This commit is contained in:
decentral1se 2021-12-09 14:03:46 +01:00
commit 515f110b2f
Signed by: decentral1se
GPG Key ID: 03789458B3D0C410
8 changed files with 293 additions and 0 deletions

34
.env.sample Normal file
View File

@ -0,0 +1,34 @@
TYPE=writefreely
DOMAIN=writefreely.example.com
HOST_URL=https://${DOMAIN}
SITE_NAME=writefreely
FEDERATION=true
LOCAL_TIMELINE=false
OPEN_DELETION=false
OPEN_REGISTRATION=true
PRIVATE=true
PUBLIC_STATS=true
SITE_DESCRIPTION=
SITE_THEME=write
#This is here so later lines can extend it; you likely don't wanna edit
COMPOSE_FILE="compose.yml"
## Domain aliases
#EXTRA_DOMAINS=', `www.writefreely.example.com`'
LETS_ENCRYPT_ENV=production
SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
## Set both for keycloak. See README.md for explanation
#KEYCLOAK_ENABLED=1
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
#OAUTH_CLIENT_ID=writefreely
#OAUTH_HOST=
#OAUTH_CLIENT_SECRET=
#OAUTH_LOGIN_BUTTON=
#CONFIG_OAUTH_WRITEFREELY_VERSION=v1
#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1

56
README.md Normal file
View File

@ -0,0 +1,56 @@
# writefreely
> An open source platform for building a writing space on the web.
<!-- metadata -->
- **Category**: Apps
- **Status**: 2, beta
- **Image**: [`writeas/writefreely`](https://hub.docker.com/r/writeas/writefreely), 4, upstream
- **Healthcheck**: 3
- **Backups**: 1
- **Email**: 3
- **Tests**: No
- **SSO**: 1
<!-- endmetadata -->
## Basic usage
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new writefreely --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
6. Open the configured domain in your browser to finish set-up
## Post-install
```
./first_deploy.sh <app name>
```
## Keycloak setup
Until [this](https://github.com/writefreely/writefreely/issues/516) is fixed, you have to migrate the db yourself.
Get into a db shell with the following:
```
db_passwd=$(abra app run <app name> db cat /run/secrets/db_password)
abra app run <app name> db mysql -u writeas -p"$db_passwd" writefreely
```
Run the migration:
```
ALTER TABLE 'oauth_users' MODIFY 'access_token' varchar(2048);
```
For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms/<your realm>/protocol/openid-connect`.
## Acknowledgements
Thanks to [@knoflook](https://git.coopcloud.tech/knoflook) for packaging work :heart:

2
abra.sh Normal file
View File

@ -0,0 +1,2 @@
export CONFIG_WRITEFREELY_VERSION=v1
export CONFIG_ENTRYPOINT_VERSION=v1

28
compose.keycloak.yml Normal file
View File

@ -0,0 +1,28 @@
---
version: "3.8"
services:
app:
secrets:
- db_password
- oauth_client_secret
environment:
- FEDERATION
- HOST_URL
- KEYCLOAK_ENABLED
- LOCAL_TIMELINE
- OAUTH_CLIENT_ID
- OAUTH_HOST
- OAUTH_LOGIN_BUTTON
- OPEN_DELETION
- OPEN_REGISTRATION
- PRIVATE
- PUBLIC_STATS
- SITE_DESCRIPTION
- SITE_NAME
- SITE_THEME
secrets:
oauth_client_secret:
external: true
name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION}

80
compose.yml Normal file
View File

@ -0,0 +1,80 @@
---
version: "3.8"
services:
app:
image: "writeas/writefreely:latest"
environment:
- DB_PASSWORD_FILE=/run/secrets/db_password
- FEDERATION
- HOST_URL
- LOCAL_TIMELINE
- OPEN_DELETION
- OPEN_REGISTRATION
- PRIVATE
- PUBLIC_STATS
- SITE_DESCRIPTION
- SITE_NAME
- SITE_THEME
configs:
- source: config_ini
target: /go/config.ini
secrets:
- db_password
volumes:
- "web-keys:/go/keys"
networks:
- internal
- proxy
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=0.1.0+latest"
db:
image: "mariadb:10.7"
environment:
- MYSQL_DATABASE=writefreely
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_USER=writeas
volumes:
- "db:/var/lib/mysql"
networks:
- internal
secrets:
- db_root_password
- db_password
volumes:
web-keys:
db:
networks:
proxy:
external: true
internal:
secrets:
db_root_password:
external: true
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
configs:
config_ini:
name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION}
file: config.ini.tmpl
template_driver: golang

72
config.ini.tmpl Normal file
View File

@ -0,0 +1,72 @@
[server]
hidden_host =
port = 8080
bind = 0.0.0.0
tls_cert_path =
tls_key_path =
autocert = false
templates_parent_dir =
static_parent_dir =
pages_parent_dir =
keys_parent_dir =
hash_seed =
gopher_port = 0
[database]
type = mysql
filename =
username = writeas
password = {{ secret "db_password" }}
database = writefreely
host = db
port = 3306
tls = false
[app]
site_name = {{ env "SITE_NAME" }}
site_description = {{ env "SITE_DESCRIPTION" }}
host = {{ env "HOST_URL" }}
theme = {{ env "SITE_THEME" }}
editor =
disable_js = false
webfonts = true
landing =
simple_nav = false
wf_modesty = false
chorus = false
forest = false
disable_drafts = false
single_user = false
open_registration = {{ env "OPEN_REGISTRATION" }}
open_deletion = {{ env "OPEN_DELETION" }}
min_username_len = 3
max_blogs = 10
federation = {{ env "FEDERATION" }}
public_stats = {{ env "PUBLIC_STATS" }}
monetization = false
notes_only = false
private = {{ env "PRIVATE" }}
local_timeline = {{ env "LOCAL_TIMELINE" }}
user_invites =
default_visibility =
update_checks = false
disable_password_auth = true
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
[oauth.generic]
client_id = {{ env "OAUTH_CLIENT_ID" }}
client_secret = {{ secret "oauth_client_secret" }}
host = {{ env "OAUTH_HOST" }}
display_name = {{ env "OAUTH_LOGIN_BUTTON" }}
callback_proxy =
callback_proxy_api =
token_endpoint = /token
inspect_endpoint = /userinfo
auth_endpoint = /auth
scope = openid profile email
allow_disconnect = false
map_user_id = sub
map_username = preferred_username
map_display_name =
map_email = email
{{ end }}

3
entrypoint.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
/go/cmd/writefreely/writefreely

18
first_deploy.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
function show_help () {
echo "usage: ./first_deploy.sh [app name]"
}
if [[ $1 == "" ]]; then
show_help
exit 1
fi
app=$1
abra app run $app app /go/cmd/writefreely/writefreely --init-db
passwd=`abra app run $app db cat /run/secrets/db_password`
echo 'ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048)' | abra app run $app db mysql -u writeas -p$passwd writefreely
exit 0