commit b37a23e40da1d86a58fd68d00938060b92b022b9 Author: cellarspoon Date: Mon Jan 3 14:37:30 2022 +0100 init diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..339d262 --- /dev/null +++ b/.env.sample @@ -0,0 +1,22 @@ +TYPE=pixelfed + +DOMAIN=pixelfed.example.com + +APP_NAME="Pixelfed" +APP_URL=https://$DOMAIN + +OPEN_REGISTRATION=true +APP_TIMEZONE=UTC + + +## Domain aliases +#EXTRA_DOMAINS=', `www.pixelfed.example.com`' +LETS_ENCRYPT_ENV=production + +## ActivityPub settings. Change to true to enable the following: +## ACTIVITY_PUB, AP_REMOTE_FOLLOW, AP_SHAREDINBOX, AP_INBOX AP_OUTBOX +ENABLE_ACTIVITYPUB=false + +# secrets, you can leave it as is +SECRET_DB_PASSWORD_VERSION=v1 +SECRET_DB_ROOT_PASSWORD_VERSION=v1 diff --git a/README.md b/README.md new file mode 100644 index 0000000..5ba141b --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# pixelfed + +> Photo Sharing. For Everyone. + + + +* **Category**: Apps +* **Status**: +* **Image**: +* **Healthcheck**: +* **Backups**: +* **Email**: +* **Tests**: +* **SSO**: + + + +## weird stuff + +- `env.docker` has to be in the running container in `/var/www/.env` and owned by `www-data.` this is done via `configs:` statement in `compose.yml,` and then via entrypoint (it copies the file and changes permissions). this is a hack and there's probably a better way of doing it, but putting the file directly in `/var/www/.env` as a config doesn't work: the file is empty, owned by root and the app crashes saying that it's a read-only filesystem. diff --git a/abra.sh b/abra.sh new file mode 100644 index 0000000..9958f0d --- /dev/null +++ b/abra.sh @@ -0,0 +1,2 @@ +export PIXELFED_ENTRYPOINT_VERSION=v1 +export PIXELFED_WORKER_ENTRYPOINT_VERSION=v1 diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..9121d01 --- /dev/null +++ b/compose.yml @@ -0,0 +1,152 @@ +--- +version: "3.8" + +services: + app: + image: zknt/pixelfed + environment: + - DOMAIN + - APP_NAME + - APP_TIMEZONE + - ADMIN_DOMAIN + - OPEN_REGISTRATION + - OAUTH_ENABLED + - ENABLE_ACTIVITYPUB + - DB_CONNECTION=mysql + - DB_DATABASE=pixelfed_prod + - DB_HOST=db + - DB_PASSWORD_FILE=/run/secrets/db_pass + - DB_PORT=3306 + - DB_USERNAME=pixelfed + configs: + - source: entrypoint + target: /abra-entrypoint.sh + mode: 0555 + - source: envdocker + target: /envfile + mode: 0555 + uid: "33" + guid: "33" + entrypoint: /abra-entrypoint.sh + volumes: + - www:/var/www:rw + - app-storage:/var/www/storage + - app-bootstrap:/var/www/bootstrap + networks: + - proxy + - internal + secrets: + - db_password + depends_on: + - db + - redis + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "coop-cloud.