chore: publish 3.0.0+v4.5.4 release

Reviewed-on: #37
Reviewed-by: ammaratef45 <ammaratef45@proton.me>

.env.sample

@@ -15,6 +15,10 @@ LETS_ENCRYPT_ENV=production
 
 COMPOSE_FILE="compose.yml"
 
+# Set the maximum length for toots (posts). Longer posts from other servers will still be displayed, this limit only applies to users on this instance.
+#MAX_CHARS=500
+#COMPOSE_FILE="$COMPOSE_FILE:compose.character-limit.yml"
+
 # Federation
 # ----------
 # DO NOT CHANGE DOMAIN VARIABLES AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
@@ -63,9 +67,7 @@ REDIS_PORT=6379
 
 # ElasticSearch
 # --------------------------------------
-ES_ENABLED=true
-ES_HOST=es
-ES_PORT=9200
+# COMPOSE_FILE="$COMPOSE_FILE:compose.elasticsearch.yml"
 
 # StatsD (CURRENTLY NOT SUPPORTED)
 # -------------------------------
@@ -82,6 +84,7 @@ SECRET_SMTP_PASSWORD_VERSION=v1
 SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
 SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
 SECRET_ARE_PRIMARY_KEY_VERSION=v1
+SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1
 
 # Web Push
 # ========
@@ -122,10 +125,9 @@ DEFAULT_LOCALE=en
 
 # S3 and AWS
 # ----------
-# S3_ENABLED=
-# S3_BUCKET=
+# COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
 # AWS_ACCESS_KEY_ID=
-# AWS_SECRET_ACCESS_KEY=
+# S3_BUCKET=
 # S3_REGION=
 # S3_PROTOCOL=
 # S3_HOSTNAME=
@@ -134,6 +136,15 @@ DEFAULT_LOCALE=en
 # S3_OVERRIDE_PATH_STYLE=
 # S3_OPEN_TIMEOUT=
 # S3_READ_TIMEOUT=
+# S3_RETRY_LIMIT=
+# S3_FORCE_SINGLE_REQUEST=
+# S3_ENABLE_CHECKSUM_MODE=
+# S3_STORAGE_CLASS=
+# S3_MULTIPART_THRESHOLD=
+# S3_PERMISSION=
+# S3_BATCH_DELETE_LIMIT=
+# S3_BATCH_DELETE_RETRY=
+# S3_ALIAS_HOST=
 
 # External Authentication
 # =======================

README.md

@@ -3,8 +3,10 @@
 > Your self-hosted, globally interconnected microblogging community
 
 <!-- metadata -->
+* **Maintainers**: `@3wordchant` (Matrix: `@3wc:autonomic.zone`), `Benjamin` (Matrix: `@benjaminlj:matrix.org`)
+* **Status**: `stable`
 * **Category**: Apps
-* **Status**: 1
+* **Features**: 1
 * **Image**: [`tootsuite/mastodon`](https://hub.docker.com/r/tootsuite/mastodon)
 * **Healthcheck**: No
 * **Backups**:  No
@@ -22,10 +24,10 @@ the [`abra.sh`](./abra.sh) for more.
 
 1. `abra app new mastodon`
 1. `abra app cmd --local <domain> secrets`
+1. `abra app cmd --local <domain> secrets_activerecord`
 1. `abra app secret insert <domain> smtp_password v1 <password>`
 1. `abra app config <domain>` (uncomment SMTP details)
 1. `abra app deploy <domain>`
-1. `abra app cmd <domain> streaming setup`
 
 Then, on your host (outside of the containers), you'll need to fix permissions
 for the volume (see [#10](https://git.coopcloud.tech/coop-cloud/mastodon/issues/10)):
@@ -37,7 +39,7 @@ chown -R 991:991 /var/lib/docker/volumes/<domain>_app/_data
 And finally, within the `app` container, create an admin account:
 
 ```
-abra app cmd <domain> admin -- <username> <email>
+abra app cmd <domain> app admin -- <username> <email>
 ```
 
