fix: drop golang templatin'

Reviewed-on: coop-cloud/hometown#19

.drone.yml

@@ -3,10 +3,13 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: mastodon
+      generate_secrets: true
+      networks:
+       - proxy
       purge: true
       deploy_key:
         from_secret: drone_ssh_swarm_test
@@ -14,16 +17,28 @@ steps:
       DOMAIN: mastodon.swarm-test.autonomic.zone
       STACK_NAME: mastodon
       LETS_ENCRYPT_ENV: production
+      ENTRYPOINT_CONF_VERSION: v1
+      SECRET_SECRET_KEY_BASE_VERSION: v1
+      SECRET_OTP_SECRET_VERSION: v1
+      SECRET_VAPID_PRIVATE_KEY_VERSION: v1
+      SECRET_DB_PASSWORD_VERSION: v1
+      SECRET_SMTP_PASSWORD_VERSION: v1
 trigger:
   branch:
     - main
 ---
 kind: pipeline
-name: recipe release
+name: generate recipe catalogue
 steps:
   - name: release a new version
-    image: thecoopcloud/drone-abra:latest
+    image: plugins/downstream
     settings:
-      command: recipe hometown release
-      deploy_key:
-        from_secret: abra_bot_deploy_key
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -1,6 +1,6 @@
 TYPE=hometown
 
-DOMAIN=mastodon.swarm-test.autonomic.zone
+DOMAIN=hometown.example.com
 # Enables WEB_DOMAIN if set (FOR FUTURE USE)
 # USER_DOMAIN=
 
@@ -30,6 +30,7 @@ LOCAL_DOMAIN=$DOMAIN
 
 # ALTERNATE_DOMAINS=$EXTRA_DOMAINS
 AUTHORIZED_FETCH=false
+DISALLOW_UNAUTHENTICATED_API_ACCESS=false
 LIMITED_FEDERATION_MODE=false
 
 # Deployment
@@ -61,7 +62,7 @@ REDIS_PORT=6379
 
 # ElasticSearch
 # --------------------------------------
-ES_ENABLED=true
+#COMPOSE_FILE="$COMPOSE_FILE:compose.elasticsearch.yml"
 ES_HOST=es
 ES_PORT=9200
 
@@ -72,11 +73,12 @@ ES_PORT=9200
 
 # Secrets
 # =======
-SECRET_KEY_BASE_VERSION=v1
+SECRET_SECRET_KEY_BASE_VERSION=v1
 SECRET_OTP_SECRET_VERSION=v1
 SECRET_VAPID_PRIVATE_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_SMTP_PASSWORD_VERSION=v1
+SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1
 
 # Web Push
 # ========
@@ -90,6 +92,7 @@ SINGLE_USER_MODE=false
 DEFAULT_LOCALE=en
 # MAX_SESSION_ACTIVATIONS=
 # USER_ACTIVE_DAYS=
+# MAX_TOOT_CHARS=500
 
 # Sending mail
 # ============
@@ -117,7 +120,7 @@ DEFAULT_LOCALE=en
 
 # S3 and AWS
 # ----------
-# S3_ENABLED=
+#COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
 # S3_BUCKET=
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
@@ -199,8 +202,3 @@ DEFAULT_LOCALE=en
 # OIDC_END_SESSION_ENDPOINT=
 # OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=
 # SECRET_OIDC_CLIENT_SECRET_VERSION=v1
-
-# Hidden services (Not Supported)
-# ===============================
-# http_proxy=  # yes, this should be lowercase
-# ALLOW_ACCESS_TO_HIDDEN_SERVICE=

README.md

@@ -1,87 +1,35 @@
 # Hometown
 
-A supported fork of Mastodon that provides local posting and a wider range of content types.
+> A supported fork of Mastodon that provides local posting and a wider range of content types.
 
