Add EXTRA_DOMAINS support

See compose-stacks/organising#19

.drone.yml

@@ -0,0 +1,22 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: decentral1se/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: wordpress
+      generate_secrets: true
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+    environment:
+      DOMAIN: wordpress.swarm-test.autonomic.zone
+      STACK_NAME: wordpress
+      LETS_ENCRYPT_ENV: production
+      DB_PASSWORD_VERSION: v1
+      DB_ROOT_PASSWORD_VERSION: v1
+trigger:
+  branch:
+    - master

.envrc.sample

@@ -1,4 +1,6 @@
 export DOMAIN=wordpress.example.com
+## Domain aliases
+#export EXTRA_DOMAINS=', `www.wordpress.example.com`'
 
 export STACK_NAME=wordpress
 export LETS_ENCRYPT_ENV=production
@@ -26,3 +28,11 @@ export DB_PASSWORD_VERSION=v1
 
 # Backups
 #export COMPOSE_FILE="compose.yml:compose.backup.yml"
+
+# SMTP
+#export COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
+#export SMTP_HOST="postfix_relay_app"
+#export MAIL_FROM="wordpress@example.com"
+#
+#export MSMTP_CONF_VERSION=v1
+#export ENTRYPOINT_MAILRELAY_CONF_VERSION=v1

README.md

@@ -1,5 +1,7 @@
 # wordpress
 
+[![Build Status](https://drone.autonomic.zone/api/badges/compose-stacks/wordpress/status.svg)](https://drone.autonomic.zone/compose-stacks/wordpress)
+
 Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
 
 1. Set up Docker Swarm and [`abra`][abra]
@@ -13,7 +15,6 @@ Coöp Cloud + [Wordpress](https://wordpress.org) = 🥳
    abra secret_generate db_password v1
    abra secret_generate db_root_password v1
    ```
-
 7. `abra deploy`
 8. Open the configured domain in your browser to finish set-up
 9. `abra run wordpress chown www-data:www-data /var/www/html/wp-content` to fix
@@ -39,11 +40,20 @@ _(Only tested using subdomains)_
 
 `abra cp ~/path/to/local/theme wordpress:/var/www/html/wp-content/themes/`
 
-[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
-[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik
-
 ## Backups
 
 1. Edit `.envrc` and uncomment the `export COMPOSE_FILE="compose.yml:compose.backup.yml"` line
 2. `direnv allow`
 3. `abra deploy`
+
+## Email
+
+1. Deploy `postfix-relay`
+2. Edit `.envrc` and uncomment the email lines; change `MAIL_FROM` to make sure
+   the domain is the same as `postfix-relay`'s `$DOMAIN` or in its
+   `$EXTRA_SENDER_DOMAINS`
+3. `direnv allow` (or `source .envrc`)
+7. `abra deploy`
+
+[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
+[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik

backup.d/NOTES.md

@@ -0,0 +1,3 @@
+# Notes
+
+- The only thing different between [fr_singlesite_wordpress.yml](./fr_singlesite_wordpress.yml) and [fr_microsites_wordpress.yml](./fr_microsites_wordpress.yml) is the `BORGBASE_REPO` environment variable and the `backup_bot_singlesite_passwd_v1`/`backup_bot_multisite_passwd_v1` secret. These are the two details which are needed for Borgmatic to know how to differentiate between each repository on the Borgbase side (where our backups are stored). Sooo, there could most definitely be a reduction in boilerplate here but I was just moving super fast and wanted to get the backup work done.

backup.d/fr_microsites_wordpress.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   backupbot:
-    image: "decentral1se/backup-bot:0.0.1"
+    image: "decentral1se/backup-bot:latest"
     networks:
       - backend
     volumes:
@@ -17,7 +17,7 @@ services:
       - source: borgmatic_config_yml
         target: /etc/borgmatic/config.yaml
     environment:
-      - BORGBASE_REPO="g067e243@g067e243.repo.borgbase.com:repo"
+      - BORGBASE_REPO="bp5oj726@bp5oj726.repo.borgbase.com:repo"
       - DB_HOST=mariadb
       - DB_TABLE=wordpress
       - DB_USER=wordpress
@@ -34,8 +34,8 @@ services:
 
 configs:
   borgmatic_config_yml:
-    name: borgmatic_config_yml_v7
-    file: borgmatic.yml
+    name: borgmatic_config_yml_v1
+    file: backup.d/borgmatic.yml
     template_driver: golang
 
 secrets:
@@ -43,5 +43,5 @@ secrets:
     name: backup_bot_ssh_key_v1
     external: true
   backup_bot_password:
-    name: backup_bot_password_v1
+    name: backup_bot_multisite_passwd_v1
     external: true

backup.d/fr_singlesite_wordpress.yml

@@ -0,0 +1,47 @@
+---
+version: "3.8"
+
+services:
+  backupbot:
+    image: "decentral1se/backup-bot:latest"
+    networks:
+      - backend
+    volumes:
+      - "wordpress_content:/var/www/html/wp-content/"
+    secrets:
+      - source: backup_bot_ssh_key
+        mode: 0400
+      - backup_bot_password
+      - db_password
+    configs:
+      - source: borgmatic_config_yml
+        target: /etc/borgmatic/config.yaml
+    environment:
+      - BORGBASE_REPO="l32s99em@l32s99em.repo.borgbase.com:repo"
+      - DB_HOST=mariadb
+      - DB_TABLE=wordpress
+      - DB_USER=wordpress
+    deploy:
+      mode: replicated
+      replicas: 0
+      labels:
+        - "swarm.cronjob.enable=true"
+        - "swarm.cronjob.schedule=0 2 * * *" # At 02:00
+      restart_policy:
+        condition: none
+    networks:
+      - backend
+
+configs:
+  borgmatic_config_yml:
+    name: borgmatic_config_yml_v1
+    file: backup.d/borgmatic.yml
+    template_driver: golang
+
+secrets:
+  backup_bot_ssh_key:
+    name: backup_bot_ssh_key_v1
+    external: true
+  backup_bot_password:
+    name: backup_bot_singlesite_passwd_v1
+    external: true

