Compare commits
	
		
			53 Commits
		
	
	
		
			lambdabund
			...
			update-mir
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| f9463a6986 | |||
| 907f9e38e7 | |||
| 7743446f2c | |||
| 6cdcf3a7f4 | |||
| a56861701c | |||
| 69564fdadf | |||
| 4fc19bb10d | |||
| 1cc521acfe | |||
| 07ee33e92d | |||
| 4adcd6aa9f | |||
| 5dceb542a6 | |||
| b58cd82d1f | |||
| ce3555e3d0 | |||
| 2e46c22fe5 | |||
| 1be011b07e | |||
| 0621f89c09 | |||
| 3241b864a9 | |||
| 48489718b6 | |||
| 09b90a7b8e | |||
| df617f4951 | |||
| 9db89e0ae5 | |||
| 395b52691f | |||
| 34ade7e58c | |||
| 055ae85ec4 | |||
| 39a7c3af29 | |||
| da3200cab6 | |||
| 9d992aaf84 | |||
| 490d05a520 | |||
| c98150841d | |||
| 6436623d89 | |||
| 2b7235ba10 | |||
| 4e11ca64cd | |||
| 53f518ad81 | |||
| d299663325 | |||
| 7fe95005ed | |||
| d1efcb06cc | |||
| 4dea3ac3ca | |||
| 979e738251 | |||
| 026365e889 | |||
| 3c17fdc8a5 | |||
| d1579fd6a3 | |||
| 4d0d5f9afe | |||
| a540db0c67 | |||
| e28feffc5c | |||
| 523c12fa63 | |||
| 7f05291dad | |||
| 4d67caff56 | |||
| a1474f956d | |||
| 6f7dfd4c64 | |||
| c1b6924a9e | |||
| 548e5211d7 | |||
| 28ab363163 | |||
| 12b2d04d28 | 
| @ -12,8 +12,8 @@ In other words, we're happy to give you, as contributor, "the commit bit" (read/ | ||||
|  | ||||
| We maintain a "team" called "Co-operators" on our 2 main repositories: | ||||
|  | ||||
| * [`git.coopcloud.tech/org/toolshed`](https://git.coopcloud.tech/org/toolshed/) | ||||
| * [`git.coopcloud.tech/org/coop-cloud`](https://git.coopcloud.tech/org/coop-cloud/) | ||||
| * [`git.coopcloud.tech/org/toolshed`](https://git.coopcloud.tech/toolshed/) | ||||
| * [`git.coopcloud.tech/org/coop-cloud`](https://git.coopcloud.tech/coop-cloud/) | ||||
|  | ||||
| This gives you read/write access to all the repositories of the organisation. | ||||
|  | ||||
| @ -38,6 +38,21 @@ Our [Drone CI configuration](https://git.coopcloud.tech/toolshed/abra/src/branch | ||||
|  | ||||
| Please use the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/) for your commits so we can automate our change log. | ||||
|  | ||||
| ### Super quick-start (Ubuntu Server) | ||||
|  | ||||
| ```bash | ||||
| cd  | ||||
| sudo apt update && DEBIAN_FRONTEND=noninteractive sudo apt install -y golang make git  | ||||
| git clone https://git.coopcloud.tech/toolshed/abra.git && cd abra  | ||||
| make build | ||||
| mkdir -p  ~/.local/bin/ | ||||
| ln -sF $PWD/abra ~/.local/bin/abradev | ||||
| if [[ "$PATH" != *".local/bin"* ]]; then export PATH="$PATH:~/.local/bin/"; echo 'export PATH=$PATH:~/.local/bin' >> ~/.bashrc; fi | ||||
| # Set up Spanish auto-completion | ||||
| LANG=es abra autocompletar bash | sed 's/abra/abradev/g' | sudo tee /etc/bash_completion.d/abra-dev | ||||
| abradev --help | ||||
| ``` | ||||
|  | ||||
| ## Unit tests | ||||
|  | ||||
| ### Run tests | ||||
| @ -91,6 +106,26 @@ Please ask `@decentral1se` or on the Matrix channels for SSH access to the machi | ||||
|  | ||||
| We use [`bats`](https://bats-core.readthedocs.io/en/stable/) to run the tests. You can install the required dependencies with the following. You also need a working installation of Docker and Go >= 1.16 (not covered in this section). | ||||
|  | ||||
| ##### Fedora  | ||||
|  | ||||
| ``` | ||||
| sudo dnf install bats | ||||
| ``` | ||||
|  | ||||
| Unfortunately, the Fedora `bats` package doesn't include the libraries we need, so we need to clone those manually: | ||||
|  | ||||
| ``` | ||||
| mkdir -p ~/.local/share/bats/ | ||||
| cd ~/.local/share/bats | ||||
| git clone https://github.com/bats-core/bats-assert.git | ||||
| git clone https://github.com/bats-core/bats-file.git | ||||
| git clone https://github.com/bats-core/bats-support.git | ||||
| ``` | ||||
|  | ||||
| Then, before running tests, set `export BATS_LIB_PATH=~/.local/share/bats/` | ||||
|  | ||||
| ##### Debian | ||||
|  | ||||
| ``` | ||||
| apt install bats-file bats-assert bats-support jq make git | ||||
| ``` | ||||
| @ -111,7 +146,7 @@ For some tests an actual server is needed, where apps can be deployed. You can e | ||||
| ##### Remote swarm | ||||
|  | ||||
| ``` | ||||
| export ABRA_TEST_DOMAIN="test.example.com" | ||||
| export TEST_SERVER="test.example.com" | ||||
| export ABRA_DIR="$HOME/.abra_test" | ||||
| ``` | ||||
|  | ||||
| @ -200,6 +235,62 @@ bats -Tp tests/integration --filter-status failed # re-run only failed | ||||
|  | ||||
| If you're running into issues and want to debug stuff, you can pass `-x` to `bats` to trace all commands run in the test. You can add `echo '...' >&3` debug statements to your test to output stuff also. | ||||
|  | ||||
| ## Internationalisation (`i18n`) | ||||
|  | ||||
| `abra` can be translated into other languages. We use a combination of [`gettext`](https://www.gnu.org/software/gettext/), [`weblate`](https://translate.coopcloud.tech) and some [intermediate automation](https://git.coopcloud.tech/toolshed/abra/src/commit/20909695e0e05c6251029dba270b3d4741aeb7a8/.drone.yml#L10-L29) to help developers and translators work together conveniently. | ||||
|  | ||||
| ### Developer workflow | ||||
|  | ||||
| You just hack on `abra` as you normally would. | ||||
|  | ||||
| If you need to add a string, use `i18n.G` to wrap it. See [`gotext`](https://github.com/leonelquinteros/gotext) for the full API. | ||||
|  | ||||
| For example. | ||||
|  | ||||
| ```go | ||||
| i18n.G("my string") | ||||
| i18n.G("my string with err: %s", err) | ||||
| log.Debug(i18n.G("my string")) | ||||
| log.Info(i18n.G("my string with err: %s", err))  # N.B no log.Infof usage here | ||||
| ``` | ||||
|  | ||||
| Then you need to update the `pkg/i18n/locales/abra.pot` file with your new strings for the translators. | ||||
|  | ||||
| ```bash | ||||
| apt install -y gettext | ||||
| go install -v -x github.com/snapcore/snapd/i18n/xgettext-go@2.57.1 | ||||
| make i18n | ||||
| ``` | ||||
|  | ||||
| Commit the changes. Ignore `*.mo` changes if they only update the generation timestamp. | ||||
|  | ||||
| #### Resolving a merge conflict | ||||
|  | ||||
| ``` | ||||
| git remote add weblate https://translate.coopcloud.tech/git/co-op-cloud/abra/ | ||||
| git remote update weblate | ||||
| git merge weblate/main | ||||
| ``` | ||||
|  | ||||
| Once you've resolved the conflict and pushed it, you'll need admin permissions on the Weblate repository to unlock it. | ||||
|  | ||||
| ### Translator workflow | ||||
|  | ||||
| You can translate strings on [Weblate (`translate.coopcloud.tech`)](https://translate.coopcloud.tech).  | ||||
|  | ||||
| It's also possible to translate using [`poedit`](https://poedit.net). Weblate is the recommended approach.  | ||||
|  | ||||
| All translation files are located in [`pkg/i18n/locales`](https://git.coopcloud.tech/toolshed/abra/src/branch/main/pkg/i18n/locales). Once translations are updated in weblate, they will be incorporated into the next release of `abra` automatically. | ||||
|  | ||||
| ### End-user workflow | ||||
|  | ||||
| You simply export the `LANG` env var to match your desired translation. | ||||
|  | ||||
| ``` | ||||
| export LANG=es | ||||
| abra -h | ||||
| ``` | ||||
|  | ||||
| ## Using the `abra` public API | ||||
|  | ||||
| Warning, there is currently no stability promise for the `abra` public API! Most of the internals are exposed in order to allow a free hand for developers to try build stuff. If people start to build things then we can start the discussion on what is useful to have open/closed and keep stable etc. Please let us know if you depend on the APIs! | ||||
| @ -279,6 +370,26 @@ For developers, while using this `-beta` format, the `y` part is the "major" ver | ||||
| - Wait until the build finishes on [build.coopcloud.tech](https://build.coopcloud.tech/toolshed/abra) | ||||
| - Deploy the new installer script (e.g. `cd ./scripts/installer && make`) | ||||
| - Check the release worked, (e.g. `abra upgrade; abra -v`) | ||||
| - Share the announcement: | ||||
|  | ||||
| ``` | ||||
| 📢📢📢 abra v0.XX  is finally here 📢📢📢 | ||||
|  | ||||
| TLDR; `abra upgrade` 👍 | ||||
|  | ||||
| Upgrade docs: | ||||
| https://docs.coopcloud.tech/abra/upgrade/ | ||||
|  | ||||
| Changelog: | ||||
| https://git.coopcloud.tech/toolshed/abra/releases/tag/0.XX.0-beta | ||||
|  | ||||
| 0.XX.x-beta 👉 0.XX.x-beta migration guide: | ||||
| https://docs.coopcloud.tech/abra/upgrade/#XXx-beta-0XXx-beta | ||||
|  | ||||
| A huge thanks to everyone who helped get this release done ❤️🔥 | ||||
|  | ||||
| Happy Hacking 🫂 | ||||
| ``` | ||||
|  | ||||
| ## Fork maintenance | ||||
|  | ||||
|  | ||||
| @ -23,6 +23,7 @@ Host example.com | ||||
| and your IdentityFile should be added to the authentication agent: | ||||
|  | ||||
| ``` | ||||
| eval `ssh-agent` | ||||
| ssh-add ~/.ssh/example@somewhere | ||||
| ``` | ||||
|  | ||||
| @ -101,3 +102,7 @@ Otherwise, you can try manually cloning the recipe repository to the correct loc | ||||
| ``` | ||||
| $ git clone https://git.coopcloud.tech/coop-cloud/MyCoolRecipe.git ~/.abra/recipes | ||||
| ``` | ||||
|  | ||||
| ## "only updates to Labels are allowed" | ||||
|  | ||||
| See [Packaging handbook » What does "only updates to Labels are allowed" mean](maintainers/handbook/#what-does-only-updates-to-labels-are-allowed-mean). | ||||
|  | ||||
| @ -53,6 +53,21 @@ And test things work. | ||||
|  | ||||
| > General release notes are [here](https://git.coopcloud.tech/toolshed/abra/releases/) | ||||
|  | ||||
| ### `0.10.x-beta` -> `0.11.x-beta` | ||||
|  | ||||
| * Timeouts are no longer used unless specifically set in the app `.env` file, | ||||
|   e.g `TIMEOUT=180`. Recipe maintainers should remove defaults so that these | ||||
|   are not imposed on operators. See | ||||
|   [`#596`](https://git.coopcloud.tech/toolshed/abra/issues/596). | ||||
|  | ||||
| * `--ignore-env-version` has gone away as a global flag. `--latest` is now | ||||
|   present on `abra app deploy`. See | ||||
|   [`#617`](https://git.coopcloud.tech/toolshed/abra/issues/617). | ||||
|  | ||||
| * We now ensure that `$ABRA_DIR/servers` has stricter permissions (`0600`). See | ||||
|   [`#592`](https://git.coopcloud.tech/toolshed/abra/pulls/592) for more. No | ||||
|   migration step should be required. | ||||
|  | ||||
| ### `0.9.x-beta` -> `0.10.x-beta` | ||||
|  | ||||
| * `abra` will now write the app deployment version to the app env file | ||||
| @ -77,6 +92,10 @@ And test things work. | ||||
| * Auto-completion for `abra` is handled differently now. See `abra autocomplete | ||||
|   --help` for more. The full help output is available for each specific shell, | ||||
|   e.g. `abra autocomplete zsh --help`. It is now generated on the fly. | ||||
|   **WARNING**: you'll need to REMOVE your pre `v0.10.x` `abra` auto-complete | ||||
|   config for the new auto-complete to work. Check your `$SHELL` configuration | ||||
|   file (e.g. `.zshrc` for Zsh). See | ||||
|   [`#553`](https://git.coopcloud.tech/toolshed/abra/issues/553) for more. | ||||
|  | ||||
| * Several commands now make use of the `--chaos/-C` commands, such as `abra app | ||||
|   ps` and `abra app cp`. See `--help` for more. | ||||
| @ -133,6 +152,10 @@ And test things work. | ||||
| * It's now possible to set the character charset for a password. See | ||||
|   [`#521`](https://git.coopcloud.tech/toolshed/abra/issues/521) for more. | ||||
|  | ||||
| * `abra secret insert` now supports a `--file/-f` flag to support inserting | ||||
|   from file without using Bash-isms. See See | ||||
|   [`#555`](https://git.coopcloud.tech/toolshed/abra/issues/555) for more. | ||||
|  | ||||
| ### `0.8.x-beta` -> `0.9.x-beta` | ||||
|  | ||||
| None at this time. | ||||
|  | ||||
| @ -60,10 +60,6 @@ Finally, please let us know what your username/email is for your Open Collective | ||||
|  | ||||
| #### FAQ | ||||
|  | ||||
| ##### Where are the bank details of federation members? | ||||
|  | ||||
| Please see [`Finance.md` in the internal Federation Wiki](https://git.coopcloud.tech/Federation/organising/wiki/Finance) | ||||
|  | ||||
| ##### What transfer type do we use for USD? | ||||
|  | ||||
| `ACH`. If you see `Abartn`, that is the `ACH routing number`. | ||||
|  | ||||
| @ -32,6 +32,6 @@ Here is some invitation boilerplate which you can use: | ||||
| > | ||||
| > There are no "stupid questions"! It's a space to inquire, be curious and have a good time and get to know each other. | ||||
| > | ||||
| > We take notes and doodle on [this collaboratively editable pad](https://pad.autonomic.zone/LqotfSJJRj69RcTtWmr7iw). If you don't have time to attend, feel free to drop your questions and some contact details also, so we can get in touch. This is only the first Kite Flying Hour in a recurring series of Kite Flying Hours. | ||||
| > We take notes and doodle on [this collaboratively editable pad](https://pad.autonomic.zone/VtyrLUl9RWaJGgEDrncQUw?view). If you don't have time to attend, feel free to drop your questions and some contact details also, so we can get in touch. This is only the first Kite Flying Hour in a recurring series of Kite Flying Hours. | ||||
| > | ||||
| > Hope to see you there! ☁️ 🌞 🖥️ | ||||
|  | ||||
| @ -38,6 +38,12 @@ This is the public facing page where we publish all things federation in the ope | ||||
|  | ||||
|     [Tools We Use](/federation/tools){ .md-button .md-button--primary } | ||||
|  | ||||
| - __Shared Infrastructure Inventory__ | ||||
|  | ||||
|     Tools we maintain for the federation 🛠 | ||||
|  | ||||
|     [Tools We Maintain](/federation/infra){ .md-button .md-button--primary } | ||||
|  | ||||
| - __Code of Co-operation__ | ||||
|  | ||||
|     Be excellent to each other 💝 | ||||
|  | ||||
							
