Pass through AWS_SECRET_ACCESS_KEY

Reviewed-on: #33
Reviewed-by: ammaratef45 <ammaratef45@proton.me>

.env.sample

@@ -67,9 +67,7 @@ REDIS_PORT=6379
 
 # ElasticSearch
 # --------------------------------------
-ES_ENABLED=true
-ES_HOST=es
-ES_PORT=9200
+# COMPOSE_FILE="$COMPOSE_FILE:compose.elasticsearch.yml"
 
 # StatsD (CURRENTLY NOT SUPPORTED)
 # -------------------------------
@@ -86,6 +84,7 @@ SECRET_SMTP_PASSWORD_VERSION=v1
 SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
 SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
 SECRET_ARE_PRIMARY_KEY_VERSION=v1
+SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1
 
 # Web Push
 # ========
@@ -126,10 +125,9 @@ DEFAULT_LOCALE=en
 
 # S3 and AWS
 # ----------
-# S3_ENABLED=
-# S3_BUCKET=
+# COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
 # AWS_ACCESS_KEY_ID=
-# AWS_SECRET_ACCESS_KEY=
+# S3_BUCKET=
 # S3_REGION=
 # S3_PROTOCOL=
 # S3_HOSTNAME=
@@ -138,6 +136,15 @@ DEFAULT_LOCALE=en
 # S3_OVERRIDE_PATH_STYLE=
 # S3_OPEN_TIMEOUT=
 # S3_READ_TIMEOUT=
+# S3_RETRY_LIMIT=
+# S3_FORCE_SINGLE_REQUEST=
+# S3_ENABLE_CHECKSUM_MODE=
+# S3_STORAGE_CLASS=
+# S3_MULTIPART_THRESHOLD=
+# S3_PERMISSION=
+# S3_BATCH_DELETE_LIMIT=
+# S3_BATCH_DELETE_RETRY=
+# S3_ALIAS_HOST=
 
 # External Authentication
 # =======================

README.md

@@ -3,7 +3,7 @@
 > Your self-hosted, globally interconnected microblogging community
 
 <!-- metadata -->
-* **Maintainer**: `@3wordchant` (Matrix: `@3wc:autonomic.zone`)
+* **Maintainers**: `@3wordchant` (Matrix: `@3wc:autonomic.zone`), `Benjamin` (Matrix: `@benjaminlj:matrix.org`)
 * **Status**: `stable`
 * **Category**: Apps
 * **Features**: 1

abra.sh

@@ -1,5 +1,5 @@
-export ENTRYPOINT_CONF_VERSION=v6
-export ENTRYPOINT_STREAMING_CONF_VERSION=v1
+export ENTRYPOINT_CONF_VERSION=v7
+export ENTRYPOINT_STREAMING_CONF_VERSION=v2
 
 grep=grep
 if ! $grep -P --version 2>/dev/null 1>/dev/null
@@ -40,6 +40,7 @@ environment() {
     file_env "OTP_SECRET"
     file_env "SECRET_KEY_BASE"
     file_env "VAPID_PRIVATE_KEY"
+    file_env "AWS_SECRET_ACCESS_KEY"
     file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
     file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
     file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"

compose.elasticsearch.yml

@@ -0,0 +1,34 @@
+---
+version: "3.8"
+
+services:
+  es:
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "cluster.name=es-mastodon"
+      - "discovery.type=single-node"
+      - "bootstrap.memory_lock=true"
+    networks:
+      - internal
+    volumes:
+      - es:/usr/share/elasticsearch/data
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+
+  app:
+    environment: &es-env
+      - "ES_ENABLED=true"
+      - "ES_HOST=es"
+      - "ES_PORT=9200"
+
+  streaming:
+    environment: *es-env
+
+  sidekiq:
+    environment: *es-env
+
+volumes:
+  es:

compose.s3.yml

@@ -0,0 +1,42 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment: &s3-env
+      - S3_ENABLED=true
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key
+      - S3_BUCKET
+      - S3_REGION
+      - S3_PROTOCOL
+      - S3_HOSTNAME
+      - S3_ENDPOINT
+      - S3_SIGNATURE_VERSION
+      - S3_OVERRIDE_PATH_STYLE
+      - S3_OPEN_TIMEOUT
+      - S3_READ_TIMEOUT
+      - S3_RETRY_LIMIT
+      - S3_FORCE_SINGLE_REQUEST
+      - S3_ENABLE_CHECKSUM_MODE
+      - S3_STORAGE_CLASS
+      - S3_MULTIPART_THRESHOLD
+      - S3_PERMISSION
+      - S3_BATCH_DELETE_LIMIT
+      - S3_BATCH_DELETE_RETRY
+      - S3_ALIAS_HOST
+    secrets: &s3-secrets
+      - aws_secret_access_key
+
+  streaming:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+  sidekiq:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+secrets:
+  aws_secret_access_key:
+    name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
+    external: true

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: tootsuite/mastodon:v4.5.0
+    image: tootsuite/mastodon:v4.5.3
     command: |
       bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
     networks: &bothNetworks
@@ -20,7 +20,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=2.1.0+v4.5.0"
+        - "coop-cloud.${STACK_NAME}.version=2.1.3+v4.5.3"
     configs: &configs
       - source: entrypoint_sh
         target: /usr/local/bin/entrypoint.sh
@@ -129,7 +129,7 @@ services:
       - WEB_DOMAIN
 
   streaming:
-    image: tootsuite/mastodon-streaming:v4.5.0
+    image: tootsuite/mastodon-streaming:v4.5.3
     command: node ./streaming/index.js
     configs: *configs
     entrypoint: /usr/local/bin/entrypoint_streaming.sh
@@ -150,7 +150,7 @@ services:
     volumes: *appVolume
 
   sidekiq:
-    image: tootsuite/mastodon:v4.5.0
+    image: tootsuite/mastodon:v4.5.3
     secrets: *secrets
     command: bundle exec sidekiq
     configs: *configs
@@ -178,29 +178,13 @@ services:
       - POSTGRES_USER=${DB_USER}
 
   redis:
-    image: redis:8.2-alpine
+    image: redis:8.4-alpine
     networks: *internalNetwork
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
     volumes:
       - redis:/data
 
-  es:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
-    environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - "cluster.name=es-mastodon"
-      - "discovery.type=single-node"
-      - "bootstrap.memory_lock=true"
-    networks:
-      - internal
-    volumes:
-      - es:/usr/share/elasticsearch/data
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-
 secrets:
   secret_key_base:
     name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
@@ -231,7 +215,6 @@ volumes:
   app:
   redis:
   postgres:
-  es:
 
 networks:
   internal:

entrypoint-streaming.sh.tmpl

@@ -27,6 +27,7 @@ file_env "DB_PASS"
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
 file_env "VAPID_PRIVATE_KEY"
+file_env "AWS_SECRET_ACCESS_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
 file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"

entrypoint.sh.tmpl

@@ -28,6 +28,7 @@ file_env "SMTP_PASSWORD"
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
 file_env "VAPID_PRIVATE_KEY"
+file_env "AWS_SECRET_ACCESS_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"
 file_env "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"
 file_env "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"