Compare commits
	
		
			2 Commits
		
	
	
		
			2.0.1+6.0.
			...
			service-re
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| c3b4bb5dfb | |||
| 82332b6854 | 
							
								
								
									
										16
									
								
								.drone.yml
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								.drone.yml
									
									
									
									
									
								
							| @ -15,20 +15,8 @@ steps: | |||||||
|       DOMAIN: wordpress.swarm-test.autonomic.zone |       DOMAIN: wordpress.swarm-test.autonomic.zone | ||||||
|       STACK_NAME: wordpress |       STACK_NAME: wordpress | ||||||
|       LETS_ENCRYPT_ENV: production |       LETS_ENCRYPT_ENV: production | ||||||
|       SECRET_DB_PASSWORD_VERSION: v1 |       DB_PASSWORD_VERSION: v1 | ||||||
|       SECRET_DB_ROOT_PASSWORD_VERSION: v1 |       DB_ROOT_PASSWORD_VERSION: v1 | ||||||
|       PHP_UPLOADS_CONF_VERSION: v1 |  | ||||||
|       ENTRYPOINT_CONF_VERSION: v1 |  | ||||||
| trigger: | trigger: | ||||||
|   branch: |   branch: | ||||||
|     - master |     - master | ||||||
| --- |  | ||||||
| kind: pipeline |  | ||||||
| name: recipe release |  | ||||||
| steps: |  | ||||||
|   - name: release a new version |  | ||||||
|     image: thecoopcloud/drone-abra:latest |  | ||||||
|     settings: |  | ||||||
|       command: recipe wordpress release |  | ||||||
|       deploy_key: |  | ||||||
|         from_secret: abra_bot_deploy_key |  | ||||||
|  | |||||||
							
								
								
									
										34
									
								
								.env.sample
									
									
									
									
									
								
							
							
						
						
									
										34
									
								
								.env.sample
									
									
									
									
									
								
							| @ -1,34 +0,0 @@ | |||||||
| TYPE=wordpress |  | ||||||
|  |  | ||||||
| DOMAIN=wordpress.example.com |  | ||||||
| ## Domain aliases |  | ||||||
| #EXTRA_DOMAINS=', `www.wordpress.example.com`' |  | ||||||
| LETS_ENCRYPT_ENV=production |  | ||||||
|  |  | ||||||
| ## Additional extensions |  | ||||||
| #PHP_EXTENSIONS="calendar" |  | ||||||
|  |  | ||||||
| SECRET_DB_ROOT_PASSWORD_VERSION=v1 |  | ||||||
| SECRET_DB_PASSWORD_VERSION=v1 |  | ||||||
|  |  | ||||||
| # Multisite |  | ||||||
| #WORDPRESS_CONFIG_EXTRA="\ |  | ||||||
| #	define('WP_CACHE', false);\ |  | ||||||
| #	define('WP_ALLOW_MULTISITE', true );" |  | ||||||
|  |  | ||||||
| # Multisite phase 2 (see README) |  | ||||||
| # WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);" |  | ||||||
|  |  | ||||||
| # Local SMTP relay |  | ||||||
| #COMPOSE_FILE="compose.yml:compose.mailrelay.yml" |  | ||||||
| #SMTP_HOST="postfix_relay_app" |  | ||||||
| #MAIL_FROM="wordpress@example.com" |  | ||||||
|  |  | ||||||
| # Remote SMTP relay |  | ||||||
| #COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml" |  | ||||||
| #SMTP_HOST="mail.example.com" |  | ||||||
| #MAIL_FROM="wordpress@example.com" |  | ||||||
| #SMTP_PORT=587 |  | ||||||
| #SMTP_AUTH=on |  | ||||||
| #SMTP_TLS=on |  | ||||||
| #SECRET_SMTP_PASSWORD_VERSION=v1 |  | ||||||
							
								
								
