init

.env.sample

@@ -0,0 +1,34 @@
+TYPE=writefreely
+
+DOMAIN=writefreely.example.com
+HOST_URL=https://${DOMAIN}
+SITE_NAME=writefreely
+
+FEDERATION=true
+LOCAL_TIMELINE=false
+OPEN_DELETION=false
+OPEN_REGISTRATION=true
+PRIVATE=true
+PUBLIC_STATS=true
+SITE_DESCRIPTION=
+SITE_THEME=write
+
+#This is here so later lines can extend it; you likely don't wanna edit
+COMPOSE_FILE="compose.yml"
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.writefreely.example.com`'
+LETS_ENCRYPT_ENV=production
+
+SECRET_DB_ROOT_PASSWORD_VERSION=v1
+SECRET_DB_PASSWORD_VERSION=v1
+
+## Set both for keycloak. See README.md for explanation
+#KEYCLOAK_ENABLED=1
+#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
+#OAUTH_CLIENT_ID=writefreely
+#OAUTH_HOST=
+#OAUTH_CLIENT_SECRET=
+#OAUTH_LOGIN_BUTTON=
+#CONFIG_OAUTH_WRITEFREELY_VERSION=v1
+#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1

README.md

@@ -0,0 +1,56 @@
+# writefreely
+
+> An open source platform for building a writing space on the web.
+
+<!-- metadata -->
+
+- **Category**: Apps
+- **Status**: 2, beta
+- **Image**: [`writeas/writefreely`](https://hub.docker.com/r/writeas/writefreely), 4, upstream
+- **Healthcheck**: 3
+- **Backups**: 1
+- **Email**: 3
+- **Tests**: No
+- **SSO**: 1
+
+<!-- endmetadata -->
+
+## Basic usage
+
+1. Set up Docker Swarm and [`abra`]
+2. Deploy [`coop-cloud/traefik`]
+3. `abra app new writefreely --secrets` (optionally with `--pass` if you'd like
+   to save secrets in `pass`)
+4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
+   your Docker swarm box
+5. `abra app YOURAPPDOMAIN deploy`
+6. Open the configured domain in your browser to finish set-up
+
+## Post-install
+
+```
+./first_deploy.sh <app name>
+```
+
+## Keycloak setup
+
+Until [this](https://github.com/writefreely/writefreely/issues/516) is fixed, you have to migrate the db yourself.
+
+Get into a db shell with the following:
+
+```
+db_passwd=$(abra app run <app name> db cat /run/secrets/db_password)
+abra app run <app name> db mysql -u writeas -p"$db_passwd" writefreely
+```
+
+Run the migration:
+
+```
+ALTER TABLE 'oauth_users' MODIFY 'access_token' varchar(2048);
+```
+
+For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms/<your realm>/protocol/openid-connect`.
+
+## Acknowledgements
+
+Thanks to [@knoflook](https://git.coopcloud.tech/knoflook) for packaging work :heart:

abra.sh

@@ -0,0 +1,2 @@
+export CONFIG_WRITEFREELY_VERSION=v1
+export CONFIG_ENTRYPOINT_VERSION=v1

compose.keycloak.yml

@@ -0,0 +1,28 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - db_password
+      - oauth_client_secret
+    environment:
+      - FEDERATION
+      - HOST_URL
+      - KEYCLOAK_ENABLED
+      - LOCAL_TIMELINE
+      - OAUTH_CLIENT_ID
+      - OAUTH_HOST
+      - OAUTH_LOGIN_BUTTON
+      - OPEN_DELETION
+      - OPEN_REGISTRATION
+      - PRIVATE
+      - PUBLIC_STATS
+      - SITE_DESCRIPTION
+      - SITE_NAME
+      - SITE_THEME
+
+secrets:
+  oauth_client_secret:
+    external: true
+    name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION}