 ## Tips & tricks

abra.sh

@@ -1,5 +1,5 @@
-export ENTRYPOINT_CONF_VERSION=v5
-export ENTRYPOINT_STREAMING_CONF_VERSION=v1
+export ENTRYPOINT_CONF_VERSION=v7
+export ENTRYPOINT_STREAMING_CONF_VERSION=v2
 
 grep=grep
 if ! $grep -P --version 2>/dev/null 1>/dev/null
@@ -40,6 +40,7 @@ environment() {
     file_env "OTP_SECRET"
     file_env "SECRET_KEY_BASE"
     file_env "VAPID_PRIVATE_KEY"
+    file_env "AWS_SECRET_ACCESS_KEY"
     file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
     file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
     file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
@@ -57,6 +58,7 @@ admin() {
   environment
 
   bin/tootctl accounts create "$1" --email "$2" --confirmed --role Owner
+  bin/tootctl accounts approve "$1"
 }
 
 shell() {
@@ -65,18 +67,12 @@ shell() {
     bash $@
 }
 
-setup() {
-  environment
-
-  RAILS_ENV=production bundle exec rake db:setup
-}
-
 secrets() {
   set -e
 
   docker context use default > /dev/null 2>&1
 
-  MASTO_VERSION="v4.3.1"
+  MASTO_VERSION="v4.3.8"
 
   echo "Generating secrets for a new Mastodon deployment..."
   echo ""
@@ -123,7 +119,7 @@ secrets_activerecord() {
 
   docker context use default > /dev/null 2>&1
 
-  MASTO_VERSION="v4.3.1"
+  MASTO_VERSION="v4.3.8"
 
   echo "Generating activerecord secrets for an updated deployment"
   echo ""

compose.character-limit.yml

@@ -0,0 +1,12 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+    - MAX_CHARS
+    # NOTE: See [0] for background on why this is necessary
+    # [0]: See https://github.com/mastodon/mastodon/pull/30091
+    user: root
+    command: >
+      /bin/sh -c 'set -x && ls && sed -i -e "s/500/$MAX_CHARS/g" app/javascript/mastodon/features/compose/components/compose_form.jsx && sed -i -e "s/500/$MAX_CHARS/g" app/validators/status_length_validator.rb && rm -f /mastodon/tmp/pids/server.pid && su -c "RAILS_ENV=production bundle exec rails s -p 3000"'

compose.elasticsearch.yml

@@ -0,0 +1,34 @@
+---
+version: "3.8"
+
+services:
+  es:
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "cluster.name=es-mastodon"
+      - "discovery.type=single-node"
+      - "bootstrap.memory_lock=true"
+    networks:
+      - internal
+    volumes:
+      - es:/usr/share/elasticsearch/data
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+
+  app:
+    environment: &es-env
+      - "ES_ENABLED=true"
+      - "ES_HOST=es"
+      - "ES_PORT=9200"
+
+  streaming:
+    environment: *es-env
+
+  sidekiq:
+    environment: *es-env
+
+volumes:
+  es:

compose.s3.yml

@@ -0,0 +1,42 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment: &s3-env
+      - S3_ENABLED=true
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key
+      - S3_BUCKET
+      - S3_REGION
+      - S3_PROTOCOL
+      - S3_HOSTNAME
+      - S3_ENDPOINT
+      - S3_SIGNATURE_VERSION
+      - S3_OVERRIDE_PATH_STYLE
+      - S3_OPEN_TIMEOUT
+      - S3_READ_TIMEOUT
+      - S3_RETRY_LIMIT
+      - S3_FORCE_SINGLE_REQUEST
+      - S3_ENABLE_CHECKSUM_MODE
+      - S3_STORAGE_CLASS
+      - S3_MULTIPART_THRESHOLD
+      - S3_PERMISSION
+      - S3_BATCH_DELETE_LIMIT
+      - S3_BATCH_DELETE_RETRY
+      - S3_ALIAS_HOST
+    secrets: &s3-secrets
+      - aws_secret_access_key
+
+  streaming:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+  sidekiq:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+secrets:
+  aws_secret_access_key:
+    name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
+    external: true

