commit 090874acca52b23795b957110c8d12fdc5a88250
Author: brooke <brooke@myco.systems>
Date:   Tue Feb 11 19:55:44 2025 -0500

    initial commit

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..47080d2
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,38 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: example_com  # UPDATE ME
+      generate_secrets: true
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+      networks:
+        - proxy
+    environment:
+      DOMAIN: example.swarm-test.autonomic.zone # UPDATE ME
+      STACK_NAME: example_com  # UPDATE ME
+      LETS_ENCRYPT_ENV: production
+trigger:
+  branch:
+    - main
+---
+kind: pipeline
+name: generate recipe catalogue
+steps:
+  - name: release a new version
+    image: plugins/downstream
+    settings:
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag
diff --git a/.env.sample b/.env.sample
new file mode 100644
index 0000000..b28f49a
--- /dev/null
+++ b/.env.sample
@@ -0,0 +1,11 @@
+TYPE=zulip
+
+DOMAIN=zulip.example.com
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.zulip.example.com`'
+
+LETS_ENCRYPT_ENV=production
+
+SECRET_DB_PASSWORD_VERSION=v1
+SECRET_RABBITMQ_PASSWORD_VERSION=v1
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7a6353d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.envrc
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..29dd864
--- /dev/null
+++ b/README.md
@@ -0,0 +1,24 @@
+# zulip
+
+> One line description of the recipe
+
+<!-- metadata -->
+
+* **Category**: Apps
+* **Status**: 0
+* **Image**: [`zulip`](https://hub.docker.com/r/zulip), 4, upstream
+* **Healthcheck**: No
+* **Backups**: No
+* **Email**: No
+* **Tests**: No
+* **SSO**: No
+
+<!-- endmetadata -->
+
+## Quick start
+
+* `abra app new zulip --secrets`
+* `abra app config <app-name>`
+* `abra app deploy <app-name>`
+
+For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..2bbf494
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,127 @@
+---
+version: "3.8"
+
+services:
+
+  app:
+    image: "zulip/docker-zulip:9.4-0"
+    ports:
+      - "80:80"
+    environment:
+      DB_HOST: "database"
+      DB_HOST_PORT: "5432"
+      DB_USER: "zulip"
+      SSL_CERTIFICATE_GENERATION: "self-signed"
+      SETTING_MEMCACHED_LOCATION: "memcached:11211"
+      SETTING_RABBITMQ_HOST: "rabbitmq"
+      SETTING_REDIS_HOST: "redis"
+      SECRETS_email_password: "123456789"
+      SECRETS_rabbitmq_password: "REPLACE_WITH_SECURE_RABBITMQ_PASSWORD"
+      SECRETS_postgres_password: "REPLACE_WITH_SECURE_POSTGRES_PASSWORD"
+      SECRETS_memcached_password: "REPLACE_WITH_SECURE_MEMCACHED_PASSWORD"
+      SECRETS_redis_password: "REPLACE_WITH_SECURE_REDIS_PASSWORD"
+      SECRETS_secret_key: "REPLACE_WITH_SECURE_SECRET_KEY"
+      SETTING_EXTERNAL_HOST: "localhost.localdomain"
+      SETTING_ZULIP_ADMINISTRATOR: "admin@example.com"
+      SETTING_EMAIL_HOST: ""
+      SETTING_EMAIL_HOST_USER: "noreply@example.com"
+      SETTING_EMAIL_PORT: "587"
+      SETTING_EMAIL_USE_SSL: "False"
+      SETTING_EMAIL_USE_TLS: "True"
+      ZULIP_AUTH_BACKENDS: "EmailAuthBackend"
+    volumes:
+      - "zulip:/data:rw"
+    ulimits:
+      nofile:
+        soft: 1000000
+        hard: 1048576
+
+  database:
+    image: "zulip/zulip-postgresql:17.2"
+    deploy:
+      labels:
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
+    environment:
+      POSTGRES_DB: "zulip"
+      POSTGRES_USER: "zulip"
+      POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"
+    secrets:
+      - db_password
+    volumes:
+      - "db:/var/lib/postgresql/data:rw"
+    networks:
+      - internal
+    configs:
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      
+  memcached:
+    image: "memcached:alpine"
+    command:
+      - "sh"
+      - "-euc"
+      - |
+        echo 'mech_list: plain' > "$$SASL_CONF_PATH"
+        echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
+        echo "zulip@localhost:$$MEMCACHED_PASSWORD" >> "$$MEMCACHED_SASL_PWDB"
+        exec memcached -S
+    environment:
+      SASL_CONF_PATH: "/home/memcache/memcached.conf"
+      MEMCACHED_SASL_PWDB: "/home/memcache/memcached-sasl-db"
+      MEMCACHED_PASSWORD: "REPLACE_WITH_SECURE_MEMCACHED_PASSWORD"
+
+  rabbitmq:
+    image: "rabbitmq:3.12.14"
+    environment:
+      RABBITMQ_DEFAULT_USER: "zulip"
+      RABBITMQ_DEFAULT_PASS_FILE: "/run/secrets/rabbitmq_password"
+    secrets:
+      - rabbitmq_password
+    volumes:
+      - "rabbitmq:/var/lib/rabbitmq:rw"
+
+  redis:
+    image: "redis:alpine"
+    command:
+      - "sh"
+      - "-euc"
+      - |
+        echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
+        exec redis-server /etc/redis.conf
+    environment:
+      REDIS_PASSWORD: "REPLACE_WITH_SECURE_REDIS_PASSWORD"
+    volumes:
+      - "redis:/data:rw"
+
+
+secrets:
+  db_password:
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+    external: true
+  rabbitmq_password:
+    name: ${STACK_NAME}_rabbitmq_password_${SECRET_RABBITMQ_PASSWORD_VERSION}
+    external: true
+
+configs:
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh
+
+volumes:
+  zulip:
+  db:
+  rabbitmq:
+  redis:
+
+networks:
+  internal:
+  proxy:
+    external: true
diff --git a/pg_backup.sh b/pg_backup.sh
new file mode 100644
index 0000000..4029803
--- /dev/null
+++ b/pg_backup.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@
diff --git a/release/.git-keep-me b/release/.git-keep-me
new file mode 100644
index 0000000..e69de29