.env.sample

@@ -4,32 +4,47 @@ DOMAIN=writefreely.example.com
 HOST_URL=https://${DOMAIN}
 SITE_NAME=writefreely
 
+# See https://writefreely.org/docs/main/admin/config
 FEDERATION=true
 LOCAL_TIMELINE=false
 OPEN_DELETION=false
+# Set to true if using SSO so linked users are created automatically
 OPEN_REGISTRATION=true
+# This settings requires authentication to read posts
 PRIVATE=true
 PUBLIC_STATS=true
 SITE_DESCRIPTION=
 SITE_EDITOR=classic
 SITE_THEME=write
+WEBFONTS=true
+WF_MODESTY=false
+CHORUS=false
+FOREST=false
+SINGLE_USER=false
+MAX_BLOGS="10"
+# Set to true if using SSO
+DISABLE_PASSWORD_AUTH=false
 
-#This is here so later lines can extend it; you likely don't wanna edit
+# This is here so later lines can extend it; you likely don't wanna edit
 COMPOSE_FILE="compose.yml"
+# You also likely don't wanna edit these paths
+ASSETS_PATH=/usr/share/writefreely
+DATA_PATH=/data
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.writefreely.example.com`'
 LETS_ENCRYPT_ENV=production
 
-SECRET_DB_ROOT_PASSWORD_VERSION=v1
+## Uncomment to use MariaDB instead of sqlite
-SECRET_DB_PASSWORD_VERSION=v1
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
+#USE_MARIADB=true
+#DB_ROOT_PASSWORD_VERSION=v1
+#DB_PASSWORD_VERSION=v1
 
-## Set both for keycloak. See README.md for explanation
+## Uncomment to use Keycloak. See README.md for explanation
 #KEYCLOAK_ENABLED=1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
 #OAUTH_CLIENT_ID=writefreely
-#OAUTH_HOST=
+#OAUTH_HOST=https://<your domain>/realms/<your realm>/protocol/openid-connect
-#OAUTH_CLIENT_SECRET=
+#OAUTH_DISPLAY_NAME=Keycloak
-#OAUTH_LOGIN_BUTTON=
+#OAUTH_CLIENT_SECRET_VERSION=v1
-#CONFIG_OAUTH_WRITEFREELY_VERSION=v1
-#SECRET_OAUTH_CLIENT_SECRET_VERSION=v1

README.md

@@ -1,7 +1,5 @@
 # writefreely
 
-> 📢📢📢 UPDATE IN PROGRESS, SEE [`#1`](https://git.coopcloud.tech/coop-cloud/writefreely/issues/1) 📢📢📢
-
 > An open source platform for building a writing space on the web.
 
 <!-- metadata -->
@@ -21,24 +19,30 @@
 
 1. Set up Docker Swarm and `abra`
 2. Deploy `coop-cloud/traefik`
-3. `abra app new writefreely --secrets` (optionally with `--pass` if you'd like
+3. `abra app new writefreely`
-   to save secrets in `pass`)
 4. `abra app config <domain>` - be sure to change `<domain>` to something that resolves to
-   your Docker swarm box
+   your coop-cloud server.
+    - For more info about the config options, see the [writefreely docs](https://writefreely.org/docs/main/admin/config).
 5. `abra app deploy <domain>`
-6. Open the configured domain in your browser to finish set-up
+6. Once it's running, if you are not using SSO, set up a local admin user by running this command:
-
-## Post-install
 
 ```
-passwd=`abra app run <domain> db cat /run/secrets/db_password`
+abra app run <domain> app -- writefreely -c /usr/share/writefreely/config.ini user create --admin <some-username>:<some-password>
-abra app run <domain> db mysql -u writeas -p$passwd writefreely
-ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048);
 ```
 
 ## Keycloak setup
 
-For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms/<your realm>/protocol/openid-connect`.
+For the **OAUTH_HOST** config, it uses this format: `https://keycloak.example.com/auth/realms/<your realm>/protocol/openid-connect`.
+
+To set the client secret: `abra app secret insert <domain> oauth_client_secret v1`
+
+## MariaDB
+
+By default, this recipe uses sqlite. If you wish to use MariaDB instead:
+
+1. When creating the app, you need the `--secrets` flag: `abra app new writefreely --secrets`
+2. Run `abra app config <domain>` and follow the instructions to uncomment four lines.
+3. `abra app deploy <domain>`
 
