init

.env.sample

@@ -0,0 +1,22 @@
+TYPE=pixelfed
+
+DOMAIN=pixelfed.example.com
+
+APP_NAME="Pixelfed"
+APP_URL=https://$DOMAIN
+
+OPEN_REGISTRATION=true
+APP_TIMEZONE=UTC
+
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.pixelfed.example.com`'
+LETS_ENCRYPT_ENV=production
+
+## ActivityPub settings. Change to true to enable the following:
+## ACTIVITY_PUB, AP_REMOTE_FOLLOW, AP_SHAREDINBOX, AP_INBOX AP_OUTBOX
+ENABLE_ACTIVITYPUB=false
+
+# secrets, you can leave it as is
+SECRET_DB_PASSWORD_VERSION=v1
+SECRET_DB_ROOT_PASSWORD_VERSION=v1

README.md

@@ -0,0 +1,20 @@
+# pixelfed
+
+> Photo Sharing. For Everyone.
+
+<!-- metadata -->
+
+* **Category**: Apps
+* **Status**:
+* **Image**:
+* **Healthcheck**:
+* **Backups**:
+* **Email**:
+* **Tests**:
+* **SSO**:
+
+<!-- endmetadata -->
+
+## weird stuff
+
+- `env.docker` has to be in the running container in `/var/www/.env` and owned by `www-data.` this is done via `configs:` statement in `compose.yml,` and then via entrypoint (it copies the file and changes permissions). this is a hack and there's probably a better way of doing it, but putting the file directly in `/var/www/.env` as a config doesn't work: the file is empty, owned by root and the app crashes saying that it's a read-only filesystem. 

abra.sh

@@ -0,0 +1,2 @@
+export PIXELFED_ENTRYPOINT_VERSION=v1
+export PIXELFED_WORKER_ENTRYPOINT_VERSION=v1

compose.yml

@@ -0,0 +1,152 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: zknt/pixelfed
+    environment:
+      - DOMAIN
+      - APP_NAME
+      - APP_TIMEZONE
+      - ADMIN_DOMAIN
+      - OPEN_REGISTRATION
+      - OAUTH_ENABLED
+      - ENABLE_ACTIVITYPUB
+      - DB_CONNECTION=mysql
+      - DB_DATABASE=pixelfed_prod
+      - DB_HOST=db
+      - DB_PASSWORD_FILE=/run/secrets/db_pass
+      - DB_PORT=3306
+      - DB_USERNAME=pixelfed
+    configs:
+      - source: entrypoint
+        target: /abra-entrypoint.sh
+        mode: 0555
+      - source: envdocker
+        target: /envfile
+        mode: 0555
+        uid: "33"
+        guid: "33"
+    entrypoint: /abra-entrypoint.sh
+    volumes:
+      - www:/var/www:rw
+      - app-storage:/var/www/storage
+      - app-bootstrap:/var/www/bootstrap
+    networks:
+      - proxy
+      - internal
+    secrets:
+      - db_password
+    depends_on:
+      - db
+      - redis
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.web.version=1.20.0-ea4560b8"
+
+  worker:
+    image: zknt/pixelfed
+    environment:
+      - DOMAIN
+      - APP_NAME
+      - APP_TIMEZONE
+      - ADMIN_DOMAIN
+      - OPEN_REGISTRATION
+      - OAUTH_ENABLED
+      - ENABLE_ACTIVITYPUB
+      - DB_CONNECTION=mysql
+      - DB_DATABASE=pixelfed_prod
+      - DB_HOST=db
+      - DB_PASSWORD_FILE=/run/secrets/db_pass
+      - DB_PORT=3306
+      - DB_USERNAME=pixelfed
+    volumes:
+      - app-storage:/var/www/storage
+      - app-bootstrap:/var/www/bootstrap
+    networks:
+      - internal
+    command: gosu www-data php artisan horizon
+    secrets:
+      - db_password
+    depends_on:
+      - db
+      - redis
+      - app
+    configs:
+      - source: worker_entrypoint
+        target: /abra-entrypoint.sh
+        mode: 0555
+    entrypoint:
+      /abra-entrypoint.sh
+
+  db:
+    image: "mariadb:10.7"
+    environment:
+      - MYSQL_DATABASE=pixelfed_prod
+      - MYSQL_USER=pixelfed
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+    networks:
+      - internal
+    secrets:
+      - db_root_password
+      - db_password
+    command: --default-authentication-plugin=mysql_native_password
+    volumes:
+      - "db-data:/var/lib/mysql"
+    deploy:
+      labels:
+        - "coop-cloud.${STACK_NAME}.db.version=10.7-62601155"
+
+  redis:
+    image: redis:6.2
+    volumes:
+      - "redis-data:/data"
+    networks:
+      - internal
+    deploy:
+      labels:
+        - "coop-cloud.${STACK_NAME}.cache.version=6.2-"
+secrets:
+  db_root_password:
+    external: true
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+
+volumes:
+  db-data:
+  www:
+  redis-data:
+  app-storage:
+  app-bootstrap:
+
+networks:
+  internal:
+  proxy:
+    external: true
+
+configs:
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${PIXELFED_ENTRYPOINT_VERSION}
+    file: entrypoint.sh
+  worker_entrypoint:
+    name: ${STACK_NAME}_worker_entrypoint_${PIXELFED_WORKER_ENTRYPOINT_VERSION}
+    file: worker-entrypoint.sh
+  envdocker:
+    name: ${STACK_NAME}_env_docker
+    file: env.docker.tmpl
+    template_driver: golang

