diff --git a/.env.sample b/.env.sample index f1dc727..c2151fc 100644 --- a/.env.sample +++ b/.env.sample @@ -4,32 +4,47 @@ DOMAIN=writefreely.example.com HOST_URL=https://${DOMAIN} SITE_NAME=writefreely +# See https://writefreely.org/docs/main/admin/config FEDERATION=true LOCAL_TIMELINE=false OPEN_DELETION=false +# Set to true if using SSO so linked users are created automatically OPEN_REGISTRATION=true +# This settings requires authentication to read posts PRIVATE=true PUBLIC_STATS=true SITE_DESCRIPTION= SITE_EDITOR=classic SITE_THEME=write +WEBFONTS=true +WF_MODESTY=false +CHORUS=false +FOREST=false +SINGLE_USER=false +MAX_BLOGS="10" +# Set to true if using SSO +DISABLE_PASSWORD_AUTH=false -#This is here so later lines can extend it; you likely don't wanna edit +# This is here so later lines can extend it; you likely don't wanna edit COMPOSE_FILE="compose.yml" +# You also likely don't wanna edit these paths +ASSETS_PATH=/usr/share/writefreely +DATA_PATH=/data ## Domain aliases #EXTRA_DOMAINS=', `www.writefreely.example.com`' LETS_ENCRYPT_ENV=production -SECRET_DB_ROOT_PASSWORD_VERSION=v1 -SECRET_DB_PASSWORD_VERSION=v1 +## Uncomment to use MariaDB instead of sqlite +#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" +#USE_MARIADB=true +#DB_ROOT_PASSWORD_VERSION=v1 +#DB_PASSWORD_VERSION=v1 -## Set both for keycloak. See README.md for explanation +## Uncomment to use Keycloak. See README.md for explanation #KEYCLOAK_ENABLED=1 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml" #OAUTH_CLIENT_ID=writefreely -#OAUTH_HOST= -#OAUTH_CLIENT_SECRET= -#OAUTH_LOGIN_BUTTON= -#CONFIG_OAUTH_WRITEFREELY_VERSION=v1 -#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1 +#OAUTH_HOST=https:///realms//protocol/openid-connect +#OAUTH_DISPLAY_NAME=Keycloak +#OAUTH_CLIENT_SECRET_VERSION=v1 diff --git a/README.md b/README.md index eeac508..03f78e7 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # writefreely -> 📢📢📢 UPDATE IN PROGRESS, SEE [`#1`](https://git.coopcloud.tech/coop-cloud/writefreely/issues/1) 📢📢📢 - > An open source platform for building a writing space on the web. @@ -21,24 +19,30 @@ 1. Set up Docker Swarm and `abra` 2. Deploy `coop-cloud/traefik` -3. `abra app new writefreely --secrets` (optionally with `--pass` if you'd like - to save secrets in `pass`) +3. `abra app new writefreely` 4. `abra app config ` - be sure to change `` to something that resolves to - your Docker swarm box + your coop-cloud server. + - For more info about the config options, see the [writefreely docs](https://writefreely.org/docs/main/admin/config). 5. `abra app deploy ` -6. Open the configured domain in your browser to finish set-up - -## Post-install +6. Once it's running, if you are not using SSO, set up a local admin user by running this command: ``` -passwd=`abra app run db cat /run/secrets/db_password` -abra app run db mysql -u writeas -p$passwd writefreely -ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048); +abra app run app -- writefreely -c /usr/share/writefreely/config.ini user create --admin : ``` ## Keycloak setup -For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms//protocol/openid-connect`. +For the **OAUTH_HOST** config, it uses this format: `https://keycloak.example.com/auth/realms//protocol/openid-connect`. + +To set the client secret: `abra app secret insert oauth_client_secret v1` + +## MariaDB + +By default, this recipe uses sqlite. If you wish to use MariaDB instead: + +1. When creating the app, you need the `--secrets` flag: `abra app new writefreely --secrets` +2. Run `abra app config ` and follow the instructions to uncomment four lines. +3. `abra app deploy ` ## Acknowledgements diff --git a/abra.sh b/abra.sh index c76c018..cdf960e 100644 --- a/abra.sh +++ b/abra.sh @@ -1,2 +1,2 @@ -export CONFIG_WRITEFREELY_VERSION=v3 -export CONFIG_ENTRYPOINT_VERSION=v1 +export CONFIG_INI_VERSION=v1 +export WRITEFREELY_ENTRYPOINT_VERSION=v1 diff --git a/compose.keycloak.yml b/compose.keycloak.yml index a1c2917..123b95d 100644 --- a/compose.keycloak.yml +++ b/compose.keycloak.yml @@ -4,26 +4,9 @@ version: "3.8" services: app: secrets: - - db_password - oauth_client_secret - environment: - - FEDERATION - - HOST_URL - - KEYCLOAK_ENABLED - - LOCAL_TIMELINE - - OAUTH_CLIENT_ID - - OAUTH_HOST - - OAUTH_LOGIN_BUTTON - - OPEN_DELETION - - OPEN_REGISTRATION - - PRIVATE - - PUBLIC_STATS - - SITE_DESCRIPTION - - SITE_EDITOR - - SITE_NAME - - SITE_THEME secrets: oauth_client_secret: external: true - name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION} + name: ${STACK_NAME}_oauth_client_secret_${OAUTH_CLIENT_SECRET_VERSION} diff --git a/compose.mariadb.yml b/compose.mariadb.yml new file mode 100644 index 0000000..cd9e7e7 --- /dev/null +++ b/compose.mariadb.yml @@ -0,0 +1,35 @@ +--- +version: "3.8" + +services: + app: + environment: + - DB_PASSWORD_FILE=/run/secrets/db_password + secrets: + - db_password + + db: + image: "mariadb:12.1" + environment: + - MYSQL_DATABASE=writefreely + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + - MYSQL_PASSWORD_FILE=/run/secrets/db_password + - MYSQL_USER=writeas + volumes: + - "db:/var/lib/mysql" + networks: + - internal + secrets: + - db_root_password + - db_password + +volumes: + db: + +secrets: + db_root_password: + external: true + name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION} + db_password: + external: true + name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION} diff --git a/compose.yml b/compose.yml index 703769f..c2a84ac 100644 --- a/compose.yml +++ b/compose.yml @@ -3,27 +3,17 @@ version: "3.8" services: app: - image: git.coopcloud.tech/coop-cloud-chaos-patchs/writefreely:v0.15.1 - environment: - - DB_PASSWORD_FILE=/run/secrets/db_password - - FEDERATION - - HOST_URL - - LOCAL_TIMELINE - - OPEN_DELETION - - OPEN_REGISTRATION - - PRIVATE - - PUBLIC_STATS - - SITE_DESCRIPTION - - SITE_EDITOR - - SITE_NAME - - SITE_THEME + image: git.coopcloud.tech/coop-cloud-chaos-patchs/docker-writefreely:v0.16.0 configs: - source: config_ini - target: /go/config.ini - secrets: - - db_password + # Can't put the config file in /data or else the volume mounts conflict + target: ${ASSETS_PATH}/config.ini + - source: writefreely_entrypoint + target: /abra-entrypoint.sh + mode: 0555 + entrypoint: /abra-entrypoint.sh volumes: - - "web-keys:/go/keys" + - "local-data:${DATA_PATH}" networks: - internal - proxy @@ -38,44 +28,23 @@ services: - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https" + - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true" - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" - db: - image: "mariadb:10.7" - environment: - - MYSQL_DATABASE=writefreely - - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password - - MYSQL_PASSWORD_FILE=/run/secrets/db_password - - MYSQL_USER=writeas - volumes: - - "db:/var/lib/mysql" - networks: - - internal - secrets: - - db_root_password - - db_password - volumes: - web-keys: - db: + local-data: networks: proxy: external: true internal: -secrets: - db_root_password: - external: true - name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} - db_password: - external: true - name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} - configs: config_ini: - name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION} + name: ${STACK_NAME}_config_${CONFIG_INI_VERSION} file: config.ini.tmpl template_driver: golang + writefreely_entrypoint: + name: ${STACK_NAME}_entrypoint_${WRITEFREELY_ENTRYPOINT_VERSION} + file: entrypoint.sh diff --git a/config.ini.tmpl b/config.ini.tmpl index 8cc2959..7f7398e 100644 --- a/config.ini.tmpl +++ b/config.ini.tmpl @@ -5,20 +5,20 @@ bind = 0.0.0.0 tls_cert_path = tls_key_path = autocert = false -templates_parent_dir = -static_parent_dir = -pages_parent_dir = -keys_parent_dir = +templates_parent_dir = {{ env "ASSETS_PATH" }} +static_parent_dir = {{ env "ASSETS_PATH" }} +pages_parent_dir = {{ env "ASSETS_PATH" }} +keys_parent_dir = {{ env "DATA_PATH" }} hash_seed = gopher_port = 0 [database] -type = mysql -filename = -username = writeas -password = {{ secret "db_password" }} -database = writefreely -host = db +type = {{ if eq (env "USE_MARIADB") "true" }}mysql{{ else }}sqlite3{{ end }} +filename = {{ if eq (env "USE_MARIADB") "true" }}{{ else }}writefreely.db{{ end }} +username = {{ if eq (env "USE_MARIADB") "true" }}writeas{{ else }}{{ end }} +password = {{ if eq (env "USE_MARIADB") "true" }}{{ secret "db_password" }}{{ else }}{{ end }} +database = {{ if eq (env "USE_MARIADB") "true" }}writefreely{{ else }}{{ end }} +host = {{ if eq (env "USE_MARIADB") "true" }}db{{ else }}localhost{{ end }} port = 3306 tls = false @@ -29,18 +29,18 @@ host = {{ env "HOST_URL" }} theme = {{ env "SITE_THEME" }} editor = {{ env "SITE_EDITOR" }} disable_js = false -webfonts = true +webfonts = {{ env "WEBFONTS" }} landing = simple_nav = false -wf_modesty = false -chorus = false -forest = false +wf_modesty = {{ env "WF_MODESTY" }} +chorus = {{ env "CHORUS" }} +forest = {{ env "FOREST" }} disable_drafts = false -single_user = false +single_user = {{ env "SINGLE_USER" }} open_registration = {{ env "OPEN_REGISTRATION" }} open_deletion = {{ env "OPEN_DELETION" }} min_username_len = 3 -max_blogs = 10 +max_blogs = {{ env "MAX_BLOGS" }} federation = {{ env "FEDERATION" }} public_stats = {{ env "PUBLIC_STATS" }} monetization = false @@ -50,14 +50,14 @@ local_timeline = {{ env "LOCAL_TIMELINE" }} user_invites = default_visibility = update_checks = false -disable_password_auth = true +disable_password_auth = {{ env "DISABLE_PASSWORD_AUTH" }} {{ if eq (env "KEYCLOAK_ENABLED") "1" }} [oauth.generic] client_id = {{ env "OAUTH_CLIENT_ID" }} client_secret = {{ secret "oauth_client_secret" }} host = {{ env "OAUTH_HOST" }} -display_name = {{ env "OAUTH_LOGIN_BUTTON" }} +display_name = {{ env "OAUTH_DISPLAY_NAME" }} callback_proxy = callback_proxy_api = token_endpoint = /token diff --git a/entrypoint.sh b/entrypoint.sh index e49b6fd..4451351 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,3 +1,15 @@ #!/bin/sh +set -e +# Must match config mout point in compose.yml +CONFIG="$ASSETS_PATH/config.ini" +SENTINEL="$DATA_PATH/abra_first_time_setup" -/go/cmd/writefreely/writefreely +if [ ! -f $SENTINEL ]; then + echo "Running first-time setup" + /usr/bin/writefreely -c $CONFIG --gen-keys + /usr/bin/writefreely -c $CONFIG db init + touch $SENTINEL +fi + +/usr/bin/writefreely -c $CONFIG db migrate +exec /usr/bin/writefreely -c $CONFIG diff --git a/first_deploy.sh b/first_deploy.sh deleted file mode 100755 index 39e3732..0000000 --- a/first_deploy.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -function show_help () { - echo "usage: ./first_deploy.sh [app name]" -} - -if [[ $1 == "" ]]; then - show_help - exit 1 -fi - -app=$1 - -abra app run $app app /go/cmd/writefreely/writefreely --init-db -passwd=`abra app run $app db cat /run/secrets/db_password` -echo 'ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048)' | abra app run $app db mysql -u writeas -p$passwd writefreely - -exit 0 diff --git a/release/next b/release/next new file mode 100644 index 0000000..f55425c --- /dev/null +++ b/release/next @@ -0,0 +1,11 @@ +MAJOR CHANGE! PLEASE READ! + +This release changes the default database from mariadb to sqlite. + +If you were previously using mariadb, you MUST add the following to your config: + + COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" + USE_MARIADB=true + +If you want to migrate to using sqlite, you can export all posts before upgrading, then import all +posts after upgrading.