diff --git a/.env.sample b/.env.sample index 60f81d5..f8503d6 100644 --- a/.env.sample +++ b/.env.sample @@ -1,5 +1,7 @@ TYPE=miniflux +COMPOSE_FILE="compose.yml" + DOMAIN=rss.example.com DB_NAME=miniflux DB_USER=miniflux @@ -10,6 +12,4 @@ SECRET_DB_PASSWORD_VERSION=v1 SECRET_ADMIN_PASSWORD_VERSION=v1 SECRET_KEY_VERSION=v1 -# Config Versions -CONFIG_VERSION=v1 -STACK_NAME=miniflux +LETS_ENCRYPT_ENV=production diff --git a/abra.sh b/abra.sh index 7b2e3fc..5c54e9d 100644 --- a/abra.sh +++ b/abra.sh @@ -1,19 +1 @@ -#!/bin/sh - -STACK_NAME=miniflux -CONFIG_VERSION=v1 - -# Set default versions if not already set -SECRET_DB_PASSWORD_VERSION=${SECRET_DB_PASSWORD_VERSION:-v1} -SECRET_ADMIN_PASSWORD_VERSION=${SECRET_ADMIN_PASSWORD_VERSION:-v1} -SECRET_KEY_VERSION=${SECRET_KEY_VERSION:-v1} - -abra deploy \ - --stack $STACK_NAME \ - --compose-file compose.yml \ - --compose-file compose.postgres.yml \ - --config $CONFIG_VERSION \ - --secret db_password:$SECRET_DB_PASSWORD_VERSION \ - --secret admin_password:$SECRET_ADMIN_PASSWORD_VERSION \ - --secret secret_key:$SECRET_KEY_VERSION - +export ENTRYPOINT_CONF_VERSION=v1 diff --git a/compose.postgres.yml b/compose.postgres.yml deleted file mode 100644 index 88e3cc7..0000000 --- a/compose.postgres.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -version: "3.8" - -services: - db: - image: postgres:15 - environment: - - POSTGRES_DB={{ env "DB_NAME" }} - - POSTGRES_USER={{ env "DB_USER" }} - - POSTGRES_PASSWORD={{ secret "db_password" }} - volumes: - - miniflux-db:/var/lib/postgresql/data - healthcheck: - test: ["CMD", "pg_isready", "-U", "{{ env 'DB_USER' }}"] - interval: 10s - start_period: 30s -networks: - internal: - -volumes: - miniflux-db: diff --git a/compose.yml b/compose.yml index 5fb17e8..64dd7b1 100644 --- a/compose.yml +++ b/compose.yml @@ -3,52 +3,78 @@ version: "3.8" services: app: - image: "miniflux/miniflux:2.2.0" - configs: - - source: config_yml - target: /etc/miniflux/config.yml + image: "miniflux/miniflux:2.2.16" + depends_on: + - db secrets: - - db_password - admin_password - - secret_key + - db_password environment: - - DATABASE_URL=postgres://{{ env "DB_USER" }}:{{ secret "db_password" }}@db/{{ env "DB_NAME" }}?sslmode=disable - RUN_MIGRATIONS=1 - - ADMIN_USERNAME={{ env "MINIFLUX_ADMIN_USERNAME" }} - - ADMIN_PASSWORD={{ secret "admin_password" }} - - BASE_URL=https://{{ env "DOMAIN" }} + - CREATE_ADMIN=1 + - ADMIN_USERNAME=${MINIFLUX_ADMIN_USERNAME} + - ADMIN_PASSWORD_FILE=/run/secrets/admin_password + - BASE_URL=https://${DOMAIN} networks: - proxy - internal + configs: + - source: entrypoint + target: /entrypoint.sh + mode: 0555 + entrypoint: /entrypoint.sh deploy: - update_config: - failure_action: rollback labels: - "traefik.enable=true" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - - "traefik.http.routers.${STACK_NAME}.entrypoints=websecure" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080" - - coop-cloud.${STACK_NAME}.version=2.2.0 + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + ## Edit the following line if you are using one, but not both, "Redirect" sections below + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname" + ## Redirect from EXTRA_DOMAINS to DOMAIN + - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)" + - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}" + - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true" + ## Redirect HTTP to HTTPS + - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https" + - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true" + - "coop-cloud.${STACK_NAME}.version=0.2.0+2.2.16" + + db: + image: postgres:17 + secrets: + - db_password + environment: + - POSTGRES_DB=${DB_NAME} + - POSTGRES_USER=${DB_USER} + - POSTGRES_PASSWORD_FILE=/run/secrets/db_password + volumes: + - miniflux-db:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready", "-U", "miniflux"] + interval: 10s + start_period: 30s + networks: + - internal + +configs: + entrypoint: + name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION} + file: entrypoint.sh networks: internal: proxy: external: true -configs: - config_yml: - name: ${STACK_NAME}_config_yml_${CONFIG_VERSION} - file: config.yml.tmpl - template_driver: golang - secrets: - db_password: - name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} - external: true admin_password: name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION} external: true - secret_key: - name: ${STACK_NAME}_secret_key_${SECRET_KEY_VERSION} + db_password: + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} external: true +volumes: + miniflux-db: diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..573bbe9 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +[ -f /run/secrets/db_password ] && export DB_PASSWORD_SECRET="$(cat /run/secrets/db_password)" + +export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD_SECRET}@db/${DB_NAME}?sslmode=disable" + +# if not in "env" mode, then execute the original entrypoint and command +if [ ! "$1" = "-e" ]; then + /usr/bin/miniflux "$@" +fi diff --git a/release/0.2.0+2.2.16 b/release/0.2.0+2.2.16 new file mode 100644 index 0000000..56432fb --- /dev/null +++ b/release/0.2.0+2.2.16 @@ -0,0 +1 @@ +updates to miniflux to get recipe in working condition \ No newline at end of file