diff --git a/.env.sample b/.env.sample index 0f41533..908262b 100644 --- a/.env.sample +++ b/.env.sample @@ -13,14 +13,12 @@ FEDWIKI_VOLUME="fedwiki" # custom wiki.cafe image, for working oauth2 support #COMPOSE_FILE="$COMPOSE_FILE:compose.wikicafe.yml" -# Predefined "owner" security -#COMPOSE_FILE="$COMPOSE_FILE:compose.owner.yml" - # persistent lib volume / node_modules directory, e.g. for plugmatic #COMPOSE_FILE="$COMPOSE_FILE:compose.lib.yml" -COOKIE_SECRET="asflkjqpweoriuwpeogdjgbpdofigh" -AUTHOR="Baja Colorado" -ADMIN_KEY="" +# Note(3wc): If you change this after initial deployment, you will need to +# manually copy the new value from `conf/config.initial.json` +SECRET_COOKIE_SECRET_VERSION=v1 # length=30 -FEDWIKI_IS_PRIVATE=0 +# Disable SSL encryption (not recommended) +#COMPOSE_FILE="$COMPOSE_FILE:compose.insecure.yml" diff --git a/abra.sh b/abra.sh index 7ae0733..96897a7 100644 --- a/abra.sh +++ b/abra.sh @@ -1,23 +1,2 @@ -export INSTALL_SH_VERSION=v9 -export CONFIG_JSON_VERSION=v7 -export CONFIG_OWNER_JSON_VERSION=v4 - -abra_backup_app() { - _abra_backup_dir "app:/home/node/.wiki" -} - -abra_restore_app() { - # shellcheck disable=SC2034 - { - abra__src_="-" - abra__dst_="app:/home/node/.wiki" - } - - zcat "$@" | sub_app_cp - - success "Restored 'app'" -} - -abra_backup() { - abra_backup_app -} +export ENTRYPOINT_SH_VERSION=v1 +export CONFIG_INITIAL_JSON_VERSION=v1 diff --git a/compose.insecure.yml b/compose.insecure.yml new file mode 100644 index 0000000..727ee92 --- /dev/null +++ b/compose.insecure.yml @@ -0,0 +1,11 @@ +--- +version: "3.8" + +services: + app: + deploy: + labels: + - "traefik.http.services.${STACK_NAME}-non-tls.loadbalancer.server.port=3000" + - "traefik.http.routers.${STACK_NAME}-non-tls.rule=Host(`${DOMAIN}`) || HostRegexp(`{subdomain:\\w+}.${DOMAIN}`) || HostRegexp(`{subsubdomain:\\w+}.{subdomain:\\w+}.${DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}-non-tls.entrypoints=web" + - "caddy=https://${DOMAIN}, https://*.${DOMAIN}, https://*.*.${DOMAIN}, https://*.*.*.${DOMAIN}, http://${DOMAIN}, http://*.${DOMAIN}, http://*.*.${DOMAIN}, http://*.*.*.${DOMAIN}" diff --git a/compose.owner.yml b/compose.owner.yml deleted file mode 100644 index 678205a..0000000 --- a/compose.owner.yml +++ /dev/null @@ -1,15 +0,0 @@ - ---- -version: "3.8" - -services: - app: - configs: - - source: config_owner_json_conf - target: /home/node/config/config.owner.json - -configs: - config_owner_json_conf: - name: ${STACK_NAME}_config_owner_json_${CONFIG_OWNER_JSON_VERSION} - file: config.owner.json.tmpl - template_driver: golang diff --git a/compose.yml b/compose.yml index 5a0f3c5..3023c35 100644 --- a/compose.yml +++ b/compose.yml @@ -3,24 +3,27 @@ version: "3.8" services: app: - image: dobbs/farm:1.0.18 - command: /bin/sh config/install.sh + image: dobbs/farm:1.0.25 + command: /bin/sh entrypoint.sh volumes: - - "fedwiki_friends:/home/node/config" - "${FEDWIKI_VOLUME}:/home/node/.wiki" networks: - proxy configs: - - source: install_sh_conf - target: /home/node/config/install.sh - - source: config_json_conf - target: /home/node/config/config.json + - source: entrypoint_sh_conf + target: /home/node/entrypoint.sh + - source: config_json_initial_conf + target: /home/node/initial-config/config.json + secrets: + - cookie_secret environment: - DOMAIN - COOKIE_SECRET - AUTHOR - ADMIN_KEY deploy: + update_config: + order: start-first restart_policy: condition: on-failure labels: @@ -37,27 +40,33 @@ services: - "caddy.tls.on_demand=" - "backupbot.backup=true" - "backupbot.backup.path=/home/node/.wiki" - - "coop-cloud.