commit 515f110b2f295d8699125dfc6dddd7e14b3f3b26 Author: cellarspoon Date: Thu Dec 9 14:03:46 2021 +0100 init diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..56567de --- /dev/null +++ b/.env.sample @@ -0,0 +1,34 @@ +TYPE=writefreely + +DOMAIN=writefreely.example.com +HOST_URL=https://${DOMAIN} +SITE_NAME=writefreely + +FEDERATION=true +LOCAL_TIMELINE=false +OPEN_DELETION=false +OPEN_REGISTRATION=true +PRIVATE=true +PUBLIC_STATS=true +SITE_DESCRIPTION= +SITE_THEME=write + +#This is here so later lines can extend it; you likely don't wanna edit +COMPOSE_FILE="compose.yml" + +## Domain aliases +#EXTRA_DOMAINS=', `www.writefreely.example.com`' +LETS_ENCRYPT_ENV=production + +SECRET_DB_ROOT_PASSWORD_VERSION=v1 +SECRET_DB_PASSWORD_VERSION=v1 + +## Set both for keycloak. See README.md for explanation +#KEYCLOAK_ENABLED=1 +#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml" +#OAUTH_CLIENT_ID=writefreely +#OAUTH_HOST= +#OAUTH_CLIENT_SECRET= +#OAUTH_LOGIN_BUTTON= +#CONFIG_OAUTH_WRITEFREELY_VERSION=v1 +#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1 diff --git a/README.md b/README.md new file mode 100644 index 0000000..8793d8b --- /dev/null +++ b/README.md @@ -0,0 +1,56 @@ +# writefreely + +> An open source platform for building a writing space on the web. + + + +- **Category**: Apps +- **Status**: 2, beta +- **Image**: [`writeas/writefreely`](https://hub.docker.com/r/writeas/writefreely), 4, upstream +- **Healthcheck**: 3 +- **Backups**: 1 +- **Email**: 3 +- **Tests**: No +- **SSO**: 1 + + + +## Basic usage + +1. Set up Docker Swarm and [`abra`] +2. Deploy [`coop-cloud/traefik`] +3. `abra app new writefreely --secrets` (optionally with `--pass` if you'd like + to save secrets in `pass`) +4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to + your Docker swarm box +5. `abra app YOURAPPDOMAIN deploy` +6. Open the configured domain in your browser to finish set-up + +## Post-install + +``` +./first_deploy.sh +``` + +## Keycloak setup + +Until [this](https://github.com/writefreely/writefreely/issues/516) is fixed, you have to migrate the db yourself. + +Get into a db shell with the following: + +``` +db_passwd=$(abra app run db cat /run/secrets/db_password) +abra app run db mysql -u writeas -p"$db_passwd" writefreely +``` + +Run the migration: + +``` +ALTER TABLE 'oauth_users' MODIFY 'access_token' varchar(2048); +``` + +For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms//protocol/openid-connect`. + +## Acknowledgements + +Thanks to [@knoflook](https://git.coopcloud.tech/knoflook) for packaging work :heart: diff --git a/abra.sh b/abra.sh new file mode 100644 index 0000000..6ca5c75 --- /dev/null +++ b/abra.sh @@ -0,0 +1,2 @@ +export CONFIG_WRITEFREELY_VERSION=v1 +export CONFIG_ENTRYPOINT_VERSION=v1 diff --git a/compose.keycloak.yml b/compose.keycloak.yml new file mode 100644 index 0000000..a770d0a --- /dev/null +++ b/compose.keycloak.yml @@ -0,0 +1,28 @@ +--- +version: "3.8" + +services: + app: + secrets: + - db_password + - oauth_client_secret + environment: + - FEDERATION + - HOST_URL + - KEYCLOAK_ENABLED + - LOCAL_TIMELINE + - OAUTH_CLIENT_ID + - OAUTH_HOST + - OAUTH_LOGIN_BUTTON + - OPEN_DELETION + - OPEN_REGISTRATION + - PRIVATE + - PUBLIC_STATS + - SITE_DESCRIPTION + - SITE_NAME + - SITE_THEME + +secrets: + oauth_client_secret: + external: true + name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION} diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..08c8657 --- /dev/null +++ b/compose.yml @@ -0,0 +1,80 @@ +--- +version: "3.8" + +services: + app: + image: "writeas/writefreely:latest" + environment: + - DB_PASSWORD_FILE=/run/secrets/db_password + - FEDERATION + - HOST_URL + - LOCAL_TIMELINE + - OPEN_DELETION + - OPEN_REGISTRATION + - PRIVATE + - PUBLIC_STATS + - SITE_DESCRIPTION + - SITE_NAME + - SITE_THEME + configs: + - source: config_ini + target: /go/config.ini + secrets: + - db_password + volumes: + - "web-keys:/go/keys" + networks: + - internal + - proxy + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" + + db: + image: "mariadb:10.7" + environment: + - MYSQL_DATABASE=writefreely + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + - MYSQL_PASSWORD_FILE=/run/secrets/db_password + - MYSQL_USER=writeas + volumes: + - "db:/var/lib/mysql" + networks: + - internal + secrets: + - db_root_password + - db_password + +volumes: + web-keys: + db: + +networks: + proxy: + external: true + internal: + +secrets: + db_root_password: + external: true + name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + db_password: + external: true + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} + +configs: + config_ini: + name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION} + file: config.ini.tmpl + template_driver: golang diff --git a/config.ini.tmpl b/config.ini.tmpl new file mode 100644 index 0000000..fe206c7 --- /dev/null +++ b/config.ini.tmpl @@ -0,0 +1,72 @@ +[server] +hidden_host = +port = 8080 +bind = 0.0.0.0 +tls_cert_path = +tls_key_path = +autocert = false +templates_parent_dir = +static_parent_dir = +pages_parent_dir = +keys_parent_dir = +hash_seed = +gopher_port = 0 + +[database] +type = mysql +filename = +username = writeas +password = {{ secret "db_password" }} +database = writefreely +host = db +port = 3306 +tls = false + +[app] +site_name = {{ env "SITE_NAME" }} +site_description = {{ env "SITE_DESCRIPTION" }} +host = {{ env "HOST_URL" }} +theme = {{ env "SITE_THEME" }} +editor = +disable_js = false +webfonts = true +landing = +simple_nav = false +wf_modesty = false +chorus = false +forest = false +disable_drafts = false +single_user = false +open_registration = {{ env "OPEN_REGISTRATION" }} +open_deletion = {{ env "OPEN_DELETION" }} +min_username_len = 3 +max_blogs = 10 +federation = {{ env "FEDERATION" }} +public_stats = {{ env "PUBLIC_STATS" }} +monetization = false +notes_only = false +private = {{ env "PRIVATE" }} +local_timeline = {{ env "LOCAL_TIMELINE" }} +user_invites = +default_visibility = +update_checks = false +disable_password_auth = true + +{{ if eq (env "KEYCLOAK_ENABLED") "1" }} +[oauth.generic] +client_id = {{ env "OAUTH_CLIENT_ID" }} +client_secret = {{ secret "oauth_client_secret" }} +host = {{ env "OAUTH_HOST" }} +display_name = {{ env "OAUTH_LOGIN_BUTTON" }} +callback_proxy = +callback_proxy_api = +token_endpoint = /token +inspect_endpoint = /userinfo +auth_endpoint = /auth +scope = openid profile email +allow_disconnect = false +map_user_id = sub +map_username = preferred_username +map_display_name = +map_email = email +{{ end }} diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..e49b6fd --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +/go/cmd/writefreely/writefreely diff --git a/first_deploy.sh b/first_deploy.sh new file mode 100755 index 0000000..39e3732 --- /dev/null +++ b/first_deploy.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +function show_help () { + echo "usage: ./first_deploy.sh [app name]" +} + +if [[ $1 == "" ]]; then + show_help + exit 1 +fi + +app=$1 + +abra app run $app app /go/cmd/writefreely/writefreely --init-db +passwd=`abra app run $app db cat /run/secrets/db_password` +echo 'ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048)' | abra app run $app db mysql -u writeas -p$passwd writefreely + +exit 0