								
								
									
										22
									
								
								docs/federation/infra.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								docs/federation/infra.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,22 @@ | ||||
| --- | ||||
| title: Shared Infrastructure Inventory | ||||
| --- | ||||
|  | ||||
| ## Shared repository for fedi maintainers | ||||
|  | ||||
| > [coop-cloud-apps](https://git.coopcloud.tech/toolshed/coop-cloud-apps) | ||||
|  | ||||
| ## 2025 State of The Co-op Cloud Infra | ||||
|  | ||||
| | service | server | recipe/app | notes | | ||||
| | --- | --- | --- | --- | | ||||
| | build.coopcloud.tech | `swarm-0.coopcloud.tech` | drone | should probably be moved to separate VPS | | ||||
| | (drone build runner) | `swarm-0.coopcloud.tech` | drone-docker-runner | should probably be moved to separate VPS | | ||||
| | git.coopcloud.tech |  `swarm-0.coopcloud.tech` | gitea | | | ||||
| | recipes.coopcloud.tech |  `swarm-0.coopcloud.tech` | [toolshed/recipes.coopcloud.tech](https://git.coopcloud.tech/coop-cloud/recipes.coopcloud.tech/) | ||||
| | recipes.coopcloud.tech/recipes.json | `swarm-0.coopcloud.tech` | [toolshed/recipes-catalogue-json](https://git.coopcloud.tech/toolshed/recipes-catalogue-json) | | | ||||
| | coopcloud.tech | `swarm-0.coopcloud.tech` | [toolshed/coopcloud.tech](https://git.coopcloud.tech/coop-cloud/coopcloud.tech/) | | | ||||
| | docs.coopcloud.tech | `swarm-0.coopcloud.tech` | [toolshed/docs.coopcloud.tech](https://git.coopcloud.tech/toolshed/docs.coopcloud.tech/) |  | | ||||
| | install.abra.coopcloud.tech | `swarm-0.coopcloud.tech` | [toolshed/abra/scripts/installer](https://git.coopcloud.tech/toolshed/abra/src/branch/main/scripts/installer) | | | ||||
| | sso.coopcloud.tech | `swarm-1.coopcloud.tech` | rauthy | | | ||||
| | translate.coopcloud.tech | `swarm-1.coopcloud.tech` | weblate | | | ||||
| @ -18,6 +18,6 @@ title: Membership | ||||
| | [UTAW](https://utaw.tech) | -  | - | `@javielico:matrix.org` | | ||||
| | `@decentral1se` | Waiver | - | `@decentral1se` | | ||||
| | [ruangrupa](https://ruangrupa.id) | - | - | Henry `@babystepper:matrix.org` | | ||||
| | [Ammar](https://social.coop/@ammaratef45) | - | - | `@ammaratef45:matrix.org` | | ||||
| | [MIR](https://mirnet.org/) | ✅ | - | `@brooke:pub.solar` | | ||||
| | [RTM](https://resisttechmonopolies.online) | ✅ | - | `@ammaratef45:matrix.org` + `@linnealovespie:matrix.org`| | ||||
| | [MIR](https://mirnet.org/) | ✅ | - | `@sixsmith:matrix.org` | | ||||
| | [Red Abya Yala](https://abyayala.sutty.nl/) | - | - | `@fauno:sutty.nl` | | ||||
|  | ||||
| @ -100,8 +100,6 @@ Recap: | ||||
|  | ||||
| ### decision-making process | ||||
|  | ||||
| proposal: https://git.coopcloud.tech/Federation/Federation/wiki/Proposals | ||||
|  | ||||
| - Trav: We adapted an old proposal for descision making process. | ||||
| - https://pad.autonomic.zone/s/MLafJE2jC#Overview | ||||
| - https://coopcloud.tech/blog/federation-proposal/ | ||||
|  | ||||
							
								
								
