add service dependencies and extend deployment timeout

.drone.yml

@@ -18,6 +18,8 @@ steps:
       STACK_NAME: outline
       LETS_ENCRYPT_ENV: production
       APP_ENTRYPOINT_VERSION: v1
+      DB_ENTRYPOINT_VERSION: v1
+      PG_BACKUP_VERSION: v1
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_SECRET_KEY_VERSION: v1  # length=64
       SECRET_UTILS_SECRET_VERSION: v1  # length=64
@@ -36,7 +38,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -8,6 +8,8 @@ DOMAIN=outline.example.com
 #EXTRA_DOMAINS=', `www.outline.example.com`'
 LETS_ENCRYPT_ENV=production
 
+ENABLE_BACKUPS=true
+
 COMPOSE_FILE="compose.yml"
 
 # –––––––––––––––– REQUIRED ––––––––––––––––
@@ -39,7 +41,7 @@ WEB_CONCURRENCY=1
 
 # Override the maxium size of document imports, could be required if you have
 # especially large Word documents with embedded imagery
-MAXIMUM_IMPORT_SIZE=5120000
+FILE_STORAGE_IMPORT_MAX_SIZE=5120000
 
 # You can remove this line if your reverse proxy already logs incoming http
 # requests and this ends up being duplicative

abra.sh

@@ -1,5 +1,6 @@
 export APP_ENTRYPOINT_VERSION=v9
 export DB_ENTRYPOINT_VERSION=v2
+export PG_BACKUP_VERSION=v1
 
 create_email_user() {
 	if [ -z "$1" ]; then
@@ -19,6 +20,10 @@ migrate() {
 	yarn db:migrate --env=production-ssl-disabled
 }
 
+generate_secret() {
+    abra app secret insert $DOMAIN secret_key v1 $(openssl rand -hex 32)
+}
+
 delete_user_by_id() {
 	if [ -z "$1" ] || [ -z "$2" ]; then
 		echo "Usage: ... delete_user_by_id <userid-to-delete> <userid-to-replace>"

compose.yml

@@ -6,7 +6,7 @@ services:
     networks:
       - backend
       - proxy
-    image: outlinewiki/outline:0.77.2
+    image: outlinewiki/outline:0.82.0
     secrets:
       - db_password
       - secret_key
@@ -34,19 +34,23 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=2.4.1+0.77.2"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version=2.9.0+0.82.0"
+        # Redirect from EXTRA_DOMAINS to DOMAIN
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-80}"
+    depends_on:
+      - cache
+      - db
 
   cache:
-    image: redis:7.2.5
+    image: redis:7.4.2
     networks:
       - backend
 
   db:
-    image: postgres:16.3
+    image: postgres:17.3
     networks:
       - backend
     secrets:
@@ -55,6 +59,9 @@ services:
       - source: db_entrypoint
         target: /docker-entrypoint.sh
         mode: 0555
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
     environment:
       POSTGRES_DB: outline
       POSTGRES_PASSWORD_FILE: /run/secrets/db_password
@@ -64,10 +71,10 @@ services:
     entrypoint: /docker-entrypoint.sh
     deploy:
       labels:
-        backupbot.backup: "true"
-        backupbot.backup.path: "/var/lib/postgresql/data/dump.sql.gz"
-        backupbot.backup.post-hook: "rm -f /var/lib/postgresql/data/dump.sql.gz"
-        backupbot.backup.pre-hook: "sh -c 'PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U outline outline | gzip > /var/lib/postgresql/data/dump.sql.gz'"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.postgres_data.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
 
 secrets:
   secret_key:
@@ -97,3 +104,6 @@ configs:
     name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
     file: entrypoint.postgres.sh.tmpl
     template_driver: golang
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh

pg_backup.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@