chore: publish 2.5.1+6.3.0 release

chore: publish 2.5.0+6.3.0 release
Tidy up settings a little
2023-10-24 16:54:44 +02:00 · 2023-10-23 12:51:12 +01:00 · 2023-10-23 12:50:45 +01:00 · 2023-10-23 12:50:31 +01:00 · 2023-10-23 12:49:47 +01:00 · 2023-10-20 00:06:09 +02:00
9 changed files with 109 additions and 39 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,15 +1,29 @@
 TYPE=wordpress
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 COMPOSE_FILE="compose.yml"
 DOMAIN=wordpress.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
 LETS_ENCRYPT_ENV=production
-TITLE="My Example Blog"
+# Setup Wordpress settings on each deploy:
-LOCALE="en_US" # de_DE
+#POST_DEPLOY_CMDS="app core_install"
-ADMIN_EMAIL=admin@example.com
+
 # Optional settings, otherwise can be set in the installer
 # (Required for `app core_install`
 #TITLE="My Example Blog"
 #LOCALE="en_US" # de_DE
 #ADMIN_EMAIL=admin@example.com
 # Every new user is per default subscriber, uncomment to change it
 #DEFAULT_USER_ROLE=administrator
 # Uncomment to install PHP Composer
 #COMPOSER=1
 #WORDPRESS_DEBUG=true
 ## Additional extensions
 #PHP_EXTENSIONS="calendar"
@ -22,28 +36,39 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Multisite
 #WORDPRESS_CONFIG_EXTRA="\
-#	define('WP_CACHE', false);\
+#define('WP_CACHE', false);\
-#	define('WP_ALLOW_MULTISITE', true );"
+#define('WP_ALLOW_MULTISITE', true );"
 # Multisite phase 2 (see README)
-# WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
+#WORDPRESS_CONFIG_EXTRA="define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '${DOMAIN}'); define('PATH_CURRENT_SITE', '/');	define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('FORCE_SSL_ADMIN', true ); define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 # Local SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
 #SMTP_HOST="postfix_relay_app"
 #MAIL_FROM="wordpress@example.com"
 # Remote SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
 #SMTP_OVERRIDE_FROM=on  # force "From" to MAIL_FROM, usually necessary
 #SMTP_PORT=587
 #SMTP_AUTH=on
 #SMTP_TLS=on
 #SECRET_SMTP_PASSWORD_VERSION=v1
-# COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
+# Authentik SSO
-# AUTHENTIK_DOMAIN=authentik.example.com
+#COMPOSE_FILE="$COMPOSE_FILE:compose.authentik.yml"
-# AUTHENTIK_SECRET_NAME=authentik_example_com_wordpress_secret_v1  # the same as in authentik
+#AUTHENTIK_DOMAIN=authentik.example.com
-# AUTHENTIK_ID_NAME=authentik_example_com_wordpress_id_v1  # the same as in authentik
+#SECRET_AUTHENTIK_SECRET_VERSION=v1
-# LOGIN_TYPE='auto'
+#SECRET_AUTHENTIK_ID_VERSION=v1
 #LOGIN_TYPE='auto'
 # Allow remote connections to db
 # 🚩🚩 dangerous, use only for development sites!
 #COMPOSE_FILE="$COMPOSE_FILE:compose.public-db.yml
 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!