-This repository is a copy of [coop-cloud/mastodon](https://git.autonomic.zone/coop-cloud/mastodon) but with a fresh README and some Hometown specific configuration. It seems like a good idea to keep the deployment separate since the apps may diverge in their deployment or configuration instructions at some point despite best wishes to remain as mainline Mastodon as possible.
+The configuration aims to stay as close as possible to [coop-cloud/mastodon](https://git.coopcloud.tech/coop-cloud/mastodon).
+At some point, ideally, we could merge them. We don't have enough folks running
+both Mastodon & Hometown to understand if that is a good idea right now. To be
+discussed.
 
 <!-- metadata -->
 
-- **Category**:
-- **Status**:
-- **Image**: [`decentral1se/hometown`](https://hub.docker.com/r/decentral1se/hometown)
-- **Healthcheck**:
-- **Backups**:
-- **Email**:
-- **Tests**:
-- **SSO**:
+* **Category**: Apps
+* **Status**: 1
+* **Image**: [`hometown`](https://git.coopcloud.tech/coop-cloud-chaos-patchs/docker-hometown), 1, Co-op Cloud custom image
+* **Healthcheck**: No
+* **Backups**: No
+* **Email**: Yes
+* **Tests**: No
+* **SSO**: Yes
 
 <!-- endmetadata -->
 
 ## Basic usage
 
-1. Set up Docker Swarm and [`abra`]
-1. Deploy [`coop-cloud/traefik`]
-1. `abra app new mastodon`
-1. Follow the [secrets setup docs](#secrets-setup)
-1. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to your Docker swarm box
-1. `abra app YOURAPPDOMAIN deploy` to deploy the app
+See the [`coop-cloud/mastodon` `README.md`](https://git.coopcloud.tech/coop-cloud/mastodon#quick-start).
 
-You'll need to run a `docker exec -it <streaming-service-id> /bin/bash` and do the following:
+Watch out in case the Mastodon recipe latest is not the same as the Hometown
+latest version! You can switch back to a compatible tag on the Mastodon recipe
+to compare docs, config etc. just to be sure.
 
-```
-export OTP_SECRET=$(cat /run/secrets/otp_secret)
-export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
-export DB_PASS=$(cat /run/secrets/db_password)
-bundle exec rake db:setup
-```
+## Tips & Tricks
 
-Then, on your host (outside of the containers), you'll need to fix permissions for the volume (see [#2](https://git.autonomic.zone/coop-cloud/hometown/issues/2)):
+See the [`coop-cloud/mastodon` `README.md`](https://git.coopcloud.tech/coop-cloud/mastodon#admin-tips-tricks).
 
-```
-chown -R 991:991 /var/lib/docker/volumes/<service-name>_app/_data
-```
-
-And finally, within any app container, create an admin account:
-
-```
-tootctl accounts create <username> --email <email> --confirmed --role admin
-```
-
-[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
-[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
-
-## Secrets setup
-
-Because Mastodon expects secrets generated by specific tools, we don't support that in `abra` yet. However, you can run these commands yourself using the underlying Docker CLI. You can then load them in as secrets to the swarm using `abra` though and then they will be picked up on the deployment.
-
-First, generate the `SECRET_KEY_BASE` and `OTP_SECRET` and store them in your local shell environment, you'll need them for subsequent commands.
-
-```
-$ SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
-$ OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
-$ abra app YOURAPPDOMAIN secret insert secret_key_base v1 $SECRET_KEY_BASE
-$ abra app YOURAPPDOMAIN secret insert otp_secret v1 $OTP_SECRET
-```
-
-Then you need to generate the `VAPID_{PUBLIC/PRIVATE}_KEY` values using the `SECRET_KEY_BASE`/`OTP_SECRET`:
-
-```
-$ docker run \
-  -e SECRET_KEY_BASE=$SECRET_KEY_BASE \
-  -e OTP_SECRET=$OTP_SECRET \
-  --rm tootsuite/mastodon:v3.4.0 \
-  bundle exec rake mastodon:webpush:generate_vapid_key
-```
-
-Once you see the values generated, you can load the `VAPID_PUBLIC_KEY` into your `.env` file and `VAPID_PRIVATE_KEY` into a secret.
-
-```
-$ abra app YOURDOMAIN secret insert vapid_private_key v1 YOURVAPIDPRIVATEKEY
-```
-
-And finally, to end your whirlwind secrets loading adventure, get the `DB_PASS` and `SMTP_PASSWORD` loaded.
-
-```
-$ abra app YOURAPPDOMAIN secret generate db_password v1
-$ abra app YOURDOMAIN secret insert smtp_password v1 YOURSMTPPASSWORD
-```
+Please only gather tips & tricks that are specific to Hometown here.

