forked from coop-cloud/hedgedoc
Compare commits
15 Commits
| Author | SHA1 | Date |
|---|---|---|
 Moritz
|
6f15d5f2c7 | |
|
Moritz
|
8bc03406a1 | |
|
Moritz
|
bc8996f558 | |
|
Moritz
|
fcf5bade21 | |
|
Moritz
|
3fc480b82b | |
|
Moritz
|
f71534e396 | |
|
moritz
|
5e815e63a5 | |
|
moritz
|
ec98bab9d5 | |
|
Moritz
|
65ec56ac08 | |
 decentral1se
|
1ed15423c3
|
|
|
decentral1se
|
0443ffc984
|
|
|
decentral1se
|
c727320a31
|
|
|
Moritz
|
e8f1186965 | |
|
Moritz
|
66c5160812 | |
 trav
|
c656afb176 |
|
|
@ -25,10 +25,10 @@
|
|||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. Create initial user:
|
||||
```
|
||||
abra app YOURAPPDOMAIN run app bash
|
||||
. /docker-entrypoint2.sh -e
|
||||
abra app run YOURAPPDOMAIN app bash
|
||||
. /docker-entrypoint.sh -e
|
||||
bin/manage_users
|
||||
|
||||
[hedegedoc]: https://github.com/hedgedoc/hedgedoc
|
||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[compose-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
[compose-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
|
|
|
|||
14
abra.sh
14
abra.sh
|
|
@ -1,13 +1 @@
|
|||
export ENTRYPOINT_CONF_VERSION=v8
|
||||
|
||||
abra_backup_app() {
|
||||
_abra_backup_dir "app:/home/hackmd/app/public/uploads/"
|
||||
}
|
||||
|
||||
abra_backup_db() {
|
||||
_abra_backup_postgres "db" "codimd" "codimd" "db_password"
|
||||
}
|
||||
|
||||
abra_backup() {
|
||||
abra_backup_app && abra_backup_db
|
||||
}
|
||||
export ENTRYPOINT_CONF_VERSION=v9
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
authentik:
|
||||
env:
|
||||
CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/
|
||||
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
|
||||
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
|
||||
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
|
||||
CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/
|
||||
CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/
|
||||
CMD_OAUTH2_CLIENT_ID: hedgedoc
|
||||
CMD_OAUTH2_PROVIDERNAME: Authentik
|
||||
uncomment:
|
||||
- compose.oauth.yml
|
||||
- SECRET_OAUTH_KEY_VERSION
|
||||
shared_secrets:
|
||||
hedgedoc_secret: oauth_key
|
||||
28
compose.yml
28
compose.yml
|
|
@ -33,7 +33,7 @@ services:
|
|||
- proxy
|
||||
- internal
|
||||
volumes:
|
||||
- codimd_uploads:/home/hackmd/app/public/uploads
|
||||
- codimd_uploads:/hedgedoc/public/uploads
|
||||
secrets:
|
||||
- db_password
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
|
|
@ -43,7 +43,6 @@ services:
|
|||
mode: 0555
|
||||
- source: config_json
|
||||
target: /files/config.json
|
||||
mode: 0555
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
|
@ -57,8 +56,8 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}
|
||||
- coop-cloud.${STACK_NAME}.version=0.6.0+1.9.9
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.1.0+1.9.9"
|
||||
healthcheck:
|
||||
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
||||
interval: 30s
|
||||
|
|
@ -66,7 +65,7 @@ services:
|
|||
retries: 10
|
||||
start_period: 1m
|
||||
db:
|
||||
image: postgres:11.20-alpine
|
||||
image: postgres:16.3-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
|
|
@ -79,12 +78,19 @@ services:
|
|||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
backupbot.restore: "true"
|
||||
backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < ./backup.sql && rm -f ./backup.sql'"
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -f /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
|
||||
backupbot.restore: "true"
|
||||
backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < /var/lib/postgresql/data/backup.sql && rm -f /var/lib/postgresql/data/backup.sql'"
|
||||
healthcheck:
|
||||
test: "pg_isready"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 1m
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
codimd_uploads:
|
||||
|
|
|
|||
|
|
@ -1,48 +1,50 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
}
|
||||
|
||||
main() {
|
||||
set -eu
|
||||
set -eu
|
||||
|
||||
load_vars
|
||||
mkdir "/hedgedoc/.npm" && chown -R 10000:65534 "/hedgedoc/.npm" && chmod "u+rwx" "/hedgedoc/.npm"
|
||||
load_vars
|
||||
mkdir -p "/hedgedoc/.npm" && \
|
||||
chown -R 10000:65534 "/hedgedoc/.npm" && \
|
||||
chmod "u+rwx" "/hedgedoc/.npm"
|
||||
}
|
||||
|
||||
main
|
||||
|
||||
export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME
|
||||
|
||||
# 3wc: `source /docker-entrypoint2.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
if [ ! "${1-}" == "-e" ]; then
|
||||
# 3wc: upstream ENTRYPOINT
|
||||
# https://github.com/hedgedoc/container/blob/master/alpine/Dockerfile
|
||||
mkdir -p "/hedgedoc/.npm" && chown -R 10000:65534 "/hedgedoc/.npm"
|
||||
/usr/local/bin/docker-entrypoint.sh npm start
|
||||
# 3wc: upstream ENTRYPOINT
|
||||
# https://github.com/hedgedoc/container/blob/master/alpine/Dockerfile
|
||||
mkdir -p "/hedgedoc/.npm" && chown -R 10000:65534 "/hedgedoc/.npm"
|
||||
/usr/local/bin/docker-entrypoint.sh npm start
|
||||
fi
|
||||
|
||||
set +eu
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
WARNING WARNING WARNING 🚨
|
||||
|
||||
This release includes a major Postgres database upgrade, but does not yet include tools to automatically upgrade from older Postgres releases.
|
||||
|
||||
PLEASE DO NOT UPGRADE EXISTING INSTANCES TO THIS VERSION.
|
||||
|
||||
This should be fixed soon.
|
||||
Loading…
Reference in New Issue