entrypoint.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+set -e
+if test -f "/run/secrets/db_password"; then
+    pwd=`cat /run/secrets/db_password`
+    if [ -z $pwd ]; then
+        echo >&2 "error: /run/secrets/db_password is empty"
+        exit 1
+    fi
+    export "DB_PASSWORD"="$pwd"
+    unset "pwd"
+else
+    echo >&2 "error: /run/secrets/db_password does not exist"
+    exit 1
+fi
+
+# we want to run some one-time tasks as described here:
+# https://docs.pixelfed.org/running-pixelfed/installation.html#setting-up-services
+
+if test ! -f /var/www/.env; then
+    cp /envfile /var/www/.env
+    chown www-data:www-data /var/www/.env
+    chmod 755 /var/www/.env
+    rm /envfile
+else
+    # this is a bit of a hack to move APP_KEY to the new env_file
+    appkey=`grep 'APP_KEY=' /var/www/.env`
+    sed "s/APP_KEY=/$appkey/g" /envfile > /newenv
+    cp /newenv /var/www/.env
+    chmod 755 /var/www/.env
+    unset appkey
+    rm /newenv
+fi
+
+/entrypoint.sh

env.docker.tmpl

@@ -0,0 +1,141 @@
+## Crypto
+APP_KEY=
+
+APP_NAME
+APP_URL
+APP_TIMEZONE
+OPEN_REGISTRATION
+ENABLE_ACTIVITYPUB
+
+## ActivityPub Federation
+ACTIVITY_PUB={{env "ENABLE_ACTIVITYPUB" }}
+AP_REMOTE_FOLLOW={{env "ENABLE_ACTIVITYPUB" }}
+AP_SHAREDINBOX={{env "ENABLE_ACTIVITYPUB" }}
+AP_INBOX={{env "ENABLE_ACTIVITYPUB" }}
+AP_OUTBOX={{env "ENABLE_ACTIVITYPUB" }}
+ATOM_FEEDS=true
+NODEINFO=true
+WEBFINGER=true
+
+## General Settings
+APP_URL=https://{{env "DOMAIN" }}
+APP_DOMAIN={{env "DOMAIN" }}
+ADMIN_DOMAIN={{env "DOMAIN" }}
+SESSION_DOMAIN={{env "DOMAIN" }}
+DB_CONNECTION=mysql
+DB_DATABASE=pixelfed_prod
+DB_HOST=db
+DB_PASSWORD_FILE=/run/secrets/db_password
+DB_PORT=3306
+DB_USERNAME=pixelfed
+APP_ENV=local
+APP_DEBUG=true
+ENFORCE_EMAIL_VERIFICATION=false
+PF_MAX_USERS=1000
+APP_LOCALE=en
+LIMIT_ACCOUNT_SIZE=true
+MAX_ACCOUNT_SIZE=1000000
+MAX_PHOTO_SIZE=15000
+MAX_AVATAR_SIZE=2000
+MAX_CAPTION_LENGTH=500
+MAX_BIO_LENGTH=125
+MAX_NAME_LENGTH=30
+MAX_ALBUM_LENGTH=4
+IMAGE_QUALITY=80
+PF_OPTIMIZE_IMAGES=true
+PF_OPTIMIZE_VIDEOS=true
+ADMIN_ENV_EDITOR=false
+ACCOUNT_DELETION=true
+ACCOUNT_DELETE_AFTER=false
+MAX_LINKS_PER_POST=0
+OAUTH_ENABLED=false
+
+## Instance
+#INSTANCE_DESCRIPTION=
