file
12
compose.character-limit.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- MAX_CHARS
|
||||||
|
# NOTE: See [0] for background on why this is necessary
|
||||||
|
# [0]: See https://github.com/mastodon/mastodon/pull/30091
|
||||||
|
user: root
|
||||||
|
command: >
|
||||||
|
/bin/sh -c 'set -x && ls && sed -i -e "s/500/$MAX_CHARS/g" app/javascript/mastodon/features/compose/components/compose_form.jsx && sed -i -e "s/500/$MAX_CHARS/g" app/validators/status_length_validator.rb && RAILS_ENV=production && rm -f /mastodon/tmp/pids/server.pid && su -c "bundle exec rails s -p 3000"'
|
||||||
34
compose.yml
34
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: tootsuite/mastodon:v4.3.1
|
image: tootsuite/mastodon:v4.3.8
|
||||||
command: |
|
command: |
|
||||||
bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
networks: &bothNetworks
|
networks: &bothNetworks
|
||||||
@ -20,7 +20,7 @@ services:
|
|||||||
- "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
|
- "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+v4.3.1"
|
- "coop-cloud.${STACK_NAME}.version=1.1.0+v4.3.8"
|
||||||
configs: &configs
|
configs: &configs
|
||||||
- source: entrypoint_sh
|
- source: entrypoint_sh
|
||||||
target: /usr/local/bin/entrypoint.sh
|
target: /usr/local/bin/entrypoint.sh
|
||||||
@ -37,13 +37,13 @@ services:
|
|||||||
- secret_key_base
|
- secret_key_base
|
||||||
- smtp_password
|
- smtp_password
|
||||||
- vapid_private_key
|
- vapid_private_key
|
||||||
- active_record_encryption_deterministic_key
|
- are_deterministic_key
|
||||||
- active_record_encryption_key_derivation_salt
|
- are_key_derivation_salt
|
||||||
- active_record_encryption_primary_key
|
- are_primary_key
|
||||||
environment: &env
|
environment: &env
|
||||||
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/active_record_encryption_deterministic_key
|
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_FILE=/run/secrets/are_deterministic_key
|
||||||
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/active_record_encryption_key_derivation_salt
|
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_FILE=/run/secrets/are_key_derivation_salt
|
||||||
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/active_record_encryption_primary_key
|
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_FILE=/run/secrets/are_primary_key
|
||||||
- ALLOW_ACCESS_TO_HIDDEN_SERVICE
|
- ALLOW_ACCESS_TO_HIDDEN_SERVICE
|
||||||
- ALTERNATE_DOMAINS
|
- ALTERNATE_DOMAINS
|
||||||
- AUTHORIZED_FETCH
|
- AUTHORIZED_FETCH
|
||||||
@ -129,7 +129,7 @@ services:
|
|||||||
- WEB_DOMAIN
|
- WEB_DOMAIN
|
||||||
|
|
||||||
streaming:
|
streaming:
|
||||||
image: tootsuite/mastodon-streaming:v4.3.1
|
image: tootsuite/mastodon-streaming:v4.3.8
|
||||||
command: node ./streaming/index.js
|
command: node ./streaming/index.js
|
||||||
configs: *configs
|
configs: *configs
|
||||||
entrypoint: /usr/local/bin/entrypoint_streaming.sh
|
entrypoint: /usr/local/bin/entrypoint_streaming.sh
|
||||||
@ -150,7 +150,7 @@ services:
|
|||||||
volumes: *appVolume
|
volumes: *appVolume
|
||||||
|
|
||||||
sidekiq:
|
sidekiq:
|
||||||
image: tootsuite/mastodon:v4.3.1
|
image: tootsuite/mastodon:v4.3.8
|
||||||
secrets: *secrets
|
secrets: *secrets
|
||||||
command: bundle exec sidekiq
|
command: bundle exec sidekiq
|
||||||
configs: *configs
|
configs: *configs
|
||||||
@ -164,7 +164,7 @@ services:
|
|||||||
environment: *env
|
environment: *env
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:15.2-alpine
|
image: postgres:15.12-alpine
|
||||||
networks: &internalNetwork
|
networks: &internalNetwork
|
||||||
- internal
|
- internal
|
||||||
volumes:
|
volumes:
|
||||||
@ -216,14 +216,14 @@ secrets:
|
|||||||
smtp_password:
|
smtp_password:
|
||||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
active_record_encryption_deterministic_key:
|
are_deterministic_key:
|
||||||
name: ${STACK_NAME}_active_record_encryption_deterministic_key_${SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION}
|
name: ${STACK_NAME}_are_deterministic_key_${SECRET_ARE_DETERMINISTIC_KEY_VERSION}
|
||||||
external: true
|
external: true
|
||||||
active_record_encryption_key_derivation_salt:
|
are_key_derivation_salt:
|
||||||
name: ${STACK_NAME}_active_record_encryption_key_derivation_salt_${SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION}
|
name: ${STACK_NAME}_are_key_derivation_salt_${SECRET_ARE_KEY_DERIVATION_SALT_VERSION}
|
||||||
external: true
|
external: true
|
||||||
active_record_encryption_primary_key:
|
are_primary_key:
|
||||||
name: ${STACK_NAME}_active_record_encryption_primary_key_${SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION}
|
name: ${STACK_NAME}_are_primary_key_${SECRET_ARE_PRIMARY_KEY_VERSION}
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
|
|||||||
@ -40,4 +40,6 @@ file_env "OIDC_CLIENT_SECRET"
|
|||||||
# NOTE: this was working in mastodon 4.2 but breaks in 4.3
|
# NOTE: this was working in mastodon 4.2 but breaks in 4.3
|
||||||
# sed -i '/- admin$/d' /opt/mastodon/config/settings.yml
|
# sed -i '/- admin$/d' /opt/mastodon/config/settings.yml
|
||||||
|
|
||||||
|
RAILS_ENV=production bundle exec rake db:migrate
|
||||||
|
|
||||||
/usr/bin/tini -s -- "$@"
|
/usr/bin/tini -s -- "$@"
|
||||||
|
|||||||
@ -5,7 +5,7 @@ Run `abra app cmd --local <domain> secrets_activerecord` to generate and store t
|
|||||||
You will also need to add this to your config (`abra app config <domain>`):
|
You will also need to add this to your config (`abra app config <domain>`):
|
||||||
|
|
||||||
```
|
```
|
||||||
SECRET_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY_VERSION=v1
|
SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
|
||||||
SECRET_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT_VERSION=v1
|
SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
|
||||||
SECRET_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY_VERSION=v1
|
SECRET_ARE_PRIMARY_KEY_VERSION=v1
|
||||||
```
|
```
|
||||||
|
|||||||
1
release/1.1.0+v4.3.8
Normal file
1
release/1.1.0+v4.3.8
Normal file
@ -0,0 +1 @@
|
|||||||
|
MAX_CHARS now supported; see ~/.abra/recipes/.env.sample
|
||||||
Loading…
x
Reference in New Issue
Block a user