									
										38
									
								
								.envrc.sample
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								.envrc.sample
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,38 @@ | |||||||
|  | export DOMAIN=wordpress.example.com | ||||||
|  | ## Domain aliases | ||||||
|  | #export EXTRA_DOMAINS=', `www.wordpress.example.com`' | ||||||
|  |  | ||||||
|  | export STACK_NAME=wordpress | ||||||
|  | export LETS_ENCRYPT_ENV=production | ||||||
|  |  | ||||||
|  | export DB_ROOT_PASSWORD_VERSION=v1 | ||||||
|  | export DB_PASSWORD_VERSION=v1 | ||||||
|  |  | ||||||
|  | # Multisite | ||||||
|  | #export WORDPRESS_CONFIG_EXTRA="\ | ||||||
|  | #	define('WP_CACHE', false);\ | ||||||
|  | #	define('WP_ALLOW_MULTISITE', true );" | ||||||
|  |  | ||||||
|  | # Multisite phase 2 (see README) | ||||||
|  | #export WORDPRESS_CONFIG_EXTRA="\ | ||||||
|  | #	define('WP_CACHE', false);\ | ||||||
|  | #	define('WP_ALLOW_MULTISITE', true );\ | ||||||
|  | #	define('MULTISITE', true);\ | ||||||
|  | #	define('SUBDOMAIN_INSTALL', true);\ | ||||||
|  | #	define('DOMAIN_CURRENT_SITE', '${DOMAIN}');\ | ||||||
|  | #	define('PATH_CURRENT_SITE', '/');\ | ||||||
|  | #	define('SITE_ID_CURRENT_SITE', 1);\ | ||||||
|  | #	define('BLOG_ID_CURRENT_SITE', 1);\ | ||||||
|  | #	define('FORCE_SSL_ADMIN', true );\ | ||||||
|  | #	define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);" | ||||||
|  |  | ||||||
|  | # Backups | ||||||
|  | #export COMPOSE_FILE="compose.yml:compose.backup.yml" | ||||||
|  |  | ||||||
|  | # SMTP | ||||||
|  | #export COMPOSE_FILE="compose.yml:compose.mailrelay.yml" | ||||||
|  | #export SMTP_HOST="postfix_relay_app" | ||||||
|  | #export MAIL_FROM="wordpress@example.com" | ||||||
|  | # | ||||||
|  | #export MSMTP_CONF_VERSION=v1 | ||||||
|  | #export ENTRYPOINT_MAILRELAY_CONF_VERSION=v1 | ||||||
							
								
								
									
										89
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										89
									
								
								README.md
									
									
									
									
									
								
							| @ -1,72 +1,59 @@ | |||||||
| # Wordpress | # wordpress | ||||||
|  |  | ||||||
| [](https://drone.autonomic.zone/coop-cloud/wordpress) | [](https://drone.autonomic.zone/compose-stacks/wordpress) | ||||||
|  |  | ||||||
| Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳 | Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳 | ||||||
|  |  | ||||||
| <!-- metadata --> |  | ||||||
|  |  | ||||||
| * **Category**: Apps |  | ||||||
| * **Status**: 3, stable |  | ||||||
| * **Image**: [`wordpress`](https://hub.docker.com/_/wordpress), 4, upstream |  | ||||||
| * **Healthcheck**: Yes |  | ||||||
| * **Backups**: Yes |  | ||||||
| * **Email**: 3 |  | ||||||
| * **Tests**: 2 |  | ||||||
| * **SSO**: No |  | ||||||
|  |  | ||||||
| <!-- endmetadata --> |  | ||||||
|  |  | ||||||
| ## Basic usage |  | ||||||
|  |  | ||||||
| 1. Set up Docker Swarm and [`abra`][abra] | 1. Set up Docker Swarm and [`abra`][abra] | ||||||
| 2. Deploy [`coop-cloud/traefik`][cc-traefik] | 2. Deploy [`compose-stacks/traefik`][compose-traefik] | ||||||
| 3. `abra app new wordpress --secrets` (optionally with `--pass` if you'd like | 3. `cp .envrc.sample .envrc` | ||||||
|    to save secrets in `pass`) | 4. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to | ||||||
| 4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to |  | ||||||
|    your Docker swarm box |    your Docker swarm box | ||||||
| 5. `abra app YOURAPPDOMAIN deploy` | 5. `direnv allow` (or `. .envrc`) | ||||||
| 6. Open the configured domain in your browser to finish set-up | 6. Generate secrets: | ||||||
| 7. `abra app YOURAPPDOMAIN run app chown www-data:www-data /var/www/html/wp-content` to fix |    ``` | ||||||
