From e7bfeecc2d80f94e31c06a94b696b77fd9a83407 Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 18:44:49 +0200 Subject: [PATCH 01/17] Simplify ALL THE THINGS --- .dockerignore | 1 + .env.dist | 71 ++--------------- Dockerfile | 11 ++- README.md | 173 ++++++++++++++---------------------------- config.dist.exs | 14 +++- docker-compose.m4 | 122 ----------------------------- pleroma => pleroma.sh | 117 +++++----------------------- 7 files changed, 103 insertions(+), 406 deletions(-) delete mode 100644 docker-compose.m4 rename pleroma => pleroma.sh (75%) diff --git a/.dockerignore b/.dockerignore index 8fce603..b981dcf 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ data/ +cache/ diff --git a/.env.dist b/.env.dist index ea38c3c..805c8b9 100644 --- a/.env.dist +++ b/.env.dist @@ -1,69 +1,10 @@ -######################### -# Script settings # -######################### +# Pleroma tag, commit, or branch to build +PLEROMA_VERSION=master -# Create a postgresql container? -SCRIPT_DEPLOY_POSTGRES=true - -# Specify the server that is used as a reverse-proxy -SCRIPT_USE_PROXY=traefik - -# Enable internal SSL support? -SCRIPT_ENABLE_SSL=false - -# The port to serve HTTP on when running in nginx/apache-mode -SCRIPT_PORT_HTTP=80 - -# The port to serve HTTPs on when running in nginx/apache-mode -SCRIPT_PORT_HTTPS=443 - -# The ip to bind to in nginx/apache-mode -SCRIPT_BIND_IP=0.0.0.0 - -######################### -# Docker settings # -######################### - -# The docker network to bind to. -# In traefik-mode this should be the same network that your -# traefik-container is connected to or a network that is interconnected -# with traefik's network. In manual, apache or nginx mode this value may be empty or set to any other alphanumeric value. -# (Defaults to something like "pleroma_docker_1" if empty) -DOCKER_NETWORK=prod - -# The directory where all containers store their data. -# Can be a relative path, "~/...", or absolute. -# Named docker volumes are currently not supported. +# The directory where the containers store their stuff +# Can be an absolute or relative path DOCKER_DATADIR=./data -# The uid/gid used by pleroma. -# You should probably set this to the same -# uid/guid that cloned the pleroma-docker repo. -# This way modding pleroma becomes a lot easier. -DOCKER_UID=1000 -DOCKER_GID=1000 - -########################### -# Database settings # -########################### - -# When you use the managed postgres container -# those will be the credentials the container is generated with. - -POSTGRES_DB=pleroma -POSTGRES_USER=pleroma -POSTGRES_PASSWORD=pleroma - -########################## -# Pleroma Settings # -########################## - -# The environment to use (dev/prod/test) +# Pleroma's mix environment. +# You should leave this at prod unless you know what you're doing. MIX_ENV=prod - -# The git tag, revision, or branch to check out on build -PLEROMA_VERSION=develop - -# Domain to run at (only relevant for traefik mode) -PLEROMA_URL=coolsite.moe -PLEROMA_MEDIA_PROXY_URL=cdn.coolsite.moe diff --git a/Dockerfile b/Dockerfile index 769bcb3..1ec4161 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,11 @@ -FROM alpine:3.9 +FROM alpine:3.10 + +ARG __VIA_SCRIPT +RUN \ + if [ -z "$__VIA_SCRIPT" ]; then \ + echo -e "\n\nERROR\nYou must build pleroma via build.sh\n\n"; \ + exit 1; \ + fi # Set up environment ENV LC_ALL=C.UTF-8 @@ -47,7 +54,7 @@ WORKDIR /home/pleroma/pleroma # Bust the build cache (if needed) # This works by setting an environment variable with the last -# used version/branch/tag/commitish/... which originates in the script. +# used version/branch/tag/commit/... which originates in the script. # If the host doesn't have the required tool for "smart version detection" # we'll just use the current timestamp here which forces a rebuild every time. ARG __CACHE_TAG diff --git a/README.md b/README.md index 739e2fb..9e275b0 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,6 @@ This repository dockerizes it for easier deployment. * Please do some research if you have any concerns about included * features or the software used by this script ***before*** using it. * - * You are choosing to use this setup, and if you point the finger at me for - * messing up your instance, I will laugh at you. */ ``` @@ -40,35 +38,80 @@ of the pleroma installation process and common docker commands. If you have questions about Pleroma head over to https://docs-develop.pleroma.social/.
For help with docker check out https://docs.docker.com/. +For other problems related to this script, contact me or open an issue :) + ### Prerequisites - ~500mb of free HDD space -- `m4` and `awk` in remotely recent versions - `git` if you want smart build caches -- `curl`, `jq`, and `dialog` if you want to use `./pleroma mod` -- Bash 4.0+ (fancy scripting stuff) +- `curl`, `jq`, and `dialog` if you want to use `./pleroma.sh mod` +- Bash 4+ - Docker 18.06+ and docker-compose 1.22+ ### Installation - Clone this repository - Create a `config.exs` and `.env` file -- Run `./pleroma build` and `./pleroma up` +- Run `./pleroma.sh build` and `./pleroma.sh up` +- Configure a reverse-proxy - Profit! +Hint:
+You can also use normal `docker-compose` commands to maintain your setup.