									
										33
									
								
								docs/federation/resolutions/in-progress/033.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								docs/federation/resolutions/in-progress/033.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,33 @@ | ||||
| --- | ||||
| title: "Resolution 033: Changing OpenCollective fiscal host" | ||||
| --- | ||||
|  | ||||
| - Topic: Changing OpenCollective fiscal host to Platform6 | ||||
| - Date: 2025-07-16 | ||||
| - Deadline: 2025-07-30 | ||||
| - Size: Large | ||||
|  | ||||
| ## Summary | ||||
|  | ||||
| Currently, the Open Collective "fiscal host" for Co-op Cloud is [Autonomic | ||||
| co-operative](https://autonomic.zone). | ||||
|  | ||||
| This resolution proposes switching fiscal host to [Platform | ||||
| 6](https://platform6.coop), by transferring our funds from Autonomic to | ||||
| Platform 6, and changing our registered fiscal host on Open Collective. | ||||
|  | ||||
| This resolution will close Budget 001, because Platform 6 will take a fixed 5% | ||||
| of income, instead of being paid hourly. | ||||
|  | ||||
| ## Details | ||||
|  | ||||
| Autonomic has been the fiscal host for Co-op Cloud since the first project | ||||
| funding was received. | ||||
|  | ||||
| Since then, Autonomic has less capacity for finance administration work -- and | ||||
| Co-op Cloud is now managed by a democratic federation. | ||||
|  | ||||
| So, to open up more capacity for project finance administration work, and to | ||||
| further decentralise Co-op Cloud organising from Autonomic, we're proposing | ||||
| Platform 6. Platform 6 have been fiscal host for co-operative projects | ||||
| including [meet.coop](https://meet.coop) and [wiki.cafe](https://wiki.cafe). | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 001" | ||||
| title: "Resolution 001: Decision-Making Process" | ||||
| --- | ||||
|  | ||||
| - Topic: Decision Making Process | ||||
| @ -13,13 +13,13 @@ Institute descision making process as per below. Special consensus voting in org | ||||
|  | ||||
| ### Decision Making Process | ||||
|  | ||||
| * Write up a proposal using the below template, and add to the [Proposals wiki page](https://git.coopcloud.tech/Federation/Federation/wiki/Proposals). | ||||
| * Write up a proposal using the below template, and add to the [Resolutions documentation "in-progress" section](https://docs.coopcloud.tech/federation/resolutions/). | ||||
| * Specify if they are a large or medium proposal | ||||
| * Votes are done via emoji-reaction in the Community Organising Matrix channel (<https://matrix.to/#/#coopcloud-comm-org:autonomic.zone>) | ||||
| * List the decision on the [decisions page](https://docs.coopcloud.tech/federation/resolutions) on our documentation | ||||
| * Decisions can be split intro three categories: Small, Medium and Large. | ||||
| * Votes can be in favour :+1:, against :-1: (block),  or abstain :shrug: | ||||
| * Announce the result in the [Federation chat (#coop-cloud-fedi:autonomic.zone)](https://docs.coopcloud.tech/intro/contact/#matrix) and record it on the [decisions page](https://docs.coopcloud.tech/federation/resolutions) of the documentation | ||||
| * Move it to the [Resolutions documentation "passed" section](https://docs.coopcloud.tech/federation/resolutions/). | ||||
|  | ||||
| ### Types of Proposals | ||||
|  | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 002" | ||||
| title: "Resolution 002: Membership/Dues" | ||||
| --- | ||||
|  | ||||
| * Topic: Membership/Dues | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 003" | ||||
| title: "Resolution 003: Paid Work" | ||||
| --- | ||||
|  | ||||
| * Topic: Paid work | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 004" | ||||
| title: "Resolution 004: Budgeting (+ Budget 001: Monlthy Meetings)" | ||||
| --- | ||||
|  | ||||
| * Topic: Budget 001: Budgeting | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 005" | ||||
| title: "Resolution 005: Public federation membership" | ||||
| --- | ||||
|  | ||||
| * Topic: Public federation membership, notes and decisions | ||||
| @ -18,4 +18,4 @@ The following federation info will be made public on [`docs.coopcloud.tech/feder | ||||
|  | ||||
| ### Details | ||||
|  | ||||
| This will make the process of documenting easier to mutualise and increase transparency for those interested in joining. The [`git.coopcloud.tech/Federation`](https://git.coopcloud.tech/Federation/Federation/wiki/) wiki can still be used for storing private details such as bank account information. If members do not want to be listed, they can do so even when this decision passes. | ||||
| This will make the process of documenting easier to mutualise and increase transparency for those interested in joining. The `git.coopcloud.tech/Federation` wiki (**NOTE(d1) from the future**: this repository is now decommissioned) can still be used for storing private details such as bank account information. If members do not want to be listed, they can do so even when this decision passes. | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 006" | ||||
| title: "Resolution 006: Budget 002 Resolution Writing-up" | ||||
| --- | ||||
|  | ||||
| - Budget 002: Resolution Writing-up | ||||
| @ -11,7 +11,7 @@ title: "Resolution 006" | ||||
|  | ||||
| Agree Budget 002, for €100 for @decentral1se to write up 2 resolutions. | ||||
|  | ||||
| ### Details (Budget YYY) | ||||
| ### Details (Budget 002) | ||||
|  | ||||
| **Budget amount**: EUR 100 | ||||
|  | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 007" | ||||
| title: "Resolution 007: Dues waiver for Doop.coop" | ||||
| --- | ||||
|  | ||||
| - Topic: 1 year dues waiver for Doop.coop | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 008" | ||||
| title: "Resolution 008: Budget 003 Paying Invoices" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 003 Paying invoices | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 009"  | ||||
| title: "Resolution 009: Federation common fund buffer"  | ||||
| --- | ||||
|  | ||||
| - Topic: Federation common fund buffer | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 010" | ||||
| title: "Resolution 010: Budget 004 Critical fixes" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 004: Critical fixes | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 011"  | ||||
| title: "Resolution 011: Budget 005: Backup improvements"  | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 005: Backup improvements | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 012" | ||||
| title: "Resolution 012: Budget 006: Abra integration test suite" | ||||
| --- | ||||
|  | ||||
| - Budget 006: Abra integration test suite | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 014" | ||||
| title: "Resolution 014: Budget 008: Critical Fixes" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 008: Critical Fixes | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 015" | ||||
| title: "Resolution 015: Klasse and Methode joins" | ||||
| --- | ||||
|  | ||||
| - Topic: Klasse & Methode joins the Co-op Cloud Federation | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 016" | ||||
| title: "Resolution 016: Budget 008: Backup-bot-two …" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 008: Backup-bot-two Documentation and Specification | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 017" | ||||
| title: "Resolution 017: BeWater joins" | ||||
| --- | ||||
|  | ||||
| - Topic: BeWater joins the Co-op Cloud Federation | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 018" | ||||
| title: "Resolution 018: EOTL joins" | ||||
| --- | ||||
|  | ||||
| - Topic: EOTL joins the Co-op Cloud Federation | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 019" | ||||
| title: "Resolution 019: Karrot joins" | ||||
| --- | ||||
|  | ||||
| - Topic: Karrot joins the Co-op Cloud Federation | ||||
|  | ||||
| @ -1,8 +1,8 @@ | ||||
| --- | ||||
| title: "Resolution 020" | ||||
| title: "Resolution 020: Budget 010: Abra integration test suite" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 10: Abra integration suite automation | ||||
| - Topic: Budget 010: Abra integration suite automation | ||||
| - Date: 04-04-2024 | ||||
| - Deadline: 18-04-2024 | ||||
| - Size: Large | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 021" | ||||
| title: "Resolution 021: Budget 011: Migrate to Cobra" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 011: Migrate to Cobra | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 022" | ||||
| title: "Resolution 022: Ammar joins" | ||||
| --- | ||||
|  | ||||
| - Topic: Ammar joins the Co-op Cloud Federation | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: Resolution 023 | ||||
| title: "Resolution 023: Budget 012: … new Co-op Cloud website" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 012: Feedback gathering and content architecture for the new Co-op Cloud website | ||||
|  | ||||
| @ -1,4 +1,6 @@ | ||||
| # Resolution 024: Budget: 013: Reintroduce kite-flying | ||||
| --- | ||||
| title: "Resolution 024: Budget: 013: Reintroduce kite-flying" | ||||
| --- | ||||
|  | ||||
| - Topic: Reintroduce paid kite-flying hour | ||||
| - Date: 2024-10-30 | ||||
|  | ||||
| @ -1,4 +1,6 @@ | ||||
| # Resolution 025 Maintainers Proposal | ||||
| --- | ||||
| title: "Resolution 025 Maintainers Proposal" | ||||
| --- | ||||
|  | ||||
| - Topic:  Maintainers Proposal | ||||
| - Date: 05-12-2024 | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 026" | ||||
| title: "Resolution 026: Budget 014: Backpay for v0.10.x abra release work" | ||||
| --- | ||||
|  | ||||
| - Topic: Budget 014: Backpay for `v0.10.x` abra release work | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 027" | ||||
| title: "Resolution 027: MIR joins" | ||||
| --- | ||||
|  | ||||
| - Topic: MIR joins the Co-op Cloud Federation | ||||
|  | ||||
| @ -1,4 +1,6 @@ | ||||
| # Resolution 028: Red Abya Yala joins the Co-op Cloud Federation | ||||
| --- | ||||
| title: "Resolution 028: Red Abya Yala joins the Co-op Cloud Federation" | ||||
| --- | ||||
|  | ||||
| - Topic: Red Abya Yala joins the Co-op Cloud Federation | ||||
| - Date: 16-01-2025 | ||||
|  | ||||
| @ -1,4 +1,6 @@ | ||||
| # Resolution 29 Budget 14: Federation Radmin | ||||
| --- | ||||
| title: "Resolution 029: Budget 014: Federation Radmin" | ||||
| --- | ||||
|  | ||||
| - Topic: Establish Budget 14, to pay for up to 12 hours a month of "radmin" (radical administration) work, to help the federation run smoother, for an initial period of 12 months. | ||||
| - Date: 05-04-2025 | ||||
|  | ||||
							
								
								
