generated from coop-cloud/example
init
This commit is contained in:
commit
b37a23e40d
|
@ -0,0 +1,22 @@
|
||||||
|
TYPE=pixelfed
|
||||||
|
|
||||||
|
DOMAIN=pixelfed.example.com
|
||||||
|
|
||||||
|
APP_NAME="Pixelfed"
|
||||||
|
APP_URL=https://$DOMAIN
|
||||||
|
|
||||||
|
OPEN_REGISTRATION=true
|
||||||
|
APP_TIMEZONE=UTC
|
||||||
|
|
||||||
|
|
||||||
|
## Domain aliases
|
||||||
|
#EXTRA_DOMAINS=', `www.pixelfed.example.com`'
|
||||||
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
## ActivityPub settings. Change to true to enable the following:
|
||||||
|
## ACTIVITY_PUB, AP_REMOTE_FOLLOW, AP_SHAREDINBOX, AP_INBOX AP_OUTBOX
|
||||||
|
ENABLE_ACTIVITYPUB=false
|
||||||
|
|
||||||
|
# secrets, you can leave it as is
|
||||||
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
|
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
|
@ -0,0 +1,20 @@
|
||||||
|
# pixelfed
|
||||||
|
|
||||||
|
> Photo Sharing. For Everyone.
|
||||||
|
|
||||||
|
<!-- metadata -->
|
||||||
|
|
||||||
|
* **Category**: Apps
|
||||||
|
* **Status**:
|
||||||
|
* **Image**:
|
||||||
|
* **Healthcheck**:
|
||||||
|
* **Backups**:
|
||||||
|
* **Email**:
|
||||||
|
* **Tests**:
|
||||||
|
* **SSO**:
|
||||||
|
|
||||||
|
<!-- endmetadata -->
|
||||||
|
|
||||||
|
## weird stuff
|
||||||
|
|
||||||
|
- `env.docker` has to be in the running container in `/var/www/.env` and owned by `www-data.` this is done via `configs:` statement in `compose.yml,` and then via entrypoint (it copies the file and changes permissions). this is a hack and there's probably a better way of doing it, but putting the file directly in `/var/www/.env` as a config doesn't work: the file is empty, owned by root and the app crashes saying that it's a read-only filesystem.
|
|
@ -0,0 +1,2 @@
|
||||||
|
export PIXELFED_ENTRYPOINT_VERSION=v1
|
||||||
|
export PIXELFED_WORKER_ENTRYPOINT_VERSION=v1
|
|
@ -0,0 +1,152 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: zknt/pixelfed
|
||||||
|
environment:
|
||||||
|
- DOMAIN
|
||||||
|
- APP_NAME
|
||||||
|
- APP_TIMEZONE
|
||||||
|
- ADMIN_DOMAIN
|
||||||
|
- OPEN_REGISTRATION
|
||||||
|
- OAUTH_ENABLED
|
||||||
|
- ENABLE_ACTIVITYPUB
|
||||||
|
- DB_CONNECTION=mysql
|
||||||
|
- DB_DATABASE=pixelfed_prod
|
||||||
|
- DB_HOST=db
|
||||||
|
- DB_PASSWORD_FILE=/run/secrets/db_pass
|
||||||
|
- DB_PORT=3306
|
||||||
|
- DB_USERNAME=pixelfed
|
||||||
|
configs:
|
||||||
|
- source: entrypoint
|
||||||
|
target: /abra-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
|
- source: envdocker
|
||||||
|
target: /envfile
|
||||||
|
mode: 0555
|
||||||
|
uid: "33"
|
||||||
|
guid: "33"
|
||||||
|
entrypoint: /abra-entrypoint.sh
|
||||||
|
volumes:
|
||||||
|
- www:/var/www:rw
|
||||||
|
- app-storage:/var/www/storage
|
||||||
|
- app-bootstrap:/var/www/bootstrap
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
secrets:
|
||||||
|
- db_password
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
deploy:
|
||||||
|
update_config:
|
||||||
|
failure_action: rollback
|
