initial draft

2022-03-09 11:24:27 +13:00 · 2022-03-09 11:24:27 +13:00 · 816cc460bc
commit 816cc460bc
5 changed files with 179 additions and 0 deletions
--- a/.env.sample
+++ b/.env.sample
@ -0,0 +1,74 @@
+TYPE=bonfire
+
+# choose what flavour of Bonfire to run
+FLAVOUR=classic
+
+# different flavours may require different database servers:
+DB_DOCKER_IMAGE=postgres:12-alpine
+# DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine
+
+# enter your instance's domain name
+HOSTNAME=bonfire.example.com
+# DO NOT CHANGE HOSTNAME AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
+## Domain aliases
+#EXTRA_DOMAINS=', `www.bonfire.example.com`'
+
+# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets.env
+MAIL_BACKEND=mailgun
+
+# require an email address to be invited before being able to sign up? (true or false)
+INVITE_ONLY=true
+
+# a name and tagline for your instance
+INSTANCE_DESCRIPTION="An instance of Bonfire, a federated app ecosystem for open and cooperative networks"
+
+# uncomment in order to NOT automatically change the database schema when you upgrade the app
+# DISABLE_DB_AUTOMIGRATION=true
+
+# max file upload size - default is 20 meg
+UPLOAD_LIMIT=20000000
+
+# ====================================
+# SECRETS
+
+# please make sure you change everything to your own secrets!
+# and do not check your env file into any public git repo 
+# change ALL the values:
+
+# if `INVITE_ONLY` is true, what should be the secret code to sign up?
+INVITE_KEY=123
+
+# signup to mailgun.com and edit with your domain and API key
+MAIL_DOMAIN=mgo.example.com
+MAIL_KEY=xyz
+MAIL_FROM=admin@example.com
+
+# Bonfire extensions configs:
+WEB_PUSH_SUBJECT=mailto:admin@example.com
+WEB_PUSH_PUBLIC_KEY=xyz
+WEB_PUSH_PRIVATE_KEY=abc
+GEOLOCATE_OPENCAGEDATA=
+GITHUB_TOKEN=xyz
+
+# ====================================
+# these secrets will be autogenerated/managed by abra and docker"
+SECRET_POSTGRES_PASSWORD_VERSION=v1
+SECRET_SECRET_KEY_BASE_VERSION=v1
+SECRET_SIGNING_SALT_VERSION=v1
+SECRET_ENCRYPTION_SALT_VERSION=v1
+SECRET_MEILI_MASTER_KEY_VERSION=v1
+SECRET_SEEDS_PW_VERSION=v1
+SECRET_LIVEBOOK_PASSWORD_VERSION=v1
+
+# ====================================
+# You should not have to edit any of the following ones:
+APP_NAME=Bonfire
+LANG=en_US.UTF-8
+SEEDS_USER=root
+ERLANG_COOKIE=bonfire_cookie
+REPLACE_OS_VARS=true
+LIVEVIEW_ENABLED=true
+ACME_AGREE=true
+SHOW_DEBUG_IN_DEV=true
+MIX_ENV=prod
+LETS_ENCRYPT_ENV=production
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.envrc
--- a/README.md
+++ b/README.md
@ -0,0 +1,29 @@
+# bonfire
+
+TODO
+
+<!-- metadata -->
+* **Category**: Apps
+* **Status**: 1, alpha
+* **Image**: [`bonfirenetworks/bonfire`](https://hub.docker.com/r/bonfirenetworks/bonfire/tags), 4, upstream
+* **Healthcheck**:
+* **Backups**:
+* **Email**:
+* **Tests**:
+* **SSO**:
+<!-- endmetadata -->
+
+## Basic usage
+
+1. Set up Docker Swarm and [`abra`]
+2. Deploy [`coop-cloud/traefik`]
+3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
+   to save secrets in `pass`)
+4. `abra app config YOUR_APP_NAME` 
+5. Be sure to change `$HOSTNAME` to something that resolves to your Docker swarm box, check/edit the other config keys
+5. `abra app deploy YOUR_APP_NAME `
+6. Open the configured domain in your browser and sign up! 
+
+
+[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
+[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
--- a/abra.sh
+++ b/abra.sh
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,75 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: "bonfirenetworks/bonfire:latest-${FLAVOUR}"
+    depends_on:
+      - db
+      - search
+    environment:
+      - POSTGRES_HOST=${STACK_NAME}_db
+      - SEARCH_MEILI_INSTANCE=http://${STACK_NAME}_search:7700
+      - POSTGRES_USER=postgres
+      - POSTGRES_DB=bonfire_db
+      - PUBLIC_PORT=443
+      - HOSTNAME
+    volumes:
+      - upload-data:/opt/app/data/uploads
+    networks:
+      - proxy
+      - internal
+    ports:
+      - "4000:4000" # make sure this is commented in production
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${HOSTNAME}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        ## Redirect from EXTRA_DOMAINS to HOSTNAME
+        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${HOSTNAME}"
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 10
+    #   start_period: 1m
+
+  db:
+    image: ${DB_DOCKER_IMAGE}
+    volumes:
+      - db-data:/var/lib/postgresql/data
+    environment:
+      # - POSTGRES_PASSWORD
+      - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
+      - POSTGRES_USER=postgres
+      - POSTGRES_DB=bonfire_db
+    networks:
+      - internal
+
+  bonfire_search:
+    image: getmeili/meilisearch:latest
+    volumes:
+      - "search-data:/data.ms"
+    networks:
+      - internal
+
+volumes:
+  db-data:
+  upload-data:
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+secrets:
+  POSTGRES_PASSWORD:
+    external: true
+    name: ${STACK_NAME}_POSTGRES_PASSWORD_${SECRET_POSTGRES_PASSWORD_VERSION}