 #CORS_ALLOW_ALL=1
--- a/abra.sh
+++ b/abra.sh
@ -1,7 +1,7 @@
 export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v3
+export ENTRYPOINT_CONF_VERSION=v5
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
-export MSMTP_CONF_VERSION=v3
+export MSMTP_CONF_VERSION=v4
 wp() {
    su -p www-data -s /bin/bash -c "/usr/local/bin/wp $@"
@ -9,15 +9,24 @@ wp() {
 core_install(){
    ADMIN=admin
-    if [ -n $AUTHENTIK_DOMAIN ]
+    if [ -n "$AUTHENTIK_DOMAIN" ]
    then
        ADMIN=akadmin
    fi
-    chown www-data:www-data /var/www/html/wp-content
+    chown www-data:www-data -R /var/www/html/wp-content
    wp "core install --url=$DOMAIN --title=\"$TITLE\" --admin_user=$ADMIN --admin_email=$ADMIN_EMAIL --locale=$LOCALE --skip-email"
    wp "language core install $LOCALE"
    wp "site switch-language $LOCALE"
    wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
    wp "plugin install --activate disable-update-notifications"
    wp 'option update dwcun_setting on' 
    if [ -n "$DEFAULT_USER_ROLE" ]
    then
        wp "option set default_role $DEFAULT_USER_ROLE"
    else
        wp "option set default_role subscriber"
    fi
    wp 'plugin auto-updates enable --all' || exit 0
 }
 set_authentik(){
--- a/compose.authentik.yml
+++ b/compose.authentik.yml
@ -8,7 +8,7 @@ services:
 secrets:
  authentik_secret:
    external: true
-    name: ${AUTHENTIK_SECRET_NAME}
+    name: ${STACK_NAME}_authentik_secret_${SECRET_AUTHENTIK_SECRET_VERSION}
  authentik_id:
    external: true
-    name: ${AUTHENTIK_ID_NAME}
+    name: ${STACK_NAME}_authentik_id_${SECRET_AUTHENTIK_ID_VERSION}
--- a/compose.public-db.yml
+++ b/compose.public-db.yml
@ -0,0 +1,9 @@
 ---
 version: "3.8"
 services:
  db:
    ports:
      - target: 3306
        published: 3306
        mode: host
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -6,11 +6,12 @@ services:
    secrets:
      - smtp_password
    environment:
-      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_HOST
      - SMTP_PORT=${SMTP_PORT:-25}
-      - SMTP_AUTH=${SMTP_AUTH}
+      - SMTP_AUTH
-      - SMTP_TLS=${SMTP_TLS}
+      - SMTP_TLS
-      - MAIL_FROM=${MAIL_FROM}
+      - MAIL_FROM
      - SMTP_OVERRIDE_FROM
 secrets:
  smtp_password:
--- a/compose.yml
+++ b/compose.yml
@ -3,21 +3,26 @@ version: "3.8"
 services:
  app:
-    image: "wordpress:6.2.2"
+    image: "wordpress:6.3.0"
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    networks:
      - backend
      - proxy
    environment:
-      - PAGER=more
+      WORDPRESS_CONFIG_EXTRA: |
-      - WORDPRESS_DB_HOST=db
+            define( 'AUTOMATIC_UPDATER_DISABLED', false );
-      - WORDPRESS_DB_USER=wordpress
+            define( 'WP_AUTO_UPDATE_CORE', false );
-      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
+            ${WORDPRESS_CONFIG_EXTRA}
-      - WORDPRESS_DB_NAME=wordpress
+      PAGER: more
-      - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
+      WORDPRESS_DB_HOST: db
-      - WORDPRESS_TABLE_PREFIX
+      WORDPRESS_DB_USER: wordpress
-      - PHP_EXTENSIONS
+      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_TABLE_PREFIX: ${WORDPRESS_TABLE_PREFIX:-wp_}
      PHP_EXTENSIONS: ${PHP_EXTENSIONS}
      CORS_ALLOW_ALL:
      COMPOSER:
    secrets:
      - db_password
    configs:
@ -53,10 +58,10 @@ services:
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html"
-        - "coop-cloud.${STACK_NAME}.version=2.3.3+6.2.2"
+        - "coop-cloud.${STACK_NAME}.version=2.5.1+6.3.0"
  db:
-    image: "mariadb:10.11"
+    image: "mariadb:11.0"
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
