Add EXTRA_DOMAINS support

Rename services
See compose-stacks/organising#19
2020-10-05 13:06:51 +02:00 · 2020-10-01 12:32:12 +02:00
35 changed files with 325 additions and 608 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -3,7 +3,7 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
  - name: deployment
-    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    image: decentral1se/stack-ssh-deploy:latest
    settings:
      host: swarm-test.autonomic.zone
      stack: wordpress
@ -11,33 +11,12 @@ steps:
      purge: true
      deploy_key:
        from_secret: drone_ssh_swarm_test
      networks:
        - proxy
    environment:
      DOMAIN: wordpress.swarm-test.autonomic.zone
      STACK_NAME: wordpress
      LETS_ENCRYPT_ENV: production
-      SECRET_DB_PASSWORD_VERSION: v1
+      DB_PASSWORD_VERSION: v1
-      SECRET_DB_ROOT_PASSWORD_VERSION: v1
+      DB_ROOT_PASSWORD_VERSION: v1
      PHP_UPLOADS_CONF_VERSION: v1
      ENTRYPOINT_CONF_VERSION: v1
      HTACCESS_CONF_VERSION: v1
 trigger:
  branch:
-    - main
+    - master
 ---
 kind: pipeline
 name: generate recipe catalogue
 steps:
  - name: release a new version
    image: plugins/downstream
    settings:
      server: https://build.coopcloud.tech
      token:
        from_secret: drone_abra-bot_token
      fork: true
      repositories:
        - toolshed/auto-recipes-catalogue-json
 trigger:
  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -1,90 +0,0 @@
 TYPE=wordpress
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 COMPOSE_FILE="compose.yml"
 ENABLE_BACKUPS=true
 DOMAIN=wordpress.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
 # Redirects
 # All redirect domains have to be added to EXTRA_DOMAINS as well)
 # multiple redirects can be added by seperating them with a | character
 #REDIRECTS=www.wordpress.example.com
 LETS_ENCRYPT_ENV=production
 # Setup Wordpress settings on each deploy:
 #POST_DEPLOY_CMDS="app core_install"
 # Optional settings, otherwise can be set in the installer
 # (Required for `app core_install`
 #TITLE="My Example Blog"
 #LOCALE="en_US" # de_DE
 #ADMIN_EMAIL=admin@example.com
 # Every new user is per default subscriber, uncomment to change it
 #DEFAULT_USER_ROLE=administrator
 # PHP composer for plugin installation
 #COMPOSE_FILE="$COMPOSE_FILE:compose.composer.yml"
 #WORDPRESS_DEBUG=true
 ## Additional extensions
 #PHP_EXTENSIONS="calendar"
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 # Mostly for compatibility with existing database dumps...
 #WORDPRESS_TABLE_PREFIX=wp_
 # Multisite (see README)
 #MULTISITE=enable # either 'enable', 'subdomain' or 'subfolder'
 # File upload settings
 #UPLOAD_MAX_SIZE=256M
 #UPLOAD_MAX_TIME=30
 # Local SMTP relay
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
 #SMTP_HOST="postfix_relay_app"
 #MAIL_FROM="wordpress@example.com"
 # Remote SMTP relay
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
 #SMTP_OVERRIDE_FROM=on  # force "From" to MAIL_FROM, usually necessary
 #SMTP_PORT=587
 #SMTP_AUTH=on
 #SMTP_TLS=on
 #SECRET_SMTP_PASSWORD_VERSION=v1
 # Authentik SSO
 #COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
 #AUTHENTIK_DOMAIN=authentik.example.com
 #SECRET_AUTHENTIK_SECRET_VERSION=v1
 #SECRET_AUTHENTIK_ID_VERSION=v1
 #LOGIN_TYPE='auto'
 # Allow remote connections to db
 # 🚩🚩 dangerous, use only for development sites!
 #COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!
