forked from coop-cloud/bonfire
initial draft
This commit is contained in:
commit
816cc460bc
|
@ -0,0 +1,74 @@
|
||||||
|
TYPE=bonfire
|
||||||
|
|
||||||
|
# choose what flavour of Bonfire to run
|
||||||
|
FLAVOUR=classic
|
||||||
|
|
||||||
|
# different flavours may require different database servers:
|
||||||
|
DB_DOCKER_IMAGE=postgres:12-alpine
|
||||||
|
# DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine
|
||||||
|
|
||||||
|
# enter your instance's domain name
|
||||||
|
HOSTNAME=bonfire.example.com
|
||||||
|
# DO NOT CHANGE HOSTNAME AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
|
||||||
|
## Domain aliases
|
||||||
|
#EXTRA_DOMAINS=', `www.bonfire.example.com`'
|
||||||
|
|
||||||
|
# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets.env
|
||||||
|
MAIL_BACKEND=mailgun
|
||||||
|
|
||||||
|
# require an email address to be invited before being able to sign up? (true or false)
|
||||||
|
INVITE_ONLY=true
|
||||||
|
|
||||||
|
# a name and tagline for your instance
|
||||||
|
INSTANCE_DESCRIPTION="An instance of Bonfire, a federated app ecosystem for open and cooperative networks"
|
||||||
|
|
||||||
|
# uncomment in order to NOT automatically change the database schema when you upgrade the app
|
||||||
|
# DISABLE_DB_AUTOMIGRATION=true
|
||||||
|
|
||||||
|
# max file upload size - default is 20 meg
|
||||||
|
UPLOAD_LIMIT=20000000
|
||||||
|
|
||||||
|
# ====================================
|
||||||
|
# SECRETS
|
||||||
|
|
||||||
|
# please make sure you change everything to your own secrets!
|
||||||
|
# and do not check your env file into any public git repo
|
||||||
|
# change ALL the values:
|
||||||
|
|
||||||
|
# if `INVITE_ONLY` is true, what should be the secret code to sign up?
|
||||||
|
INVITE_KEY=123
|
||||||
|
|
||||||
|
# signup to mailgun.com and edit with your domain and API key
|
||||||
|
MAIL_DOMAIN=mgo.example.com
|
||||||
|
MAIL_KEY=xyz
|
||||||
|
MAIL_FROM=admin@example.com
|
||||||
|
|
||||||
|
# Bonfire extensions configs:
|
||||||
|
WEB_PUSH_SUBJECT=mailto:admin@example.com
|
||||||
|
WEB_PUSH_PUBLIC_KEY=xyz
|
||||||
|
WEB_PUSH_PRIVATE_KEY=abc
|
||||||
|
GEOLOCATE_OPENCAGEDATA=
|
||||||
|
GITHUB_TOKEN=xyz
|
||||||
|
|
||||||
|
# ====================================
|
||||||
|
# these secrets will be autogenerated/managed by abra and docker"
|
||||||
|
SECRET_POSTGRES_PASSWORD_VERSION=v1
|
||||||
|
SECRET_SECRET_KEY_BASE_VERSION=v1
|
||||||
|
SECRET_SIGNING_SALT_VERSION=v1
|
||||||
|
SECRET_ENCRYPTION_SALT_VERSION=v1
|
||||||
|
SECRET_MEILI_MASTER_KEY_VERSION=v1
|
||||||
|
SECRET_SEEDS_PW_VERSION=v1
|
||||||
|
SECRET_LIVEBOOK_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
# ====================================
|
||||||
|
# You should not have to edit any of the following ones:
|
||||||
|
APP_NAME=Bonfire
|
||||||
|
LANG=en_US.UTF-8
|
||||||
|
SEEDS_USER=root
|
||||||
|
ERLANG_COOKIE=bonfire_cookie
|
||||||
|
REPLACE_OS_VARS=true
|
||||||
|
LIVEVIEW_ENABLED=true
|
||||||
|
ACME_AGREE=true
|
||||||
|
SHOW_DEBUG_IN_DEV=true
|
||||||
|
MIX_ENV=prod
|
||||||
|
LETS_ENCRYPT_ENV=production
|
|
@ -0,0 +1 @@
|
||||||
|
.envrc
|
|
@ -0,0 +1,29 @@
|
||||||
|
# bonfire
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