@ -72,11 +77,10 @@ services:
    deploy:
      labels:
        backupbot.backup: "true"
-        backupbot.backup.path: "/tmp/dump.sql.gz"
+        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz"
-        backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /tmp/dump.sql.gz'"
+        backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
        backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
        backupbot.restore: "true"
-        backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
+        backupbot.restore.post-hook: "sh -c 'mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dbdump.sql && rm -f /var/lib/mysql/dbdump.sql'"
 networks:
  backend:
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -7,6 +7,23 @@ docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
 curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
 chmod +x /usr/local/bin/wp
 {{ if eq (env "COMPOSER") "1" }}
 mkdir -p /var/www/.composer
 chown www-data:www-data /var/www/.composer
 curl https://getcomposer.org/installer -o /tmp/composer-setup.php
 php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
 php /tmp/composer-setup.php
 rm /tmp/composer-setup.php
 mv /var/www/html/composer.phar /usr/local/bin/composer
 {{ end }}
 {{ if eq (env "CORS_ALLOW_ALL") "1" }}
 a2enmod headers
 sed -ri -e 's/^([ \t]*)(<\/VirtualHost>)/\1\tHeader set Access-Control-Allow-Origin "*"\n\1\2/g' /etc/apache2/sites-available/*.conf
 {{ end }}
 if [ -n "$@" ]; then
 	"$@"
 fi
--- a/msmtp.conf.tmpl
+++ b/msmtp.conf.tmpl
@ -1,9 +1,13 @@
 account default
 host {{ env "SMTP_HOST" }}
 from {{ env "MAIL_FROM" }}
-user {{ env "MAIL_FROM" }}
+user {{ or (env "SMTP_USER") (env "MAIL_FROM") }}
 port {{ env "SMTP_PORT" }}
 {{ if eq (env "SMTP_OVERRIDE_FROM") "on" }}
 set_from_header on
 {{ end }}
 {{ if eq (env "SMTP_AUTH") "on" }}
 auth {{ env "SMTP_AUTH" }}
 passwordeval "cat /run/secrets/smtp_password"
--- a/release/next
+++ b/release/next
@ -0,0 +1 @@
 The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.
Author	SHA1	Message	Date
knoflook	1c70a89ed4	chore: publish 2.5.1+6.3.0 release	2023-10-24 16:54:44 +02:00
3wc	c6be9ecfcf	chore: publish 2.5.0+6.3.0 release	2023-10-23 12:51:12 +01:00
3wc	f2867c8359	Tidy up settings a little	2023-10-23 12:50:45 +01:00
3wc	4a7c468806	Add composer support	2023-10-23 12:50:31 +01:00
3wc	40d95417e9	Improve SMTP settings	2023-10-23 12:49:47 +01:00
Moritz	37aa0649b9	chore: publish 2.4.3+6.3.0 release	2023-10-20 00:06:09 +02:00
Moritz	5723405e51	fix backup label	2023-10-20 00:05:41 +02:00
3wc	650d531ed1	Add CORS_ALLOW_ALL for dev sites	2023-10-17 22:29:23 +01:00
3wc	9077d0aa86	chore: publish 2.4.2+6.3.0 release	2023-10-17 13:35:18 +01:00
3wc	952044e590	Exciting attempt at public db access	2023-10-17 13:28:42 +01:00
3wc	1c03d854b2	chore: publish 2.4.1+6.3.0 release	2023-10-16 13:51:11 +01:00
3wc	38bc51f516	Set default for WORDPRESS_TABLE_PREFIX instead of requiring it	2023-10-16 13:50:48 +01:00
3wc	40cbb7d689	Set default WORDPRESS_TABLE_PREFIX	2023-10-16 13:45:37 +01:00
Moritz	16ca5734d7	fix core_install	2023-08-24 11:34:01 +02:00
3wc	91335eac3a	chore: publish 2.4.0+6.3.0 release	2023-08-14 13:42:35 +02:00
Moritz	dfaa04131d	fix compose env variable	2023-07-09 15:05:08 +02:00
Moritz	b508b67752	use standalone authentik secrets	2023-07-08 04:31:03 +02:00
Moritz	8cc028fc00	set default user role per env	2023-06-08 16:00:19 +02:00
Moritz	55f00a482a	disable core updates, hide notifications, enable automatic plugin updates	2023-06-01 16:59:09 +02:00
		`@ -0,0 +1 @@`
							`The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.`