 #CORS_ALLOW_ALL=1
 # FTP
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml"
 #SECRET_FTP_PASS_VERSION=v1
 # You can use a Port between 2220-2225
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2220.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2221.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2223.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2224.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2225.yml"
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,38 @@
 export DOMAIN=wordpress.example.com
 ## Domain aliases
 #export EXTRA_DOMAINS=', `www.wordpress.example.com`'
 export STACK_NAME=wordpress
 export LETS_ENCRYPT_ENV=production
 export DB_ROOT_PASSWORD_VERSION=v1
 export DB_PASSWORD_VERSION=v1
 # Multisite
 #export WORDPRESS_CONFIG_EXTRA="\
 #	define('WP_CACHE', false);\
 #	define('WP_ALLOW_MULTISITE', true );"
 # Multisite phase 2 (see README)
 #export WORDPRESS_CONFIG_EXTRA="\
 #	define('WP_CACHE', false);\
 #	define('WP_ALLOW_MULTISITE', true );\
 #	define('MULTISITE', true);\
 #	define('SUBDOMAIN_INSTALL', true);\
 #	define('DOMAIN_CURRENT_SITE', '${DOMAIN}');\
 #	define('PATH_CURRENT_SITE', '/');\
 #	define('SITE_ID_CURRENT_SITE', 1);\
 #	define('BLOG_ID_CURRENT_SITE', 1);\
 #	define('FORCE_SSL_ADMIN', true );\
 #	define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 # Backups
 #export COMPOSE_FILE="compose.yml:compose.backup.yml"
 # SMTP
 #export COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
 #export SMTP_HOST="postfix_relay_app"
 #export MAIL_FROM="wordpress@example.com"
 #
 #export MSMTP_CONF_VERSION=v1
 #export ENTRYPOINT_MAILRELAY_CONF_VERSION=v1
--- a/README.md
+++ b/README.md
@ -1,79 +1,59 @@
-# Wordpress
+# wordpress
-[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/wordpress/status.svg)](https://build.coopcloud.tech/coop-cloud/wordpress)
+[![Build Status](https://drone.autonomic.zone/api/badges/compose-stacks/wordpress/status.svg)](https://drone.autonomic.zone/compose-stacks/wordpress)
 Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
-<!-- metadata -->
+1. Set up Docker Swarm and [`abra`][abra]
-
+2. Deploy [`compose-stacks/traefik`][compose-traefik]
-* **Category**: Apps
+3. `cp .envrc.sample .envrc`
-* **Status**: 4
+4. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
-* **Image**: [`wordpress`](https://hub.docker.com/_/wordpress), 4, upstream
+   your Docker swarm box
-* **Healthcheck**: Yes
+5. `direnv allow` (or `. .envrc`)
-* **Backups**: Yes
+6. Generate secrets:
 * **Email**: 3
 * **Tests**: 2
 * **SSO**: No
 <!-- endmetadata -->
 ## Quick start
 * `abra app new wordpress`
 * `abra app config <app-name>`
 * `abra app secret generate -a <app-name>`
 * `abra app deploy <app-name>`
 * `abra app cmd <app-name> app core_install`
 ### Authentik Integration
 `abra app config <app-name>` 
 Configure the following envs:
   ```
-COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
+   abra secret_generate db_password v1
-AUTHENTIK_DOMAIN=authentik.example.com
+   abra secret_generate db_root_password v1
 AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1  # the same as in authentik
 AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authentik
   ```
-
+7. `abra deploy`
-`abra app cmd <app-name> app set_authentik`
+8. Open the configured domain in your browser to finish set-up
-
+9. `abra run wordpress chown www-data:www-data /var/www/html/wp-content` to fix
-## Running WP-CLI
+   file permissions (see #3)
 `abra app cmd <app-name> app wp -- core check-update --major`
 ## Network (Multi-site)
 _(Only tested using subdomains)_
 1. Set up as above
-2. `abra app config <app-name>`, and uncomment `#MULTISITE=enable`
+2. Uncomment the first `# Multisite` section in `.envrc`
-3. `abra app deploy <app-name>`
+3. `direnv allow` (or re-run `source .envrc`)
-4. Log into the Wordpress admin dashboard, go to Tools » Network Setup
+4. `abra deploy`
-5. Don't worry about the suggested file changes
+5. Log into the Wordpress admin dashboard, go to Tools » Network Setup
-6. `abra app config <app-name>` again and set `MULTISITE` to either `subdomain` or `subfolder` depending on your setup.
+6. Don't worry about the suggested file changes
-7. `abra app deploy <app-name>`
+7. Comment out the first `# Multisite` section in `.envrc` and uncomment the
   `# Multisite phase 2` section
 8. `direnv allow` (or re-run `source .envrc`)
 9. `abra deploy`
 10. FIXME setting up SSL / routing
 ## Installing a custom theme
-`abra app cp <app-name> ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/`
+`abra cp ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/`
 ## Backups
 1. Edit `.envrc` and uncomment the `export COMPOSE_FILE="compose.yml:compose.backup.yml"` line
 2. `direnv allow`
 3. `abra deploy`
 ## Email
-There is a local or remote SMTP relay configuration available.