abra.sh

@@ -1,62 +1,92 @@
-# shellcheck disable=SC2148
-export ENTRYPOINT_CONF_VERSION=v5
-#MASTO_APP_DIR="mastodon/public"
+#!/bin/bash
 
-sub_rake() {
-  export OTP_SECRET=$(cat /run/secrets/otp_secret)
-  export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
-  export DB_PASS=$(cat /run/secrets/db_password)
+export ENTRYPOINT_CONF_VERSION=v8
 
-  # shellcheck disable=SC2034
-  abra__service_="streaming"
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
 
-  # Using streaming for rake since it is the least likely to flap
-  sub_app_run bundle exec rake "$@"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+
+  declare -x -g "$var"="$val"
+  unset "$fileVar"
 }
 
-sub_tootctl() {
-  export OTP_SECRET=$(cat /run/secrets/otp_secret)
-  export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
-  export DB_PASS=$(cat /run/secrets/db_password)
+environment() {
+    # for sidekiq service bundle exec env var threading
+    file_env "OTP_SECRET"
+    file_env "SECRET_KEY_BASE"
+    file_env "DB_PASS"
+    file_env "SMTP_PASSWORD"
+    file_env "VAPID_PRIVATE_KEY"
 
-  # shellcheck disable=SC2034
-  abra__service_="web"
-
-  # Using streaming for rake since it is the least likely to flap
-  sub_app_run bin/tootctl "$@"
+    declare -x RAILS_ENV=production
 }
 
-sub_setup() {
-    info "Setting up mastodon database"
-    silence
-
-    sub_rake "db:setup"
-    unsilence
-    success "Mastodon's database is now up! 'web' and 'sidekiq' services should now stop failing."
-
-    echo "Do you want to create an admin user? (Extremely recommended!)"
-    prompt_confirm
-    read -rp "Username: " USERNAME
-    read -rp "Email: " EMAIL
-    warning "Password will be show on screen. Copy this down somewhere! Abra cannot show you this again!"
-    sub_tootctl accounts create $USERNAME --email $EMAIL --confirmed --role admin
-    success "Admin account created!"
-    success "Mastodon should be setup and ready to go!"
+setup_admin() {
+    ## Create an admin user
+    environment
+    accounts create "$1" --email "$2" --confirmed --role admin
 }
 
-# Not working atm
-# abra_backup_app() {
-#   _abra_backup_dir $MASTO_APP_DIR
-# }
+shell() {
+    ## Run a shell with proper environment
+    environment
+    bash $@
+}
 
-# abra_restore_app() {
-#   # shellcheck disable=SC2034
-#   {
-#   abra__src_="-"
-#   abra__dst_=$MASTO_APP_DIR
-#   }
+generate_secrets() {
+    ## Run `abra app cmd -l <yourdomain> generate_secrets` to use Docker to generate secrets you'll need to deploy
+    ## your new instance (and create the secrets on target app).
+    docker context use default > /dev/null 2>&1
 
-#   zcat "$@" | sub_app_cp
+    echo "Generating secrets for new Hometown deployment..."
+    echo ""
 
