chore: publish 2.5.2+6.3.0 release

.env.sample

@@ -20,8 +20,8 @@ LETS_ENCRYPT_ENV=production
 # Every new user is per default subscriber, uncomment to change it
 #DEFAULT_USER_ROLE=administrator
 
-# PHP composer for plugin installation
+# Uncomment to install PHP Composer
-#COMPOSE_FILE="$COMPOSE_FILE:compose.composer.yml"
+#COMPOSER=1
 
 #WORDPRESS_DEBUG=true
 
@@ -48,7 +48,7 @@ SECRET_DB_PASSWORD_VERSION=v1
 #MAIL_FROM="wordpress@example.com"
 
 # Remote SMTP relay
-#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_USER="wordpress@example.com"  # optional, defaults to MAIL_FROM
@@ -72,3 +72,9 @@ SECRET_DB_PASSWORD_VERSION=v1
 # Wide-open CORS
 # 🚩🚩 dangerous, use only for development sites!
 #CORS_ALLOW_ALL=1
+
+
+# FTP
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ftp.yml"
+#SECRET_FTP_PASS_VERSION=v1
+#USERS_CONF_VERSION=v1

abra.sh

@@ -1,5 +1,5 @@
 export PHP_UPLOADS_CONF_VERSION=v3
-export ENTRYPOINT_CONF_VERSION=v6
+export ENTRYPOINT_CONF_VERSION=v5
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
 
@@ -19,7 +19,7 @@ core_install(){
     wp "site switch-language $LOCALE"
     wp "rewrite structure '/%year%/%monthnum%/%day%/%postname%/'"
     wp "plugin install --activate disable-update-notifications"
-    wp "option update disable_notification_setting --format=json '{\"dpun_setting\":false,\"dwtu_setting\":false,\"dwcun_setting\":true}'"
+    wp 'option update dwcun_setting on' 
     if [ -n "$DEFAULT_USER_ROLE" ]
     then
         wp "option set default_role $DEFAULT_USER_ROLE"
@@ -75,3 +75,77 @@ set_authentik(){
 fix_mysql() {
   echo "ALTER TABLE mysql.column_stats MODIFY histogram longblob; ALTER TABLE mysql.column_stats MODIFY hist_type enum('SINGLE_PREC_HB','DOUBLE_PREC_HB','JSON_HB');" | mysql -u root -p$(cat /run/secrets/db_root_password)
 }
+
+sub_wp() {
+  CONTAINER=$(docker container ls -f "Name=${STACK_NAME}_app" --format '{{ .ID }}')
+  if [ -z "$CONTAINER" ]; then
+    error "Can't find a container for ${STACK_NAME}_app"
+    exit
+  fi
+  debug "Using Container ID ${CONTAINER}"
+
+  # FIXME 3wc: we're fighting the Wordpress image, which recommends a named
+  # volume for /var/www/html -- this used to work fine using --volumes-from
+  # because the actual MySQL password was inserted into the generated
+  # wp-config.php -- but as of Wordpress 5.7.0, wp-config loads data straight
+  # from the environment, which requires Docker secrets to work, which only work
+  # in swarm services (not one-off `docker run` commands). Defining a `cli`
+  # service in compose.yml almost works, but there's no volumes_from: in Compose
+  # V3, and without it then the `cli` service can't access Wordpress core.
+  # See https://git.autonomic.zone/coop-cloud/wordpress/issues/21
+  warning "Slowly looking up MySQL password..."
+  silence
+  abra__service_="app"
+  DB_PASSWORD="$(sub_app_run cat "/run/secrets/db_password")"
+  unsilence
+
+  # shellcheck disable=SC2154,SC2086
+  docker run -it \
+	--volumes-from "$CONTAINER" \
+	--network "container:$CONTAINER" \
+	-u xfs:xfs \
+    -e WORDPRESS_DB_HOST=db \
+    -e WORDPRESS_DB_USER=wordpress \
+    -e WORDPRESS_DB_PASSWORD="${DB_PASSWORD}" \
+    -e WORDPRESS_DB_NAME=wordpress \
+    -e WORDPRESS_CONFIG_EXTRA="${WORDPRESS_CONFIG_EXTRA}" \
+	wordpress:cli wp ${abra__args_[*]}
+}
+
+abra_backup_app() {
+  _abra_backup_dir "app:/var/www/html/wp-content"
+}
+
+abra_backup_db() {
+  _abra_backup_mysql "db" "wordpress"
+}
+
+abra_backup() {
+  abra_backup_app && abra_backup_db
+}
+
+abra_restore_app() {
+  # shellcheck disable=SC2034
+  {
+	abra__src_="-"
+	abra__dst_="app:/var/www/html/"
+  }
+
+  zcat "$@" | sub_app_cp
+
+  success "Restored 'app'"
+}
+
+abra_restore_db() {
+  # 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
+  # got this far..
+
+  # shellcheck disable=SC2034
+  abra___no_tty="true"
+
+  DB_ROOT_PASSWORD=$(sub_app_run cat /run/secrets/db_root_password)
+
+  zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress
+
+  success "Restored 'db'"
+}

compose.composer.yml

@@ -1,14 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    volumes:
-      - "composer:/var/www/html/composer"
-    environment:
-      - ENABLE_COMPOSER=1
-      - COMPOSER=composer/composer.json
-      - COMPOSER_VENDOR_DIR=composer/vendor
-
-volumes:
-  composer:

compose.ftp.yml

@@ -0,0 +1,26 @@
+---
+version: "3.8"
+
+services:
+  ftp:
+    image: atmoz/sftp
+    secrets:
+      - ftp_pass
+    ports:
+        - 2222:22
+    volumes:
+      - "wordpress_content:/home/ftp_user/wp-content"
+    configs:
+      - source: users_conf
+        target: /etc/sftp/users.conf
+
+secrets:
+  ftp_pass:
+    name: ${STACK_NAME}_ftp_pass_${SECRET_FTP_PASS_VERSION}
+    external: true
+
+configs:
+  users_conf:
+    name: ${STACK_NAME}_users_conf_${USERS_CONF_VERSION}
+    file: users.conf.tmpl
+    template_driver: golang

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "wordpress:6.4.2"
+    image: "wordpress:6.3.0"
     volumes:
       - "wordpress_content:/var/www/html/wp-content/"
     networks:
@@ -58,10 +58,10 @@ services:
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html"
-        - "coop-cloud.${STACK_NAME}.version=2.6.3+6.4.2"
+        - "coop-cloud.${STACK_NAME}.version=2.5.2+6.3.0"
 
   db:
-    image: "mariadb:11.2"
+    image: "mariadb:11.0"
     volumes:
       - "mariadb:/var/lib/mysql"
     networks:
@@ -77,11 +77,10 @@ services:
     deploy:
       labels:
         backupbot.backup: "true"
-        backupbot.backup.pre-hook: "sh -c 'mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz'"
+        backupbot.backup.pre-hook: "mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress | gzip > /var/lib/mysql/dump.sql.gz"
-        backupbot.backup.path: "/var/lib/mysql/dump.sql.gz"
         backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
         backupbot.restore: "true"
-        backupbot.restore.post-hook: "sh -c 'gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql'"
+        backupbot.restore.post-hook: "sh -c 'mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" wordpress < /var/lib/mysql/dbdump.sql && rm -f /var/lib/mysql/dbdump.sql'"
 
 networks:
   backend:

entrypoint.sh.tmpl

@@ -7,9 +7,9 @@ docker-php-ext-install {{ env "PHP_EXTENSIONS" }}
 curl -z /usr/local/bin/wp -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
 chmod +x /usr/local/bin/wp
 
-{{ if eq (env "ENABLE_COMPOSER") "1" }}
+{{ if eq (env "COMPOSER") "1" }}
 mkdir -p /var/www/.composer
-chown www-data:www-data /var/www/.composer /var/www/html/composer
+chown www-data:www-data /var/www/.composer
 
 curl https://getcomposer.org/installer -o /tmp/composer-setup.php
 php -r "if (hash_file('sha384', '/tmp/composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

release/next

@@ -1 +0,0 @@
-The authentik secrets need to be inserted again, as wordpress is not sharing the secret with authentik any more.

users.conf.tmpl

@@ -0,0 +1 @@
+ftp_user:{{ secret "ftp_pass" }}:33:33