+1. Deploy `postfix-relay`
-
+2. Edit `.envrc` and uncomment the email lines; change `MAIL_FROM` to make sure
-* **local**: `COMPOSE_FILE=compose.yml:compose.mailrelay.yml`
+   the domain is the same as `postfix-relay`'s `$DOMAIN` or in its
-* **remote**: `COMPOSE_FILE=compose.yml:compose.mailrelay.yml:compose.smtp.yml`
+   `$EXTRA_SENDER_DOMAINS`
-
+3. `direnv allow` (or `source .envrc`)
-Below are the instructions for the local relay.
+7. `abra deploy`
 1. Deploy [`postfix-relay`][cc-postfix-relay]
 2. `abra app config <app-name>`, and uncomment the email lines; change
   `MAIL_FROM` to make sure the domain is the same as `postfix-relay`'s
   `$DOMAIN` or in its `$EXTRA_SENDER_DOMAINS`
 3. `abra app deploy <app-name>`
 [abra]: https://git.autonomic.zone/autonomic-cooperative/abra
-[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
+[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik
 [cc-postfix-relay]: https://git.autonomic.zone/coop-cloud/traefik
--- a/abra.sh
+++ b/abra.sh
@ -1,96 +0,0 @@
 export PHP_UPLOADS_CONF_VERSION=v4
 export ENTRYPOINT_CONF_VERSION=v7
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
 export HTACCESS_CONF_VERSION=v2
 export USERS_CONF_VERSION=v1
 wp() {
    su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
 }
 update() {
    wp "core update-db"
    wp "plugin update --all"
    wp "plugin auto-updates enable --all"
    wp "theme update --all"
    wp "theme auto-updates enable --all"
    wp "language core update"
    wp "language plugin update --all"
    wp "language theme update --all"
 }
 core_install(){
    ADMIN=admin
    if [ -n "$AUTHENTIK_DOMAIN" ]
    then
        ADMIN=akadmin
    fi
    chown www-data:www-data -R /var/www/html/wp-content
    wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
    wp "language core install $LOCALE"
    wp "site switch-language $LOCALE"
    wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
    wp "plugin install --activate disable-update-notifications"
    wp "option update disable_notification_setting --format=json '{\"dpun_setting\":false,\"dwtu_setting\":false,\"dwcun_setting\":true}'"
    if [ -n "$DEFAULT_USER_ROLE" ]
    then
        wp "option set default_role $DEFAULT_USER_ROLE"
    else
        wp "option set default_role subscriber"
    fi
    wp "theme auto-updates enable --all"
    wp 'plugin auto-updates enable --all' || exit 0
 }
 set_authentik(){
    AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
    AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
    if [ -z $LOGIN_TYPE ]
    then
        LOGIN_TYPE='button'
    fi
    wp "user create akadmin admin@example.com --role=administrator"
    wp "plugin install --activate daggerhart-openid-connect-generic"
    wp 'plugin auto-updates enable daggerhart-openid-connect-generic'
    wp "option update --format=json openid_connect_generic_settings '
    {
        \"login_type\":\"$LOGIN_TYPE\",
        \"client_id\":\"$AUTHENTIK_ID\",
        \"client_secret\":\"$AUTHENTIK_SECRET\",
        \"scope\":\"email profile openid\",
        \"endpoint_login\":\"https://$AUTHENTIK_DOMAIN/application/o/authorize/\",
        \"endpoint_userinfo\":\"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
        \"endpoint_token\":\"https://$AUTHENTIK_DOMAIN/application/o/token/\",
        \"endpoint_end_session\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/\",
        \"acr_values\":\"\",
        \"identity_key\":\"preferred_username\",
        \"no_sslverify\":\"0\",
        \"http_request_timeout\":\"30\",
        \"enforce_privacy\":\"0\",
        \"alternate_redirect_uri\":\"1\",
        \"nickname_key\":\"preferred_username\",
        \"email_format\":\"{email}\",
        \"displayname_format\":\"\",
        \"identify_with_username\":\"1\",
        \"state_time_limit\":\"\",
        \"token_refresh_enable\":\"1\",
        \"link_existing_users\":\"1\",
        \"create_if_does_not_exist\":\"1\",
        \"redirect_user_back\":\"0\",
