wiki-cafe/grist
0
0
Fork 0
Code Issues Pull Requests Activity
5 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Grist

Wiki Cafe's configuration for a Grist deployment.

Deploying the app with Docker Swarm

Set the environment variables from the .env file during the shell session.

set -a && source .env && set +a

Set the secrets.

printf "SECRET_HERE" | docker secret create SECRET_NAME -

Deploy using the -c flag to specify one or multiple compose files.

docker stack deploy grist --detach=true -c compose.yaml

Miscellaneous notes

  • We may want to set GRIST_TERMS_OF_SERVICE_URL to a custom URL, such as the Wiki Cafe's terms of service.
  • Coop Cloud seems to use Pyodide as a sandboxing mechanism. We may want to replace gvisor with Pyodide in the future.
  • Not sure what APP_DOC_URL is, but we use it and it works
  • As of version 1.1.16 The Docker images now use a non-root user to run Grist.
  • As of version 1.1.17 additional security options for OIDC authentication were added, improving security and enabling compatibility with new providers that have specific requirements. These are enabled by default, according to best practices.
  • We may want to set a maximum size of document history later as it is now configurable via environment variables as of version 1.2.1.
  • There are also GRIST_SNAPSHOT_TIME_CAP and GRIST_SNAPSHOT_KEEP to look at.
  • There are also GRIST_ACTION_HISTORY_MAX_BYTES and GRIST_ACTION_HISTORY_MAX_ROWS to look at.
  • Currently, Grist stores attachments in the database, we may want to change this in the future to store them in a separate storage service like MinIO (version 1.4.0). GRIST_EXTERNAL_ATTACHMENTS_MODE related.
  • What should COOKIE_MAX_AGE be set to? The default is 90 days, but we may want to set it to a shorter time or none.
  • We should probably set GRIST_SESSION_SECRET. Not sure.
  • What does GRIST_SERVERS do? It is home,docs,static by default, but it can also have app?
  • Should we set GRIST_ORG_IN_PATH? "if true, encode org in path rather than domain" This is what we do, no?
  • GRIST_LIST_PUBLIC_SITES is an option that we can use. "if set to true, sites shared with the public will be listed for anonymous users. Defaults to false."
  • GRIST_IGNORE_SESSION: if set, Grist will not use a session for authentication? Do we want this?
  • GRIST_DOMAIN Maybe needs to be set to the Wiki Cafe's domain?
  • GRIST_DEFAULT_EMAIL gives access to /admin.
Description
No description provided
Readme 29 KiB
Languages
Shell 100%