+The only command that you cannot use is `docker-compose build` due to build caching. + ### Updates -Run `./pleroma build` again and start the updated image with `./pleroma up`. +Run `./pleroma.sh build` again and start the updated image with `./pleroma.sh up`. You don't need to stop your pleroma server for either of those commands. ### Maintenance Pleroma maintenance is usually done with mix tasks. -You can run these tasks in your running pleroma server using `./pleroma mix [task] [arguments...]`. -If you need to fix some bigger issues you can also spawn a shell with `./pleroma enter`. +You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`. +If you need to fix some bigger issues you can also spawn a shell with `./pleroma.sh enter`. -For example: `/pleroma mix pleroma.user new sn0w ...` +For example: `/pleroma.sh mix pleroma.user new sn0w ...` + +### My instance is up, how do I reach it? + +Older versions of this script contained a huge amount of scripting to support all kinds of reverse-proxy setups.
+This newer version tries to focus only on providing good setup tooling. + +You will have to configure your own reverse-proxy.
+You can use Caddy, Traefik, Apache, nginx, or whatever else you could come up with.
+Just modify your `docker-compose.yml` accordingly. + +One example would be to add an [nginx server](https://hub.docker.com/_/nginx) to your `docker-compose.yml`: +```yml + # ... + + proxy: + image: nginx + init: true + restart: unless-stopped + links: + - server + volumes: + - ./my-nginx-config.conf:/etc/nginx/nginx.conf:ro + ports: + - "80:80" + - "443:443" +``` + +Then take a look at [the pleroma nginx example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) for hints about what to put into `my-nginx-config.conf`. + +Using apache would work in a very similar way (see [Apache Docker Docs](https://hub.docker.com/_/httpd) and [the pleroma apache example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf)). + +The target that you proxy to is called `http://server:4000/`.
+This will work automagically when the proxy also lives inside of docker. + +Something that cofe.rocks uses is simple port-forwarding of the `server` container to the host's `127.0.0.1`. +From there on, the natively installed nginx server acts as a proxy to the open internet. +You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) if that setup sounds interesting. + +If you need help with this, or if you think that this needs more documentation, please let me know. ### Customization @@ -86,118 +129,16 @@ For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instanc Works exactly like customization, but we have a neat little helper here. -Use `./pleroma mod [regex]` to mod any file that ships with pleroma, without having to type the complete path. +Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without having to type the complete path. ### Configuration All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`. -`.env` stores config values that need to be known at orchestration time.
-They should be self-explaining but here's some bonus info on important ones: +`.env` stores config values that need to be known at orchestration/build time.
+Documentation for the possible values is inside of that file. -#### Data Storage (`DOCKER_DATADIR`) - -A folder that will be bind-mounted into the container.
-This is where pleroma and postgres will store their data. - -#### Database (`SCRIPT_DEPLOY_POSTGRES`) - -Values: `true` / `false` - -By default pleroma-docker deploys a postgresql container and links it to pleroma’s container as a zero-config data store. -If you already have a postgres database or want to host it on a physically different machine, set this value to `false`. -Make sure to edit the `config :pleroma, Pleroma.Repo` variables in `config.exs` when doing that. - -#### Reverse Proxy (`SCRIPT_USE_PROXY`) - -Values: `traefik` / `nginx` / `apache` / `manual` - -Pleroma is usually run behind a reverse-proxy.
-Pleroma-docker gives you multiple options here. - -##### Manual - -In manual mode we do not create any reverse proxy for you.
-You'll have to figure something out on your own. - -If `SCRIPT_BIND_IN_MANUAL` is `true` we will forward `pleroma:4000` to `${SCRIPT_BIND_IP}:${SCRIPT_PORT_HTTP}`. - -##### Traefik - -In traefik-mode we will generate a pleroma container with traefik-compatible labels. -These will be picked up at runtime to dynamically create a reverse-proxy configuration. -This should 'just work' if `watch=true` and `exposedByDefault=false` are set in the `[docker]` section of your `traefik.conf`. -SSL will also 'just work' once you add a matching `[[acme.domains]]` entry in there. - -##### NGINX - -In nginx-mode we will generate a bare nginx container that is linked to pleroma. -The nginx container is absolutely unmodified and expects to be configured by you. -The nginx file in [Pleroma's Repository](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) is a good starting point. - -We will mount your configs like this: -```txt -custom.d/server.nginx -> /etc/nginx/nginx.conf -custom.d/vhost.nginx -> /etc/nginx/conf.d/pleroma.conf -``` - -To reach your pleroma container from inside nginx use `proxy_pass http://pleroma:4000;`. - -Set `SCRIPT_PORT_HTTP` and `SCRIPT_PORT_HTTPS` to the ports you want to listen on.