        \"redirect_on_logout\":\"1\",
        \"enable_logging\":\"0\",
        \"log_limit\":\"1000\"
    }'"
    wp "rewrite flush"
    wp "cache flush"
 }
 fix_mysql() {
  echo "ALTER TABLE mysql.column_stats MODIFY histogram longblob; ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" | mysql -u root -p$(cat /run/secrets/db_root_password)
 }
 show_plugins() {
  wp "plugin list --fields=name,status,wporg_status,version,update_version,auto_update,tested_up_to,wporg_last_updated"
 }
--- a/alaconnect.yml
+++ b/alaconnect.yml
@ -1,12 +0,0 @@
 authentik:
    uncomment:
        - compose.authentik.yml
        - AUTHENTIK_DOMAIN
        - SECRET_AUTHENTIK_SECRET_VERSION
        - SECRET_AUTHENTIK_ID_VERSION
        - LOGIN_TYPE
    inital-hooks:
        - app set_authentik
    shared_secrets:
        wordpress_secret: authentik_secret
        wordpress_id: authentik_id
--- a/backup.d/NOTES.md
+++ b/backup.d/NOTES.md
@ -0,0 +1,3 @@
 # Notes
 - The only thing different between [fr_singlesite_wordpress.yml](./fr_singlesite_wordpress.yml) and [fr_microsites_wordpress.yml](./fr_microsites_wordpress.yml) is the `BORGBASE_REPO` environment variable and the `backup_bot_singlesite_passwd_v1`/`backup_bot_multisite_passwd_v1` secret. These are the two details which are needed for Borgmatic to know how to differentiate between each repository on the Borgbase side (where our backups are stored). Sooo, there could most definitely be a reduction in boilerplate here but I was just moving super fast and wanted to get the backup work done.
--- a/backup.d/borgmatic.yml
+++ b/backup.d/borgmatic.yml
@ -0,0 +1,36 @@
 location:
  source_directories:
    - /var/www/html/wp-content
  repositories:
    - {{ env "BORGBASE_REPO" }}
 storage:
  compression: auto,zstd
  encryption_passphrase: {{ secret "backup_bot_password" }}
  archive_name_format: "{hostname}-{now}"
  ssh_command: "ssh -o 'StrictHostKeyChecking no' -i /run/secrets/backup_bot_ssh_key"
 retention:
  keep_daily: 3
  keep_weekly: 4
  keep_monthly: 12
  keep_yearly: 2
  prefix: "{hostname}-"
 consistency:
  checks:
    - disabled
  check_last: 3
  prefix: "{hostname}-"
 hooks:
  before_backup:
    - echo "`date` - Starting backup"
  after_backup:
    - echo "`date` - Finished backup"
  mysql_databases:
    - name: {{ env "DB_TABLE" }}
      hostname: {{ env "DB_HOST" }}
      port: 3306
      username: {{ env "DB_USER" }}
      password: {{ secret "db_password" }}
--- a/backup.d/fr_microsites_wordpress.yml
+++ b/backup.d/fr_microsites_wordpress.yml
@ -0,0 +1,47 @@
 ---
 version: "3.8"
 services:
  backupbot:
    image: "decentral1se/backup-bot:latest"
    networks:
      - backend
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    secrets:
      - source: backup_bot_ssh_key
        mode: 0400
      - backup_bot_password
      - db_password
    configs:
      - source: borgmatic_config_yml
        target: /etc/borgmatic/config.yaml
    environment:
      - BORGBASE_REPO="bp5oj726@bp5oj726.repo.borgbase.com:repo"
      - DB_HOST=mariadb
      - DB_TABLE=wordpress
      - DB_USER=wordpress
    deploy:
      mode: replicated
      replicas: 0
      labels:
        - "swarm.cronjob.enable=true"
        - "swarm.cronjob.schedule=0 2 * * *" # At 02:00
      restart_policy:
        condition: none
    networks:
      - backend
 configs:
  borgmatic_config_yml:
    name: borgmatic_config_yml_v1
    file: backup.d/borgmatic.yml
    template_driver: golang
 secrets:
  backup_bot_ssh_key:
    name: backup_bot_ssh_key_v1
    external: true
  backup_bot_password:
    name: backup_bot_multisite_passwd_v1
    external: true
--- a/backup.d/fr_singlesite_wordpress.yml
+++ b/backup.d/fr_singlesite_wordpress.yml
@ -0,0 +1,47 @@
 ---
 version: "3.8"
 services:
  backupbot:
    image: "decentral1se/backup-bot:latest"
    networks:
      - backend
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    secrets:
      - source: backup_bot_ssh_key
        mode: 0400
      - backup_bot_password