||||||
|
order: start-first
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=proxy"
|
||||||
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||||
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||||
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
|
- "coop-cloud.${STACK_NAME}.web.version=1.20.0-ea4560b8"
|
||||||
|
|
||||||
|
worker:
|
||||||
|
image: zknt/pixelfed
|
||||||
|
environment:
|
||||||
|
- DOMAIN
|
||||||
|
- APP_NAME
|
||||||
|
- APP_TIMEZONE
|
||||||
|
- ADMIN_DOMAIN
|
||||||
|
- OPEN_REGISTRATION
|
||||||
|
- OAUTH_ENABLED
|
||||||
|
- ENABLE_ACTIVITYPUB
|
||||||
|
- DB_CONNECTION=mysql
|
||||||
|
- DB_DATABASE=pixelfed_prod
|
||||||
|
- DB_HOST=db
|
||||||
|
- DB_PASSWORD_FILE=/run/secrets/db_pass
|
||||||
|
- DB_PORT=3306
|
||||||
|
- DB_USERNAME=pixelfed
|
||||||
|
volumes:
|
||||||
|
- app-storage:/var/www/storage
|
||||||
|
- app-bootstrap:/var/www/bootstrap
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
command: gosu www-data php artisan horizon
|
||||||
|
secrets:
|
||||||
|
- db_password
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
- app
|
||||||
|
configs:
|
||||||
|
- source: worker_entrypoint
|
||||||
|
target: /abra-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
|
entrypoint:
|
||||||
|
/abra-entrypoint.sh
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: "mariadb:10.7"
|
||||||
|
environment:
|
||||||
|
- MYSQL_DATABASE=pixelfed_prod
|
||||||
|
- MYSQL_USER=pixelfed
|
||||||
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
||||||
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
secrets:
|
||||||
|
- db_root_password
|
||||||
|
- db_password
|
||||||
|
command: --default-authentication-plugin=mysql_native_password
|
||||||
|
volumes:
|
||||||
|
- "db-data:/var/lib/mysql"
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- "coop-cloud.${STACK_NAME}.db.version=10.7-62601155"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:6.2
|
||||||
|
volumes:
|
||||||
|
- "redis-data:/data"
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- "coop-cloud.${STACK_NAME}.cache.version=6.2-"
|
||||||
|
secrets:
|
||||||
|
db_root_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||||
|
db_password:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db-data:
|
||||||
|
www:
|
||||||
|
redis-data:
|
||||||
|
app-storage:
|
||||||
|
app-bootstrap:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
internal:
|
||||||
|
proxy:
|
||||||
|
external: true
|
||||||
|
|
||||||
|
configs:
|
||||||
|
entrypoint:
|
||||||
|
name: ${STACK_NAME}_entrypoint_${PIXELFED_ENTRYPOINT_VERSION}
|
||||||
|
file: entrypoint.sh
|
||||||
|
worker_entrypoint:
|
||||||
|
name: ${STACK_NAME}_worker_entrypoint_${PIXELFED_WORKER_ENTRYPOINT_VERSION}
|
||||||
|
file: worker-entrypoint.sh
|
||||||
|
envdocker:
|
||||||
|
name: ${STACK_NAME}_env_docker
|
||||||
|
file: env.docker.tmpl
|
||||||
|
template_driver: golang
|
|
@ -0,0 +1,34 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
if test -f "/run/secrets/db_password"; then