+INSTANCE_PUBLIC_HASHTAGS=false
+#INSTANCE_CONTACT_EMAIL=
+INSTANCE_PUBLIC_LOCAL_TIMELINE=false
+#BANNED_USERNAMES=
+STORIES_ENABLED=false
+RESTRICTED_INSTANCE=false
+
+## Mail
+MAIL_DRIVER=log
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_FROM_ADDRESS="pixelfed@example.com"
+MAIL_FROM_NAME="Pixelfed"
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+
+## Databases (Postgres)
+#DB_CONNECTION=pgsql
+#DB_HOST=postgres
+#DB_PORT=5432
+#DB_DATABASE=pixelfed
+#DB_USERNAME=postgres
+#DB_PASSWORD=postgres
+
+## Cache (Redis)
+REDIS_CLIENT=phpredis
+REDIS_SCHEME=tcp
+REDIS_HOST=redis
+REDIS_PASSWORD=
+REDIS_PORT=6379
+REDIS_DATABASE=0
+
+## EXPERIMENTS
+EXP_LC=false
+EXP_REC=false
+EXP_LOOPS=false
+
+
+## S3
+FILESYSTEM_DRIVER=local
+FILESYSTEM_CLOUD=s3
+PF_ENABLE_CLOUD=false
+#AWS_ACCESS_KEY_ID=
+#AWS_SECRET_ACCESS_KEY=
+#AWS_DEFAULT_REGION=
+#AWS_BUCKET=
+#AWS_URL=
+#AWS_ENDPOINT=
+#AWS_USE_PATH_STYLE_ENDPOINT=false
+
+## Horizon
+HORIZON_DARKMODE=false
+
+## COSTAR - Confirm Object Sentiment Transform and Reduce
+PF_COSTAR_ENABLED=false
+
+# Media
+MEDIA_EXIF_DATABASE=false
+
+## Logging
+LOG_CHANNEL=stack
+
+## Image
+IMAGE_DRIVER=imagick
+
+## Broadcasting
+BROADCAST_DRIVER=log  # log driver for local development
+
+## Cache
+CACHE_DRIVER=redis
+
+## Purify
+RESTRICT_HTML_TYPES=true
+
+## Queue
+QUEUE_DRIVER=redis
+
+## Session
+SESSION_DRIVER=redis
+
+## Trusted Proxy
+TRUST_PROXIES="*"
+
+## Passport
+#PASSPORT_PRIVATE_KEY=
+#PASSPORT_PUBLIC_KEY=

worker-entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+if test -f "/run/secrets/db_password"; then
+    pwd=`cat /run/secrets/db_password`
+    if [ -z $pwd ]; then
+        echo >&2 "error: /run/secrets/db_password is empty"
+        exit 1
+    fi
+    export "DB_PASSWORD"="$pwd"
+    unset "pwd"
+else
+    echo >&2 "error: /run/secrets/db_password does not exist"
+    exit 1
+fi
+
+# we want to run some one-time tasks as described here:
+# https://docs.pixelfed.org/running-pixelfed/installation.html#setting-up-services
+
+#if test ! -f /var/www/.env; then
+#    cp /envfile /var/www/.env
+#    chown www-data:www-data /var/www/.env
+#    chmod 755 /var/www/.env
+#fi
+
+/worker-entrypoint.sh