forked from coop-cloud/bonfire
first working version :)
This commit is contained in:
parent
39b5d94356
commit
864612e0ba
24
.env.sample
24
.env.sample
@ -3,9 +3,13 @@ TYPE=bonfire
|
||||
# choose what flavour of Bonfire to run
|
||||
FLAVOUR=classic
|
||||
|
||||
# different flavours may require different database servers:
|
||||
DB_DOCKER_IMAGE=postgres:12-alpine
|
||||
# different flavours/forks or architectures may require different builds of bonfire:
|
||||
APP_DOCKER_IMAGE=bonfirenetworks/bonfire:latest-${FLAVOUR}
|
||||
|
||||
# different flavours or architectures may require different postgres builds:
|
||||
# DB_DOCKER_IMAGE=postgres:12-alpine
|
||||
# DB_DOCKER_IMAGE=postgis/postgis:12-3.1-alpine
|
||||
DB_DOCKER_IMAGE=odidev/postgis:12-3.1-alpine
|
||||
|
||||
# enter your instance's domain name
|
||||
DOMAIN=bonfire.example.com
|
||||
@ -52,13 +56,14 @@ GITHUB_TOKEN=xyz
|
||||
|
||||
# ====================================
|
||||
# these secrets will be autogenerated/managed by abra and docker"
|
||||
postgres_password_secret_version=v1
|
||||
secret_key_base_secret_version=v1
|
||||
signing_salt_secret_version=v1
|
||||
encryption_salt_secret_version=v1
|
||||
meili_master_key_secret_version=v1
|
||||
seeds_pw_secret_version=v1
|
||||
livebook_password_secret_version=v1
|
||||
SECRET_POSTGRES_PASSWORD_VERSION=v1
|
||||
SECRET_MEILI_MASTER_KEY_VERSION=v1
|
||||
SECRET_SEEDS_PW_VERSION=v1
|
||||
SECRET_LIVEBOOK_PASSWORD_VERSION=v1
|
||||
|
||||
SECRET_SECRET_KEY_BASE_VERSION=v2
|
||||
SECRET_SIGNING_SALT_VERSION=v2
|
||||
SECRET_ENCRYPTION_SALT_VERSION=v2
|
||||
|
||||
# ====================================
|
||||
# You should not have to edit any of the following ones:
|
||||
@ -73,4 +78,3 @@ SHOW_DEBUG_IN_DEV=true
|
||||
MIX_ENV=prod
|
||||
LETS_ENCRYPT_ENV=production
|
||||
HOSTNAME=$DOMAIN
|
||||
APP_ENTRYPOINT_VERSION=v1
|
15
README.md
15
README.md
@ -1,6 +1,6 @@
|
||||
# bonfire
|
||||
|
||||
TODO
|
||||
A coop-cloud recipe for deploying https://bonfirenetwork.org
|
||||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
@ -16,13 +16,12 @@ TODO
|
||||
## Basic usage
|
||||
|
||||
1. Set up Docker Swarm and [`abra`]
|
||||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new ${REPO_NAME} --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app config YOUR_APP_NAME`
|
||||
5. Be sure to change `$HOSTNAME` to something that resolves to your Docker swarm box, check/edit the other config keys
|
||||
5. `abra app deploy YOUR_APP_NAME `
|
||||
6. Open the configured domain in your browser and sign up!
|
||||
2. Deploy the [`coop-cloud/traefik`] proxy if you haven't already
|
||||
3. `abra app new ${REPO_NAME}`
|
||||
4. Generate secrets with `./secrets.sh YOUR_APP_NAME`
|
||||
5. `abra app config YOUR_APP_NAME` to edit your config. Be sure to change `$DOMAIN` to something that resolves to your Docker swarm box, check/edit the other config keys
|
||||
6. `abra app deploy YOUR_APP_NAME`
|
||||
7. Open the configured domain in your browser and sign up!
|
||||
|
||||
|
||||
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
|
||||
|
23
compose.yml
23
compose.yml
@ -14,7 +14,6 @@ services:
|
||||
- POSTGRES_DB=bonfire_db
|
||||
- PUBLIC_PORT=443
|
||||
- HOSTNAME
|
||||
- MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
|
||||
secrets:
|
||||
- postgres_password
|
||||
- secret_key_base
|
||||
@ -30,7 +29,7 @@ services:
|
||||
- internal
|
||||
ports:
|
||||
- "4000:4000" # make sure this is commented in production
|
||||
entrypoint: "/docker-entrypoint.sh"
|
||||
entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
@ -40,7 +39,7 @@ services:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
@ -71,15 +70,13 @@ services:
|
||||
|
||||
search:
|
||||
image: getmeili/meilisearch:latest
|
||||
environment:
|
||||
- MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
|
||||
secrets:
|
||||
- meili_master_key
|
||||
volumes:
|
||||
- "search-data:/data.ms"
|
||||
networks:
|
||||
- internal
|
||||
entrypoint: ["tini", "--", "bash", "/docker-entrypoint.sh"]
|
||||
entrypoint: ["tini", "--", "/docker-entrypoint.sh", "./meilisearch"]
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
@ -104,22 +101,22 @@ configs:
|
||||
secrets:
|
||||
postgres_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_postgres_password_${postgres_password_secret_version}
|
||||
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
||||
secret_key_base:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_base_${secret_key_base_secret_version}
|
||||
name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
|
||||
signing_salt:
|
||||
external: true
|
||||
name: ${STACK_NAME}_signing_salt_${signing_salt_secret_version}
|
||||
name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}
|
||||
encryption_salt:
|
||||
external: true
|
||||
name: ${STACK_NAME}_encryption_salt_${encryption_salt_secret_version}
|
||||
name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}
|
||||
meili_master_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_meili_master_key_${meili_master_key_secret_version}
|
||||
name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}
|
||||
seeds_pw:
|
||||
external: true
|
||||
name: ${STACK_NAME}_seeds_pw_${seeds_pw_secret_version}
|
||||
name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}
|
||||
livebook_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_livebook_password_${livebook_password_secret_version}
|
||||
name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}
|
||||
|
@ -1,27 +1,15 @@
|
||||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
# put secrets from files into env
|
||||
export MEILI_MASTER_KEY=$(cat /run/secrets/meili_master_key)
|
||||
export POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)
|
||||
export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
|
||||
export SIGNING_SALT=$(cat /run/secrets/signing_salt)
|
||||
export ENCRYPTION_SALT=$(cat /run/secrets/encryption_salt)
|
||||
export SEEDS_PW=$(cat /run/secrets/seeds_pw)
|
||||
export LIVEBOOK_PASSWORD=$(cat /run/secrets/livebook_password)
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
echo "....Secrets have been loaded, now run $@...."
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env "MEILI_MASTER_KEY"
|
||||
# This will exec the CMD from your Dockerfile
|
||||
exec "$@"
|
11
secrets.sh
Executable file
11
secrets.sh
Executable file
@ -0,0 +1,11 @@
|
||||
#/bin/sh
|
||||
|
||||
abra app secret generate --all $1
|
||||
|
||||
s1=$(openssl rand -base64 128)
|
||||
s2=$(openssl rand -base64 128)
|
||||
s3=$(openssl rand -base64 128)
|
||||
|
||||
abra app secret insert $1 secret_key_base v2 "$s1"
|
||||
abra app secret insert $1 signing_salt v2 "$s2"
|
||||
abra app secret insert $1 encryption_salt v2 "$s3"
|
Loading…
Reference in New Issue
Block a user