-#   success "Restored 'app'"
-# }
+    SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
+    abra app secret insert "$APP_NAME" secret_key_base v1 "$SECRET_KEY_BASE"
+    echo "SECRET_KEY_BASE = $SECRET_KEY_BASE"
+    echo ""
+
+    OTP_SECRET=$(docker run --rm tootsuite/mastodon:v4.2.0 bundle exec rake secret)
+    abra app secret insert "$APP_NAME" otp_secret v1 "$OTP_SECRET"
+    echo "OTP_SECRET = $OTP_SECRET"
+    echo ""
+
+    docker run \
+           -e SECRET_KEY_BASE="$SECRET_KEY_BASE" \
+           -e OTP_SECRET="$OTP_SECRET" \
+           --rm tootsuite/mastodon:v3.4.0 \
+           bundle exec rake mastodon:webpush:generate_vapid_key \
+           > /tmp/key.txt
+
+    VAPID_PRIVATE_KEY=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "/tmp/key.txt")
+    VAPID_PUBLIC_KEY=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "/tmp/key.txt")
+    rm -rf /tmp/key.txt
+
+    echo "VAPID_PUBLIC_KEY = $VAPID_PUBLIC_KEY"
+    echo "!IMPORTANT! you MUST insert this VAPID_PUBLIC_KEY into your app .env config !IMPORTANT!"
+    echo ""
+
+    abra app secret insert "$APP_NAME" vapid_private_key v1 "$VAPID_PRIVATE_KEY"
+    echo "VAPID_PRIVATE_KEY = $VAPID_PRIVATE_KEY"
+    echo ""
+
+    abra app secret generate "$APP_NAME" db_password v1
+    echo ""
+
+    echo "don't forget to insert your smtp_password! your deployment won't work without it"
+    echo "run \"abra app secret insert $APP_NAME smtp_password v1 YOURSMTPPASSWORD\""
+    echo ""
+}

compose.elasticsearch.yml

@@ -0,0 +1,34 @@
+---
+version: "3.8"
+
+services:
+  es:
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
+    environment:
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "cluster.name=es-mastodon"
+      - "discovery.type=single-node"
+      - "bootstrap.memory_lock=true"
+    networks:
+      - internal_network
+    volumes:
+      - es:/usr/share/elasticsearch/data
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+
+  app:
+    environment: &es-env
+      - ES_ENABLED=true
+      - ES_HOST
+      - ES_PORT
+
+  streaming:
+    environment: *es-env
+
+  sidekiq:
+    environment: *es-env
+
+volumes:
+  es:

compose.oidc.yml

@@ -2,8 +2,7 @@
 version: "3.8"
 
 services:
-  web:
-    image: decentral1se/hometown:v1.0.5_3.4.0_openid-sso
+  app:
     secrets:
       - db_password
       - otp_secret
@@ -11,8 +10,8 @@ services:
       - smtp_password
       - vapid_private_key
       - oidc_client_secret
+
   streaming:
-    image: decentral1se/hometown:v1.0.5_3.4.0_openid-sso
     secrets:
       - db_password
       - otp_secret
@@ -20,8 +19,8 @@ services:
       - smtp_password
       - vapid_private_key
       - oidc_client_secret
+
   sidekiq:
-    image: decentral1se/hometown:v1.0.5_3.4.0_openid-sso
     secrets:
       - db_password
       - otp_secret

compose.s3.yml

@@ -0,0 +1,35 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment: &s3-env
+      - S3_ENABLED=true
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key
+      - S3_BUCKET
+      - S3_REGION
+      - S3_PROTOCOL
+      - S3_HOSTNAME
+      - S3_ENDPOINT
+      - S3_SIGNATURE_VERSION
+      - S3_OVERRIDE_PATH_STYLE
+      - S3_OPEN_TIMEOUT
+      - S3_READ_TIMEOUT
+      - S3_FORCE_SINGLE_REQUEST
+      - S3_ALIAS_HOST
+    secrets: &s3-secrets
+      - aws_secret_access_key
+
+  streaming:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+  sidekiq:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+secrets:
+  aws_secret_access_key:
+    name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
+    external: true

compose.yml

@@ -2,66 +2,12 @@
 version: "3.8"
 
