.env.sample

@@ -1,5 +1,7 @@
 TYPE=miniflux
 
+COMPOSE_FILE="compose.yml"
+
 DOMAIN=rss.example.com
 DB_NAME=miniflux
 DB_USER=miniflux
@@ -10,6 +12,4 @@ SECRET_DB_PASSWORD_VERSION=v1
 SECRET_ADMIN_PASSWORD_VERSION=v1
 SECRET_KEY_VERSION=v1
 
-# Config Versions
-CONFIG_VERSION=v1
-STACK_NAME=miniflux
+LETS_ENCRYPT_ENV=production

abra.sh

@@ -1,19 +1 @@
-#!/bin/sh
-
-STACK_NAME=miniflux
-CONFIG_VERSION=v1
-
-# Set default versions if not already set
-SECRET_DB_PASSWORD_VERSION=${SECRET_DB_PASSWORD_VERSION:-v1}
-SECRET_ADMIN_PASSWORD_VERSION=${SECRET_ADMIN_PASSWORD_VERSION:-v1}
-SECRET_KEY_VERSION=${SECRET_KEY_VERSION:-v1}
-
-abra deploy \
-  --stack $STACK_NAME \
-  --compose-file compose.yml \
-  --compose-file compose.postgres.yml \
-  --config $CONFIG_VERSION \
-  --secret db_password:$SECRET_DB_PASSWORD_VERSION \
-  --secret admin_password:$SECRET_ADMIN_PASSWORD_VERSION \
-  --secret secret_key:$SECRET_KEY_VERSION
-
+export ENTRYPOINT_CONF_VERSION=v1

compose.postgres.yml

@@ -1,21 +0,0 @@
----
-version: "3.8"
-
-services:
-  db:
-    image: postgres:15
-    environment:
-      - POSTGRES_DB={{ env "DB_NAME" }}
-      - POSTGRES_USER={{ env "DB_USER" }}
-      - POSTGRES_PASSWORD={{ secret "db_password" }}
-    volumes:
-      - miniflux-db:/var/lib/postgresql/data
-    healthcheck:
-      test: ["CMD", "pg_isready", "-U", "{{ env 'DB_USER' }}"]
-      interval: 10s
-      start_period: 30s
-networks:
-  internal:
-
-volumes:
-  miniflux-db:

compose.yml

@@ -3,52 +3,78 @@ version: "3.8"
 
 services:
   app:
-    image: "miniflux/miniflux:2.2.0"
-    configs:
-      - source: config_yml
-        target: /etc/miniflux/config.yml
+    image: "miniflux/miniflux:2.2.16"
+    depends_on:
+      - db
     secrets:
-      - db_password
       - admin_password
-      - secret_key
+      - db_password
     environment:
-      - DATABASE_URL=postgres://{{ env "DB_USER" }}:{{ secret "db_password" }}@db/{{ env "DB_NAME" }}?sslmode=disable
       - RUN_MIGRATIONS=1
-      - ADMIN_USERNAME={{ env "MINIFLUX_ADMIN_USERNAME" }}
-      - ADMIN_PASSWORD={{ secret "admin_password" }}
-      - BASE_URL=https://{{ env "DOMAIN" }}
+      - CREATE_ADMIN=1
+      - ADMIN_USERNAME=${MINIFLUX_ADMIN_USERNAME}
+      - ADMIN_PASSWORD_FILE=/run/secrets/admin_password
+      - BASE_URL=https://${DOMAIN}
     networks:
       - proxy
       - internal
+    configs:
+      - source: entrypoint
+        target: /entrypoint.sh
+        mode: 0555
+    entrypoint: /entrypoint.sh
     deploy:
-      update_config:
-        failure_action: rollback
       labels:
         - "traefik.enable=true"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=websecure"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
-        - coop-cloud.${STACK_NAME}.version=2.2.0
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        ## Edit the following line if you are using one, but not both, "Redirect" sections below
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"
+        ## Redirect from EXTRA_DOMAINS to DOMAIN
+        - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
+        - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
+        - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
+        ## Redirect HTTP to HTTPS
+        - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
+        - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
+        - "coop-cloud.${STACK_NAME}.version=0.2.0+2.2.16"
+
+  db:
+    image: postgres:17
+    secrets:
+      - db_password
+    environment:
+      - POSTGRES_DB=${DB_NAME}
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+    volumes:
+      - miniflux-db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready", "-U", "miniflux"]
+      interval: 10s
+      start_period: 30s
+    networks:
+      - internal 
+
+configs:
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh
 
 networks:
   internal:
   proxy:
     external: true
 
-configs:
-  config_yml:
-    name: ${STACK_NAME}_config_yml_${CONFIG_VERSION}
-    file: config.yml.tmpl
-    template_driver: golang
-
 secrets:
-  db_password:
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-    external: true
   admin_password:
     name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
     external: true
-  secret_key:
-    name: ${STACK_NAME}_secret_key_${SECRET_KEY_VERSION}
+  db_password:
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
     external: true
 
+volumes:
+  miniflux-db:

entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh 
+set -e
+
+[ -f /run/secrets/db_password ] && export DB_PASSWORD_SECRET="$(cat /run/secrets/db_password)"
+
+export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD_SECRET}@db/${DB_NAME}?sslmode=disable"
+
+# if not in "env" mode, then execute the original entrypoint and command
+if [ ! "$1" = "-e" ]; then
+  /usr/bin/miniflux "$@"
+fi

release/0.2.0+2.2.16

@@ -0,0 +1 @@
+updates to miniflux to get recipe in working condition