.drone.yml

@@ -6,7 +6,7 @@ steps:
     image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
-      stack: rallly
+      stack: {{ .Name }}
       generate_secrets: true
       purge: true
       deploy_key:
@@ -14,14 +14,9 @@ steps:
       networks:
         - proxy
     environment:
-      DOMAIN: rallly.swarm-test.autonomic.zone
+      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
-      STACK_NAME: rallly
+      STACK_NAME: {{ .Name }}
       LETS_ENCRYPT_ENV: production
-      SECRET_SECRET_KEY_VERSION: v1
-      SECRET_DB_PASSWORD_VERSION: v1
-      SECRET_SMTP_PWD_VERSION: v1
-      APP_ENTRYPOINT_VERSION: v1
-      PG_BACKUP_VERSION: v1
 trigger:
   branch:
     - main
@@ -37,7 +32,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -1,15 +1,12 @@
 TYPE=rallly
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
-ENABLE_BACKUPS=true
 
 DOMAIN=rallly.example.com
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.rallly.example.com`'
 
-COMPOSE_FILE="compose.yml"
-
 LETS_ENCRYPT_ENV=production
 
 SECRET_SECRET_KEY_VERSION=v1
@@ -21,11 +18,3 @@ SMTP_HOST=mail.example.com
 SMTP_PORT=465
 SMTP_SECURE=true
 SMTP_USER=noreply@example.com
-
-#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
-#OIDC_ENABLED=1
-#OIDC_NAME= #The user-facing name of your provider as it will be shown on the login page
-#OIDC_DISCOVERY_URL= #URL of the .well-known/openid-configuration endpoint for your OIDC provider
-#OIDC_CLIENT_ID=
-#OIDC_ISSUER_URL=
-#SECRET_OIDC_CLIENT_SECRET_VERSION=v1

abra.sh

@@ -1,2 +1 @@
-export APP_ENTRYPOINT_VERSION=v3
+export APP_ENTRYPOINT_VERSION=v2
-export PG_BACKUP_VERSION=v1

alaconnect.yml

@@ -1,12 +0,0 @@
-authentik:
-    env:
-        OIDC_NAME: "Authentik"
-        OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration"
-        OIDC_ISSUER_URL: "https://authentik.example.com/application/o/rallly/"
-        OIDC_CLIENT_ID: rallly
-    uncomment: 
-        - compose.oidc.yml
-        - SECRET_OIDC_CLIENT_SECRET_VERSION
-        - OIDC_ENABLED
-    shared_secrets:
-        rallly_secret: oidc_client_secret

compose.oidc.yml

@@ -1,16 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    secrets:
-      - oidc_client_secret
-    environment:
-      - OIDC_ENABLED
-      - OIDC_NAME
-      - OIDC_DISCOVERY_URL
-      - OIDC_CLIENT_ID
-secrets:
-  oidc_client_secret:
-    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
-    external: true

compose.yml

@@ -3,8 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: lukevella/rallly:4.0.2
+    image: lukevella/rallly:2.11.1
-    hostname: 0.0.0.0
     networks:
       - proxy
       - internal
@@ -17,9 +16,7 @@ services:
     environment:
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
       - DATABASE=rallly_db:5432/db
-      - NEXT_PUBLIC_BASE_URL=https://${DOMAIN}
+      - NEXT_PUBLIC_BASE_URL=${DOMAIN}
-      - NEXT_PUBLIC_APP_BASE_URL=https://${DOMAIN}
-      - NEXTAUTH_URL=$NEXT_PUBLIC_BASE_URL
       - SECRET_PASSWORD_FILE=/run/secrets/secret_key
       - SUPPORT_EMAIL
       - SMTP_HOST
@@ -45,10 +42,9 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.0+4.0.2"
+        - "coop-cloud.${STACK_NAME}.version=0.4.1+2.11.1"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
-      test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/3000; exit $$?;'"
+      test: ["CMD", "curl", "-f", "http://localhost:3000"]
       interval: 30s
       timeout: 10s
       retries: 10
@@ -56,11 +52,10 @@ services:
   rallly_db:
     image: postgres:14.8
     deploy:
-      labels:
+        labels:
-        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+          backupbot.backup: "true"
-        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U postgres $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-        backupbot.backup.volumes.db-data.path: "backup.sql"
+          backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
-        backupbot.restore.post-hook: '/pg_backup.sh restore'
     volumes:
       - db-data:/var/lib/postgresql/data
     secrets:
@@ -68,7 +63,6 @@ services:
     environment:
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
       - POSTGRES_DB=db
-      - POSTGRES_USER=postgres
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U postgres"]
       interval: 5s
@@ -76,10 +70,6 @@ services:
       retries: 5
     networks:
       - internal
-    configs:
-        - source: pg_backup
-          target: /pg_backup.sh
-          mode: 0555
 
 secrets:
   db_password:
@@ -98,6 +88,9 @@ networks:
   internal:
 
 volumes:
+  mongodb_log:
+  mongodb_lib:
+  mongodb:
   db-data:
 
 configs:
@@ -105,6 +98,3 @@ configs:
     name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
-  pg_backup:
-    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
-    file: pg_backup.sh

entrypoint.sh.tmpl

@@ -1,9 +1,5 @@
 #!/bin/bash
 
-{{ if eq (env "OIDC_ENABLED") "1" }}
-export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
-{{ end }}
-
 set -eu
 
 file_env() {
@@ -30,7 +26,6 @@ file_env() {
 file_env "SECRET_PASSWORD"
 file_env "SMTP_PWD"
 file_env "POSTGRES_PASSWORD"
-file_env "OIDC_CLIENT_SECRET"
 
 export DATABASE_URL=postgres://postgres:$POSTGRES_PASSWORD@$DATABASE
 

pg_backup.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-set -e
-
-BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
-
-function backup {
-  export PGPASSWORD=$(cat /run/secrets/db_password)
-  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
-}
-
-function restore {
-    cd /var/lib/postgresql/data/
-    restore_config(){
-        # Restore allowed connections
-        cat pg_hba.conf.bak > pg_hba.conf
-        su postgres -c 'pg_ctl reload'
-    }
-    # Don't allow any other connections than local
-    cp pg_hba.conf pg_hba.conf.bak
-    echo "local all all trust" > pg_hba.conf
-    su postgres -c 'pg_ctl reload'
-    trap restore_config EXIT INT TERM
-
-    # Recreate Database
-    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
-    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
-    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
-
-    trap - EXIT INT TERM
-    restore_config
-}
-
-$@

release/0.5.0+3.5.1

@@ -1 +0,0 @@
-Rallly and recipe now support oidc. But you need to be registered to create polls now.

release/1.0.0+4.0.2

@@ -1 +0,0 @@
-BREAKING CHANGE: SSO requires OIDC_ISSUER_URL env.