									
										41
									
								
								docs/federation/resolutions/passed/031.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								docs/federation/resolutions/passed/031.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,41 @@ | ||||
| --- | ||||
| title: "Resolution 031: Critical fixes amended process" | ||||
| --- | ||||
|  | ||||
| - Topic: Critical fixes amended process | ||||
| - Date: 2025-06-10 | ||||
| - Deadline: 2025-06-24 | ||||
| - Size: Medium | ||||
|  | ||||
| ### Summary | ||||
|  | ||||
| This resolution proposes specific changes to [`R010: Budget 004: Critical | ||||
| fixes`](../passed/010.md). These changes are primarily intended to improve | ||||
| transparency and match our new organising methods. | ||||
|  | ||||
| ## Details | ||||
|  | ||||
| Ammendments are as follows. | ||||
|  | ||||
| 1. "Confirmation from at least one other member": should be confirmed on the | ||||
|    issue itself and not in the Matrix chat. It is suggested to indicate this | ||||
|    when posting in the Matrix chat (aka "Please +1 on the issue itself"). | ||||
| 1. "A fix is deemed critical": when it is marked with the label "critical fix". | ||||
|    There is no specific project tracker for only these issues. This label can | ||||
|    be re-used across repositories also. | ||||
|  | ||||
| ### R010 in full | ||||
|  | ||||
| > We propose to have a standing budget of 10 hrs / month available for fixes in Abra, Co-op Cloud recipes and other critical tools (e.g. recipes.coopcloud.tech) in the Co-op Cloud ecosystem. | ||||
| > | ||||
| > A fix is deemed critical when it is listed on this toolshed/organising board: | ||||
| > | ||||
| > > https://git.coopcloud.tech/toolshed/organising/projects/24 | ||||
| > | ||||
| > This board is collectively gardened by Co-op Cloud participants (both federation members and not). The process for adding a ticket to the board requires getting confirmation from at least one other member of the federation. | ||||
| > | ||||
| > This budget can be claimed by any volunteer who would like to develop the fix. If the volunteer is not a Co-op Cloud federation member, they must first be "vouched for" by a federation member. This is an informal process which can be arranged via the Matrix chat. This aims to assure agreement on timing and what the fix should contain beforehand. | ||||
| > | ||||
| > Fixes can be claimed by assiging yourself to the ticket. If within 1 week there is no updates on the ticket, another volunteer can propose to take over. This process is also informal: please @ the original volunteer and give some reasonable time for them to reply (suggested: 1 day). | ||||
| > | ||||
| > If the fix is urgent and things need to move faster, please state so on the ticket. Please consult with at least one other member of the federation to confirm that there is indeed agreement on the urgency of the fix. | ||||
							
								
								
									
										22
									
								
								docs/federation/resolutions/passed/032.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								docs/federation/resolutions/passed/032.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,22 @@ | ||||
| --- | ||||
| title: "Resolution 032: RIM joins" | ||||
| --- | ||||
|  | ||||
| - Topic: RTM joins Coopcloud | ||||
| - Date: 2025-06-30 | ||||
| - Deadline: 2025-07-10 | ||||
| - Size: Large | ||||
|  | ||||
| ### Summary | ||||
|  | ||||
| Ammar's membership was approved in [Resolution 022](/federation/resolutions/passed/022). | ||||
|  | ||||
| Since the establishment of RTM (Resist Rech Monopolies) collective in Seattle, Ammar has been unofficially representing the collective with coopcloud and vice versa. | ||||
| 	 | ||||
| ### Details | ||||
| 	 | ||||
| RTM relies on the coop-cloud stack to host and manage their infrastructure, with the possibility of expanding this infrastructure to serve other communities and groups as the needs are identified and the capacity of the collective grows. | ||||
|  | ||||
| In a loomio decision, the collective approved pursuing a membership with the federation and Ammar is both happy to vouch and to yield their membership to the group. | ||||
|  | ||||
| This way this decision doesn't affect the total number of members. | ||||
| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| title: "Resolution 013"  | ||||
| title: "Resolution 013: Budget 007: Operator sync"  | ||||
| --- | ||||
|  | ||||
| !!! note | ||||
|  | ||||
| @ -1,4 +1,6 @@ | ||||
| # Co-op Cloud resolution 030: docs / naming survey | ||||
| --- | ||||
| title: "Co-op Cloud resolution 030: Budget XXX: Docs / naming survey" | ||||
| --- | ||||
| 
 | ||||
| - Topic: Budget for a survey about the Co-op Cloud documentation  | ||||
| - Date: 2025-04-03 | ||||
| @ -3,9 +3,10 @@ title: Digital tools | ||||
| --- | ||||
|  | ||||
| - [Public documentation](https://docs.coopcloud.tech/federation) | ||||
| - [Organising repository (private)](https://git.coopcloud.tech/Federation/organising) | ||||
| - [Wiki (private)](https://git.coopcloud.tech/Federation/organising/wiki) | ||||
| - [Git hosting](https://git.coopcloud.tech/) | ||||
| - [Matrix Space](https://matrix.to/#/#coop-cloud-space:autonomic.zone) | ||||
| - [Website](https://coopcloud.tech/) | ||||
| - [Single Sign On](https://translate.coopcloud.tech/) | ||||
| - [Translation](https://translate.coopcloud.tech/) | ||||
| - [Sheets and time tracking](https://sheets.coopcloud.tech/) | ||||
| - [Drone CI/CD](https://build.coopcloud.tech) | ||||
|  | ||||
							
								
								
									
										95
									
								
								docs/maintainers/catalogue.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										95
									