 services:
-  db:
-    image: postgres:9.6-alpine
-    networks: &internalNetwork
-      - internal_network
-    # Note(decentral1se): get this working, failing somehow so far
-    # healthcheck:
-    #   test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
-    volumes:
-      - postgres:/var/lib/postgresql/data
-    secrets:
-      - db_password
-    environment:
-      - POSTGRES_DB=${DB_NAME}
-      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
-      - POSTGRES_USER=${DB_USER}
-
-  redis:
-    image: redis:6.2-alpine
-    networks: *internalNetwork
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-    volumes:
-      - redis:/data
-
-  es:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.16
-    environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - "cluster.name=es-mastodon"
-      - "discovery.type=single-node"
-      - "bootstrap.memory_lock=true"
-    networks:
-      - internal_network
-    # Note(decentral1se): get this working, failing somehow so far
-    # healthcheck:
-    #   test:
-    #     [
-    #       "CMD-SHELL",
-    #       "curl --silent --fail localhost:9200/_cluster/health || exit 1",
-    #     ]
-    volumes:
-      - es:/usr/share/elasticsearch/data
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-
-  web:
-    image: decentral1se/hometown:v1.0.5_3.4.0
-    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
+  app:
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.15-hometown-1.1.1
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rake db:migrate; bundle exec rails s -p 3000"
     networks: &bothNetworks
       - proxy
       - internal_network
-    # Note(decentral1se): get this working, failing somehow so far
-    # healthcheck:
-    #   test:
-    #     [
-    #       "CMD-SHELL",
-    #       "wget -q --spider --proxy=off localhost:3000/health || exit 1",
-    #     ]
     deploy:
       update_config:
         failure_action: rollback
@@ -73,19 +19,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        # WEB_DOMAIN redirect
-        #- "traefik.http.routers.${STACK_NAME}_web.rule=(Host(`${DOMAIN}`) || (Host(`${LOCAL_DOMAIN}`) && Path(`/.well-known/webfinger`)))"
-        # - "traefik.http.middlewares.mastodon-webfinger.redirectregex.regex=^https?://${LOCAL_DOMAIN}/.*" #^(http|https)://${LOCAL_DOMAIN}/.well-known/webfinger"
-        # # - "traefik.http.middlewares.mastodon-webfinger.redirectregex.permanent=true"
-        # - "traefik.http.middlewares.mastodon-webfinger.redirectregex.replacement=https://${WEB_DOMAIN}/.well-known/webfinger"
-        # - "traefik.http.routers.${STACK_NAME}_hack.rule=(Host(`${LOCAL_DOMAIN}`) && Path(`/.well-known/`))"
-        # - "traefik.http.routers.${STACK_NAME}_hack.entrypoints=websecure"
-        # - "traefik.http.routers.${STACK_NAME}_hack.middlewares=mastodon-webfinger@docker"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-
+        - "coop-cloud.${STACK_NAME}.version=1.1.9+v4.0.15-hometown-1.1.1"
     configs: &configs
       - source: entrypoint_sh
         target: /usr/local/bin/entrypoint.sh
@@ -109,15 +43,13 @@ services:
       - CACHE_REDIS_URL
       - DB_HOST
       - DB_NAME
-      - DB_PASS_FILE=/run/secrets/db_password
       - DB_PORT
       - DB_USER
+      - DB_PASS_FILE=/run/secrets/db_password
       - DEFAULT_LOCALE
+      - DISALLOW_UNAUTHENTICATED_API_ACCESS
       - EMAIL_DOMAIN_ALLOWLIST
       - EMAIL_DOMAIN_DENYLIST
-      - ES_ENABLED
-      - ES_HOST
-      - ES_PORT
       - LDAP_BASE
       - LDAP_BIND_DN
       - LDAP_ENABLED
@@ -132,10 +64,12 @@ services:
       - LIMITED_FEDERATION_MODE
       - LOCAL_DOMAIN
       - MAX_SESSION_ACTIVATIONS
+      - MAX_TOOT_CHARS
       - OAUTH_REDIRECT_AT_SIGN_IN
       - OIDC_AUTH_ENDPOINT
       - OIDC_CLIENT_AUTH_METHOD
       - OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
       - OIDC_DISCOVERY
       - OIDC_DISPLAY
       - OIDC_DISPLAY_NAME
@@ -154,7 +88,6 @@ services:
       - OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED
       - OIDC_SEND_NONCE
       - OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT
-      - OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
       - OIDC_TOKEN_ENDPOINT
       - OIDC_UID_FIELD
       - OIDC_USER_INFO_ENDPOINT
@@ -208,22 +141,14 @@ services:
       - VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key
       - VAPID_PUBLIC_KEY
       - WEB_DOMAIN
-      - http_proxy # yes, this should be lowercase
 