      - db_password
    configs:
      - source: borgmatic_config_yml
        target: /etc/borgmatic/config.yaml
    environment:
      - BORGBASE_REPO="l32s99em@l32s99em.repo.borgbase.com:repo"
      - DB_HOST=mariadb
      - DB_TABLE=wordpress
      - DB_USER=wordpress
    deploy:
      mode: replicated
      replicas: 0
      labels:
        - "swarm.cronjob.enable=true"
        - "swarm.cronjob.schedule=0 2 * * *" # At 02:00
      restart_policy:
        condition: none
    networks:
      - backend
 configs:
  borgmatic_config_yml:
    name: borgmatic_config_yml_v1
    file: backup.d/borgmatic.yml
    template_driver: golang
 secrets:
  backup_bot_ssh_key:
    name: backup_bot_ssh_key_v1
    external: true
  backup_bot_password:
    name: backup_bot_singlesite_passwd_v1
    external: true
--- a/compose.abra.yml
+++ b/compose.abra.yml
@ -0,0 +1,65 @@
 # #############################################################################
 # NOTE(decentral1se): this is a test compose.yml to test abra based deployments
 # #############################################################################
 ---
 version: "3.8"
 services:
  wordpress:
    image: "wordpress:5.5.1"
    networks:
      - backend
      - proxy
    environment:
      - WORDPRESS_DB_HOST=mariadb
      - WORDPRESS_DB_USER=wordpress
      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
      - WORDPRESS_DB_NAME=wordpress
    secrets:
      - db_password
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.${NAME}.tls=true"
        - "traefik.http.services.${NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${NAME}.tls.certresolver=production"
        - "traefik.http.routers.${NAME}.entrypoints=web-secure"
  mariadb:
    image: "mariadb:10.5"
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
      - backend
    environment:
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
      - MYSQL_DATABASE=wordpress
      - MYSQL_USER=wordpress
      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
    secrets:
      - db_password
      - db_root_password
 networks:
  backend:
    driver: overlay
  proxy:
    external: true
 volumes:
  mariadb:
  wordpress_content:
 secrets:
  db_root_password:
    external: true
    name: ${DB_ROOT_PASSWD}
  db_password:
    external: true
    name: ${DB_PASSWD}
--- a/compose.authentik.yml
+++ b/compose.authentik.yml
@ -1,14 +0,0 @@
 version: "3.8"
 services:
  app:
    secrets:
      - authentik_secret
      - authentik_id
 secrets:
  authentik_secret:
    external: true
    name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
  authentik_id:
    external: true
    name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
--- a/compose.composer.yml
+++ b/compose.composer.yml
@ -1,14 +0,0 @@
 ---
 version: "3.8"
 services:
  app:
    volumes:
      - "composer:/var/www/html/composer"
    environment:
      - ENABLE_COMPOSER=1
      - COMPOSER=composer/composer.json
      - COMPOSER_VENDOR_DIR=composer/vendor
 volumes:
  composer:
--- a/compose.ftp-2220.yml
+++ b/compose.ftp-2220.yml
@ -1,7 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    ports:
        - 2220:22
--- a/compose.ftp-2221.yml
+++ b/compose.ftp-2221.yml
@ -1,7 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    ports:
        - 2221:22
--- a/compose.ftp-2222.yml
+++ b/compose.ftp-2222.yml
@ -1,7 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    ports:
        - 2222:22
--- a/compose.ftp-2223.yml
+++ b/compose.ftp-2223.yml
@ -1,7 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    ports:
        - 2223:22
--- a/compose.ftp-2224.yml
+++ b/compose.ftp-2224.yml
@ -1,7 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    ports:
        - 2224:22
--- a/compose.ftp-2225.yml
+++ b/compose.ftp-2225.yml
@ -1,7 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    ports:
        - 2220:22
--- a/compose.ftp.yml
+++ b/compose.ftp.yml
@ -1,24 +0,0 @@
 ---
 version: "3.8"
 services:
  ftp:
    image: atmoz/sftp
    secrets:
      - ftp_pass
    volumes:
      - "wordpress_content:/home/ftp_user/wp-content"
    configs:
      - source: users_conf
        target: /etc/sftp/users.conf
 secrets:
  ftp_pass:
    name: ${STACK_NAME}_ftp_pass_${SECRET_FTP_PASS_VERSION}
    external: true
 configs:
  users_conf:
    name: ${STACK_NAME}_users_conf_${USERS_CONF_VERSION}
    file: users.conf.tmpl
    template_driver: golang
--- a/compose.mailrelay.yml
+++ b/compose.mailrelay.yml
@ -3,24 +3,29 @@ version: "3.8"
 services:
  app:
-    entrypoint: /docker-entrypoint.mailrelay.sh
+    entrypoint: /docker-entrypoint.sh
    environment:
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT:-25}
      - MAIL_FROM=${MAIL_FROM}
    networks:
      - mail
    configs:
      - source: mstmp_conf
        target: /etc/msmtprc
-      - source: entrypoint_mailrelay_conf
+      - source: entrypoint_conf
-        target: /docker-entrypoint.mailrelay.sh
+        target: /docker-entrypoint.sh
        mode: 0555
 networks:
  mail:
    external: true
 configs:
  mstmp_conf:
    name: ${STACK_NAME}_mstmp_conf_${MSMTP_CONF_VERSION}
    file: msmtp.conf.tmpl
    template_driver: golang
-  entrypoint_mailrelay_conf:
+  entrypoint_conf:
    name: ${STACK_NAME}_entrypoint_mailrelay_${ENTRYPOINT_MAILRELAY_CONF_VERSION}
    file: entrypoint.mailrelay.sh.tmpl
    template_driver: golang
--- a/compose.public-db.yml
+++ b/compose.public-db.yml
@ -1,9 +0,0 @@
 ---
 version: "3.8"
 services:
  db:
    ports:
      - target: 3306
        published: 3306
        mode: host
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -1,19 +0,0 @@
 ---
 version: "3.8"
 services:
  app:
    secrets:
      - smtp_password
    environment:
      - SMTP_HOST
      - SMTP_PORT=${SMTP_PORT:-25}
      - SMTP_AUTH
      - SMTP_TLS
      - MAIL_FROM
      - SMTP_OVERRIDE_FROM
 secrets:
  smtp_password:
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
    external: true
--- a/compose.yml
+++ b/compose.yml
@ -3,37 +3,20 @@ version: "3.8"
 services:
  app:
-    image: "wordpress:6.8.1"
+    image: "wordpress:5.5.1"
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    networks:
      - backend
      - proxy
    environment:
-      WORDPRESS_CONFIG_EXTRA: |
+      - WORDPRESS_DB_HOST=db
-            define( 'AUTOMATIC_UPDATER_DISABLED', false );
+      - WORDPRESS_DB_USER=wordpress
-            define( 'WP_AUTO_UPDATE_CORE', false );
+      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
-            ${WORDPRESS_CONFIG_EXTRA}
+      - WORDPRESS_DB_NAME=wordpress
-      PAGER: more
+      - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
      PHP_EXTENSIONS: ${PHP_EXTENSIONS}
      CORS_ALLOW_ALL:
      COMPOSER:
    secrets:
      - db_password
    configs:
      - source: php_uploads_conf
        target: /usr/local/etc/php/conf.d/uploads.ini
      - source: entrypoint_conf
        target: /docker-entrypoint.sh
        mode: 0555
      - source: htaccess_conf
        target: /var/www/html/.htaccess
    entrypoint: /docker-entrypoint.sh
    depends_on:
      - db
    healthcheck:
@ -53,19 +36,13 @@ services:
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        # 3wc: this rule works for routing, but not for generating certificates
-        # see https://git.autonomic.zone/coop-cloud/planning/issues/14
+        # see https://git.autonomic.zone/compose-stacks/planning/issues/14
        #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
        - "coop-cloud.${STACK_NAME}.version=2.16.0+6.8.1"
  db:
-    image: "mariadb:11.7"
+    image: "mariadb:10.5"
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
@ -78,15 +55,10 @@ services:
    secrets:
      - db_password
      - db_root_password
    deploy:
      labels:
        backupbot.backup: "${ENABLE_BACKUPS:-true}"
        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz"
        backupbot.backup.volumes.mariadb.path: "dump.sql.gz"