								
								docs/maintainers/catalogue.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,95 @@ | ||||
| --- | ||||
| title: The Recipe Catalogue | ||||
| --- | ||||
|  | ||||
| ## How are new recipes added to the catalogue? | ||||
|  | ||||
| > This is so far a manual process which requires someone who's been added to the | ||||
| > `coop-cloud` "Organisation" on https://git.coopcloud.tech.  | ||||
| > | ||||
| > This is a temporary  situation, we want to open out this process & also introduce some automation  | ||||
| > to support making thie process more convenient. Please nag us to move things along on Matrix. | ||||
|  | ||||
| - Publish your new recipe on the [git.coopcloud.tech](https://git.coopcloud.tech/coop-cloud) "Organisation" | ||||
| - Run `abra catalogue generate <recipe> -p` | ||||
| - Run `cd ~/.abra/catalogue && make` | ||||
|  | ||||
| These minimal steps will publish a new recipe with no versions. You can also do | ||||
| the [recipe release publishing dance](https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-release-a-new-recipe-version) | ||||
| which will then extend the `versions: [...]` section of the published JSON in the catalogue. | ||||
|  | ||||
| Recipes that are not included in the catalogue can still be deployed. It is not | ||||
| required to add your recipes to the catalogue, but this will improve the | ||||
| visibility for other co-op hosters & end-users. | ||||
|  | ||||
| For now, it is best to [get in touch](https://docs.coopcloud.tech/intro/contact/) if you want to add your recipe to the catalogue. | ||||
|  | ||||
| In the future, we'd like to support [multiple catalogues](https://git.coopcloud.tech/toolshed/organising/issues/139). | ||||
|  | ||||
| ## How do I make the catalogue automatically regenerate after new recipe versions are published?  | ||||
|  | ||||
| "I'd like to make it so that whenever I push a new git tag to the | ||||
| [`coop-cloud/rallly` repository](https://git.coopcloud.tech/coop-cloud/rallly) | ||||
| (probably [using `abra recipe | ||||
| release`](#how-do-i-release-a-new-recipe-version)), it automatically does the | ||||
| [recipe catalogue generation steps](#how-do-i-generate-the-recipe-catalogue)" | ||||
|  | ||||
| 1. Check whether tag builds are already trying to run: go to | ||||
|    https://build.coopcloud.tech, search for the recipe name (in this case taking | ||||
|    you to https://build.coopcloud.tech/coop-cloud/rallly/settings). If there are | ||||
|    failing builds, or if you see builds succeeding but catalogue regeneration | ||||
|    doesn't seem to be happening, then either dive in and try and fix it, or ask | ||||
|    for help in [`#coopcloud-tech`](https://matrix.to/#/#coopcloud-tech:autonomic.zone) | ||||
| 2. Otherwise, click "activate repository". You probably want to set the "disable pull | ||||
|    requests" and "disable forks" options; they won't work anyway, but the | ||||
|    failures might be confusing. | ||||
| 3. Make sure there is a `generate recipe catalogue` step in the recipe's | ||||
|    `.drone.yml` -- if there isn't, you can copy [the one from | ||||
|    `coop-cloud/rallly`](https://git.coopcloud.tech/coop-cloud/rallly/src/branch/main/.drone.yml#L24-L38) unchanged. | ||||
| 4. That's it! Now, when you push a new tag, the recipe catalogue will regenerate | ||||
|    automatically. You can test this by re-pushing a tag (e.g. `git push origin | ||||
|    :0.5.0+3.5.1 && git push 0.5.0+3.5.1`) | ||||
|  | ||||
| ## How does automatic catalogue regeneration work? | ||||
|  | ||||
| **TODO: write up properly** | ||||
|  | ||||
| Context: the catalogue lives in a git repo here: https://git.coopcloud.tech/toolshed/recipes-catalogue-json | ||||
|  | ||||
| The expectation is that this repo will only be updated automatically. While manual commits are possible, they're likely to be overwritten. | ||||
|  | ||||
| Automatic regeneration is handled by this Drone step, in the separate `auto-recipes-catalogue-json` repo: https://git.coopcloud.tech/toolshed/auto-recipes-catalogue-json/src/branch/main/.drone.yml#L5-L25 | ||||
|  | ||||
| This is run on a daily schedule (question: where is `nightly-app-date` configured?), and can also be triggered by recipe repositories to make new versions available quicker – see "[How do I make the catalogue automatically regenerate after new versions are published?](#how-do-i-make-the-catalogue-automatically-regenerate-after-new-versions-are-published)" above. | ||||
|  | ||||
| ## How do I manually generate the recipe catalogue | ||||
|  | ||||
| > These days, doing this is only useful in the event of troubleshooting the automatic catalogue regeneration | ||||
|  | ||||
| To generate an entire new copy of the catalogue: | ||||
|  | ||||
| ``` | ||||
| abra catalogue generate | ||||
| ``` | ||||
|  | ||||
| You will most likely want to pass `--user/--username` / `--pass/--password` with container regsitry credentials to avoid rate limiting. | ||||
|  | ||||
| If you just want to generate a catalogue entry for a single recipe: | ||||
|  | ||||
| ``` | ||||
| abra catalogue generate <recipe> | ||||
| ``` | ||||
|  | ||||
| The changes are generated and added to `~/.abra/catalogue`, you can validate what is done by running: | ||||
|  | ||||
| ``` | ||||
| cd ~/.abra/catalogue | ||||
| git diff | ||||
| ``` | ||||
|  | ||||
| You can pass `--publish` to have `abra` automatically publish those changes. | ||||
|  | ||||
| !!! warning "Here be more SSH dragons" | ||||
|  | ||||
|     In order to have `abra` publish changes for you automatically, you'll have to have write permissons to the git.coopcloud.tech repository and your account must have a working SSH key configuration. `abra` will use the SSH based URL connection details for Git by automagically creating an `origin-ssh` remote in the repository and pushing to it. | ||||
|  | ||||
| @ -124,45 +124,6 @@ You can also access it in your configs using the following syntax: | ||||
| {{ env "FOO" }} | ||||
| ``` | ||||
|  | ||||
| ### Example: Adding environment variables to existing recipe | ||||
| Here is a four step example how to add a new environment variable to a recipe without breaking existing deployments.  | ||||
|  | ||||
| 1. add env-var to the `compose.yml` in section `environment`: | ||||
|    ```yaml | ||||
|        environment: | ||||
|          # ... existing envs | ||||
|          - REQUIRE_AUTH_FOR_PROFILE_REQUESTS=${REQUIRE_AUTH_FOR_PROFILE_REQUESTS:-false} | ||||
|          # ... other existing envs | ||||
|    ``` | ||||
|  | ||||
|    With `${REQUIRE_AUTH_FOR_PROFILE_REQUESTS:-false}` you set a default value (`false`), ensuring not to break existing deployments.  | ||||
|    If you're sure that it won't cause problems, if operators of existing deployments don't set the variable, you could also just put: | ||||
|    ```yaml | ||||
|        environment: | ||||
|          # ... existing envs | ||||
|          - REQUIRE_AUTH_FOR_PROFILE_REQUESTS | ||||
|          # ... other exisitng envs | ||||
|    ``` | ||||
|     | ||||
|    Note: If you need to break something, make sure to add a [release note](/maintainers/handbook/#how-do-i-write-version-release-notes) explaining to operators what they should change before upgrading. | ||||
|  | ||||
| 2. add env-var to the `.env.sample` | ||||
|    ```yaml | ||||
|    #REQUIRE_AUTH_FOR_PROFILE_REQUESTS=true | ||||
|    ``` | ||||
|  | ||||
| 3. now you can use the environment-variable in your `.tmpl` files, e.g. add to `homserver.yaml.tmpl` | ||||
|    ```yaml | ||||
|    require_auth_for_profile_requests: {{ env "REQUIRE_AUTH_FOR_PROFILE_REQUESTS" }} | ||||
|    ``` | ||||
|     | ||||
| 4. increase number of YAML-version in `abra.sh` (e.g. from `v30` to `v31`), only then it will be deployed.  | ||||
|    ```yaml | ||||
|    export HOMESERVER_YAML_VERSION=v31 | ||||
|    ``` | ||||
|  | ||||
|    Note: If during development and testing you have to increase it several times, you can just "flatten" it in the end. Only make sure that you `undeploy`/`deploy` your existing instance. | ||||
|  | ||||
| ### Global environment variables | ||||
|  | ||||
| - `TYPE`: specifies the recipe name | ||||
| @ -295,6 +256,20 @@ file_env "DB_PASSWORD" | ||||
| Sometimes the containers don't even have Bash installed on them. You had better just use `/bin/sh` or, in your entrypoint script, install Bash :upside_down: The entrypoint secrets hack listed above doesn't work in this case (as it requires Bash), so instead you can just do `export FOO=$(cat /run/secrets/<secret-name>)`. | ||||
|  | ||||
|  | ||||
| ## Templating | ||||
|  | ||||
| ### Templating domain names in the `.env.sample` | ||||
|  | ||||
| `<recipe>.example.com` will be transformed into the end-user app domain when `abra app new` is run. | ||||
|  | ||||
| ### Templating domain names in release notes | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the >= 0.11.x series of `abra`. | ||||
|  | ||||
| `<recipe>.example.com` will be transformed into the end-user app domain when `abra app upgrade` shows release notes. | ||||
|  | ||||
| ## How do I reference services in configs? | ||||
|  | ||||
| When referencing an `app` service in a config file, you should prefix with the `STACK_NAME` to avoid namespace conflicts (because all these containers sit on the traefik overlay network). You might want to do something like this `{{ env "STACK_NAME" }}_app` (using  the often obscure dark magic of the Golang templating language). You can find examples of this approach used in the [Peertube recipe](https://git.coopcloud.tech/coop-cloud/peertube/src/commit/d1b297c5a6a23a06bf97bb954104ddfd7f736568/nginx.conf.tmpl#L9). | ||||
| @ -425,6 +400,19 @@ It is good practice to take note of all the issues you ran into and share them w | ||||
|  | ||||
| If you don't have time or are not an operator, reach out on our communication channels for an operator willing to do some testing. | ||||
|  | ||||
| ## What does "only updates to Labels are allowed" mean | ||||
|  | ||||
| If you see something like this: | ||||
|  | ||||
| ``` | ||||
| FATA failed to update config traefik_traefik_yml_v22: Error response from daemon: rpc error: code = InvalidArgument desc = only updates to Labels are allowed | ||||
| ``` | ||||
|  | ||||
| It means that a Docker "config" has been updated, but the version number has not been incremented. | ||||
|  | ||||
| To fix this, edit a recipe's `abra.sh` and update the version number of the relevant line –in this case, `export TRAEFIK_YML_VERSION=v22`. | ||||
| ` | ||||
|  | ||||
| ## How do I write version release notes? | ||||
|  | ||||
| In the root of your recipe repository, run the following (if the folder doesn't already exist): | ||||
| @ -439,72 +427,26 @@ You can also add release notes for the next release into a special file `release | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the > 0.9.x series of `abra`. | ||||
|     This feature is only available in the >= 0.9.x series of `abra`. | ||||
|  | ||||
| ## How do I generate the recipe catalogue | ||||
| ## How do I know whether to accept version upgrades when running `abra recipe upgrade <something>`? | ||||
|  | ||||
| To generate an entire new copy of the catalogue: | ||||
| ### Postgres | ||||
|  | ||||
| ``` | ||||
| abra catalogue generate | ||||
| ``` | ||||
| Beware major Postgres version updates! | ||||
|  | ||||
| You will most likely want to pass `--user/--username` / `--pass/--password` with container regsitry credentials to avoid rate limiting. | ||||