|  |    abra secret_generate db_password v1 | ||||||
|  |    abra secret_generate db_root_password v1 | ||||||
|  |    ``` | ||||||
|  | 7. `abra deploy` | ||||||
|  | 8. Open the configured domain in your browser to finish set-up | ||||||
|  | 9. `abra run wordpress chown www-data:www-data /var/www/html/wp-content` to fix | ||||||
|    file permissions (see #3) |    file permissions (see #3) | ||||||
|  |  | ||||||
| ## Running WP-CLI |  | ||||||
|  |  | ||||||
| `abra app cmd YOURAPPDOMAIN app wp -- core check-update --major` |  | ||||||
|  |  | ||||||
| ## Network (Multi-site) | ## Network (Multi-site) | ||||||
|  |  | ||||||
| _(Only tested using subdomains)_ | _(Only tested using subdomains)_ | ||||||
|  |  | ||||||
| 1. Set up as above | 1. Set up as above | ||||||
| 2. `abra app YOURAPPDOMAIN config`, and uncomment the first `# Multisite` section | 2. Uncomment the first `# Multisite` section in `.envrc` | ||||||
| 3. `abra app YOURAPPDOMAIN deploy` | 3. `direnv allow` (or re-run `source .envrc`) | ||||||
| 4. Log into the Wordpress admin dashboard, go to Tools » Network Setup | 4. `abra deploy` | ||||||
| 5. Don't worry about the suggested file changes | 5. Log into the Wordpress admin dashboard, go to Tools » Network Setup | ||||||
| 6. `abra app YOURAPPDOMAIN config` again - comment out the first `# Multisite` | 6. Don't worry about the suggested file changes | ||||||
|    section in `.envrc`, uncomment the `# Multisite phase 2` section, and add | 7. Comment out the first `# Multisite` section in `.envrc` and uncomment the | ||||||
|    your multisite subdomain(s) to `EXTRA_DOMAINS` (beware the weird syntax..) |    `# Multisite phase 2` section | ||||||
| 7. `abra app YOURAPPDOMAIN deploy` | 8. `direnv allow` (or re-run `source .envrc`) | ||||||
|  | 9. `abra deploy` | ||||||
|  | 10. FIXME setting up SSL / routing | ||||||
|  |  | ||||||
| ## Installing a custom theme | ## Installing a custom theme | ||||||
|  |  | ||||||
| `abra app YOURAPPDOMAIN cp ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/` | `abra cp ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/` | ||||||
|  |  | ||||||
|  | ## Backups | ||||||
|  |  | ||||||
|  | 1. Edit `.envrc` and uncomment the `export COMPOSE_FILE="compose.yml:compose.backup.yml"` line | ||||||
|  | 2. `direnv allow` | ||||||
|  | 3. `abra deploy` | ||||||
|  |  | ||||||
| ## Email | ## Email | ||||||
|  |  | ||||||
| There is a local or remote SMTP relay configuration available. | 1. Deploy `postfix-relay` | ||||||
|  | 2. Edit `.envrc` and uncomment the email lines; change `MAIL_FROM` to make sure | ||||||
| * **local**: `COMPOSE_FILE=compose.yml:compose.mailrelay.yml` |    the domain is the same as `postfix-relay`'s `$DOMAIN` or in its | ||||||
| * **remote**: `COMPOSE_FILE=compose.yml:compose.mailrelay.yml:compose.smtp.yml` |    `$EXTRA_SENDER_DOMAINS` | ||||||
|  | 3. `direnv allow` (or `source .envrc`) | ||||||
| Below are the instructions for the local relay. | 7. `abra deploy` | ||||||
|  |  | ||||||
| 1. Deploy [`postfix-relay`][cc-postfix-relay] |  | ||||||
| 2. `abra app YOURAPPDOMAIN config`, and uncomment the email lines; change |  | ||||||
|    `MAIL_FROM` to make sure the domain is the same as `postfix-relay`'s |  | ||||||
|    `$DOMAIN` or in its `$EXTRA_SENDER_DOMAINS` |  | ||||||
| 3. `abra app YOURAPPDOMAIN deploy` |  | ||||||
|  |  | ||||||
| [abra]: https://git.autonomic.zone/autonomic-cooperative/abra | [abra]: https://git.autonomic.zone/autonomic-cooperative/abra | ||||||
| [cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik | [compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik | ||||||
| [cc-postfix-relay]: https://git.autonomic.zone/coop-cloud/traefik |  | ||||||
|  | |||||||
							