|
||||||
|
pwd=`cat /run/secrets/db_password`
|
||||||
|
if [ -z $pwd ]; then
|
||||||
|
echo >&2 "error: /run/secrets/db_password is empty"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
export "DB_PASSWORD"="$pwd"
|
||||||
|
unset "pwd"
|
||||||
|
else
|
||||||
|
echo >&2 "error: /run/secrets/db_password does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# we want to run some one-time tasks as described here:
|
||||||
|
# https://docs.pixelfed.org/running-pixelfed/installation.html#setting-up-services
|
||||||
|
|
||||||
|
if test ! -f /var/www/.env; then
|
||||||
|
cp /envfile /var/www/.env
|
||||||
|
chown www-data:www-data /var/www/.env
|
||||||
|
chmod 755 /var/www/.env
|
||||||
|
rm /envfile
|
||||||
|
else
|
||||||
|
# this is a bit of a hack to move APP_KEY to the new env_file
|
||||||
|
appkey=`grep 'APP_KEY=' /var/www/.env`
|
||||||
|
sed "s/APP_KEY=/$appkey/g" /envfile > /newenv
|
||||||
|
cp /newenv /var/www/.env
|
||||||
|
chmod 755 /var/www/.env
|
||||||
|
unset appkey
|
||||||
|
rm /newenv
|
||||||
|
fi
|
||||||
|
|
||||||
|
/entrypoint.sh
|
|
@ -0,0 +1,141 @@
|
||||||
|
## Crypto
|
||||||
|
APP_KEY=
|
||||||
|
|
||||||
|
APP_NAME
|
||||||
|
APP_URL
|
||||||
|
APP_TIMEZONE
|
||||||
|
OPEN_REGISTRATION
|
||||||
|
ENABLE_ACTIVITYPUB
|
||||||
|
|
||||||
|
## ActivityPub Federation
|
||||||
|
ACTIVITY_PUB={{env "ENABLE_ACTIVITYPUB" }}
|
||||||
|
AP_REMOTE_FOLLOW={{env "ENABLE_ACTIVITYPUB" }}
|
||||||
|
AP_SHAREDINBOX={{env "ENABLE_ACTIVITYPUB" }}
|
||||||
|
AP_INBOX={{env "ENABLE_ACTIVITYPUB" }}
|
||||||
|
AP_OUTBOX={{env "ENABLE_ACTIVITYPUB" }}
|
||||||
|
ATOM_FEEDS=true
|
||||||
|
NODEINFO=true
|
||||||
|
WEBFINGER=true
|
||||||
|
|
||||||
|
## General Settings
|
||||||
|
APP_URL=https://{{env "DOMAIN" }}
|
||||||
|
APP_DOMAIN={{env "DOMAIN" }}
|
||||||
|
ADMIN_DOMAIN={{env "DOMAIN" }}
|
||||||
|
SESSION_DOMAIN={{env "DOMAIN" }}
|
||||||
|
DB_CONNECTION=mysql
|
||||||
|
DB_DATABASE=pixelfed_prod
|
||||||
|
DB_HOST=db
|
||||||
|
DB_PASSWORD_FILE=/run/secrets/db_password
|
||||||
|
DB_PORT=3306
|
||||||
|
DB_USERNAME=pixelfed
|
||||||
|
APP_ENV=local
|
||||||
|
APP_DEBUG=true
|
||||||
|
ENFORCE_EMAIL_VERIFICATION=false
|
||||||
|
PF_MAX_USERS=1000
|
||||||
|
APP_LOCALE=en
|
||||||
|
LIMIT_ACCOUNT_SIZE=true
|
||||||
|
MAX_ACCOUNT_SIZE=1000000
|
||||||
|
MAX_PHOTO_SIZE=15000
|
||||||
|
MAX_AVATAR_SIZE=2000
|
||||||
|
MAX_CAPTION_LENGTH=500
|
||||||
|
MAX_BIO_LENGTH=125
|
||||||
|
MAX_NAME_LENGTH=30
|
||||||
|
MAX_ALBUM_LENGTH=4
|
||||||
|
IMAGE_QUALITY=80
|
||||||
|
PF_OPTIMIZE_IMAGES=true
|
||||||
|
PF_OPTIMIZE_VIDEOS=true
|
||||||
|
ADMIN_ENV_EDITOR=false
|
||||||
|
ACCOUNT_DELETION=true
|
||||||
|
ACCOUNT_DELETE_AFTER=false
|
||||||
|
MAX_LINKS_PER_POST=0
|
||||||
|
OAUTH_ENABLED=false
|
||||||
|
|
||||||
|
## Instance
|
||||||
|
#INSTANCE_DESCRIPTION=
|
||||||
|
INSTANCE_PUBLIC_HASHTAGS=false
|
||||||
|
#INSTANCE_CONTACT_EMAIL=
|
||||||
|
INSTANCE_PUBLIC_LOCAL_TIMELINE=false
|
||||||
|
#BANNED_USERNAMES=
|
||||||
|
STORIES_ENABLED=false
|
||||||
|