| "Major" updates are ones where the first number changes, for example 14 to 15 (or 14.1 to 15.1). | ||||
|  | ||||
| If you just want to generate a catalogue entry for a single recipe: | ||||
| Postgres cannot update itself, so accepting major version upgrades can break existing app deployments. | ||||
|  | ||||
| ``` | ||||
| abra catalogue generate <recipe> | ||||
| ``` | ||||
| To check if a recipe can handle upgrades: | ||||
|  | ||||
| The changes are generated and added to `~/.abra/catalogue`, you can validate what is done by running: | ||||
| 1. Check whether the recipe is using the `pgautoupgrade` image. | ||||
| 2. Check whether the recipe contains a custom postgres entrypoint, `entrypoint.postgres.sh`. | ||||
|  | ||||
| ``` | ||||
| cd ~/.abra/catalogue | ||||
| git diff | ||||
| ``` | ||||
| If neither #1 nor #2 is true, **do not include a "major" postgres upgrade in a recipe upgrade**. | ||||
|  | ||||
| You can pass `--publish` to have `abra` automatically publish those changes. | ||||
|  | ||||
| !!! warning "Here be more SSH dragons" | ||||
|  | ||||
|     In order to have `abra` publish changes for you automatically, you'll have to have write permissons to the git.coopcloud.tech repository and your account must have a working SSH key configuration. `abra` will use the SSH based URL connection details for Git by automagically creating an `origin-ssh` remote in the repository and pushing to it. | ||||
|  | ||||
| ## How do I make the catalogue automatically regenerate after new versions are published?  | ||||
|  | ||||
| "I'd like to make it so that whenever I push a new git tag to the | ||||
| [`coop-cloud/rallly` repository](https://git.coopcloud.tech/coop-cloud/rallly) | ||||
| (probably [using `abra recipe | ||||
| release`](#how-do-i-release-a-new-recipe-version)), it automatically does the | ||||
| [recipe catalogue generation steps](#how-do-i-generate-the-recipe-catalogue)" | ||||
|  | ||||
| 1. Check whether tag builds are already trying to run: go to | ||||
|    https://build.coopcloud.tech, search for the recipe name (in this case taking | ||||
|    you to https://build.coopcloud.tech/coop-cloud/rallly/settings). If there are | ||||
|    failing builds, or if you see builds succeeding but catalogue regeneration | ||||
|    doesn't seem to be happening, then either dive in and try and fix it, or ask | ||||
|    for help in [`#coopcloud-tech`](https://matrix.to/#/#coopcloud-tech:autonomic.zone) | ||||
| 2. Otherwise, click "activate repository". You probably want to set the "disable pull | ||||
|    requests" and "disable forks" options; they won't work anyway, but the | ||||
|    failures might be confusing. | ||||
| 3. Make sure there is a `generate recipe catalogue` step in the recipe's | ||||
|    `.drone.yml` -- if there isn't, you can copy [the one from | ||||
|    `coop-cloud/rallly`](https://git.coopcloud.tech/coop-cloud/rallly/src/branch/main/.drone.yml#L24-L38) unchanged. | ||||
| 4. That's it! Now, when you push a new tag, the recipe catalogue will regenerate | ||||
|    automatically. You can test this by re-pushing a tag (e.g. `git push origin | ||||
|    :0.5.0+3.5.1 && git push 0.5.0+3.5.1`) | ||||
|  | ||||
| ## How does automatic catalogue regeneration work? | ||||
|  | ||||
| **TODO: write up properly** | ||||
|  | ||||
| Context: the catalogue lives in a git repo here: https://git.coopcloud.tech/toolshed/recipes-catalogue-json | ||||
|  | ||||
| The expectation is that this repo will only be updated automatically. While manual commits are possible, they're likely to be overwritten. | ||||
|  | ||||
| Automatic regeneration is handled by this Drone step, in the separate `auto-recipes-catalogue-json` repo: https://git.coopcloud.tech/toolshed/auto-recipes-catalogue-json/src/branch/main/.drone.yml#L5-L25 | ||||
|  | ||||
| This is run on a daily schedule (question: where is `nightly-app-date` configured?), and can also be triggered by recipe repositories to make new versions available quicker – see "[How do I make the catalogue automatically regenerate after new versions are published?](#how-do-i-make-the-catalogue-automatically-regenerate-after-new-versions-are-published)" above. | ||||
| Feel welcome to ask for help in #coopcloud-tech:matrix.autonomic.zone | ||||
|  | ||||
| ## How do I enable healthchecks | ||||
|  | ||||
| @ -561,6 +503,35 @@ If you want to get the highest rating on SSL certs, you can use the following tr | ||||
|  | ||||
| See [this PR](https://git.coopcloud.tech/coop-cloud/traefik/pulls/8/files) for the technical details | ||||
|  | ||||
| ## How do I skip secret generation for a specific secret | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the >= 0.11.x series of `abra`. | ||||
|  | ||||
| Add the `# generate=false` comment | ||||
|  | ||||
| ``` | ||||
| SECRET_JWT_SECRET_VERSION=v1 # generate=false | ||||
| ``` | ||||
|  | ||||
| ## How do I specify the charset for a specific secret generation | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the >= 0.10.x series of `abra`. | ||||
|  | ||||
| ``` | ||||
| SECRET_JWT_SECRET_VERSION=v1 # charset=default,special | ||||
| ``` | ||||
|  | ||||
| Options are: | ||||
| * `default`: [source](https://github.com/decentral1se/passgen/blob/8404cb922dea92efa8c3514f0ec8c37ce12a880f/const.go#L23) | ||||
| * `special`: [source](https://github.com/decentral1se/passgen/blob/8404cb922dea92efa8c3514f0ec8c37ce12a880f/const.go#L22C29-L22C43) | ||||
| * `safespecial`: [source](https://git.coopcloud.tech/toolshed/abra/src/commit/6abaf7a094df1a96599af2c4cbae1769821ad17c/pkg/secret/secret.go#L182) | ||||
| * `default,special`: mix of `default` and `special` | ||||
| * `default,safespecial`: mix of `default` and `safespecial` | ||||
|  | ||||
| ## How do I change secret generation length? | ||||
|  | ||||
| It is possible to tell `abra` which length it should generate secrets with from your recipe config. | ||||
| @ -606,30 +577,6 @@ The possible Values are: | ||||
|  | ||||
| The setting does only apply when you also set a length modifier to the secret (documented [here](/maintainers/handbook/#how-do-i-change-secret-generation-length)), so it is not applicable for the "easy to remember word" style generator that used when you don't set a length. | ||||
|  | ||||
| ## How are recipes added to the catalogue? | ||||
|  | ||||
| > This is so far a manual process which requires someone who's been added to the | ||||
| > `coop-cloud` "Organisation" on https://git.coopcloud.tech. This is a temporary | ||||
| > situation, we want to open out this process & also introduce some automation | ||||
| > to support making thie process more convenient. Please nag us to move things | ||||
| > along. | ||||
|  | ||||
| - Publish your new recipe on the [git.coopcloud.tech](https://git.coopcloud.tech/coop-cloud) "Organisation" | ||||
| - Run `abra catalogue generate <recipe> -p` | ||||
| - Run `cd ~/.abra/catalogue && make` | ||||
|  | ||||
| These minimal steps will publish a new recipe with no versions. You can also do | ||||
| the [recipe release publishing dance](https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-release-a-new-recipe-version) | ||||
| which will then extend the `versions: [...]` section of the published JSON in the catalogue. | ||||
|  | ||||
| Recipes that are not included in the catalogue can still be deployed. It is not | ||||
| required to add your recipes to the catalogue, but this will improve the | ||||
| visibility for other co-op hosters & end-users. | ||||
|  | ||||
| For now, it is best to [get in touch](https://docs.coopcloud.tech/intro/contact/) if you want to add your recipe to the catalogue. | ||||
|  | ||||
| In the future, we'd like to support [multiple catalogues](https://git.coopcloud.tech/toolshed/organising/issues/139). | ||||
|  | ||||
| ## How do I configure backup/restore? | ||||
|  | ||||
| From the perspective of the recipe maintainer, backup/restore is just more | ||||
| @ -755,6 +702,11 @@ Please note: | ||||
| 1. The `file_env` / `_FILE` hack is to pass secrets into the container runtime without exposing them in plaintext in the configuration. See [this entry](/maintainers/handbook/#exposing-secrets) for more. | ||||
|  | ||||
| 1. In order to pass execution back to the original entrypoint, it's a good idea to find the original entrypoint script and run it from your own entrypoint script. If there is none, you may want to reference the `CMD` definition or if that isn't working, try to actually specify `cmd: ...` in the `compose.yml` definition (there are other recipes which do this). | ||||
|    | ||||
| 1. Also it might be necessary to define command: although there is an original entrypoint. That's [due to the fact](https://docs.docker.com/reference/compose-file/services/#entrypoint) that if entrypoint is non-null, Compose ignores any default command from the image, for example the `CMD` instruction in the Dockerfile. | ||||
|  | ||||
|   1. Pratically you would e.g. look for the Dockerfile of the upstream image. In there you should find the docker-entrypoint.sh (or similar) and where it's located. Furthermore you find the `CMD`-line there.  | ||||
|   1. Just put in your entrypoint.sh in the last line: exec /path/to/docker-entrypoint.sh "@" (path and filename you should find in upstream Dockerfile) and insert  command:  to your service in compose.yml with the value of what you find in the CMD line of the Dockerfile. | ||||
|  | ||||
| 1. If you're feeling reckless, you can also use the Golang templating engine to do things conditionally. | ||||
|  | ||||
|  | ||||
| @ -50,7 +50,7 @@ Open the `compose.yml` in your favourite editor and have a gander 🦢. The | ||||
| 5. The MariaDB service doesn't need to be exposed to the internet, so we can define an `internal` network for it to communicate with Matomo. | ||||
| 6. Lastly, we want to use `deploy.labels` and remove the `ports:` definition, to tell Traefik to forward requests to Matomo based on hostname and generate an SSL certificate. | ||||
|  | ||||
| The resulting `compose.yml` is available [here](https://git.autonomic.zone/coop-cloud/matomo/src/branch/main/compose.yml). | ||||
| The resulting `compose.yml` is available [here](https://git.coopcloud.tech/coop-cloud/matomo/src/branch/main/compose.yml). | ||||
|  | ||||
| ### Updating the `.env.sample` | ||||
|  | ||||
| @ -87,7 +87,7 @@ Otherwise, or once you've done that, go ahead and deploy the app: | ||||
| abra app deploy swarm.example.com | ||||
| ``` | ||||
|  | ||||
| Then, open the `DOMAIN` you configured (you might need to wait a while for Traefik to generate SSL certificates) to finish the set-up. Luckily, this container is (mostly) configurable via environment variables, if we want to auto-generate the configuration we can use a `config` and / or a custom `entrypoint` (see [`coop-cloud/mediawiki`](https://git.autonomic.zone/coop-cloud/mediawiki) for examples of both). | ||||
| Then, open the `DOMAIN` you configured (you might need to wait a while for Traefik to generate SSL certificates) to finish the set-up. Luckily, this container is (mostly) configurable via environment variables, if we want to auto-generate the configuration we can use a `config` and / or a custom `entrypoint` (see [`coop-cloud/mediawiki`](https://git.coopcloud.tech/coop-cloud/mediawiki) for examples of both). | ||||
|  | ||||
| ### Finishing up | ||||
|  | ||||
|  | ||||
| @ -94,9 +94,29 @@ git commit | ||||
| make link | ||||
| ``` | ||||
|  | ||||
| ## Configure `abra` with `abra.yml` | ||||
|  | ||||
| There are few configuration options supported at this time but more can be added. We are open to requests! | ||||
|  | ||||
| ### `$ABRA_DIR` | ||||
|  | ||||
| The lookup logic is defined like so. | ||||
|  | ||||
| * lookup $ABRA_DIR env | ||||
| * look for config file and take value from there | ||||
| * $HOME/.abra as fallback | ||||
|  | ||||
| If you create an `abra.yml` file in your `$PWD` with the following contents. | ||||
|  | ||||
| ``` | ||||
| abraDir: . | ||||
| ``` | ||||
|  | ||||
| Then `$ABRA_DIR` will be automatically picked up as `$PWD`. This is useful when you maintain multiple project configurations and recipes in various state of chaos and would like to separate those. `abra` will create all the usual `$HOME/.abra` state (`servers`/`recipes`/etc.) under your chosen `abraDir` value. This allows you to have multiple independent versions of specific recipes which are relevant for specific projects vs. relying on a single `$ABRA_DIR/recipes/<recipe>` and constantly having to switch between different chaotic hacks. | ||||
|  | ||||
| ## Running abra server side | ||||
|  | ||||
| If you're on an environment where it's hard to run Docker, or command-line programs in general, you might want to install `abra` on a server instead of your local work station. | ||||
| If you're on an environment where it's hard to run Docker, or command-line programs in general, you might want to install `abra` on a server instead of your local computer. | ||||
|  | ||||
| To install `abra` on the same server where you'll be hosting your apps, just follow [getting started guide](/operators/tutorial#deploy-your-first-app) as normal except for one difference. Instead of providing your SSH connection details when you run `abra server add ...`, just pass `--local`. | ||||
|  | ||||
| @ -106,7 +126,7 @@ abra server add --local | ||||
|  | ||||
| !!! note "Technical details" | ||||
|  | ||||
| 	This will tell `abra` to look at the Docker system running on the server, instead of a remote one (using the Docker internal `default` context). Once this is wired up, `abra` knows that the deployment target is the local server and not a remote one. This will be handle seamlessly for all other deployments on this server. | ||||
| 	This will tell `abra` to look at the Docker system running on the server itself, instead of a remote one (using the Docker internal `default` context). Once this is wired up, `abra` knows that the deployment target is the local server and not a remote one. This will be handled seamlessly for all other deployments on this server. | ||||
|  | ||||
| Make sure to back up your `~/.abra` directory on the server, or put it in version control, as well as other files you'd like to keep safe. | ||||
|  | ||||
| @ -464,6 +484,10 @@ route requests after. You're free to make as many `$whatever.yml` files in your | ||||
| Yes, it's possible although currently Quite Experimental! See | ||||
| [`#388`](https://git.coopcloud.tech/toolshed/organising/issues/388) for more. | ||||
|  | ||||
| ## Can I deploy images from a private registry? | ||||
|  | ||||
| Yes, as of [`#585`](https://git.coopcloud.tech/toolshed/abra/pulls/585), this is possible. At current time of writing, this feature is unreleased but this will change shortly. You need to run `docker login` before you run your deploy command. | ||||
|  | ||||
| ## Running an offline coop-cloud server  | ||||
|  | ||||
| You may want to run a coop-cloud directly on your device (or in a VM or machine on your LAN), whether that's for testing a recipe or to run coop-cloud apps outside of the cloud ;-) | ||||
| @ -488,7 +512,7 @@ abra app secret insert localhost ssl_key v1 localhost.key -f | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the > 0.10.x series of `abra`. | ||||
|     This feature is only available in the >= 0.10.x series of `abra`. | ||||
|  | ||||
| It is possible to specify a remote recipe in your `.env` file: | ||||
|  | ||||
| @ -508,7 +532,7 @@ $ABRA_DIR/recipes/mygit_org_myorg_cool-recipe | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the > 0.10.x series of `abra`. | ||||
|     This feature is only available in the >= 0.10.x series of `abra`. | ||||
|  | ||||
| If you `abra app new`/`abra app deploy`/`abra app upgrade`/`abra app rollback`, | ||||
| the version that is deployed will be written to your app `.env` file. You can | ||||
| @ -529,13 +553,13 @@ TYPE=custom-html:1.7.1+1.27.2 | ||||
|  | ||||
| This `.env` version is then used as the recipe checkout version for **all** | ||||
| `abra` operations afterwards unless you specify otherwise on the command-line | ||||
| with `[version]` `--chaos/-C` or `--ignore-env-version/-i`. | ||||
| with `[version]` `--chaos/-C` or `--latest/-l`. | ||||
|  | ||||
| ## How is the new deployment version determined? | ||||
|  | ||||
| !!! warning "Watch out for old versions of `abra` 🚧" | ||||
|  | ||||
|     This feature is only available in the > 0.10.x series of `abra`. | ||||
|     This feature is only available in the >= 0.10.x series of `abra`. | ||||
|  | ||||
| ### `.env` version | ||||
|  | ||||
| @ -545,7 +569,7 @@ deployment overview. | ||||
|  | ||||
| This `.env` version is then used as the recipe checkout version for **all** | ||||
| `abra` operations afterwards unless you specify otherwise on the command-line | ||||
| with `[version]` `--chaos/-C` or `--ignore-env-version/-i`. | ||||
| with `[version]` `--chaos/-C` or `--latest/-l`. | ||||
|  | ||||
| ### `abra app deploy` | ||||
|  | ||||
| @ -568,7 +592,7 @@ The version is chosen using the following priority logic. | ||||
| 1. deployed app | ||||
| 1. recipe catalogue (if undeployed) | ||||
|  | ||||
| Use `--ignore-env-version/-i` to deploy the latest release version or commit. | ||||
| Use `--latest/-l` to deploy the latest release version or commit. | ||||
|  | ||||
| In all cases 3-5, the app `.env` version is **ignored** as a version candidate. | ||||
|  | ||||
|  | ||||
| @ -13,24 +13,23 @@ In order to deploy an app you need two things: | ||||
|  | ||||
| This tutorial tries to help you make choices about which server and which DNS setup you need to run a _Co-op Cloud_ deployment but it does not go into great depth about how to set up a new server. | ||||
|  | ||||
| ### Server setup | ||||
| We will deploy a new Nextcloud instance in this guide, so you will only need 1GB of RAM according to [their documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html). | ||||
|  | ||||
| Co-op Cloud has itself near zero system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/intro/faq/#isnt-running-everything-in-containers-inefficient)). | ||||
| ### Server provisioning | ||||
|  | ||||
| We will deploy a new Nextcloud instance in this guide, so you will only need 1GB of RAM according to [their documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html). You may also be interested in this [FAQ entry](/intro/faq/#arent-containers-horrible-from-a-security-perspective) if you are curious about security in the context of containers. | ||||
| Co-op Cloud is designed to run on a variety of hardware, so you can use those single-board computers, old laptops/desktops, or refurbished servers. However, hardware setup is a skill that's beyond the scope of this guide. As long as it's running Linux and has networking, it should be fine! Most Co-op Cloud deployments have been run on Debian machines so far. | ||||
|  | ||||
| Most Co-op Cloud deployments have been run on Debian machines so far. Some experiments have been done on single board computers & servers with low resource capacities. | ||||
| If you don't have the time or equipment to run your own hardware, rented hardware is fine too! There are many hosting providers which will provide a Linux server to you for a monthly fee. | ||||
|  | ||||
| You need to keep port `:80` and `:443` free on your server for web proxying to your apps. Typically, you don't need to keep any other ports free as the core web proxy ([Traefik](https://traefik.io)) keeps all app ports internal to its network. Sometimes however, you need to expose an app port when you need to use a transport which would perform better or more reliably without proxying. | ||||
| ### Server configuration | ||||
|  | ||||
| `abra` has support for creating servers (`abra server new`) but that is a more advanced automation feature which is covered in the [handbook](/operators/handbook). For this tutorial, we'll focus on the basics. Assuming you've managed to create a testing VPS with some `$hosting_provider`, you'll need to install Docker, add your user to the Docker group & setup swarm mode: | ||||
| Assuming you've got a running server, it's now time to configure it. | ||||
|  | ||||
| !!! warning "You may need to log in/out" | ||||
| Co-op Cloud has very few system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/intro/faq/#isnt-running-everything-in-containers-inefficient)). | ||||
|  | ||||
|     When running `usermod ...`, you may need to (depending on your system) log | ||||
|     in and out again of your shell session to get the required permissions for | ||||
|     Docker. | ||||
|     Alternatively you can run [`newgrp`](https://www.man7.org/linux/man-pages/man1/newgrp.1.html) to register the group chnage. | ||||
| To get started, you'll need to install Docker, add your user to the Docker group & setup swarm mode. Many hosting providers support [cloud-init](https://cloudinit.readthedocs.io/en/latest/index.html), which allows you to automate the steps in this section. If that applies to you, you can use [our cloud-init file](https://git.coopcloud.tech/toolshed/abra/raw/branch/main/scripts/cloud-init/cloud-init.yaml). | ||||
|  | ||||
| Otherwise, here are the step required: | ||||
|  | ||||
| ``` | ||||
| # ssh into your server | ||||
| @ -39,34 +38,32 @@ ssh <server-domain> | ||||
| # docker install convenience script | ||||
| wget -O- https://get.docker.com | bash | ||||
|  | ||||
| # check that docker was installed correctly | ||||
| sudo docker run hello-world | ||||
|  | ||||
| # now setup swarm | ||||
| sudo docker swarm init | ||||
| sudo docker network create -d overlay proxy | ||||
| ``` | ||||
|  | ||||
| #### Using docker without sudo | ||||
|  | ||||
| Abra can't deploy any applications in future steps unless it can run `docker` commands without sudo. | ||||
|  | ||||
| ``` | ||||
| # check if the docker group exists | ||||
| groups | grep docker | ||||
|  | ||||
| # if the docker group doesn't already exist, add it manually | ||||
| sudo groupadd docker | ||||
| groupadd docker | ||||
|  | ||||
| # add user to docker group | ||||
| sudo usermod -aG docker $USER | ||||
|  | ||||
| # check that docker installed correctly | ||||
| docker run hello-world | ||||
|  | ||||
| # exit and re-login to load the group | ||||
| exit | ||||
| ssh <server-domain> | ||||
|  | ||||
| # back on the server, setup swarm | ||||
| docker swarm init | ||||
| docker network create -d overlay proxy | ||||
|  | ||||
| # now you can exit and start using abra | ||||
| exit | ||||
| ``` | ||||
| Abra can't deploy any applications in future steps if the docker group cannot run without sudo. If you install docker a different way, it may not create a docker group automatically. The [official Docker documentation](https://docs.docker.com/engine/install/linux-postinstall/) can help if you run into further issues. | ||||
|  | ||||