compose.abra.yml

@@ -0,0 +1,65 @@
+# #############################################################################
+# NOTE(decentral1se): this is a test compose.yml to test abra based deployments
+# #############################################################################
+
+---
+version: "3.8"
+
+services:
+  wordpress:
+    image: "wordpress:5.5.1"
+    networks:
+      - backend
+      - proxy
+    environment:
+      - WORDPRESS_DB_HOST=mariadb
+      - WORDPRESS_DB_USER=wordpress
+      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
+      - WORDPRESS_DB_NAME=wordpress
+    secrets:
+      - db_password
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.${NAME}.tls=true"
+        - "traefik.http.services.${NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${NAME}.tls.certresolver=production"
+        - "traefik.http.routers.${NAME}.entrypoints=web-secure"
+
+  mariadb:
+    image: "mariadb:10.5"
+    volumes:
+      - "mariadb:/var/lib/mysql"
+    networks:
+      - backend
+    environment:
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_DATABASE=wordpress
+      - MYSQL_USER=wordpress
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+    secrets:
+      - db_password
+      - db_root_password
+
+networks:
+  backend:
+    driver: overlay
+  proxy:
+    external: true
+
+volumes:
+  mariadb:
+  wordpress_content:
+
+secrets:
+  db_root_password:
+    external: true
+    name: ${DB_ROOT_PASSWD}
+  db_password:
+    external: true
+    name: ${DB_PASSWD}

compose.mailrelay.yml

@@ -0,0 +1,31 @@
+---
+version: "3.8"
+ 
+services:
+  app:
+    entrypoint: /docker-entrypoint.sh
+    environment:
+      - SMTP_HOST=${SMTP_HOST}
+      - MAIL_FROM=${MAIL_FROM}
+    networks:
+      - mail
+    configs:
+      - source: mstmp_conf
+        target: /etc/msmtprc
+      - source: entrypoint_conf
+        target: /docker-entrypoint.sh
+        mode: 0555
+
+networks:
+  mail:
+    external: true
+
+configs:
+  mstmp_conf:
+    name: ${STACK_NAME}_mstmp_conf_${MSMTP_CONF_VERSION}
+    file: msmtp.conf.tmpl
+    template_driver: golang
+  entrypoint_conf:
+    name: ${STACK_NAME}_entrypoint_mailrelay_${ENTRYPOINT_MAILRELAY_CONF_VERSION}
+    file: entrypoint.mailrelay.sh.tmpl
+    template_driver: golang

compose.yml

@@ -2,7 +2,7 @@
 version: "3.8"
 
 services:
-  wordpress:
+  app:
     image: "wordpress:5.5.1"
     volumes:
       - "wordpress_content:/var/www/html/wp-content/"
@@ -10,13 +10,21 @@ services:
       - backend
       - proxy
     environment:
-      - WORDPRESS_DB_HOST=mariadb
+      - WORDPRESS_DB_HOST=db
       - WORDPRESS_DB_USER=wordpress
       - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
       - WORDPRESS_DB_NAME=wordpress
       - WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
     secrets:
       - db_password
+    depends_on:
+      - db
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
     deploy:
       update_config:
         failure_action: rollback
@@ -26,14 +34,14 @@ services:
         - "traefik.docker.network=proxy"
         - "traefik.http.routers.${STACK_NAME}.tls=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`ch.${DOMAIN}`, `${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         # 3wc: this rule works for routing, but not for generating certificates
         # see https://git.autonomic.zone/compose-stacks/planning/issues/14
         #- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
 
-  mariadb:
+  db:
     image: "mariadb:10.5"
     volumes:
       - "mariadb:/var/lib/mysql"
@@ -58,11 +66,10 @@ volumes:
   mariadb:
   wordpress_content:
 
-
 secrets:
   db_root_password:
     external: true
     name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
   db_password:
     external: true
-    name: ${STACK_NAME}_db_password_${DB_ROOT_PASSWORD_VERSION}
+    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}

entrypoint.mailrelay.sh.tmpl

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y msmtp && rm -rf /var/lib/apt/lists/*
+
+echo "sendmail_path = /usr/bin/msmtp -t -i" > /usr/local/etc/php/conf.d/sendmail.ini
+
+# Upstream ENTRYPOINT
+# https://github.com/docker-library/wordpress/blob/master/php7.4/apache/Dockerfile#L120
+/usr/local/bin/docker-entrypoint.sh apache2-foreground "$@"

msmtp.conf.tmpl

@@ -0,0 +1,3 @@
+account default
+host {{ env "SMTP_HOST" }}
+from {{ env "MAIL_FROM" }}

package.yml

@@ -0,0 +1,17 @@
+---
+name: Wordpress
+description: Open source software you can use to create a beautiful website, blog, or app
+arguments:
+  name:
+    description: The name of your Wordpress application
+    example: my-cool-project
+  domain:
+    description: The domain name where your Wordpress will be available on the web
+    example: my-cool-project.com
+secrets:
+  db_passwd:
+    description: The normal user database password
+    length: 8
+  db_root_passwd:
+    description: The root user database password
+    length: 8