								
								
									
										82
									
								
								abra.sh
									
									
									
									
									
								
							
							
						
						
									
										82
									
								
								abra.sh
									
									
									
									
									
								
							| @ -1,82 +0,0 @@ | |||||||
| export PHP_UPLOADS_CONF_VERSION=v3 |  | ||||||
| export ENTRYPOINT_CONF_VERSION=v3 |  | ||||||
| export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2 |  | ||||||
| export MSMTP_CONF_VERSION=v3 |  | ||||||
|  |  | ||||||
| wp() { |  | ||||||
|   /usr/local/bin/wp $@ |  | ||||||
| } |  | ||||||
|  |  | ||||||
| sub_wp() { |  | ||||||
|   CONTAINER=$(docker container ls -f "Name=${STACK_NAME}_app" --format '{{ .ID }}') |  | ||||||
|   if [ -z "$CONTAINER" ]; then |  | ||||||
|     error "Can't find a container for ${STACK_NAME}_app" |  | ||||||
|     exit |  | ||||||
|   fi |  | ||||||
|   debug "Using Container ID ${CONTAINER}" |  | ||||||
|  |  | ||||||
|   # FIXME 3wc: we're fighting the Wordpress image, which recommends a named |  | ||||||
|   # volume for /var/www/html -- this used to work fine using --volumes-from |  | ||||||
|   # because the actual MySQL password was inserted into the generated |  | ||||||
|   # wp-config.php -- but as of Wordpress 5.7.0, wp-config loads data straight |  | ||||||
|   # from the environment, which requires Docker secrets to work, which only work |  | ||||||
|   # in swarm services (not one-off `docker run` commands). Defining a `cli` |  | ||||||
|   # service in compose.yml almost works, but there's no volumes_from: in Compose |  | ||||||
|   # V3, and without it then the `cli` service can't access Wordpress core. |  | ||||||
|   # See https://git.autonomic.zone/coop-cloud/wordpress/issues/21 |  | ||||||
|   warning "Slowly looking up MySQL password..." |  | ||||||
|   silence |  | ||||||
|   abra__service_="app" |  | ||||||
|   DB_PASSWORD="$(sub_app_run cat "/run/secrets/db_password")" |  | ||||||
|   unsilence |  | ||||||
|  |  | ||||||
|   # shellcheck disable=SC2154,SC2086 |  | ||||||
|   docker run -it \ |  | ||||||
| 	--volumes-from "$CONTAINER" \ |  | ||||||
| 	--network "container:$CONTAINER" \ |  | ||||||
| 	-u xfs:xfs \ |  | ||||||
|     -e WORDPRESS_DB_HOST=db \ |  | ||||||
|     -e WORDPRESS_DB_USER=wordpress \ |  | ||||||
|     -e WORDPRESS_DB_PASSWORD="${DB_PASSWORD}" \ |  | ||||||
|     -e WORDPRESS_DB_NAME=wordpress \ |  | ||||||
|     -e WORDPRESS_CONFIG_EXTRA="${WORDPRESS_CONFIG_EXTRA}" \ |  | ||||||
| 	wordpress:cli wp ${abra__args_[*]} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| abra_backup_app() { |  | ||||||
|   _abra_backup_dir "app:/var/www/html/wp-content" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| abra_backup_db() { |  | ||||||
|   _abra_backup_mysql "db" "wordpress" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| abra_backup() { |  | ||||||
|   abra_backup_app && abra_backup_db |  | ||||||
| } |  | ||||||
|  |  | ||||||
| abra_restore_app() { |  | ||||||
|   # shellcheck disable=SC2034 |  | ||||||
|   { |  | ||||||
| 	abra__src_="-" |  | ||||||
| 	abra__dst_="app:/var/www/html/" |  | ||||||
|   } |  | ||||||
|  |  | ||||||
|   zcat "$@" | sub_app_cp |  | ||||||
|  |  | ||||||
|   success "Restored 'app'" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| abra_restore_db() { |  | ||||||
|   # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we |  | ||||||
|   # got this far.. |  | ||||||
|  |  | ||||||
|   # shellcheck disable=SC2034 |  | ||||||
|   abra___no_tty="true" |  | ||||||
|  |  | ||||||
|   DB_ROOT_PASSWORD=$(sub_app_run cat /run/secrets/db_root_password) |  | ||||||
|  |  | ||||||
|   zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress |  | ||||||
|  |  | ||||||
|   success "Restored 'db'" |  | ||||||
| } |  | ||||||
							
								
								
									
										3
									
								
								backup.d/NOTES.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								backup.d/NOTES.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,3 @@ | |||||||
|  | # Notes | ||||||
|  |  | ||||||
|  | - The only thing different between [fr_singlesite_wordpress.yml](./fr_singlesite_wordpress.yml) and [fr_microsites_wordpress.yml](./fr_microsites_wordpress.yml) is the `BORGBASE_REPO` environment variable and the `backup_bot_singlesite_passwd_v1`/`backup_bot_multisite_passwd_v1` secret. These are the two details which are needed for Borgmatic to know how to differentiate between each repository on the Borgbase side (where our backups are stored). Sooo, there could most definitely be a reduction in boilerplate here but I was just moving super fast and wanted to get the backup work done. | ||||||
							
								
								
									
										36
									
								
								backup.d/borgmatic.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								backup.d/borgmatic.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,36 @@ | |||||||
|  | location: | ||||||
|  |   source_directories: | ||||||
|  |     - /var/www/html/wp-content | ||||||
|  |   repositories: | ||||||
|  |     - {{ env "BORGBASE_REPO" }} | ||||||
|  |  | ||||||
|  | storage: | ||||||
|  |   compression: auto,zstd | ||||||
|  |   encryption_passphrase: {{ secret "backup_bot_password" }} | ||||||
|  |   archive_name_format: "{hostname}-{now}" | ||||||
|  |   ssh_command: "ssh -o 'StrictHostKeyChecking no' -i /run/secrets/backup_bot_ssh_key" | ||||||
|  |  | ||||||
|  | retention: | ||||||
|  |   keep_daily: 3 | ||||||
|  |   keep_weekly: 4 | ||||||
|  |   keep_monthly: 12 | ||||||
|  |   keep_yearly: 2 | ||||||
|  |   prefix: "{hostname}-" | ||||||
|  |  | ||||||
|  | consistency: | ||||||
|  |   checks: | ||||||
|  |     - disabled | ||||||
|  |   check_last: 3 | ||||||
|  |   prefix: "{hostname}-" | ||||||
|  |  | ||||||
|  | hooks: | ||||||
|  |   before_backup: | ||||||
|  |     - echo "`date` - Starting backup" | ||||||
|  |   after_backup: | ||||||
|  |     - echo "`date` - Finished backup" | ||||||
|  |   mysql_databases: | ||||||
|  |     - name: {{ env "DB_TABLE" }} | ||||||
|  |       hostname: {{ env "DB_HOST" }} | ||||||
|  |       port: 3306 | ||||||
|  |       username: {{ env "DB_USER" }} | ||||||
|  |       password: {{ secret "db_password" }} | ||||||
							
