From 3a3d605c39c8c10f5db5a643600a0453888c44a1 Mon Sep 17 00:00:00 2001
From: Javielico <javielico@riseup.net>
Date: Mon, 26 Aug 2024 11:38:57 +0100
Subject: [PATCH] Miniflux init

---
 .env.sample | 19 +++++++++++----
 compose.yml | 69 +++++++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 71 insertions(+), 17 deletions(-)

diff --git a/.env.sample b/.env.sample
index de14116..758942b 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,8 +1,17 @@
+# Service
 TYPE=miniflux
-
 DOMAIN=miniflux.example.com
-
-## Domain aliases
-#EXTRA_DOMAINS=', `www.miniflux.example.com`'
-
 LETS_ENCRYPT_ENV=production
+COMPOSE_FILE="compose.yml"
+
+# Miniflux Config
+ADMIN_USERNAME=admin
+
+# Database
+DB_USER=miniflux
+DB_NAME=miniflux
+
+# Secrets Versions
+SECRET_DB_PASSWORD_VERSION=v1
+SECRET_ADMIN_PASSWORD_VERSION=v1
+CONFIG_VERSION=v1
diff --git a/compose.yml b/compose.yml
index a2c3805..771dc36 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,30 +3,75 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.20.0
+    image: "miniflux/miniflux:2.2.0"
+    configs:
+      - source: miniflux_config
+        target: /etc/miniflux/config.yml
+    secrets:
+      - db_password
+      - admin_password
+    environment:
+      - BASE_URL=https://${DOMAIN}
+      - DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@db/${DB_NAME}?sslmode=disable
+      - RUN_MIGRATIONS=1
+      - ADMIN_USERNAME=${ADMIN_USERNAME}
+      - ADMIN_PASSWORD_FILE=/run/secrets/admin_password
     networks:
       - proxy
+      - internal
     deploy:
-      restart_policy:
-        condition: on-failure
+      update_config:
+        failure_action: rollback
+        order: start-first
       labels:
         - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version="
+        - coop-cloud.${STACK_NAME}.version=1.0.0+miniflux-2.2.0
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
+      test: ["CMD", "curl", "-f", "http://localhost:8080/healthcheck"]
       interval: 30s
       timeout: 10s
-      retries: 10
+      retries: 5
       start_period: 1m
 
+  db:
+    image: postgres:15
+    environment:
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - POSTGRES_DB=${DB_NAME}
+    secrets:
+      - db_password
+    networks:
+      - internal
+    volumes:
+      - miniflux-db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "${DB_USER}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
 networks:
+  internal:
   proxy:
     external: true
+
+configs:
+  miniflux_config:
+    name: ${STACK_NAME}_config_v1
+    file: config.yml.tmpl
+    template_driver: golang
+
+secrets:
+  db_password:
+    name: ${STACK_NAME}_db_password_v1
+    external: true
+  admin_password:
+    name: ${STACK_NAME}_admin_password_v1
+    external: true
+
+volumes:
+  miniflux-db: