From 0eaed4920f1320dd4345ab97977dc2ebcfe7bf8b Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Mon, 8 Sep 2025 21:29:30 -0400 Subject: [PATCH 01/15] feat: use sqlite by default --- .env.sample | 10 ++++++++++ README.md | 10 ---------- compose.mariadb.yml | 35 +++++++++++++++++++++++++++++++++++ compose.yml | 29 +---------------------------- config.ini.tmpl | 24 ++++++++++++------------ first_deploy.sh | 18 ------------------ release/next | 11 +++++++++++ 7 files changed, 69 insertions(+), 68 deletions(-) create mode 100644 compose.mariadb.yml delete mode 100755 first_deploy.sh create mode 100644 release/next diff --git a/.env.sample b/.env.sample index f1dc727..18fb577 100644 --- a/.env.sample +++ b/.env.sample @@ -4,6 +4,7 @@ DOMAIN=writefreely.example.com HOST_URL=https://${DOMAIN} SITE_NAME=writefreely +# See https://writefreely.org/docs/main/admin/config FEDERATION=true LOCAL_TIMELINE=false OPEN_DELETION=false @@ -13,6 +14,12 @@ PUBLIC_STATS=true SITE_DESCRIPTION= SITE_EDITOR=classic SITE_THEME=write +WEBFONTS=true +CHORUS=false +FOREST=false +SINGLE_USER=false +MAX_BLOGS="10" +DISABLE_PASSWORD_AUTH=true #This is here so later lines can extend it; you likely don't wanna edit COMPOSE_FILE="compose.yml" @@ -21,6 +28,9 @@ COMPOSE_FILE="compose.yml" #EXTRA_DOMAINS=', `www.writefreely.example.com`' LETS_ENCRYPT_ENV=production +## Uncomment to use mariadb instead of sqlite +#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" +#USE_MARIADB=true SECRET_DB_ROOT_PASSWORD_VERSION=v1 SECRET_DB_PASSWORD_VERSION=v1 diff --git a/README.md b/README.md index eeac508..9dc8167 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # writefreely -> 📢📢📢 UPDATE IN PROGRESS, SEE [`#1`](https://git.coopcloud.tech/coop-cloud/writefreely/issues/1) 📢📢📢 - > An open source platform for building a writing space on the web. @@ -28,14 +26,6 @@ 5. `abra app deploy ` 6. Open the configured domain in your browser to finish set-up -## Post-install - -``` -passwd=`abra app run db cat /run/secrets/db_password` -abra app run db mysql -u writeas -p$passwd writefreely -ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048); -``` - ## Keycloak setup For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms//protocol/openid-connect`. diff --git a/compose.mariadb.yml b/compose.mariadb.yml new file mode 100644 index 0000000..d0ba70f --- /dev/null +++ b/compose.mariadb.yml @@ -0,0 +1,35 @@ +--- +version: "3.8" + +services: + app: + environment: + - DB_PASSWORD_FILE=/run/secrets/db_password + secrets: + - db_password + + db: + image: "mariadb:10.11" + environment: + - MYSQL_DATABASE=writefreely + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + - MYSQL_PASSWORD_FILE=/run/secrets/db_password + - MYSQL_USER=writeas + volumes: + - "db:/var/lib/mysql" + networks: + - internal + secrets: + - db_root_password + - db_password + +volumes: + db: + +secrets: + db_root_password: + external: true + name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + db_password: + external: true + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} diff --git a/compose.yml b/compose.yml index 703769f..04bd4ba 100644 --- a/compose.yml +++ b/compose.yml @@ -3,9 +3,8 @@ version: "3.8" services: app: - image: git.coopcloud.tech/coop-cloud-chaos-patchs/writefreely:v0.15.1 + image: git.coopcloud.tech/coop-cloud-chaos-patchs/writefreely:v0.16.0 environment: - - DB_PASSWORD_FILE=/run/secrets/db_password - FEDERATION - HOST_URL - LOCAL_TIMELINE @@ -20,8 +19,6 @@ services: configs: - source: config_ini target: /go/config.ini - secrets: - - db_password volumes: - "web-keys:/go/keys" networks: @@ -42,38 +39,14 @@ services: - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" - db: - image: "mariadb:10.7" - environment: - - MYSQL_DATABASE=writefreely - - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password - - MYSQL_PASSWORD_FILE=/run/secrets/db_password - - MYSQL_USER=writeas - volumes: - - "db:/var/lib/mysql" - networks: - - internal - secrets: - - db_root_password - - db_password - volumes: web-keys: - db: networks: proxy: external: true internal: -secrets: - db_root_password: - external: true - name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} - db_password: - external: true - name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} - configs: config_ini: name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION} diff --git a/config.ini.tmpl b/config.ini.tmpl index 8cc2959..2f42b4b 100644 --- a/config.ini.tmpl +++ b/config.ini.tmpl @@ -13,12 +13,12 @@ hash_seed = gopher_port = 0 [database] -type = mysql -filename = -username = writeas -password = {{ secret "db_password" }} -database = writefreely -host = db +type = {{ if eq (env "USE_MARIADB") "true" }}mysql{{ else }}sqlite3{{ end }} +filename = {{ if eq (env "USE_MARIADB") "true" }}{{ else }}writefreely.db{{ end }} +username = {{ if eq (env "USE_MARIADB") "true" }}writeas{{ else }}{{ end }} +password = {{ if eq (env "USE_MARIADB") "true" }}{{ secret "db_password" }}{{ else }}{{ end }} +database = {{ if eq (env "USE_MARIADB") "true" }}writefreely{{ else }}{{ end }} +host = {{ if eq (env "USE_MARIADB") "true" }}db{{ else }}localhost{{ end }} port = 3306 tls = false @@ -29,18 +29,18 @@ host = {{ env "HOST_URL" }} theme = {{ env "SITE_THEME" }} editor = {{ env "SITE_EDITOR" }} disable_js = false -webfonts = true +webfonts = {{ env "WEBFONTS" }} landing = simple_nav = false wf_modesty = false -chorus = false -forest = false +chorus = {{ env "CHORUS" }} +forest = {{ env "FOREST" }} disable_drafts = false -single_user = false +single_user = {{ env "SINGLE_USER" }} open_registration = {{ env "OPEN_REGISTRATION" }} open_deletion = {{ env "OPEN_DELETION" }} min_username_len = 3 -max_blogs = 10 +max_blogs = {{ env "MAX_BLOGS" }} federation = {{ env "FEDERATION" }} public_stats = {{ env "PUBLIC_STATS" }} monetization = false @@ -50,7 +50,7 @@ local_timeline = {{ env "LOCAL_TIMELINE" }} user_invites = default_visibility = update_checks = false -disable_password_auth = true +disable_password_auth = {{ env "DISABLE_PASSWORD_AUTH" }} {{ if eq (env "KEYCLOAK_ENABLED") "1" }} [oauth.generic] diff --git a/first_deploy.sh b/first_deploy.sh deleted file mode 100755 index 39e3732..0000000 --- a/first_deploy.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -function show_help () { - echo "usage: ./first_deploy.sh [app name]" -} - -if [[ $1 == "" ]]; then - show_help - exit 1 -fi - -app=$1 - -abra app run $app app /go/cmd/writefreely/writefreely --init-db -passwd=`abra app run $app db cat /run/secrets/db_password` -echo 'ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048)' | abra app run $app db mysql -u writeas -p$passwd writefreely - -exit 0 diff --git a/release/next b/release/next new file mode 100644 index 0000000..f55425c --- /dev/null +++ b/release/next @@ -0,0 +1,11 @@ +MAJOR CHANGE! PLEASE READ! + +This release changes the default database from mariadb to sqlite. + +If you were previously using mariadb, you MUST add the following to your config: + + COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" + USE_MARIADB=true + +If you want to migrate to using sqlite, you can export all posts before upgrading, then import all +posts after upgrading. -- 2.49.0 From af92bb1f7a52c348183dade52f533942b2bb3c67 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Tue, 9 Sep 2025 17:25:01 -0400 Subject: [PATCH 02/15] fix: use correct image name --- compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yml b/compose.yml index 04bd4ba..389a832 100644 --- a/compose.yml +++ b/compose.yml @@ -3,7 +3,7 @@ version: "3.8" services: app: - image: git.coopcloud.tech/coop-cloud-chaos-patchs/writefreely:v0.16.0 + image: git.coopcloud.tech/coop-cloud-chaos-patchs/docker-writefreely:v0.16.0 environment: - FEDERATION - HOST_URL -- 2.49.0 From 57dd7df17211eb7a8f539748ffc02e0896b6bba3 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Tue, 9 Sep 2025 18:42:45 -0400 Subject: [PATCH 03/15] fix: upgrade mariadb and fully disable by default --- .env.sample | 11 ++++++----- compose.mariadb.yml | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.env.sample b/.env.sample index 18fb577..762994b 100644 --- a/.env.sample +++ b/.env.sample @@ -19,7 +19,8 @@ CHORUS=false FOREST=false SINGLE_USER=false MAX_BLOGS="10" -DISABLE_PASSWORD_AUTH=true +# Set to true if using keycloak +DISABLE_PASSWORD_AUTH=false #This is here so later lines can extend it; you likely don't wanna edit COMPOSE_FILE="compose.yml" @@ -28,13 +29,13 @@ COMPOSE_FILE="compose.yml" #EXTRA_DOMAINS=', `www.writefreely.example.com`' LETS_ENCRYPT_ENV=production -## Uncomment to use mariadb instead of sqlite +## Uncomment to use MariaDB instead of sqlite #COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" #USE_MARIADB=true -SECRET_DB_ROOT_PASSWORD_VERSION=v1 -SECRET_DB_PASSWORD_VERSION=v1 +#SECRET_DB_ROOT_PASSWORD_VERSION=v1 +#SECRET_DB_PASSWORD_VERSION=v1 -## Set both for keycloak. See README.md for explanation +## Uncomment to use Keycloak. See README.md for explanation #KEYCLOAK_ENABLED=1 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml" #OAUTH_CLIENT_ID=writefreely diff --git a/compose.mariadb.yml b/compose.mariadb.yml index d0ba70f..90f82b5 100644 --- a/compose.mariadb.yml +++ b/compose.mariadb.yml @@ -9,7 +9,7 @@ services: - db_password db: - image: "mariadb:10.11" + image: "mariadb:12.1" environment: - MYSQL_DATABASE=writefreely - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password -- 2.49.0 From 92846b4226c6b0c7643be6219e66591c6f66f765 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Tue, 9 Sep 2025 18:43:32 -0400 Subject: [PATCH 04/15] fix: run key generation and db migration at startup --- compose.yml | 7 +++++++ entrypoint.sh | 6 ++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index 389a832..89c81eb 100644 --- a/compose.yml +++ b/compose.yml @@ -19,6 +19,10 @@ services: configs: - source: config_ini target: /go/config.ini + - source: writefreely_entrypoint + target: /abra-entrypoint.sh + mode: 0555 + entrypoint: /abra-entrypoint.sh volumes: - "web-keys:/go/keys" networks: @@ -52,3 +56,6 @@ configs: name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION} file: config.ini.tmpl template_driver: golang + writefreely_entrypoint: + name: ${STACK_NAME}_entrypoint_${CONFIG_ENTRYPOINT_VERSION} + file: entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index e49b6fd..8d99c34 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,3 +1,5 @@ #!/bin/sh - -/go/cmd/writefreely/writefreely +/go/cmd/writefreely/writefreely --gen-keys > /dev/null +/go/cmd/writefreely/writefreely db init > /dev/null +/go/cmd/writefreely/writefreely db migrate > /dev/null +exec /go/cmd/writefreely/writefreely -- 2.49.0 From adf19b96e19451e9450f9f25405843a517883402 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Tue, 9 Sep 2025 18:43:45 -0400 Subject: [PATCH 05/15] doc: expand README --- README.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9dc8167..c9a8c2e 100644 --- a/README.md +++ b/README.md @@ -19,17 +19,28 @@ 1. Set up Docker Swarm and `abra` 2. Deploy `coop-cloud/traefik` -3. `abra app new writefreely --secrets` (optionally with `--pass` if you'd like - to save secrets in `pass`) +3. `abra app new writefreely` 4. `abra app config ` - be sure to change `` to something that resolves to your Docker swarm box 5. `abra app deploy ` -6. Open the configured domain in your browser to finish set-up +6. Once it's running, if you are not using SSO, set up a local admin user by running this command: + +``` +abra app run app -- ./cmd/writefreely/writefreely user create --admin : +``` ## Keycloak setup For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms//protocol/openid-connect`. +## MariaDB + +By default, this recipe uses sqlite. If you wish to use MariaDB instead: + +1. When creating the app, you need the `--secrets` flag: `abra app new writefreely --secrets` +2. Run `abra app config ` and follow the instructions to uncomment four lines. +3. `abra app deploy ` + ## Acknowledgements Thanks to [@knoflook](https://git.coopcloud.tech/knoflook) for packaging work :heart: -- 2.49.0 From 8e51569ee490851ea0b0e075d046611d4d33ab8c Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Tue, 9 Sep 2025 19:22:17 -0400 Subject: [PATCH 06/15] fix: move data to /data --- .env.sample | 1 + README.md | 3 ++- compose.yml | 6 +++--- entrypoint.sh | 12 +++++++++--- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.env.sample b/.env.sample index 762994b..2d5556b 100644 --- a/.env.sample +++ b/.env.sample @@ -9,6 +9,7 @@ FEDERATION=true LOCAL_TIMELINE=false OPEN_DELETION=false OPEN_REGISTRATION=true +# This settings requires authentication to read posts PRIVATE=true PUBLIC_STATS=true SITE_DESCRIPTION= diff --git a/README.md b/README.md index c9a8c2e..c712236 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,8 @@ 2. Deploy `coop-cloud/traefik` 3. `abra app new writefreely` 4. `abra app config ` - be sure to change `` to something that resolves to - your Docker swarm box + your coop-cloud server. + - For more info about the config options, see the [writefreely docs](https://writefreely.org/docs/main/admin/config). 5. `abra app deploy ` 6. Once it's running, if you are not using SSO, set up a local admin user by running this command: diff --git a/compose.yml b/compose.yml index 89c81eb..79986f0 100644 --- a/compose.yml +++ b/compose.yml @@ -18,13 +18,13 @@ services: - SITE_THEME configs: - source: config_ini - target: /go/config.ini + target: /data/config.ini - source: writefreely_entrypoint target: /abra-entrypoint.sh mode: 0555 entrypoint: /abra-entrypoint.sh volumes: - - "web-keys:/go/keys" + - "local-data:/data" networks: - internal - proxy @@ -44,7 +44,7 @@ services: - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" volumes: - web-keys: + local-data: networks: proxy: diff --git a/entrypoint.sh b/entrypoint.sh index 8d99c34..aa1fa07 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,5 +1,11 @@ #!/bin/sh -/go/cmd/writefreely/writefreely --gen-keys > /dev/null -/go/cmd/writefreely/writefreely db init > /dev/null -/go/cmd/writefreely/writefreely db migrate > /dev/null +set -e + +if [ ! -f /data/abra_first_time_setup ]; then + echo "Running first-time setup" + /go/cmd/writefreely/writefreely --gen-keys + /go/cmd/writefreely/writefreely db init + touch /data/abra_first_time_setup +fi +/go/cmd/writefreely/writefreely db migrate exec /go/cmd/writefreely/writefreely -- 2.49.0 From 7e03425bc2c55b3f3da51eec04e27125f9aac2e5 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 18:20:05 -0400 Subject: [PATCH 07/15] fix: move config out of data dir --- compose.yml | 3 ++- entrypoint.sh | 16 ++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/compose.yml b/compose.yml index 79986f0..095f041 100644 --- a/compose.yml +++ b/compose.yml @@ -18,7 +18,8 @@ services: - SITE_THEME configs: - source: config_ini - target: /data/config.ini + # Can't put the config file in /data or else the volume mounts conflict + target: /usr/share/writefreely/config.ini - source: writefreely_entrypoint target: /abra-entrypoint.sh mode: 0555 diff --git a/entrypoint.sh b/entrypoint.sh index aa1fa07..3d55c00 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,11 +1,15 @@ #!/bin/sh set -e +# Must match config mout point in compose.yml +CONFIG=/usr/share/writefreely/config.ini +SENTINEL=/data/abra_first_time_setup -if [ ! -f /data/abra_first_time_setup ]; then +if [ ! -f $SENTINEL ]; then echo "Running first-time setup" - /go/cmd/writefreely/writefreely --gen-keys - /go/cmd/writefreely/writefreely db init - touch /data/abra_first_time_setup + /usr/bin/writefreely -c $CONFIG --gen-keys + /usr/bin/writefreely -c $CONFIG db init + touch $SENTINEL fi -/go/cmd/writefreely/writefreely db migrate -exec /go/cmd/writefreely/writefreely + +/usr/bin/writefreely -c $CONFIG db migrate +exec /usr/bin/writefreely -c $CONFIG -- 2.49.0 From cff1b66703842f31743751923cdd93543fc909f8 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 18:26:01 -0400 Subject: [PATCH 08/15] fix: make config version name match config name --- abra.sh | 4 ++-- compose.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/abra.sh b/abra.sh index c76c018..cdf960e 100644 --- a/abra.sh +++ b/abra.sh @@ -1,2 +1,2 @@ -export CONFIG_WRITEFREELY_VERSION=v3 -export CONFIG_ENTRYPOINT_VERSION=v1 +export CONFIG_INI_VERSION=v1 +export WRITEFREELY_ENTRYPOINT_VERSION=v1 diff --git a/compose.yml b/compose.yml index 095f041..38c2cbc 100644 --- a/compose.yml +++ b/compose.yml @@ -54,9 +54,9 @@ networks: configs: config_ini: - name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION} + name: ${STACK_NAME}_config_${CONFIG_INI_VERSION} file: config.ini.tmpl template_driver: golang writefreely_entrypoint: - name: ${STACK_NAME}_entrypoint_${CONFIG_ENTRYPOINT_VERSION} + name: ${STACK_NAME}_entrypoint_${WRITEFREELY_ENTRYPOINT_VERSION} file: entrypoint.sh -- 2.49.0 From 5d816713a537ab399a9f27e3e5c2f2332cc06897 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 19:18:54 -0400 Subject: [PATCH 09/15] fix: explicitly set path to assets --- .env.sample | 5 ++++- compose.yml | 4 ++-- config.ini.tmpl | 8 ++++---- entrypoint.sh | 4 ++-- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.env.sample b/.env.sample index 2d5556b..5d125fc 100644 --- a/.env.sample +++ b/.env.sample @@ -23,8 +23,11 @@ MAX_BLOGS="10" # Set to true if using keycloak DISABLE_PASSWORD_AUTH=false -#This is here so later lines can extend it; you likely don't wanna edit +# This is here so later lines can extend it; you likely don't wanna edit COMPOSE_FILE="compose.yml" +# You also likely don't wanna edit these paths +ASSETS_PATH=/usr/share/writefreely +DATA_PATH=/data ## Domain aliases #EXTRA_DOMAINS=', `www.writefreely.example.com`' diff --git a/compose.yml b/compose.yml index 38c2cbc..86b9d7f 100644 --- a/compose.yml +++ b/compose.yml @@ -19,13 +19,13 @@ services: configs: - source: config_ini # Can't put the config file in /data or else the volume mounts conflict - target: /usr/share/writefreely/config.ini + target: ${ASSETS_PATH}/config.ini - source: writefreely_entrypoint target: /abra-entrypoint.sh mode: 0555 entrypoint: /abra-entrypoint.sh volumes: - - "local-data:/data" + - "local-data:${DATA_PATH}" networks: - internal - proxy diff --git a/config.ini.tmpl b/config.ini.tmpl index 2f42b4b..d47a724 100644 --- a/config.ini.tmpl +++ b/config.ini.tmpl @@ -5,10 +5,10 @@ bind = 0.0.0.0 tls_cert_path = tls_key_path = autocert = false -templates_parent_dir = -static_parent_dir = -pages_parent_dir = -keys_parent_dir = +templates_parent_dir = {{ env "ASSETS_PATH" }} +static_parent_dir = {{ env "ASSETS_PATH" }} +pages_parent_dir = {{ env "ASSETS_PATH" }} +keys_parent_dir = {{ env "DATA_PATH" }} hash_seed = gopher_port = 0 diff --git a/entrypoint.sh b/entrypoint.sh index 3d55c00..4451351 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/sh set -e # Must match config mout point in compose.yml -CONFIG=/usr/share/writefreely/config.ini -SENTINEL=/data/abra_first_time_setup +CONFIG="$ASSETS_PATH/config.ini" +SENTINEL="$DATA_PATH/abra_first_time_setup" if [ ! -f $SENTINEL ]; then echo "Running first-time setup" -- 2.49.0 From