RESTRICTED_INSTANCE=false
|
||||||
|
|
||||||
|
## Mail
|
||||||
|
MAIL_DRIVER=log
|
||||||
|
MAIL_HOST=smtp.mailtrap.io
|
||||||
|
MAIL_PORT=2525
|
||||||
|
MAIL_FROM_ADDRESS="pixelfed@example.com"
|
||||||
|
MAIL_FROM_NAME="Pixelfed"
|
||||||
|
MAIL_USERNAME=null
|
||||||
|
MAIL_PASSWORD=null
|
||||||
|
MAIL_ENCRYPTION=null
|
||||||
|
|
||||||
|
## Databases (Postgres)
|
||||||
|
#DB_CONNECTION=pgsql
|
||||||
|
#DB_HOST=postgres
|
||||||
|
#DB_PORT=5432
|
||||||
|
#DB_DATABASE=pixelfed
|
||||||
|
#DB_USERNAME=postgres
|
||||||
|
#DB_PASSWORD=postgres
|
||||||
|
|
||||||
|
## Cache (Redis)
|
||||||
|
REDIS_CLIENT=phpredis
|
||||||
|
REDIS_SCHEME=tcp
|
||||||
|
REDIS_HOST=redis
|
||||||
|
REDIS_PASSWORD=
|
||||||
|
REDIS_PORT=6379
|
||||||
|
REDIS_DATABASE=0
|
||||||
|
|
||||||
|
## EXPERIMENTS
|
||||||
|
EXP_LC=false
|
||||||
|
EXP_REC=false
|
||||||
|
EXP_LOOPS=false
|
||||||
|
|
||||||
|
|
||||||
|
## S3
|
||||||
|
FILESYSTEM_DRIVER=local
|
||||||
|
FILESYSTEM_CLOUD=s3
|
||||||
|
PF_ENABLE_CLOUD=false
|
||||||
|
#AWS_ACCESS_KEY_ID=
|
||||||
|
#AWS_SECRET_ACCESS_KEY=
|
||||||
|
#AWS_DEFAULT_REGION=
|
||||||
|
#AWS_BUCKET=
|
||||||
|
#AWS_URL=
|
||||||
|
#AWS_ENDPOINT=
|
||||||
|
#AWS_USE_PATH_STYLE_ENDPOINT=false
|
||||||
|
|
||||||
|
## Horizon
|
||||||
|
HORIZON_DARKMODE=false
|
||||||
|
|
||||||
|
## COSTAR - Confirm Object Sentiment Transform and Reduce
|
||||||
|
PF_COSTAR_ENABLED=false
|
||||||
|
|
||||||
|
# Media
|
||||||
|
MEDIA_EXIF_DATABASE=false
|
||||||
|
|
||||||
|
## Logging
|
||||||
|
LOG_CHANNEL=stack
|
||||||
|
|
||||||
|
## Image
|
||||||
|
IMAGE_DRIVER=imagick
|
||||||
|
|
||||||
|
## Broadcasting
|
||||||
|
BROADCAST_DRIVER=log # log driver for local development
|
||||||
|
|
||||||
|
## Cache
|
||||||
|
CACHE_DRIVER=redis
|
||||||
|
|
||||||
|
## Purify
|
||||||
|
RESTRICT_HTML_TYPES=true
|
||||||
|
|
||||||
|
## Queue
|
||||||
|
QUEUE_DRIVER=redis
|
||||||
|
|
||||||
|
## Session
|
||||||
|
SESSION_DRIVER=redis
|
||||||
|
|
||||||
|
## Trusted Proxy
|
||||||
|
TRUST_PROXIES="*"
|
||||||
|
|
||||||
|
## Passport
|
||||||
|
#PASSPORT_PRIVATE_KEY=
|
||||||
|
#PASSPORT_PUBLIC_KEY=
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
if test -f "/run/secrets/db_password"; then
|
||||||
|
pwd=`cat /run/secrets/db_password`
|
||||||
|
if [ -z $pwd ]; then
|
||||||
|
echo >&2 "error: /run/secrets/db_password is empty"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
export "DB_PASSWORD"="$pwd"
|
||||||
|
unset "pwd"
|
||||||
|
else
|
||||||
|
echo >&2 "error: /run/secrets/db_password does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# we want to run some one-time tasks as described here:
|
||||||
|
# https://docs.pixelfed.org/running-pixelfed/installation.html#setting-up-services
|
||||||
|
|
||||||
|
#if test ! -f /var/www/.env; then
|
||||||
|
# cp /envfile /var/www/.env
|
||||||
|
# chown www-data:www-data /var/www/.env
|
||||||
|
# chmod 755 /var/www/.env
|
||||||
|
#fi
|
||||||
|
|
||||||
|
/worker-entrypoint.sh
|
Loading…
Reference in New Issue