								
								
									
										47
									
								
								backup.d/fr_microsites_wordpress.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								backup.d/fr_microsites_wordpress.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | |||||||
|  | --- | ||||||
|  | version: "3.8" | ||||||
|  |  | ||||||
|  | services: | ||||||
|  |   backupbot: | ||||||
|  |     image: "decentral1se/backup-bot:latest" | ||||||
|  |     networks: | ||||||
|  |       - backend | ||||||
|  |     volumes: | ||||||
|  |       - "wordpress_content:/var/www/html/wp-content/" | ||||||
|  |     secrets: | ||||||
|  |       - source: backup_bot_ssh_key | ||||||
|  |         mode: 0400 | ||||||
|  |       - backup_bot_password | ||||||
|  |       - db_password | ||||||
|  |     configs: | ||||||
|  |       - source: borgmatic_config_yml | ||||||
|  |         target: /etc/borgmatic/config.yaml | ||||||
|  |     environment: | ||||||
|  |       - BORGBASE_REPO="bp5oj726@bp5oj726.repo.borgbase.com:repo" | ||||||
|  |       - DB_HOST=mariadb | ||||||
|  |       - DB_TABLE=wordpress | ||||||
|  |       - DB_USER=wordpress | ||||||
|  |     deploy: | ||||||
|  |       mode: replicated | ||||||
|  |       replicas: 0 | ||||||
|  |       labels: | ||||||
|  |         - "swarm.cronjob.enable=true" | ||||||
|  |         - "swarm.cronjob.schedule=0 2 * * *" # At 02:00 | ||||||
|  |       restart_policy: | ||||||
|  |         condition: none | ||||||
|  |     networks: | ||||||
|  |       - backend | ||||||
|  |  | ||||||
|  | configs: | ||||||
|  |   borgmatic_config_yml: | ||||||
|  |     name: borgmatic_config_yml_v1 | ||||||
|  |     file: backup.d/borgmatic.yml | ||||||
|  |     template_driver: golang | ||||||
|  |  | ||||||
|  | secrets: | ||||||
|  |   backup_bot_ssh_key: | ||||||
|  |     name: backup_bot_ssh_key_v1 | ||||||
|  |     external: true | ||||||
|  |   backup_bot_password: | ||||||
|  |     name: backup_bot_multisite_passwd_v1 | ||||||
|  |     external: true | ||||||
							
								
								
									
										47
									
								
								backup.d/fr_singlesite_wordpress.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								backup.d/fr_singlesite_wordpress.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | |||||||
|  | --- | ||||||
|  | version: "3.8" | ||||||
|  |  | ||||||
|  | services: | ||||||
|  |   backupbot: | ||||||
|  |     image: "decentral1se/backup-bot:latest" | ||||||
|  |     networks: | ||||||
|  |       - backend | ||||||
|  |     volumes: | ||||||
|  |       - "wordpress_content:/var/www/html/wp-content/" | ||||||
|  |     secrets: | ||||||
|  |       - source: backup_bot_ssh_key | ||||||
|  |         mode: 0400 | ||||||
|  |       - backup_bot_password | ||||||
|  |       - db_password | ||||||
|  |     configs: | ||||||
|  |       - source: borgmatic_config_yml | ||||||
|  |         target: /etc/borgmatic/config.yaml | ||||||
|  |     environment: | ||||||
|  |       - BORGBASE_REPO="l32s99em@l32s99em.repo.borgbase.com:repo" | ||||||
|  |       - DB_HOST=mariadb | ||||||
|  |       - DB_TABLE=wordpress | ||||||
|  |       - DB_USER=wordpress | ||||||
|  |     deploy: | ||||||
|  |       mode: replicated | ||||||
|  |       replicas: 0 | ||||||
|  |       labels: | ||||||
|  |         - "swarm.cronjob.enable=true" | ||||||
|  |         - "swarm.cronjob.schedule=0 2 * * *" # At 02:00 | ||||||
|  |       restart_policy: | ||||||
|  |         condition: none | ||||||
|  |     networks: | ||||||
|  |       - backend | ||||||
|  |  | ||||||
|  | configs: | ||||||
|  |   borgmatic_config_yml: | ||||||
|  |     name: borgmatic_config_yml_v1 | ||||||
|  |     file: backup.d/borgmatic.yml | ||||||
|  |     template_driver: golang | ||||||
|  |  | ||||||
|  | secrets: | ||||||
|  |   backup_bot_ssh_key: | ||||||
|  |     name: backup_bot_ssh_key_v1 | ||||||
|  |     external: true | ||||||
|  |   backup_bot_password: | ||||||
|  |     name: backup_bot_singlesite_passwd_v1 | ||||||
|  |     external: true | ||||||
							