        backupbot.restore.post-hook: "gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql"
 networks:
  backend:
    driver: overlay
  proxy:
    external: true
@ -97,21 +69,7 @@ volumes:
 secrets:
  db_root_password:
    external: true
-    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
  db_password:
    external: true
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
 configs:
  entrypoint_conf:
    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  php_uploads_conf:
    name: ${STACK_NAME}_php_uploads_conf_${PHP_UPLOADS_CONF_VERSION}
    file: uploads.ini.tmpl
    template_driver: golang
  htaccess_conf:
    name: ${STACK_NAME}_htaccess_conf_${HTACCESS_CONF_VERSION}
    file: htaccess.tmpl
    template_driver: golang
--- a/entrypoint.mailrelay.sh.tmpl
+++ b/entrypoint.mailrelay.sh.tmpl
@ -4,4 +4,6 @@ apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y msmtp && rm
 echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini
-/docker-entrypoint.sh
+# Upstream ENTRYPOINT
 # https://github.com/docker-library/wordpress/blob/master/php7.4/apache/Dockerfile#L120
 /usr/local/bin/docker-entrypoint.sh apache2-foreground "$@"
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,51 +0,0 @@
 #!/bin/bash
 {{ if (env "PHP_EXTENSIONS") }}
 docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
 {{ end }}
 curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
 chmod +x /usr/local/bin/wp
 {{ if eq (env "ENABLE_COMPOSER") "1" }}
 mkdir -p /var/www/.composer
 chown www-data:www-data /var/www/.composer /var/www/html/composer
 curl https://getcomposer.org/installer -o /tmp/composer-setup.php
 php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
 php /tmp/composer-setup.php
 rm /tmp/composer-setup.php
 mv /var/www/html/composer.phar /usr/local/bin/composer
 {{ end }}
 {{ if eq (env "CORS_ALLOW_ALL") "1" }}
 a2enmod headers
 sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
 {{ end }}
 {{ if eq (env "MULTISITE") "enable" }}
 export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
 define('WP_CACHE', false);
 define('WP_ALLOW_MULTISITE', true );"
 {{ end }}
 {{ if or (eq (env "MULTISITE") "subdomain") (eq (env "MULTISITE") "subfolder") }}
 export WORDPRESS_CONFIG_EXTRA="$WORDPRESS_CONFIG_EXTRA
 define('MULTISITE', true);
 define('SUBDOMAIN_INSTALL', true);
 define('DOMAIN_CURRENT_SITE', '${DOMAIN}');
 define('PATH_CURRENT_SITE', '/');
 define('SITE_ID_CURRENT_SITE', 1);
 define('BLOG_ID_CURRENT_SITE', 1);
 define('FORCE_SSL_ADMIN', true );
 define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 {{ end }}
 if [ -n "$@" ]; then
 	"$@"
 fi
 # Upstream ENTRYPOINT
 # https://github.com/docker-library/wordpress/blob/master/php7.4/apache/Dockerfile#L120
 /usr/local/bin/docker-entrypoint.sh apache2-foreground
--- a/htaccess.tmpl
+++ b/htaccess.tmpl
@ -1,57 +0,0 @@
 {{ if eq (env "MULTISITE") "" -}}
 # BEGIN WordPress
 RewriteEngine On
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 # END WordPress
 {{- end -}}
 {{- if eq (env "MULTISITE") "subfolder" -}}
 # BEGIN WordPress Multisite
 # Using subfolder network type: https://wordpress.org/documentation/article/htaccess/#multisite
 RewriteEngine On
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 # add a trailing slash to /wp-admin
 RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
 RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
 RewriteRule . index.php [L]
 # END WordPress Multisite
 {{- end -}}
 {{- if eq (env "MULTISITE") "subdomain" -}}
 # BEGIN WordPress Multisite
 # Using subdomain network type: https://wordpress.org/documentation/article/htaccess/#multisite
 RewriteEngine On
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 # add a trailing slash to /wp-admin
 RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
 RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
 RewriteRule ^(.*\.php)$ $1 [L]
 RewriteRule . index.php [L]
 # END WordPress Multisite
 {{- end }}
--- a/msmtp.conf.tmpl
+++ b/msmtp.conf.tmpl
@ -1,19 +1,3 @@
