chore: publish 2.4.3+6.3.0 release

.env.sample

@@ -1,6 +1,10 @@
 TYPE=wordpress
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
+COMPOSE_FILE="compose.yml"
+
+# Setup Wordpress settings on each deploy:
+#POST_DEPLOY_CMDS="app core_install"
 
 DOMAIN=wordpress.example.com
 ## Domain aliases
@@ -11,6 +15,11 @@ TITLE="My Example Blog"
 LOCALE="en_US" # de_DE
 ADMIN_EMAIL=admin@example.com
 
+# Every new user is per default subscriber, uncomment to change it
+#DEFAULT_USER_ROLE=administrator
+
+#WORDPRESS_DEBUG=true
+
 ## Additional extensions
 #PHP_EXTENSIONS="calendar"
 
@@ -22,19 +31,19 @@ SECRET_DB_PASSWORD_VERSION=v1
 
 # Multisite
 #WORDPRESS_CONFIG_EXTRA="\
-#	define('WP_CACHE', false);\
-#	define('WP_ALLOW_MULTISITE', true );"
+#define('WP_CACHE', false);\
+#define('WP_ALLOW_MULTISITE', true );"
 
 # Multisite phase 2 (see README)
-# WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 
 # Local SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
 #SMTP_HOST="postfix_relay_app"
 #MAIL_FROM="wordpress@example.com"
 
 # Remote SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_PORT=587
@@ -42,8 +51,17 @@ SECRET_DB_PASSWORD_VERSION=v1
 #SMTP_TLS=on
 #SECRET_SMTP_PASSWORD_VERSION=v1
 
-# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
-# AUTHENTIK_DOMAIN=authentik.example.com
-# AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1  # the same as in authentik
-# AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authentik
-# LOGIN_TYPE='auto'
+# Authentik SSO
+#COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
+#AUTHENTIK_DOMAIN=authentik.example.com
+#SECRET_AUTHENTIK_SECRET_VERSION=v1
+#SECRET_AUTHENTIK_ID_VERSION=v1
+#LOGIN_TYPE='auto'
+
+# 🚩🚩 dangerous, use only for development sites!
+
+# Allow remote connections to db
+#COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
+
+# Wide-open CORS
+#CORS_ALLOW_ALL=1

abra.sh

@@ -1,5 +1,5 @@
 export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v3
+export ENTRYPOINT_CONF_VERSION=v4
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v3
 
@@ -9,15 +9,24 @@ wp() {
 
 core_install(){
     ADMIN=admin
-    if [ -n $AUTHENTIK_DOMAIN ]
+    if [ -n "$AUTHENTIK_DOMAIN" ]
     then
         ADMIN=akadmin
     fi
-    chown www-data:www-data /var/www/html/wp-content
+    chown www-data:www-data -R /var/www/html/wp-content
     wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
     wp "language core install $LOCALE"
     wp "site switch-language $LOCALE"
     wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
+    wp "plugin install --activate disable-update-notifications"
+    wp 'option update dwcun_setting on' 
+    if [ -n "$DEFAULT_USER_ROLE" ]
+    then
+        wp "option set default_role $DEFAULT_USER_ROLE"
+    else
+        wp "option set default_role subscriber"
+    fi
+    wp 'plugin auto-updates enable --all' || exit 0
 }
 
 set_authentik(){

compose.authentik.yml

@@ -8,7 +8,7 @@ services:
 secrets:
   authentik_secret:
     external: true
-    name: ${AUTHENTIK_SECRET_NAME}
+    name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
   authentik_id:
     external: true
-    name: ${AUTHENTIK_ID_NAME}
+    name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}

compose.public-db.yml

@@ -0,0 +1,9 @@
+---
+version: "3.8"
+
+services:
+  db:
+    ports:
+      - target: 3306
+        published: 3306
+        mode: host

compose.yml

@@ -3,21 +3,25 @@ version: "3.8"
 
 services:
   app:
-    image: "wordpress:6.2.0"
+    image: "wordpress:6.3.0"
     volumes:
       - "wordpress_content:/var/www/html/wp-content/"
     networks:
       - backend
       - proxy
     environment:
-      - PAGER=more
-      - WORDPRESS_DB_HOST=db
-      - WORDPRESS_DB_USER=wordpress
-      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
-      - WORDPRESS_DB_NAME=wordpress
-      - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
-      - WORDPRESS_TABLE_PREFIX
-      - PHP_EXTENSIONS
+      WORDPRESS_CONFIG_EXTRA: |
+            define( 'AUTOMATIC_UPDATER_DISABLED', false );
+            define( 'WP_AUTO_UPDATE_CORE', false );
+            ${WORDPRESS_CONFIG_EXTRA}
+      PAGER: more
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: wordpress
+      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
+      WORDPRESS_DB_NAME: wordpress
+      WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
+      PHP_EXTENSIONS: ${PHP_EXTENSIONS}
+      CORS_ALLOW_ALL:
     secrets:
       - db_password
     configs:
@@ -53,10 +57,10 @@ services:
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html"
-        - "coop-cloud.${STACK_NAME}.version=2.3.2+6.2.0"
+        - "coop-cloud.${STACK_NAME}.version=2.4.3+6.3.0"
 
   db:
-    image: "mariadb:10.11"
+    image: "mariadb:11.0"
     volumes:
       - "mariadb:/var/lib/mysql"
     networks:
@@ -72,11 +76,10 @@ services:
     deploy:
       labels:
         backupbot.backup: "true"
-        backupbot.backup.path: "/tmp/dump.sql.gz"
-        backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'"
-        backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
+        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz"
+        backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
         backupbot.restore: "true"
-        backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
+        backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dbdump.sql && rm -f /var/lib/mysql/dbdump.sql'"
 
 networks:
   backend:

entrypoint.sh.tmpl

@@ -7,6 +7,11 @@ docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
 curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
 chmod +x /usr/local/bin/wp
 
+{{ if eq (env "CORS_ALLOW_ALL") "1" }}
+a2enmod headers
+sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
+{{ end }}
+
 if [ -n "$@" ]; then
 	"$@"
 fi

release/next

@@ -0,0 +1 @@
+The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.