| ??? question "Do you support multiple web proxies?" | ||||
| After running `usermod`, you may need to (depending on your system) log out (`exit`) and back in again (`ssh <server-domain>`) to get the required permissions for Docker before proceeding. | ||||
|  | ||||
|     We do not know if it is feasible and convenient to set things up on an existing server with another web proxy which uses ports `:80` & `:443`. We'd happily receive reports and documentation on how to do this if you manage to set it up! | ||||
| The [official Docker documentation](https://docs.docker.com/engine/install/linux-postinstall/) can help if you run into further issues. | ||||
|  | ||||
| ### DNS setup | ||||
|  | ||||
| @ -79,7 +76,9 @@ Your entries in your DNS provider setup might look like the following. | ||||
|  | ||||
| Where `116.203.211.204` can be replaced with the IP address of your server. | ||||
|  | ||||
| Warning: If the you are in the same local netwrok as the server, you might run into [NAT Hairpin](https://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat) issues. | ||||
| !!! warning Beware local network pitfalls! | ||||
|  | ||||
|     If you are in the same local network as the server, you might run into [NAT Hairpin](https://superuser.com/questions/663820/port-forwarding-from-inner-network-to-inner-network-hairpin-nat) issues. | ||||
|  | ||||
| ??? question "How do I know my DNS is working?" | ||||
|  | ||||
| @ -87,8 +86,7 @@ Warning: If the you are in the same local netwrok as the server, you might run i | ||||
|  | ||||
| ### Install `abra` | ||||
|  | ||||
| Now we can install [`abra`](/abra) locally on your machine and hook it up to | ||||
| your server. We support a script-based installation method ([script source](https://git.coopcloud.tech/toolshed/abra/src/branch/main/scripts/installer/installer)): | ||||
| Now we can install [`abra`](/abra) locally on your machine and hook it up to your server. We support a script-based installation method ([script source](https://git.coopcloud.tech/toolshed/abra/src/branch/main/scripts/installer/installer)): | ||||
|  | ||||
| ```bash | ||||
| curl https://install.abra.coopcloud.tech | bash | ||||
| @ -112,7 +110,7 @@ you have immediate access to `abra` on the current terminal. | ||||
| export PATH=$PATH:$HOME/.local/bin | ||||
| ``` | ||||
|  | ||||
| If you run into issues during installation, [please report a ticket](https://git.coopcloud.tech/toolshed/organising/issues/new) :pray: | ||||
| If you run into issues during installation, [please report a ticket](https://git.coopcloud.tech/toolshed/abra/issues/new) :pray: | ||||
|  | ||||
| ??? question "Can I install `abra` on my server?" | ||||
|  | ||||
| @ -126,7 +124,7 @@ With autocomplete enabled, you can run a command like `abra app deploy myapp.exa | ||||
|  | ||||
| ### Add your server | ||||
|  | ||||
| Now you can connect `abra` with your server. You must have a working SSH configuration for your server before you can proceed. That means you can run `ssh <server-domain>` on your command-line and everything Works :tm:. See the [`abra` SSH troubleshooting](/abra/trouble/#ssh-connection-issues) for a working SSH configuration example. | ||||
| Now you can connect `abra` with your server. You must have a working SSH configuration for your server before you can proceed. That means you can run `ssh <server-domain>` on your command-line and everything Works :tm:. See the [`abra` SSH troubleshooting](/abra/trouble/#ssh-connection-issues) for a working SSH configuration example or use `abra server add -h` for the help output. | ||||
|  | ||||
| ??? warning "Beware of SSH dragons :dragon_face:" | ||||
|  | ||||
| @ -140,21 +138,21 @@ Now you can connect `abra` with your server. You must have a working SSH configu | ||||
|     troubleshooting entry](/abra/trouble/#ssh-connection-issues). | ||||
|  | ||||
| ```bash | ||||
| ssh <server-domain> # make sure it works | ||||
| ssh <server-domain> hostname -I # make sure it works | ||||
| abra server add <server-domain> | ||||
| ``` | ||||
|  | ||||
| It is important to note that `<server-domain>` here is a publicy accessible domain name which points to your server IP address. `abra` does make sure this is the case and this is done to avoid issues with HTTPS certificate rate limiting. | ||||
| It is important to note that `<server-domain>` here is a publicly accessible domain name which points to your server IP address. `abra` does make sure this is the case and this is done to avoid issues with HTTPS certificate rate limiting. | ||||
|  | ||||
| ??? warning "Can I use arbitrary server names?" | ||||
|  | ||||
|     Yes, this is possible. You need to pass `-D` to `server add` and ensure | ||||
|     that your `Host ...` entry in your SSH configuration includes the name. | ||||
|     So, for example, in `~/.ssh/config`: | ||||
|     Yes, this is possible. You need to ensure that your `Host ...` entry in your SSH configuration includes the name.  So, for example, in `~/.ssh/config`: | ||||
|  | ||||
|     ``` | ||||
|       Host example.com example | ||||
|         ... | ||||
|     ``` | ||||
|  | ||||
|     And then: | ||||
|  | ||||
|       abra server add example | ||||
| @ -169,8 +167,9 @@ abra server ls | ||||
|  | ||||
| ??? question "How do I share my configs in `~/.abra`?" | ||||
|  | ||||
|     It's possible and quite easy, for more see [this handbook | ||||
|     It's possible and relatively easy, for more see [this handbook | ||||
|     entry](/operators/handbook/#understanding-app-and-server-configuration). | ||||
|     [Git](https://git-scm.com) skills are generally required. | ||||
|  | ||||
| ### Web proxy setup | ||||
|  | ||||
| @ -180,6 +179,14 @@ Traefik is the main entrypoint for all web requests (e.g. like NGINX) and | ||||
| supports automatic SSL certificate configuration and other quality-of-life | ||||
| features which make deploying libre apps more enjoyable. | ||||
|  | ||||
| You need to keep port `:80` and `:443` free on your server for web proxying to your apps. Typically, you don't need to keep any other ports free as the core web proxy keeps all app ports internal to its network. Sometimes however, you need to expose an app port when you need to use a transport which would perform better or more reliably without proxying. | ||||
|  | ||||
| ??? question "Do you support multiple web proxies?" | ||||
|  | ||||
|    Yes, this is possible. See [this handbook | ||||
|    entry](/operators/handbook/#proxying-apps-outside-of-co-op-cloud-with-traefik) | ||||
|    for more. Be warned, this is a relatively advanced topic. | ||||
|  | ||||
| **1. To get started, you'll need to create a new app:** | ||||
|  | ||||
| ```bash | ||||
| @ -187,8 +194,10 @@ abra app new traefik | ||||
| ``` | ||||
|  | ||||
| Choose your newly registered server and specify a domain name. By default `abra` | ||||
| will suggest `<app-name>.server.org` or prompt you with a list of servers. | ||||
| will suggest `<app-name>.<your-server>` or prompt you with a list of servers. | ||||
|  | ||||
| ??? question "Should I use www for traefik?" | ||||
|     Generally no. No one will be directly accessing the traefik domain name unless they want to see the traefik dashboard. You should reserve the `www` or apex domains for apps like [custom-html](https://recipes.coopcloud.tech/custom-html-tiny) which let you host sites. Traefik is just a proxy to other apps! | ||||
|  | ||||
| **2. Configure this new `traefix` app** | ||||
|  | ||||
| @ -217,8 +226,6 @@ DASHBOARD_ENABLED=false | ||||
|  | ||||
| **3. Now it is time to deploy your app:** | ||||
|  | ||||
| Ensure `<traefic-domain>` is registered in `/etc/hosts` then run: | ||||
|  | ||||
| ``` | ||||
| abra app deploy <traefik-domain> | ||||
| ``` | ||||
| @ -231,7 +238,7 @@ Voila. Abracadabra :magic_wand: your first app is deployed :sparkles: | ||||
| And now we can deploy apps. Let's create a new Nextcloud app. | ||||
|  | ||||
| ```bash | ||||
| abra app new nextcloud -S | ||||
| abra app new nextcloud --secrets | ||||
| ``` | ||||
|  | ||||
| The `-S` or `--secrets` flag is used to generate secrets for the app: database connection password, root password and admin password. | ||||
| @ -240,7 +247,7 @@ The `-S` or `--secrets` flag is used to generate secrets for the app: database c | ||||
|  | ||||
|     Take care, these secrets are only shown once on the terminal so make sure to take note of them! `abra` makes use of the [Docker secrets](/operators/handbook/#managing-secret-data) mechanism to ship these secrets securely to the server and store them as encrypted data. Only the apps themselves have access to the values from here on, they're placed in `/run/secrets` on the container file system. | ||||
|  | ||||
| Make sure` <nextcloud-domain>` is registered in `/etc/hosts`, then we can deploy Nextcloud: | ||||
| Now we can deploy Nextcloud: | ||||
|  | ||||
| ```bash | ||||
| abra app deploy <nextcloud-domain> | ||||
| @ -254,7 +261,7 @@ abra app logs <nextcloud-domain>      # logs trailing | ||||
| abra app errors -w <nextcloud-domain> # error catcher | ||||
| ``` | ||||
|  | ||||
| Your new `traefik` instance will detect that a new app is coming up and generate SSL certificates for it. You can see what `traefik` is up to using the same commands above but replacing `<netcloud-domain>` with the `<traefik-domain>` you chose earlier (`abra app ls` will remind you what domains you chose :grinning:). | ||||
| Your new `traefik` instance will detect that a new app is coming up and generate TLS certificates for it. You can see what `traefik` is up to using the same commands above but replacing `<nextcloud-domain>` with the `<traefik-domain>` you chose earlier (`abra app ls` will remind you what domains you chose :grinning:). | ||||
|  | ||||
| ### Upgrade Nextcloud | ||||
|  | ||||
|  | ||||
| @ -75,6 +75,7 @@ nav: | ||||
|       - maintainers/index.md | ||||
|       - "New Maintainers Tutorial": maintainers/tutorial.md | ||||
|       - "Packaging Handbook": maintainers/handbook.md | ||||
|       - maintainers/catalogue.md | ||||
|   - "Operators": | ||||
|       - operators/index.md | ||||
|       - "New operators Tutorial": operators/tutorial.md | ||||
| @ -87,6 +88,7 @@ nav: | ||||
|       - "Finance": federation/finance.md | ||||
|       - "Membership": federation/membership.md | ||||
|       - "Code of Co-operation": federation/code-of-coop.md | ||||
|       - "Shared Infrastructure Inventory": federation/infra.md | ||||
|       - "Proposals": | ||||
|         - federation/proposals/index.md | ||||
|         - federation/proposals/federation.md | ||||
| @ -121,11 +123,14 @@ nav: | ||||
|               - federation/resolutions/passed/027.md | ||||
|               - federation/resolutions/passed/028.md | ||||
|               - federation/resolutions/passed/029.md | ||||
|               - federation/resolutions/passed/032.md | ||||
|               - federation/resolutions/passed/031.md | ||||
|           - "Stalled": | ||||
|               - federation/resolutions/stalled/013.md | ||||
|               - federation/resolutions/stalled/030.md | ||||
|           - "In Progress": | ||||
|               - federation/resolutions/index.md | ||||
|               - federation/resolutions/in-progress/030-docs-naming-survey.md | ||||
|               - federation/resolutions/in-progress/033.md | ||||
|       - "Minutes": | ||||
|           - federation/minutes/index.md | ||||
|           - "Recently": | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	