 account default
 host {{ env "SMTP_HOST" }}
 from {{ env "MAIL_FROM" }}
 user {{ or (env "SMTP_USER") (env "MAIL_FROM") }}
 port {{ env "SMTP_PORT" }}
 {{ if eq (env "SMTP_OVERRIDE_FROM") "on" }}
 set_from_header on
 {{ end }}
 {{ if eq (env "SMTP_AUTH") "on" }}
 auth {{ env "SMTP_AUTH" }}
 passwordeval "cat /run/secrets/smtp_password"
 {{ end }}
 {{ if eq (env "SMTP_TLS") "on" }}
 tls {{ env "SMTP_TLS" }}
 tls_trust_file /etc/ssl/certs/ca-certificates.crt
 {{ end }}
--- a/package.yml
+++ b/package.yml
@ -0,0 +1,17 @@
 ---
 name: Wordpress
 description: Open source software you can use to create a beautiful website, blog, or app
 arguments:
  name:
    description: The name of your Wordpress application
    example: my-cool-project
  domain:
    description: The domain name where your Wordpress will be available on the web
    example: my-cool-project.com
 secrets:
  db_passwd:
    description: The normal user database password
    length: 8
  db_root_passwd:
    description: The root user database password
    length: 8
--- a/release/2.10.0+6.5.5
+++ b/release/2.10.0+6.5.5
@ -1 +0,0 @@
 Adds redirects and alakazam integration
--- a/release/2.13.2+6.7.1
+++ b/release/2.13.2+6.7.1
@ -1 +0,0 @@
 Breaking change for ftp container: you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml" to open port 2222 again. You can also select between port 2220-2225.
--- a/release/2.4.0+6.3.0
+++ b/release/2.4.0+6.3.0
@ -1 +0,0 @@
 The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.
--- a/release/2.7.0+6.4.2
+++ b/release/2.7.0+6.4.2
@ -1 +0,0 @@
 Multisite now also works with subpaths instead of subdomains. Also Multisite support was simplified. If you are using a subdomain multisite setup you can remove the `WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true);...` from your config and instead set MULTISITE=subdomain.
--- a/uploads.ini.tmpl
+++ b/uploads.ini.tmpl
@ -1,11 +0,0 @@
 {{ $upload_max_size := "256M" }}
 {{ if ne (env "UPLOAD_MAX_SIZE") "" }} {{ $upload_max_size = env "UPLOAD_MAX_SIZE" }} {{ end }}
 {{ $upload_max_time := "30" }}
 {{ if ne (env "UPLOAD_MAX_TIME") "" }} {{ $upload_max_time = env "UPLOAD_MAX_TIME" }} {{ end }}
 file_uploads = On
 upload_max_filesize =  {{ $upload_max_size }}
 post_max_size = {{ $upload_max_size }}
 memory_limit = {{ $upload_max_size }}
 max_execution_time = {{ $upload_max_time }}
 max_input_time = {{ $upload_max_time }}
--- a/users.conf.tmpl
+++ b/users.conf.tmpl
@ -1 +0,0 @@
 ftp_user:{{ secret "ftp_pass" }}:33:33
Author	SHA1	Message	Date
3wc	c3b4bb5dfb	Add EXTRA_DOMAINS support	2020-10-05 13:06:51 +02:00
3wc	82332b6854	Rename services Some checks failed continuous-integration/drone/pr Build is failing Details See compose-stacks/organising#19	2020-10-01 12:32:12 +02:00
		`@ -0,0 +1,3 @@`
							`# Notes`

							- The only thing different between [fr_singlesite_wordpress.yml](./fr_singlesite_wordpress.yml) and [fr_microsites_wordpress.yml](./fr_microsites_wordpress.yml) is the `BORGBASE_REPO` environment variable and the `backup_bot_singlesite_passwd_v1`/`backup_bot_multisite_passwd_v1` secret. These are the two details which are needed for Borgmatic to know how to differentiate between each repository on the Borgbase side (where our backups are stored). Sooo, there could most definitely be a reduction in boilerplate here but I was just moving super fast and wanted to get the backup work done.
		`@ -1 +0,0 @@`
			`Breaking change for ftp container: you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2222.yml" to open port 2222 again. You can also select between port 2220-2225.`
		`@ -1 +0,0 @@`
			`The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.`
		`@ -1 +0,0 @@`
			Multisite now also works with subpaths instead of subdomains. Also Multisite support was simplified. If you are using a subdomain multisite setup you can remove the `WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true);...` from your config and instead set MULTISITE=subdomain.