<!-- metadata -->
|
||||||
|
* **Category**: Apps
|
||||||
|
* **Status**: 1, alpha
|
||||||
|
* **Image**: [`bonfirenetworks/bonfire`](https://hub.docker.com/r/bonfirenetworks/bonfire/tags), 4, upstream
|
||||||
|
* **Healthcheck**:
|
||||||
|
* **Backups**:
|
||||||
|
* **Email**:
|
||||||
|
* **Tests**:
|
||||||
|
* **SSO**:
|
||||||
|
<!-- endmetadata -->
|
||||||
|
|
||||||
|
## Basic usage
|
||||||
|
|
||||||
|
1. Set up Docker Swarm and [`abra`]
|
||||||
|
2. Deploy [`coop-cloud/traefik`]
|
||||||
|
3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
|
||||||
|
to save secrets in `pass`)
|
||||||
|
4. `abra app config YOUR_APP_NAME`
|
||||||
|
5. Be sure to change `$HOSTNAME` to something that resolves to your Docker swarm box, check/edit the other config keys
|
||||||
|
5. `abra app deploy YOUR_APP_NAME `
|
||||||
|
6. Open the configured domain in your browser and sign up!
|
||||||
|
|
||||||
|
|
||||||
|
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
|
||||||
|
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
|
|
@ -0,0 +1,75 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: "bonfirenetworks/bonfire:latest-${FLAVOUR}"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- search
|
||||||
|
environment:
|
||||||
|
- POSTGRES_HOST=${STACK_NAME}_db
|
||||||
|
- SEARCH_MEILI_INSTANCE=http://${STACK_NAME}_search:7700
|
||||||
|
- POSTGRES_USER=postgres
|
||||||
|
- POSTGRES_DB=bonfire_db
|
||||||
|
- PUBLIC_PORT=443
|
||||||
|
- HOSTNAME
|
||||||
|
volumes:
|
||||||
|
- upload-data:/opt/app/data/uploads
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
ports:
|
||||||
|
- "4000:4000" # make sure this is commented in production
|
||||||
|
deploy:
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${HOSTNAME}`${EXTRA_DOMAINS})"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
## Redirect from EXTRA_DOMAINS to HOSTNAME
|
||||||
|
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||||
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||||
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${HOSTNAME}"
|
||||||
|
# healthcheck:
|
||||||
|
# test: ["CMD", "curl", "-f", "http://localhost"]
|
||||||
|
# interval: 30s
|
||||||
|
# timeout: 10s
|
||||||
|
# retries: 10
|
||||||
|
# start_period: 1m
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: ${DB_DOCKER_IMAGE}
|
||||||
|
volumes:
|
||||||
|
- db-data:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
# - POSTGRES_PASSWORD
|
||||||
|
- POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
|
||||||
|
- POSTGRES_USER=postgres
|
||||||
|
- POSTGRES_DB=bonfire_db
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
|
||||||
|
bonfire_search:
|
||||||
|
image: getmeili/meilisearch:latest
|
||||||
|
volumes:
|
||||||
|
- "search-data:/data.ms"
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db-data:
|
||||||
|
upload-data:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
external: true
|
||||||
|
internal:
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
POSTGRES_PASSWORD:
|
||||||
|
external: true
|
||||||
|
name: ${STACK_NAME}_POSTGRES_PASSWORD_${SECRET_POSTGRES_PASSWORD_VERSION}
|
Loading…
Reference in New Issue