								
								
									
										65
									
								
								compose.abra.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										65
									
								
								compose.abra.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,65 @@ | |||||||
|  | # ############################################################################# | ||||||
|  | # NOTE(decentral1se): this is a test compose.yml to test abra based deployments | ||||||
|  | # ############################################################################# | ||||||
|  |  | ||||||
|  | --- | ||||||
|  | version: "3.8" | ||||||
|  |  | ||||||
|  | services: | ||||||
|  |   wordpress: | ||||||
|  |     image: "wordpress:5.5.1" | ||||||
|  |     networks: | ||||||
|  |       - backend | ||||||
|  |       - proxy | ||||||
|  |     environment: | ||||||
|  |       - WORDPRESS_DB_HOST=mariadb | ||||||
|  |       - WORDPRESS_DB_USER=wordpress | ||||||
|  |       - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password | ||||||
|  |       - WORDPRESS_DB_NAME=wordpress | ||||||
|  |     secrets: | ||||||
|  |       - db_password | ||||||
|  |     deploy: | ||||||
|  |       update_config: | ||||||
|  |         failure_action: rollback | ||||||
|  |         order: start-first | ||||||
|  |       labels: | ||||||
|  |         - "traefik.enable=true" | ||||||
|  |         - "traefik.docker.network=proxy" | ||||||
|  |         - "traefik.http.routers.${NAME}.tls=true" | ||||||
|  |         - "traefik.http.services.${NAME}.loadbalancer.server.port=80" | ||||||
|  |         - "traefik.http.routers.${NAME}.rule=Host(`${DOMAIN}`)" | ||||||
|  |         - "traefik.http.routers.${NAME}.tls.certresolver=production" | ||||||
|  |         - "traefik.http.routers.${NAME}.entrypoints=web-secure" | ||||||
|  |  | ||||||
|  |   mariadb: | ||||||
|  |     image: "mariadb:10.5" | ||||||
|  |     volumes: | ||||||
|  |       - "mariadb:/var/lib/mysql" | ||||||
|  |     networks: | ||||||
|  |       - backend | ||||||
|  |     environment: | ||||||
|  |       - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password | ||||||
|  |       - MYSQL_DATABASE=wordpress | ||||||
|  |       - MYSQL_USER=wordpress | ||||||
|  |       - MYSQL_PASSWORD_FILE=/run/secrets/db_password | ||||||
|  |     secrets: | ||||||
|  |       - db_password | ||||||
|  |       - db_root_password | ||||||
|  |  | ||||||
|  | networks: | ||||||
|  |   backend: | ||||||
|  |     driver: overlay | ||||||
|  |   proxy: | ||||||
|  |     external: true | ||||||
|  |  | ||||||
|  | volumes: | ||||||
|  |   mariadb: | ||||||
|  |   wordpress_content: | ||||||
|  |  | ||||||
|  | secrets: | ||||||
|  |   db_root_password: | ||||||
|  |     external: true | ||||||
|  |     name: ${DB_ROOT_PASSWD} | ||||||
|  |   db_password: | ||||||
|  |     external: true | ||||||
|  |     name: ${DB_PASSWD} | ||||||
| @ -1,26 +1,31 @@ | |||||||
| --- | --- | ||||||
| version: "3.8" | version: "3.8" | ||||||
|  |   | ||||||
| services: | services: | ||||||
|   app: |   app: | ||||||
|     entrypoint: /docker-entrypoint.mailrelay.sh |     entrypoint: /docker-entrypoint.sh | ||||||
|     environment: |     environment: | ||||||
|       - SMTP_HOST=${SMTP_HOST} |       - SMTP_HOST=${SMTP_HOST} | ||||||
|       - SMTP_PORT=${SMTP_PORT:-25} |  | ||||||
|       - MAIL_FROM=${MAIL_FROM} |       - MAIL_FROM=${MAIL_FROM} | ||||||
|  |     networks: | ||||||
|  |       - mail | ||||||
|     configs: |     configs: | ||||||
|       - source: mstmp_conf |       - source: mstmp_conf | ||||||
|         target: /etc/msmtprc |         target: /etc/msmtprc | ||||||
|       - source: entrypoint_mailrelay_conf |       - source: entrypoint_conf | ||||||
|         target: /docker-entrypoint.mailrelay.sh |         target: /docker-entrypoint.sh | ||||||
|         mode: 0555 |         mode: 0555 | ||||||
|  |  | ||||||
|  | networks: | ||||||
|  |   mail: | ||||||
|  |     external: true | ||||||
|  |  | ||||||
| configs: | configs: | ||||||
|   mstmp_conf: |   mstmp_conf: | ||||||
|     name: ${STACK_NAME}_mstmp_conf_${MSMTP_CONF_VERSION} |     name: ${STACK_NAME}_mstmp_conf_${MSMTP_CONF_VERSION} | ||||||
|     file: msmtp.conf.tmpl |     file: msmtp.conf.tmpl | ||||||
|     template_driver: golang |     template_driver: golang | ||||||
|   entrypoint_mailrelay_conf: |   entrypoint_conf: | ||||||
|     name: ${STACK_NAME}_entrypoint_mailrelay_${ENTRYPOINT_MAILRELAY_CONF_VERSION} |     name: ${STACK_NAME}_entrypoint_mailrelay_${ENTRYPOINT_MAILRELAY_CONF_VERSION} | ||||||
|     file: entrypoint.mailrelay.sh.tmpl |     file: entrypoint.mailrelay.sh.tmpl | ||||||
|     template_driver: golang |     template_driver: golang | ||||||
|  | |||||||
| @ -1,18 +0,0 @@ | |||||||
| --- |  | ||||||
| version: "3.8" |  | ||||||
|  |  | ||||||
| services: |  | ||||||
|   app: |  | ||||||
|     secrets: |  | ||||||
|       - smtp_password |  | ||||||
|     environment: |  | ||||||
|       - SMTP_HOST=${SMTP_HOST} |  | ||||||
|       - SMTP_PORT=${SMTP_PORT:-25} |  | ||||||
|       - SMTP_AUTH=${SMTP_AUTH} |  | ||||||
|       - SMTP_TLS=${SMTP_TLS} |  | ||||||
|       - MAIL_FROM=${MAIL_FROM} |  | ||||||
|  |  | ||||||
| secrets: |  | ||||||
|   smtp_password: |  | ||||||
|     name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} |  | ||||||
|     external: true |  | ||||||
							