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: tootsuite/mastodon:v4.3.3
+    image: tootsuite/mastodon:v4.5.4
     command: |
       bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
     networks: &bothNetworks
@@ -20,7 +20,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.2+v4.3.3"
+        - "coop-cloud.${STACK_NAME}.version=3.0.0+v4.5.4"
     configs: &configs
       - source: entrypoint_sh
         target: /usr/local/bin/entrypoint.sh
@@ -129,7 +129,7 @@ services:
       - WEB_DOMAIN
 
   streaming:
-    image: tootsuite/mastodon-streaming:v4.3.3
+    image: tootsuite/mastodon-streaming:v4.5.4
     command: node ./streaming/index.js
     configs: *configs
     entrypoint: /usr/local/bin/entrypoint_streaming.sh
@@ -150,7 +150,7 @@ services:
     volumes: *appVolume
 
   sidekiq:
-    image: tootsuite/mastodon:v4.3.3
+    image: tootsuite/mastodon:v4.5.4
     secrets: *secrets
     command: bundle exec sidekiq
     configs: *configs
@@ -164,11 +164,12 @@ services:
     environment: *env
 
   db:
-    image: postgres:15.10-alpine
+    image: pgautoupgrade/pgautoupgrade:18-alpine
     networks: &internalNetwork
       - internal
     volumes:
-      - postgres:/var/lib/postgresql/data
+      - postgres:/var/lib/postgresql
+
     secrets:
       - db_password
     environment:
@@ -177,29 +178,13 @@ services:
       - POSTGRES_USER=${DB_USER}
 
   redis:
-    image: redis:7.4-alpine
+    image: redis:8.4-alpine
     networks: *internalNetwork
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
     volumes:
       - redis:/data
 
-  es:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
-    environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - "cluster.name=es-mastodon"
-      - "discovery.type=single-node"
-      - "bootstrap.memory_lock=true"
-    networks:
-      - internal
-    volumes:
-      - es:/usr/share/elasticsearch/data
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-
 secrets:
   secret_key_base:
     name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
@@ -230,7 +215,6 @@ volumes:
   app:
   redis:
   postgres:
-  es:
 
 networks:
   internal:

entrypoint-streaming.sh.tmpl

@@ -27,6 +27,7 @@ file_env "DB_PASS"
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
 file_env "VAPID_PRIVATE_KEY"
+file_env "AWS_SECRET_ACCESS_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
 file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"

entrypoint.sh.tmpl

@@ -28,6 +28,7 @@ file_env "SMTP_PASSWORD"
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
 file_env "VAPID_PRIVATE_KEY"
+file_env "AWS_SECRET_ACCESS_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
 file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"
@@ -40,4 +41,6 @@ file_env "OIDC_CLIENT_SECRET"
 # NOTE: this was working in mastodon 4.2 but breaks in 4.3
 # sed -i '/- admin$/d' /opt/mastodon/config/settings.yml
 
+RAILS_ENV=production bundle exec rake db:migrate
+
 /usr/bin/tini -s -- "$@"

release/1.1.0+v4.3.8

@@ -0,0 +1 @@
+MAX_CHARS now supported; see ~/.abra/recipes/.env.sample

release/2.0.0+v4.4.7

@@ -0,0 +1 @@
+This release includes several Postgres major version upgrades; this should work automatically, but please take extra care to make a database backup before upgrading!

release/3.0.0+v4.5.4

@@ -0,0 +1 @@
+WARNING ⚠️: Elasticsearch is now opt-in, if you would like to continue using it, run `abra app config <app-name>` and add `COMPOSE_FILE="$COMPOSE_FILE:compose.elasticsearch.yml"`

renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ]
+}