From 816cc460bc9826d024730c230fe89e6013bfeeb9 Mon Sep 17 00:00:00 2001 From: Mayel de Borniol Date: Wed, 9 Mar 2022 11:24:27 +1300 Subject: [PATCH] initial draft --- .env.sample | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++ .gitignore | 1 + README.md | 29 +++++++++++++++++++++ abra.sh | 0 compose.yml | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 179 insertions(+) create mode 100644 .env.sample create mode 100644 .gitignore create mode 100644 README.md create mode 100644 abra.sh create mode 100644 compose.yml diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..79cc480 --- /dev/null +++ b/.env.sample @@ -0,0 +1,74 @@ +TYPE=bonfire + +# choose what flavour of Bonfire to run +FLAVOUR=classic + +# different flavours may require different database servers: +DB_DOCKER_IMAGE=postgres:12-alpine +# DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine + +# enter your instance's domain name +HOSTNAME=bonfire.example.com +# DO NOT CHANGE HOSTNAME AFTER DEPLOYMENT! WILL BREAK FEDERATION!! +## Domain aliases +#EXTRA_DOMAINS=', `www.bonfire.example.com`' + +# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets.env +MAIL_BACKEND=mailgun + +# require an email address to be invited before being able to sign up? (true or false) +INVITE_ONLY=true + +# a name and tagline for your instance +INSTANCE_DESCRIPTION="An instance of Bonfire, a federated app ecosystem for open and cooperative networks" + +# uncomment in order to NOT automatically change the database schema when you upgrade the app +# DISABLE_DB_AUTOMIGRATION=true + +# max file upload size - default is 20 meg +UPLOAD_LIMIT=20000000 + +# ==================================== +# SECRETS + +# please make sure you change everything to your own secrets! +# and do not check your env file into any public git repo +# change ALL the values: + +# if `INVITE_ONLY` is true, what should be the secret code to sign up? +INVITE_KEY=123 + +# signup to mailgun.com and edit with your domain and API key +MAIL_DOMAIN=mgo.example.com +MAIL_KEY=xyz +MAIL_FROM=admin@example.com + +# Bonfire extensions configs: +WEB_PUSH_SUBJECT=mailto:admin@example.com +WEB_PUSH_PUBLIC_KEY=xyz +WEB_PUSH_PRIVATE_KEY=abc +GEOLOCATE_OPENCAGEDATA= +GITHUB_TOKEN=xyz + +# ==================================== +# these secrets will be autogenerated/managed by abra and docker" +SECRET_POSTGRES_PASSWORD_VERSION=v1 +SECRET_SECRET_KEY_BASE_VERSION=v1 +SECRET_SIGNING_SALT_VERSION=v1 +SECRET_ENCRYPTION_SALT_VERSION=v1 +SECRET_MEILI_MASTER_KEY_VERSION=v1 +SECRET_SEEDS_PW_VERSION=v1 +SECRET_LIVEBOOK_PASSWORD_VERSION=v1 + +# ==================================== +# You should not have to edit any of the following ones: +APP_NAME=Bonfire +LANG=en_US.UTF-8 +SEEDS_USER=root +ERLANG_COOKIE=bonfire_cookie +REPLACE_OS_VARS=true +LIVEVIEW_ENABLED=true +ACME_AGREE=true +SHOW_DEBUG_IN_DEV=true +MIX_ENV=prod +LETS_ENCRYPT_ENV=production diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7a6353d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.envrc diff --git a/README.md b/README.md new file mode 100644 index 0000000..fe0e925 --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# bonfire + +TODO + + +* **Category**: Apps +* **Status**: 1, alpha +* **Image**: [`bonfirenetworks/bonfire`](https://hub.docker.com/r/bonfirenetworks/bonfire/tags), 4, upstream +* **Healthcheck**: +* **Backups**: +* **Email**: +* **Tests**: +* **SSO**: + + +## Basic usage + +1. Set up Docker Swarm and [`abra`] +2. Deploy [`coop-cloud/traefik`] +3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like + to save secrets in `pass`) +4. `abra app config YOUR_APP_NAME` +5. Be sure to change `$HOSTNAME` to something that resolves to your Docker swarm box, check/edit the other config keys +5. `abra app deploy YOUR_APP_NAME ` +6. Open the configured domain in your browser and sign up! + + +[`abra`]: https://git.coopcloud.tech/coop-cloud/abra +[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik diff --git a/abra.sh b/abra.sh new file mode 100644 index 0000000..e69de29 diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..c73c5bb --- /dev/null +++ b/compose.yml @@ -0,0 +1,75 @@ +--- +version: "3.8" + +services: + app: + image: "bonfirenetworks/bonfire:latest-${FLAVOUR}" + depends_on: + - db + - search + environment: + - POSTGRES_HOST=${STACK_NAME}_db + - SEARCH_MEILI_INSTANCE=http://${STACK_NAME}_search:7700 + - POSTGRES_USER=postgres + - POSTGRES_DB=bonfire_db + - PUBLIC_PORT=443 + - HOSTNAME + volumes: + - upload-data:/opt/app/data/uploads + networks: + - proxy + - internal + ports: + - "4000:4000" # make sure this is commented in production + deploy: + restart_policy: + condition: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${HOSTNAME}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + ## Redirect from EXTRA_DOMAINS to HOSTNAME + #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${HOSTNAME}" + # healthcheck: + # test: ["CMD", "curl", "-f", "http://localhost"] + # interval: 30s + # timeout: 10s + # retries: 10 + # start_period: 1m + + db: + image: ${DB_DOCKER_IMAGE} + volumes: + - db-data:/var/lib/postgresql/data + environment: + # - POSTGRES_PASSWORD + - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD + - POSTGRES_USER=postgres + - POSTGRES_DB=bonfire_db + networks: + - internal + + bonfire_search: + image: getmeili/meilisearch:latest + volumes: + - "search-data:/data.ms" + networks: + - internal + +volumes: + db-data: + upload-data: + +networks: + proxy: + external: true + internal: + +secrets: + POSTGRES_PASSWORD: + external: true + name: ${STACK_NAME}_POSTGRES_PASSWORD_${SECRET_POSTGRES_PASSWORD_VERSION} \ No newline at end of file