								
								
									
										38
									
								
								compose.yml
									
									
									
									
									
								
							
							
						
						
									
										38
									
								
								compose.yml
									
									
									
									
									
								
							| @ -3,29 +3,20 @@ version: "3.8" | |||||||
|  |  | ||||||
| services: | services: | ||||||
|   app: |   app: | ||||||
|     image: "wordpress:6.0.1" |     image: "wordpress:5.5.1" | ||||||
|     volumes: |     volumes: | ||||||
|       - "wordpress_content:/var/www/html/wp-content/" |       - "wordpress_content:/var/www/html/wp-content/" | ||||||
|     networks: |     networks: | ||||||
|       - backend |       - backend | ||||||
|       - proxy |       - proxy | ||||||
|     environment: |     environment: | ||||||
|       - PAGER=more |  | ||||||
|       - WORDPRESS_DB_HOST=db |       - WORDPRESS_DB_HOST=db | ||||||
|       - WORDPRESS_DB_USER=wordpress |       - WORDPRESS_DB_USER=wordpress | ||||||
|       - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password |       - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password | ||||||
|       - WORDPRESS_DB_NAME=wordpress |       - WORDPRESS_DB_NAME=wordpress | ||||||
|       - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA} |       - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA} | ||||||
|       - PHP_EXTENSIONS |  | ||||||
|     secrets: |     secrets: | ||||||
|       - db_password |       - db_password | ||||||
|     configs: |  | ||||||
|       - source: php_uploads_conf |  | ||||||
|         target: /usr/local/etc/php/conf.d/uploads.ini |  | ||||||
|       - source: entrypoint_conf |  | ||||||
|         target: /docker-entrypoint.sh |  | ||||||
|         mode: 0555 |  | ||||||
|     entrypoint: /docker-entrypoint.sh |  | ||||||
|     depends_on: |     depends_on: | ||||||
|       - db |       - db | ||||||
|     healthcheck: |     healthcheck: | ||||||
| @ -45,16 +36,13 @@ services: | |||||||
|         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" |         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" | ||||||
|         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" |         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" | ||||||
|         # 3wc: this rule works for routing, but not for generating certificates |         # 3wc: this rule works for routing, but not for generating certificates | ||||||
|         # see https://git.autonomic.zone/coop-cloud/planning/issues/14 |         # see https://git.autonomic.zone/compose-stacks/planning/issues/14 | ||||||
|         #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)" |         #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)" | ||||||
|         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" |         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" | ||||||
|         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" |         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" | ||||||
|         - "coop-cloud.${STACK_NAME}.version=2.0.1+6.0.1" |  | ||||||
|         - "backupbot.backup=true" |  | ||||||
|         - "backupbot.backup.path=/var/www/html" |  | ||||||
|  |  | ||||||
|   db: |   db: | ||||||
|     image: "mariadb:10.8" |     image: "mariadb:10.5" | ||||||
|     volumes: |     volumes: | ||||||
|       - "mariadb:/var/lib/mysql" |       - "mariadb:/var/lib/mysql" | ||||||
|     networks: |     networks: | ||||||
| @ -67,15 +55,10 @@ services: | |||||||
|     secrets: |     secrets: | ||||||
|       - db_password |       - db_password | ||||||
|       - db_root_password |       - db_root_password | ||||||
|     deploy: |  | ||||||
|       labels: |  | ||||||
|         backupbot.backup: "true" |  | ||||||
|         backupbot.backup.path: "/tmp/dump.sql.gz" |  | ||||||
|         backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz" |  | ||||||
|         backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'" |  | ||||||
|  |  | ||||||
| networks: | networks: | ||||||