 ## Acknowledgements
 

abra.sh

@@ -1,2 +1,2 @@
-export CONFIG_WRITEFREELY_VERSION=v3
+export CONFIG_INI_VERSION=v1
-export CONFIG_ENTRYPOINT_VERSION=v1
+export WRITEFREELY_ENTRYPOINT_VERSION=v1

compose.keycloak.yml

@@ -4,26 +4,9 @@ version: "3.8"
 services:
   app:
     secrets:
-      - db_password
       - oauth_client_secret
-    environment:
-      - FEDERATION
-      - HOST_URL
-      - KEYCLOAK_ENABLED
-      - LOCAL_TIMELINE
-      - OAUTH_CLIENT_ID
-      - OAUTH_HOST
-      - OAUTH_LOGIN_BUTTON
-      - OPEN_DELETION
-      - OPEN_REGISTRATION
-      - PRIVATE
-      - PUBLIC_STATS
-      - SITE_DESCRIPTION
-      - SITE_EDITOR
-      - SITE_NAME
-      - SITE_THEME
 
 secrets:
   oauth_client_secret:
     external: true
-    name: ${STACK_NAME}_oauth_client_secret_${SECRET_OAUTH_CLIENT_SECRET_VERSION}
+    name: ${STACK_NAME}_oauth_client_secret_${OAUTH_CLIENT_SECRET_VERSION}

compose.mariadb.yml

@@ -0,0 +1,35 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DB_PASSWORD_FILE=/run/secrets/db_password
+    secrets:
+      - db_password
+
+  db:
+    image: "mariadb:12.1"
+    environment:
+      - MYSQL_DATABASE=writefreely
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_USER=writeas
+    volumes:
+      - "db:/var/lib/mysql"
+    networks:
+      - internal
+    secrets:
+      - db_root_password
+      - db_password
+
+volumes:
+  db:
+
+secrets:
+  db_root_password:
+    external: true
+    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}

compose.yml

@@ -3,27 +3,17 @@ version: "3.8"
 
 services:
   app:
-    image: git.coopcloud.tech/coop-cloud-chaos-patchs/writefreely:v0.15.1
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docker-writefreely:v0.16.0
-    environment:
-      - DB_PASSWORD_FILE=/run/secrets/db_password
-      - FEDERATION
-      - HOST_URL
-      - LOCAL_TIMELINE
-      - OPEN_DELETION
-      - OPEN_REGISTRATION
-      - PRIVATE
-      - PUBLIC_STATS
-      - SITE_DESCRIPTION
-      - SITE_EDITOR
-      - SITE_NAME
-      - SITE_THEME
     configs:
       - source: config_ini
-        target: /go/config.ini
+        # Can't put the config file in /data or else the volume mounts conflict
-    secrets:
+        target: ${ASSETS_PATH}/config.ini
-      - db_password
+      - source: writefreely_entrypoint
+        target: /abra-entrypoint.sh
+        mode: 0555
+    entrypoint: /abra-entrypoint.sh
     volumes:
-      - "web-keys:/go/keys"
+      - "local-data:${DATA_PATH}"
     networks:
       - internal
       - proxy
@@ -38,44 +28,23 @@ services:
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
-        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
         - "coop-cloud.${STACK_NAME}.version=0.1.0+latest"
 
-  db:
-    image: "mariadb:10.7"
-    environment:
-      - MYSQL_DATABASE=writefreely
-      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
-      - MYSQL_USER=writeas
-    volumes:
-      - "db:/var/lib/mysql"
-    networks:
-      - internal
-    secrets:
-      - db_root_password
-      - db_password
-
 volumes:
-  web-keys:
+  local-data:
-  db:
 
 networks:
   proxy:
     external: true
   internal:
 
-secrets:
-  db_root_password:
-    external: true
-    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
-  db_password:
-    external: true
-    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
-
 configs:
   config_ini:
-    name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION}
+    name: ${STACK_NAME}_config_${CONFIG_INI_VERSION}
     file: config.ini.tmpl
     template_driver: golang
+  writefreely_entrypoint:
+    name: ${STACK_NAME}_entrypoint_${WRITEFREELY_ENTRYPOINT_VERSION}
+    file: entrypoint.sh

config.ini.tmpl

@@ -5,20 +5,20 @@ bind                 = 0.0.0.0
 tls_cert_path        =
 tls_key_path         =
 autocert             = false
-templates_parent_dir =
+templates_parent_dir = {{ env "ASSETS_PATH" }}
-static_parent_dir    =
+static_parent_dir    = {{ env "ASSETS_PATH" }}
-pages_parent_dir     =
+pages_parent_dir     = {{ env "ASSETS_PATH" }}
-keys_parent_dir      =
+keys_parent_dir      = {{ env "DATA_PATH" }}
 hash_seed            =
 gopher_port          = 0
 
