Compare commits
No commits in common. "main" and "main" have entirely different histories.
13
.drone.yml
13
.drone.yml
@ -6,7 +6,7 @@ steps:
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: rallly
|
||||
stack: {{ .Name }}
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
@ -14,14 +14,9 @@ steps:
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: rallly.swarm-test.autonomic.zone
|
||||
STACK_NAME: rallly
|
||||
DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
|
||||
STACK_NAME: {{ .Name }}
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_SECRET_KEY_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SMTP_PWD_VERSION: v1
|
||||
APP_ENTRYPOINT_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
@ -37,7 +32,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
11
.env.sample
11
.env.sample
@ -1,15 +1,12 @@
|
||||
TYPE=rallly
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
DOMAIN=rallly.example.com
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.rallly.example.com`'
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
@ -21,11 +18,3 @@ SMTP_HOST=mail.example.com
|
||||
SMTP_PORT=465
|
||||
SMTP_SECURE=true
|
||||
SMTP_USER=noreply@example.com
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
|
||||
#OIDC_ENABLED=1
|
||||
#OIDC_NAME= #The user-facing name of your provider as it will be shown on the login page
|
||||
#OIDC_DISCOVERY_URL= #URL of the .well-known/openid-configuration endpoint for your OIDC provider
|
||||
#OIDC_CLIENT_ID=
|
||||
#OIDC_ISSUER_URL=
|
||||
#SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
3
abra.sh
3
abra.sh
@ -1,2 +1 @@
|
||||
export APP_ENTRYPOINT_VERSION=v3
|
||||
export PG_BACKUP_VERSION=v1
|
||||
export APP_ENTRYPOINT_VERSION=v2
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
authentik:
|
||||
env:
|
||||
OIDC_NAME: "Authentik"
|
||||
OIDC_DISCOVERY_URL: "https://authentik.example.com/application/o/rallly/.well-known/openid-configuration"
|
||||
OIDC_ISSUER_URL: "https://authentik.example.com/application/o/rallly/"
|
||||
OIDC_CLIENT_ID: rallly
|
||||
uncomment:
|
||||
- compose.oidc.yml
|
||||
- SECRET_OIDC_CLIENT_SECRET_VERSION
|
||||
- OIDC_ENABLED
|
||||
shared_secrets:
|
||||
rallly_secret: oidc_client_secret
|
||||
@ -1,16 +0,0 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- oidc_client_secret
|
||||
environment:
|
||||
- OIDC_ENABLED
|
||||
- OIDC_NAME
|
||||
- OIDC_DISCOVERY_URL
|
||||
- OIDC_CLIENT_ID
|
||||
secrets:
|
||||
oidc_client_secret:
|
||||
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||
external: true
|
||||
32
compose.yml
32
compose.yml
@ -3,8 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: lukevella/rallly:4.0.2
|
||||
hostname: 0.0.0.0
|
||||
image: lukevella/rallly:2.11.1
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
@ -17,9 +16,7 @@ services:
|
||||
environment:
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DATABASE=rallly_db:5432/db
|
||||
- NEXT_PUBLIC_BASE_URL=https://${DOMAIN}
|
||||
- NEXT_PUBLIC_APP_BASE_URL=https://${DOMAIN}
|
||||
- NEXTAUTH_URL=$NEXT_PUBLIC_BASE_URL
|
||||
- NEXT_PUBLIC_BASE_URL=${DOMAIN}
|
||||
- SECRET_PASSWORD_FILE=/run/secrets/secret_key
|
||||
- SUPPORT_EMAIL
|
||||
- SMTP_HOST
|
||||
@ -45,10 +42,9 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+4.0.2"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.4.1+2.11.1"
|
||||
healthcheck:
|
||||
test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/3000; exit $$?;'"
|
||||
test: ["CMD", "curl", "-f", "http://localhost:3000"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
@ -56,11 +52,10 @@ services:
|
||||
rallly_db:
|
||||
image: postgres:14.8
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.db-data.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U postgres $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
volumes:
|
||||
- db-data:/var/lib/postgresql/data
|
||||
secrets:
|
||||
@ -68,7 +63,6 @@ services:
|
||||
environment:
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=db
|
||||
- POSTGRES_USER=postgres
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||
interval: 5s
|
||||
@ -76,10 +70,6 @@ services:
|
||||
retries: 5
|
||||
networks:
|
||||
- internal
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
|
||||
secrets:
|
||||
db_password:
|
||||
@ -98,6 +88,9 @@ networks:
|
||||
internal:
|
||||
|
||||
volumes:
|
||||
mongodb_log:
|
||||
mongodb_lib:
|
||||
mongodb:
|
||||
db-data:
|
||||
|
||||
configs:
|
||||
@ -105,6 +98,3 @@ configs:
|
||||
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
|
||||
@ -1,9 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{ if eq (env "OIDC_ENABLED") "1" }}
|
||||
export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
|
||||
{{ end }}
|
||||
|
||||
set -eu
|
||||
|
||||
file_env() {
|
||||
@ -30,7 +26,6 @@ file_env() {
|
||||
file_env "SECRET_PASSWORD"
|
||||
file_env "SMTP_PWD"
|
||||
file_env "POSTGRES_PASSWORD"
|
||||
file_env "OIDC_CLIENT_SECRET"
|
||||
|
||||
export DATABASE_URL=postgres://postgres:$POSTGRES_PASSWORD@$DATABASE
|
||||
|
||||
|
||||
34
pg_backup.sh
34
pg_backup.sh
@ -1,34 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
|
||||
|
||||
function backup {
|
||||
export PGPASSWORD=$(cat /run/secrets/db_password)
|
||||
pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
|
||||
}
|
||||
|
||||
function restore {
|
||||
cd /var/lib/postgresql/data/
|
||||
restore_config(){
|
||||
# Restore allowed connections
|
||||
cat pg_hba.conf.bak > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
}
|
||||
# Don't allow any other connections than local
|
||||
cp pg_hba.conf pg_hba.conf.bak
|
||||
echo "local all all trust" > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
trap restore_config EXIT INT TERM
|
||||
|
||||
# Recreate Database
|
||||
psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);"
|
||||
createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
|
||||
psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
|
||||
|
||||
trap - EXIT INT TERM
|
||||
restore_config
|
||||
}
|
||||
|
||||
$@
|
||||
@ -1 +0,0 @@
|
||||
Rallly and recipe now support oidc. But you need to be registered to create polls now.
|
||||
@ -1 +0,0 @@
|
||||
BREAKING CHANGE: SSO requires OIDC_ISSUER_URL env.
|
||||
Loading…
x
Reference in New Issue
Block a user