|   backend: |   backend: | ||||||
|  |     driver: overlay | ||||||
|   proxy: |   proxy: | ||||||
|     external: true |     external: true | ||||||
|  |  | ||||||
| @ -86,16 +69,7 @@ volumes: | |||||||
| secrets: | secrets: | ||||||
|   db_root_password: |   db_root_password: | ||||||
|     external: true |     external: true | ||||||
|     name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} |     name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION} | ||||||
|   db_password: |   db_password: | ||||||
|     external: true |     external: true | ||||||
|     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} |     name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION} | ||||||
|  |  | ||||||
| configs: |  | ||||||
|   entrypoint_conf: |  | ||||||
|     name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION} |  | ||||||
|     file: entrypoint.sh.tmpl |  | ||||||
|     template_driver: golang |  | ||||||
|   php_uploads_conf: |  | ||||||
|     name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION} |  | ||||||
|     file: uploads.ini |  | ||||||
|  | |||||||
| @ -4,4 +4,6 @@ apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y msmtp && rm | |||||||
|  |  | ||||||
| echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini | echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini | ||||||
|  |  | ||||||
| /docker-entrypoint.sh | # Upstream ENTRYPOINT | ||||||
|  | # https://github.com/docker-library/wordpress/blob/master/php7.4/apache/Dockerfile#L120 | ||||||
|  | /usr/local/bin/docker-entrypoint.sh apache2-foreground "$@" | ||||||
|  | |||||||
| @ -1,16 +0,0 @@ | |||||||
| #!/bin/bash |  | ||||||
|  |  | ||||||
| {{ if (env "PHP_EXTENSIONS") }} |  | ||||||
| docker-php-ext-install {{ env "PHP_EXTENSIONS" }} |  | ||||||
| {{ end }} |  | ||||||
|  |  | ||||||
| curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar |  | ||||||
| chmod +x /usr/local/bin/wp |  | ||||||
|  |  | ||||||
| if [ -n "$@" ]; then |  | ||||||
| 	"$@" |  | ||||||
| fi |  | ||||||
|  |  | ||||||
| # Upstream ENTRYPOINT |  | ||||||
| # https://github.com/docker-library/wordpress/blob/master/php7.4/apache/Dockerfile#L120 |  | ||||||
| /usr/local/bin/docker-entrypoint.sh apache2-foreground |  | ||||||
| @ -1,15 +1,3 @@ | |||||||
| account default | account default | ||||||
| host {{ env "SMTP_HOST" }} | host {{ env "SMTP_HOST" }} | ||||||
| from {{ env "MAIL_FROM" }} | from {{ env "MAIL_FROM" }} | ||||||
| user {{ env "MAIL_FROM" }} |  | ||||||
| port {{ env "SMTP_PORT" }} |  | ||||||
|  |  | ||||||
| {{ if eq (env "SMTP_AUTH") "on" }} |  | ||||||
| auth {{ env "SMTP_AUTH" }} |  | ||||||
| passwordeval "cat /run/secrets/smtp_password" |  | ||||||
| {{ end }} |  | ||||||
|  |  | ||||||
| {{ if eq (env "SMTP_TLS") "on" }} |  | ||||||
| tls {{ env "SMTP_TLS" }} |  | ||||||
| tls_trust_file /etc/ssl/certs/ca-certificates.crt |  | ||||||
| {{ end }} |  | ||||||
|  | |||||||
							
								
								
									
										17
									
								
								package.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								package.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,17 @@ | |||||||
|  | --- | ||||||
|  | name: Wordpress | ||||||
|  | description: Open source software you can use to create a beautiful website, blog, or app | ||||||
|  | arguments: | ||||||
|  |   name: | ||||||
|  |     description: The name of your Wordpress application | ||||||
|  |     example: my-cool-project | ||||||
|  |   domain: | ||||||
|  |     description: The domain name where your Wordpress will be available on the web | ||||||
|  |     example: my-cool-project.com | ||||||
|  | secrets: | ||||||
|  |   db_passwd: | ||||||
|  |     description: The normal user database password | ||||||
|  |     length: 8 | ||||||
|  |   db_root_passwd: | ||||||
|  |     description: The root user database password | ||||||
|  |     length: 8 | ||||||
| @ -1,3 +0,0 @@ | |||||||
| file_uploads = On |  | ||||||
| upload_max_filesize = 256M |  | ||||||
| post_max_size = 256M |  | ||||||
		Reference in New Issue
	
	Block a user
	