c6cd511f43e70cb9e843ae11b40492c23ff20537 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 19:26:08 -0400 Subject: [PATCH 10/15] fix: add config flag to readme command --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c712236..e293c1a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ 6. Once it's running, if you are not using SSO, set up a local admin user by running this command: ``` -abra app run app -- ./cmd/writefreely/writefreely user create --admin : +abra app run app -- writefreely -c /usr/share/writefreely/config.ini user create --admin : ``` ## Keycloak setup -- 2.49.0 From 8cf2656dbdd93f2059c92bf00e7baf5d2a1eb61a Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 19:39:26 -0400 Subject: [PATCH 11/15] feat: add WF_MODESTY --- .env.sample | 1 + config.ini.tmpl | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 5d125fc..9869eb8 100644 --- a/.env.sample +++ b/.env.sample @@ -16,6 +16,7 @@ SITE_DESCRIPTION= SITE_EDITOR=classic SITE_THEME=write WEBFONTS=true +WF_MODESTY=false CHORUS=false FOREST=false SINGLE_USER=false diff --git a/config.ini.tmpl b/config.ini.tmpl index d47a724..ad47905 100644 --- a/config.ini.tmpl +++ b/config.ini.tmpl @@ -32,7 +32,7 @@ disable_js = false webfonts = {{ env "WEBFONTS" }} landing = simple_nav = false -wf_modesty = false +wf_modesty = {{ env "WF_MODESTY" }} chorus = {{ env "CHORUS" }} forest = {{ env "FOREST" }} disable_drafts = false -- 2.49.0 From b427ac64167c775a61d813a0283ce0f56f8ffc60 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 20:21:09 -0400 Subject: [PATCH 12/15] fix: delete unused env vars, fix secret names --- .env.sample | 8 ++++---- compose.keycloak.yml | 19 +------------------ compose.mariadb.yml | 4 ++-- compose.yml | 12 ------------ 4 files changed, 7 insertions(+), 36 deletions(-) diff --git a/.env.sample b/.env.sample index 9869eb8..76d17ec 100644 --- a/.env.sample +++ b/.env.sample @@ -37,8 +37,8 @@ LETS_ENCRYPT_ENV=production ## Uncomment to use MariaDB instead of sqlite #COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml" #USE_MARIADB=true -#SECRET_DB_ROOT_PASSWORD_VERSION=v1 -#SECRET_DB_PASSWORD_VERSION=v1 +#DB_ROOT_PASSWORD_VERSION=v1 +#DB_PASSWORD_VERSION=v1 ## Uncomment to use Keycloak. See README.md for explanation #KEYCLOAK_ENABLED=1 @@ -47,5 +47,5 @@ LETS_ENCRYPT_ENV=production #OAUTH_HOST= #OAUTH_CLIENT_SECRET= #OAUTH_LOGIN_BUTTON= -#CONFIG_OAUTH_WRITEFREELY_VERSION=v1 -#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1 +#OAUTH_WRITEFREELY_VERSION=v1 +#OAUTH_CLIENT_SECRET_VERSION=v1 diff --git a/compose.keycloak.yml b/compose.keycloak.yml index a1c2917..123b95d 100644 --- a/compose.keycloak.yml +++ b/compose.keycloak.yml @@ -4,26 +4,9 @@ version: "3.8" services: app: secrets: - - db_password - oauth_client_secret - environment: - - FEDERATION - - HOST_URL - - KEYCLOAK_ENABLED - - LOCAL_TIMELINE - - OAUTH_CLIENT_ID - - OAUTH_HOST - - OAUTH_LOGIN_BUTTON - - OPEN_DELETION - - OPEN_REGISTRATION - - PRIVATE - - PUBLIC_STATS - - SITE_DESCRIPTION - - SITE_EDITOR - - SITE_NAME - - SITE_THEME secrets: oauth_client_secret: external: true - name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION} + name: ${STACK_NAME}_oauth_client_secret_${OAUTH_CLIENT_SECRET_VERSION} diff --git a/compose.mariadb.yml b/compose.mariadb.yml index 90f82b5..cd9e7e7 100644 --- a/compose.mariadb.yml +++ b/compose.mariadb.yml @@ -29,7 +29,7 @@ volumes: secrets: db_root_password: external: true - name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} + name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION} db_password: external: true - name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} + name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION} diff --git a/compose.yml b/compose.yml index 86b9d7f..a6d760c 100644 --- a/compose.yml +++ b/compose.yml @@ -4,18 +4,6 @@ version: "3.8" services: app: image: git.coopcloud.tech/coop-cloud-chaos-patchs/docker-writefreely:v0.16.0 - environment: - - FEDERATION - - HOST_URL - - LOCAL_TIMELINE - - OPEN_DELETION - - OPEN_REGISTRATION - - PRIVATE - - PUBLIC_STATS - - SITE_DESCRIPTION - - SITE_EDITOR - - SITE_NAME - - SITE_THEME configs: - source: config_ini # Can't put the config file in /data or else the volume mounts conflict -- 2.49.0 From e7b150cea173628cb70061b9c2483ab9c50e9b8d Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 20:21:41 -0400 Subject: [PATCH 13/15] fix: incorporate #2 --- compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose.yml b/compose.yml index a6d760c..c2a84ac 100644 --- a/compose.yml +++ b/compose.yml @@ -28,8 +28,8 @@ services: - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https" + - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true" - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" volumes: -- 2.49.0 From 8f0dc48169d367990d2cf696964c72290c1ee5f4 Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 20:47:05 -0400 Subject: [PATCH 14/15] fix: use secrets properly for keycloak --- .env.sample | 6 ++---- README.md | 4 +++- config.ini.tmpl | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.env.sample b/.env.sample index 76d17ec..a49ecd6 100644 --- a/.env.sample +++ b/.env.sample @@ -44,8 +44,6 @@ LETS_ENCRYPT_ENV=production #KEYCLOAK_ENABLED=1 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml" #OAUTH_CLIENT_ID=writefreely -#OAUTH_HOST= -#OAUTH_CLIENT_SECRET= -#OAUTH_LOGIN_BUTTON= -#OAUTH_WRITEFREELY_VERSION=v1 +#OAUTH_HOST=https:///auth/realms//protocol/openid-connect +#OAUTH_DISPLAY_NAME=Keycloak #OAUTH_CLIENT_SECRET_VERSION=v1 diff --git a/README.md b/README.md index e293c1a..03f78e7 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,9 @@ abra app run app -- writefreely -c /usr/share/writefreely/config.ini us ## Keycloak setup -For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms//protocol/openid-connect`. +For the **OAUTH_HOST** config, it uses this format: `https://keycloak.example.com/auth/realms//protocol/openid-connect`. + +To set the client secret: `abra app secret insert oauth_client_secret v1` ## MariaDB diff --git a/config.ini.tmpl b/config.ini.tmpl index ad47905..7f7398e 100644 --- a/config.ini.tmpl +++ b/config.ini.tmpl @@ -57,7 +57,7 @@ disable_password_auth = {{ env "DISABLE_PASSWORD_AUTH" }} client_id = {{ env "OAUTH_CLIENT_ID" }} client_secret = {{ secret "oauth_client_secret" }} host = {{ env "OAUTH_HOST" }} -display_name = {{ env "OAUTH_LOGIN_BUTTON" }} +display_name = {{ env "OAUTH_DISPLAY_NAME" }} callback_proxy = callback_proxy_api = token_endpoint = /token -- 2.49.0 From d88c3dd90059051f84c39de808a7a1beda9c5c9d Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Wed, 10 Sep 2025 21:08:20 -0400 Subject: [PATCH 15/15] fix: use corret oauth_host, add sso comments --- .env.sample | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index a49ecd6..c2151fc 100644 --- a/.env.sample +++ b/.env.sample @@ -8,6 +8,7 @@ SITE_NAME=writefreely FEDERATION=true LOCAL_TIMELINE=false OPEN_DELETION=false +# Set to true if using SSO so linked users are created automatically OPEN_REGISTRATION=true # This settings requires authentication to read posts PRIVATE=true @@ -21,7 +22,7 @@ CHORUS=false FOREST=false SINGLE_USER=false MAX_BLOGS="10" -# Set to true if using keycloak +# Set to true if using SSO DISABLE_PASSWORD_AUTH=false # This is here so later lines can extend it; you likely don't wanna edit @@ -44,6 +45,6 @@ LETS_ENCRYPT_ENV=production #KEYCLOAK_ENABLED=1 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml" #OAUTH_CLIENT_ID=writefreely -#OAUTH_HOST=https:///auth/realms//protocol/openid-connect +#OAUTH_HOST=https:///realms//protocol/openid-connect #OAUTH_DISPLAY_NAME=Keycloak #OAUTH_CLIENT_SECRET_VERSION=v1 -- 2.49.0