   streaming:
-    image: decentral1se/hometown:v1.0.5_3.4.0
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.15-hometown-1.1.1
     command: node ./streaming
     configs: *configs
     entrypoint: *entrypoint
     secrets: *secrets
     networks: *bothNetworks
-    # Note(decentral1se): get this working, failing somehow so far
-    # healthcheck:
-    #   test:
-    #     [
-    #       "CMD-SHELL",
-    #       "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1",
-    #     ]
     deploy:
       update_config:
         failure_action: rollback
@@ -235,16 +160,11 @@ services:
         - "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
         - "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}"
-
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
     environment: *env
     volumes: *appVolume # used to make sure this volume is created
 
   sidekiq:
-    image: decentral1se/hometown:v1.0.5_3.4.0
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/hometown:v4.0.15-hometown-1.1.1
     secrets: *secrets
     command: bundle exec sidekiq
     configs: *configs
@@ -257,9 +177,30 @@ services:
     volumes: *appVolume
     environment: *env
 
+  db:
+    image: postgres:14.10-alpine
+    networks: &internalNetwork
+      - internal_network
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    secrets:
+      - db_password
+    environment:
+      - POSTGRES_DB=${DB_NAME}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - POSTGRES_USER=${DB_USER}
+
+  redis:
+    image: redis:7.2-alpine
+    networks: *internalNetwork
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+    volumes:
+      - redis:/data
+
 secrets:
   secret_key_base:
-    name: ${STACK_NAME}_secret_key_base_${SECRET_KEY_BASE_VERSION}
+    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
     external: true
   otp_secret:
     name: ${STACK_NAME}_otp_secret_${SECRET_OTP_SECRET_VERSION}
@@ -278,7 +219,6 @@ volumes:
   app:
   redis:
   postgres:
-  es:
 
 networks:
   proxy:

entrypoint.sh.tmpl

@@ -23,14 +23,16 @@ file_env() {
   unset "$fileVar"
 }
 
+# for sidekiq service bundle exec env var threading
 file_env "DB_PASS"
 file_env "OTP_SECRET"
 file_env "SECRET_KEY_BASE"
 file_env "SMTP_PASSWORD"
 file_env "VAPID_PRIVATE_KEY"
+file_env "AWS_SECRET_ACCESS_KEY"
 
 {{ if eq (env "OIDC_ENABLED") "true" }}
 file_env "OIDC_CLIENT_SECRET"
 {{ end }}
 
-/usr/bin/tini -- "$@"
+/usr/bin/tini -s -- "$@"

release/1.0.0+v4.0.6-hometown-1.1.1

@@ -0,0 +1,11 @@
+Mastodon 4 requires running pre- and post-deployment migrations, something like
+
+```
+abra app run your.app.domain app bash -c "SKIP_POST_DEPLOYMENT_MIGRATIONS=true rails db:migrate"
+abra app restart your.app.domain app
+abra app restart your.app.domain streaming
+abra app restart your.app.domain sidekiq
+abra app run your.app.domain app rails db:migrate
+```
+
+See the full release notes for details: https://github.com/mastodon/mastodon/releases/tag/v4.0.0

renovate.json

@@ -1,3 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
-}