${STACK_NAME}.web.version=1.20.0-ea4560b8" + + worker: + image: zknt/pixelfed + environment: + - DOMAIN + - APP_NAME + - APP_TIMEZONE + - ADMIN_DOMAIN + - OPEN_REGISTRATION + - OAUTH_ENABLED + - ENABLE_ACTIVITYPUB + - DB_CONNECTION=mysql + - DB_DATABASE=pixelfed_prod + - DB_HOST=db + - DB_PASSWORD_FILE=/run/secrets/db_pass + - DB_PORT=3306 + - DB_USERNAME=pixelfed + volumes: + - app-storage:/var/www/storage + - app-bootstrap:/var/www/bootstrap + networks: + - internal + command: gosu www-data php artisan horizon + secrets: + - db_password + depends_on: + - db + - redis + - app + configs: + - source: worker_entrypoint + target: /abra-entrypoint.sh + mode: 0555 + entrypoint: + /abra-entrypoint.sh + + db: + image: "mariadb:10.7" + environment: + - MYSQL_DATABASE=pixelfed_prod + - MYSQL_USER=pixelfed + - MYSQL_PASSWORD_FILE=/run/secrets/db_password + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + networks: + - internal + secrets: + - db_root_password + - db_password + command: --default-authentication-plugin=mysql_native_password + volumes: + - "db-data:/var/lib/mysql" + deploy: + labels: + - "coop-cloud.${STACK_NAME}.db.version=10.7-62601155" + + redis: + image: redis:6.2 + volumes: + - "redis-data:/data" + networks: + - internal + deploy: + labels: + - "coop-cloud.${STACK_NAME}.cache.version=6.2-" +secrets: + db_root_password: + external: true + name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + db_password: + external: true + name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + +volumes: + db-data: + www: + redis-data: + app-storage: + app-bootstrap: + +networks: + internal: + proxy: + external: true + +configs: + entrypoint: + name: ${STACK_NAME}_entrypoint_${PIXELFED_ENTRYPOINT_VERSION} + file: entrypoint.sh + worker_entrypoint: + name: ${STACK_NAME}_worker_entrypoint_${PIXELFED_WORKER_ENTRYPOINT_VERSION} + file: worker-entrypoint.sh + envdocker: + name: ${STACK_NAME}_env_docker + file: env.docker.tmpl + template_driver: golang diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..5932e74 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/sh +set -e +if test -f "/run/secrets/db_password"; then + pwd=`cat /run/secrets/db_password` + if [ -z $pwd ]; then + echo >&2 "error: /run/secrets/db_password is empty" + exit 1 + fi + export "DB_PASSWORD"="$pwd" + unset "pwd" +else + echo >&2 "error: /run/secrets/db_password does not exist" + exit 1 +fi + +# we want to run some one-time tasks as described here: +# https://docs.pixelfed.org/running-pixelfed/installation.html#setting-up-services + +if test ! -f /var/www/.env; then + cp /envfile /var/www/.env + chown www-data:www-data /var/www/.env + chmod 755 /var/www/.env + rm /envfile +else + # this is a bit of a hack to move APP_KEY to the new env_file + appkey=`grep 'APP_KEY=' /var/www/.env` + sed "s/APP_KEY=/$appkey/g" /envfile > /newenv + cp /newenv /var/www/.env + chmod 755 /var/www/.env + unset appkey + rm /newenv +fi + +/entrypoint.sh diff --git a/env.docker.tmpl b/env.docker.tmpl new file mode 100644 index 0000000..5561754 --- /dev/null +++ b/env.docker.tmpl @@ -0,0 +1,141 @@ +## Crypto +APP_KEY= + +APP_NAME +APP_URL +APP_TIMEZONE +OPEN_REGISTRATION +ENABLE_ACTIVITYPUB + +## ActivityPub Federation +ACTIVITY_PUB={{env "ENABLE_ACTIVITYPUB" }} +AP_REMOTE_FOLLOW={{env "ENABLE_ACTIVITYPUB" }} +AP_SHAREDINBOX={{env "ENABLE_ACTIVITYPUB" }} +AP_INBOX={{env "ENABLE_ACTIVITYPUB" }} +AP_OUTBOX={{env "ENABLE_ACTIVITYPUB" }} +ATOM_FEEDS=true +NODEINFO=true +WEBFINGER=true + +## General Settings +APP_URL=https://{{env "DOMAIN" }} +APP_DOMAIN={{env "DOMAIN" }} +ADMIN_DOMAIN={{env "DOMAIN" }} +SESSION_DOMAIN={{env "DOMAIN" }} +DB_CONNECTION=mysql +DB_DATABASE=pixelfed_prod +DB_HOST=db +DB_PASSWORD_FILE=/run/secrets/db_password +DB_PORT=3306 +DB_USERNAME=pixelfed +APP_ENV=local +APP_DEBUG=true +ENFORCE_EMAIL_VERIFICATION=false +PF_MAX_USERS=1000 +APP_LOCALE=en +LIMIT_ACCOUNT_SIZE=true +MAX_ACCOUNT_SIZE=1000000 +MAX_PHOTO_SIZE=15000 +MAX_AVATAR_SIZE=2000 +MAX_CAPTION_LENGTH=500 +MAX_BIO_LENGTH=125 +MAX_NAME_LENGTH=30 +MAX_ALBUM_LENGTH=4 +IMAGE_QUALITY=80 +PF_OPTIMIZE_IMAGES=true +PF_OPTIMIZE_VIDEOS=true +ADMIN_ENV_EDITOR=false +ACCOUNT_DELETION=true +ACCOUNT_DELETE_AFTER=false +MAX_LINKS_PER_POST=0 +OAUTH_ENABLED=false + +## Instance +#INSTANCE_DESCRIPTION= +INSTANCE_PUBLIC_HASHTAGS=false +#INSTANCE_CONTACT_EMAIL= +INSTANCE_PUBLIC_LOCAL_TIMELINE=false +#BANNED_USERNAMES= +STORIES_ENABLED=false +RESTRICTED_INSTANCE=false + +## Mail +MAIL_DRIVER=log +MAIL_HOST=smtp.mailtrap.io +MAIL_PORT=2525 +MAIL_FROM_ADDRESS="pixelfed@example.com" +MAIL_FROM_NAME="Pixelfed" +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null + +## Databases (Postgres) +#DB_CONNECTION=pgsql +#DB_HOST=postgres +#DB_PORT=5432 +#DB_DATABASE=pixelfed +#DB_USERNAME=postgres +#DB_PASSWORD=postgres + +## Cache (Redis) +REDIS_CLIENT=phpredis +REDIS_SCHEME=tcp +REDIS_HOST=redis +REDIS_PASSWORD= +REDIS_PORT=6379 +REDIS_DATABASE=0 + +## EXPERIMENTS +EXP_LC=false +EXP_REC=false +EXP_LOOPS=false + + +## S3 +FILESYSTEM_DRIVER=local +FILESYSTEM_CLOUD=s3 +PF_ENABLE_CLOUD=false +#AWS_ACCESS_KEY_ID= +#AWS_SECRET_ACCESS_KEY= +#AWS_DEFAULT_REGION= +#AWS_BUCKET= +#AWS_URL= +#AWS_ENDPOINT= +#AWS_USE_PATH_STYLE_ENDPOINT=false + +## Horizon +HORIZON_DARKMODE=false + +## COSTAR - Confirm Object Sentiment Transform and Reduce +PF_COSTAR_ENABLED=false + +# Media +MEDIA_EXIF_DATABASE=false + +## Logging +LOG_CHANNEL=stack + +## Image +IMAGE_DRIVER=imagick + +## Broadcasting +BROADCAST_DRIVER=log # log driver for local development + +## Cache +CACHE_DRIVER=redis + +## Purify +RESTRICT_HTML_TYPES=true + +## Queue +QUEUE_DRIVER=redis + +## Session +SESSION_DRIVER=redis + +## Trusted Proxy +TRUST_PROXIES="*" + +## Passport +#PASSPORT_PRIVATE_KEY= +#PASSPORT_PUBLIC_KEY= diff --git a/worker-entrypoint.sh b/worker-entrypoint.sh new file mode 100644 index 0000000..4dac8da --- /dev/null +++ b/worker-entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/sh +set -e +if test -f "/run/secrets/db_password"; then + pwd=`cat /run/secrets/db_password` + if [ -z $pwd ]; then + echo >&2 "error: /run/secrets/db_password is empty" + exit 1 + fi + export "DB_PASSWORD"="$pwd" + unset "pwd" +else + echo >&2 "error: /run/secrets/db_password does not exist" + exit 1 +fi + +# we want to run some one-time tasks as described here: +# https://docs.pixelfed.org/running-pixelfed/installation.html#setting-up-services + +#if test ! -f /var/www/.env; then +# cp /envfile /var/www/.env +# chown www-data:www-data /var/www/.env +# chmod 755 /var/www/.env +#fi + +/worker-entrypoint.sh