compose.yml

@@ -0,0 +1,80 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: "writeas/writefreely:latest"
+    environment:
+      - DB_PASSWORD_FILE=/run/secrets/db_password
+      - FEDERATION
+      - HOST_URL
+      - LOCAL_TIMELINE
+      - OPEN_DELETION
+      - OPEN_REGISTRATION
+      - PRIVATE
+      - PUBLIC_STATS
+      - SITE_DESCRIPTION
+      - SITE_NAME
+      - SITE_THEME
+    configs:
+      - source: config_ini
+        target: /go/config.ini
+    secrets:
+      - db_password
+    volumes:
+      - "web-keys:/go/keys"
+    networks:
+      - internal
+      - proxy
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version=0.1.0+latest"
+
+  db:
+    image: "mariadb:10.7"
+    environment:
+      - MYSQL_DATABASE=writefreely
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_USER=writeas
+    volumes:
+      - "db:/var/lib/mysql"
+    networks:
+      - internal
+    secrets:
+      - db_root_password
+      - db_password
+
+volumes:
+  web-keys:
+  db:
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+secrets:
+  db_root_password:
+    external: true
+    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+
+configs:
+  config_ini:
+    name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION}
+    file: config.ini.tmpl
+    template_driver: golang

config.ini.tmpl

@@ -0,0 +1,72 @@
+[server]
+hidden_host          =
+port                 = 8080
+bind                 = 0.0.0.0
+tls_cert_path        =
+tls_key_path         =
+autocert             = false
+templates_parent_dir =
+static_parent_dir    =
+pages_parent_dir     =
+keys_parent_dir      =
+hash_seed            =
+gopher_port          = 0
+
+[database]
+type     = mysql
+filename =
+username = writeas
+password = {{ secret "db_password" }}
+database = writefreely
+host     = db
+port     = 3306
+tls      = false
+
+[app]
+site_name             = {{ env "SITE_NAME" }}
+site_description      = {{ env "SITE_DESCRIPTION" }}
+host                  = {{ env "HOST_URL" }}
+theme                 = {{ env "SITE_THEME" }}
+editor                =
+disable_js            = false
+webfonts              = true
+landing               =
+simple_nav            = false
+wf_modesty            = false
+chorus                = false
+forest                = false
+disable_drafts        = false
+single_user           = false
+open_registration     = {{ env "OPEN_REGISTRATION" }}
+open_deletion         = {{ env "OPEN_DELETION" }}
+min_username_len      = 3
+max_blogs             = 10
+federation            = {{ env "FEDERATION" }}
+public_stats          = {{ env "PUBLIC_STATS" }}
+monetization          = false
+notes_only            = false
+private               = {{ env "PRIVATE" }}
+local_timeline        = {{ env "LOCAL_TIMELINE" }}
+user_invites          =
+default_visibility    =
+update_checks         = false
+disable_password_auth = true
+
+{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
+[oauth.generic]
+client_id          = {{ env "OAUTH_CLIENT_ID" }}
+client_secret      = {{ secret "oauth_client_secret" }}
+host               = {{ env "OAUTH_HOST" }}
+display_name       = {{ env "OAUTH_LOGIN_BUTTON" }}
+callback_proxy     =
+callback_proxy_api =
+token_endpoint     = /token
+inspect_endpoint   = /userinfo
+auth_endpoint      = /auth
+scope              = openid profile email
+allow_disconnect   = false
+map_user_id        = sub
+map_username       = preferred_username
+map_display_name   =
+map_email          = email
+{{ end }}

entrypoint.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/go/cmd/writefreely/writefreely

first_deploy.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+function show_help () {
+    echo "usage: ./first_deploy.sh [app name]"
+}
+
+if [[ $1 == "" ]]; then
+    show_help
+    exit 1
+fi
+
+app=$1
+
+abra app run $app app /go/cmd/writefreely/writefreely --init-db
+passwd=`abra app run $app db cat /run/secrets/db_password`
+echo 'ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048)' | abra app run $app db mysql -u writeas -p$passwd writefreely
+
+exit 0