 [database]
-type     = mysql
+type     = {{ if eq (env "USE_MARIADB") "true" }}mysql{{ else }}sqlite3{{ end }}
-filename =
+filename = {{ if eq (env "USE_MARIADB") "true" }}{{ else }}writefreely.db{{ end }}
-username = writeas
+username = {{ if eq (env "USE_MARIADB") "true" }}writeas{{ else }}{{ end }}
-password = {{ secret "db_password" }}
+password = {{ if eq (env "USE_MARIADB") "true" }}{{ secret "db_password" }}{{ else }}{{ end }}
-database = writefreely
+database = {{ if eq (env "USE_MARIADB") "true" }}writefreely{{ else }}{{ end }}
-host     = db
+host     = {{ if eq (env "USE_MARIADB") "true" }}db{{ else }}localhost{{ end }}
 port     = 3306
 tls      = false
 
@@ -29,18 +29,18 @@ host                  = {{ env "HOST_URL" }}
 theme                 = {{ env "SITE_THEME" }}
 editor                = {{ env "SITE_EDITOR" }}
 disable_js            = false
-webfonts              = true
+webfonts              = {{ env "WEBFONTS" }}
 landing               =
 simple_nav            = false
-wf_modesty            = false
+wf_modesty            = {{ env "WF_MODESTY" }}
-chorus                = false
+chorus                = {{ env "CHORUS" }}
-forest                = false
+forest                = {{ env "FOREST" }}
 disable_drafts        = false
-single_user           = false
+single_user           = {{ env "SINGLE_USER" }}
 open_registration     = {{ env "OPEN_REGISTRATION" }}
 open_deletion         = {{ env "OPEN_DELETION" }}
 min_username_len      = 3
-max_blogs             = 10
+max_blogs             = {{ env "MAX_BLOGS" }}
 federation            = {{ env "FEDERATION" }}
 public_stats          = {{ env "PUBLIC_STATS" }}
 monetization          = false
@@ -50,14 +50,14 @@ local_timeline        = {{ env "LOCAL_TIMELINE" }}
 user_invites          =
 default_visibility    =
 update_checks         = false
-disable_password_auth = true
+disable_password_auth = {{ env "DISABLE_PASSWORD_AUTH" }}
 
 {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
 [oauth.generic]
 client_id          = {{ env "OAUTH_CLIENT_ID" }}
 client_secret      = {{ secret "oauth_client_secret" }}
 host               = {{ env "OAUTH_HOST" }}
-display_name       = {{ env "OAUTH_LOGIN_BUTTON" }}
+display_name       = {{ env "OAUTH_DISPLAY_NAME" }}
 callback_proxy     =
 callback_proxy_api =
 token_endpoint     = /token

entrypoint.sh

@@ -1,3 +1,15 @@
 #!/bin/sh
+set -e
+# Must match config mout point in compose.yml
+CONFIG="$ASSETS_PATH/config.ini"
+SENTINEL="$DATA_PATH/abra_first_time_setup"
 
-/go/cmd/writefreely/writefreely
+if [ ! -f $SENTINEL ]; then
+  echo "Running first-time setup"
+  /usr/bin/writefreely -c $CONFIG --gen-keys
+  /usr/bin/writefreely -c $CONFIG db init
+  touch $SENTINEL
+fi
+
+/usr/bin/writefreely -c $CONFIG db migrate
+exec /usr/bin/writefreely -c $CONFIG

first_deploy.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-function show_help () {
-    echo "usage: ./first_deploy.sh [app name]"
-}
-
-if [[ $1 == "" ]]; then
-    show_help
-    exit 1
-fi
-
-app=$1
-
-abra app run $app app /go/cmd/writefreely/writefreely --init-db
-passwd=`abra app run $app db cat /run/secrets/db_password`
-echo 'ALTER TABLE `oauth_users` MODIFY `access_token` varchar(2048)' | abra app run $app db mysql -u writeas -p$passwd writefreely
-
-exit 0

release/next

@@ -0,0 +1,11 @@
+MAJOR CHANGE! PLEASE READ!
+
+This release changes the default database from mariadb to sqlite.
+
+If you were previously using mariadb, you MUST add the following to your config:
+
+  COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
+  USE_MARIADB=true
+
+If you want to migrate to using sqlite, you can export all posts before upgrading, then import all
+posts after upgrading.