${STACK_NAME}.version=1.0.1+1.0.18" - # healthcheck: - # test: ["CMD", "curl", "-f", "http://localhost"] - # interval: 30s - # timeout: 10s - # retries: 10 - # start_period: 1m + - "coop-cloud.${STACK_NAME}.version=2.1.1+1.0.25" + healthcheck: + test: "node -e 'var http = require(\"http\"); var options = { host : \"localhost\", port : \"3000\", timeout : 2000, path : \"/view/welcome-visitors\", headers: { \"Host\": \"${DOMAIN}\" } }; var request = http.request(options, (res) + => { console.log(`STATUS: $${res.statusCode}`); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } }); request.on(\"error\", function(err) { console.log('ERROR'); +process.exit(1); }); request.end();'" + interval: 10s + timeout: 2s + retries: 2 + start_period: 30s volumes: fedwiki: - fedwiki_friends: networks: proxy: external: true +secrets: + cookie_secret: + external: true + name: ${STACK_NAME}_cookie_secret_${SECRET_COOKIE_SECRET_VERSION} + configs: - install_sh_conf: - name: ${STACK_NAME}_install_sh_${INSTALL_SH_VERSION} - file: install.sh - config_json_conf: - name: ${STACK_NAME}_config_json_${CONFIG_JSON_VERSION} - file: config.json.tmpl + entrypoint_sh_conf: + name: ${STACK_NAME}_entrypoint_sh_${ENTRYPOINT_SH_VERSION} + file: entrypoint.sh + config_json_initial_conf: + name: ${STACK_NAME}_config_initial_json_${CONFIG_INITIAL_JSON_VERSION} + file: config.initial.json.tmpl template_driver: golang diff --git a/config.initial.json.tmpl b/config.initial.json.tmpl new file mode 100644 index 0000000..b9c46a6 --- /dev/null +++ b/config.initial.json.tmpl @@ -0,0 +1,6 @@ +{ + "farm": true, + "cookieSecret": "{{ secret "cookie_secret" }}", + "secure_cookie": true, + "security_type": "friends" +} diff --git a/config.json.tmpl b/config.json.tmpl deleted file mode 100644 index 01a9642..0000000 --- a/config.json.tmpl +++ /dev/null @@ -1,14 +0,0 @@ -{ - "admin": "{{ env "ADMIN_KEY" }}", - "farm": true, - "cookieSecret": "{{ env "COOKIE_SECRET" }}", - "secure_cookie": true, - "security_type": "friends" - {{ if eq (env "FEDWIKI_IS_PRIVATE") "1" }}, - "wikiDomains": { - "$DOMAIN": { - "id": "/home/node/.wiki/config.owner.json" - } - } - {{ end }} -} diff --git a/config.owner.json.tmpl b/config.owner.json.tmpl deleted file mode 100644 index 0dae8e9..0000000 --- a/config.owner.json.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "{{ env "AUTHOR" }}", - "friend": { - "secret": "{{ env "PASSWORD" }}" - } -} diff --git a/install.sh b/entrypoint.sh similarity index 51% rename from install.sh rename to entrypoint.sh index 62b588a..fe1d99c 100644 --- a/install.sh +++ b/entrypoint.sh @@ -4,8 +4,4 @@ if [ ! -f .wiki/config.json ]; then cp config/config.json .wiki/config.json fi -if [ ! -f .wiki/config.owner.json ]; then - cp config/config.owner.json .wiki/config.owner.json -fi - wiki --farm diff --git a/release/2.0.0+1.0.20 b/release/2.0.0+1.0.20 new file mode 100644 index 0000000..f687d96 --- /dev/null +++ b/release/2.0.0+1.0.20 @@ -0,0 +1,11 @@ +COOKIE_SECRET is now a Docker secret, and several config options have been +dropped from the recipe -- this shouldn't affect running deplyoments, as +the recipe currently just installs the generated `config.json` if there isn't +one already -- but you will likely still need to run +`abra app secret generate ...` before deploying, in preparation for moving to +ennvironment variables for config in a future release. + +Additionally, there is now a healthcheck, which may require tuning, especially +on slower systems; please open a ticket on [the issue +tracker](https://git.coopcloud.tech/coop-cloud/federatedwiki/issues) if you +notice problems with the containers starting up.