-Specify the ip to bind to in `SCRIPT_BIND_IP`. These values are required. - -The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`. - -##### Apache / httpd - -Just like nginx-mode this starts an unmodified apache server that expects to be configured by you.
-Again [Pleroma's Config](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf) is a good starting point. - -We will mount your configs like this: -``` -custom.d/server.httpd -> /usr/local/apache2/conf/httpd.conf -custom.d/vhost.httpd -> /usr/local/apache2/conf/extra/httpd-vhosts.conf -``` - -To reach your pleroma container from inside apache use `ProxyPass [loc] http://pleroma:4000/`. - -Again setting `SCRIPT_PORT_HTTP`, `SCRIPT_PORT_HTTPS` and `SCRIPT_BIND_IP` is required. - -The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`. - -#### SSL (`SCRIPT_ENABLE_SSL`) - -Values: `true` / `false` - -If you want to use SSL with your Apache or NGINX containers you'll need a -certificate. Certificates need to be placed into `custom.d` and will be -bind-mounted into the server's container at runtime. - -We will mount your certs like this: -``` -custom.d/ssl.crt -> /ssl/ssl.crt -custom.d/ssl.key -> /ssl/ssl.key -``` - -You can reference them in Apache like this: -```apache - - SSLEngine on - SSLCertificateFile "/ssl/ssl.crt" - SSLCertificateKeyFile "/ssl/ssl.key" - -``` - -And in NGINX like this: -```nginx -listen 443 ssl; -ssl_certificate /ssl/ssl.crt; -ssl_certificate_key /ssl/ssl.key; -``` - -In traefik-mode and manual-mode these files and the `SCRIPT_ENABLE_SSL` value are ignored. - -## Attribution +### Attribution Thanks to [Angristan](https://github.com/Angristan/dockerfiles/tree/master/pleroma) and [RX14](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile) for their dockerfiles, which served as an inspiration for the early versions of this script. diff --git a/config.dist.exs b/config.dist.exs index d5b477e..2a14d17 100644 --- a/config.dist.exs +++ b/config.dist.exs @@ -11,13 +11,25 @@ config :pleroma, Pleroma.Repo, hostname: "db", pool_size: 10 +# Listening to 0.0.0.0 is required in a container +# Do not change this +config :pleroma, Pleroma.Web.Endpoint, + http: [ + ip: {0, 0, 0, 0}, + port: 4000 + ] + +config :pleroma, :gopher, + ip: {0, 0, 0, 0}, + port: 9999 + # vvv Your awesome config options go here vvv ### # Here are some example values. # Uncomment what you need or delete it all. # -# Want to use the config generator instead? +# Want to use pleroma's config generator instead? # Try `./pleroma mix pleroma.instance gen` and then `./pleroma cp /home/pleroma/pleroma/config/generated_config.exs config.exs`. # # Need some inspiration? diff --git a/docker-compose.m4 b/docker-compose.m4 deleted file mode 100644 index aacbc0f..0000000 --- a/docker-compose.m4 +++ /dev/null @@ -1,122 +0,0 @@ -changequote(`<', `>') - -define(, , )>) -define(, ) -define(, ) -define(, <${upcase($1):?upcase($1)}>) -define(, <${upcase($1):-$2}>) - -{ - "version": "3.7", - - ifdef(<__DOCKER_NETWORK>, < - "networks": { - "default": { - "external": { - "name": "__DOCKER_NETWORK" - } - } - }, - >) - - "services": { - ifelse(__SCRIPT_DEPLOY_POSTGRES, true, < - "db": { - "image": "postgres:10.3-alpine", - "restart": "unless-stopped", - "environment": [ - "env()", - "env()", - "env()" - ], - "volumes": [ - "env_inline()/db:/var/lib/postgresql/data", - "./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql" - ] - }, - >) - - ifdef(<__SCRIPT_USE_PROXY>, < - ifelse( - __SCRIPT_USE_PROXY, traefik, <>, - __SCRIPT_USE_PROXY, manual, <>, - __SCRIPT_USE_PROXY, nginx, < - "proxy": { - "image": "nginx:alpine", - "ports": [ - "__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>) - ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">) - ], - "links": [ - "server:pleroma" - ], - "volumes": [ - "./custom.d/server.nginx:/etc/nginx/nginx.conf:ro", - "./custom.d/vhost.nginx:/etc/nginx/conf.d/pleroma.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>) - ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>) - ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">) - ] - }, - >, __SCRIPT_USE_PROXY, apache, < - "proxy": { - "image": "amd64/apache:alpine", - "ports": [ - "__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>) - ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">) - ], - "links": [ - "server:pleroma" - ], - "volumes": [ - "./custom.d/server.httpd:/usr/local/apache2/conf/httpd.conf:ro", - "./custom.d/vhost.httpd:/usr/local/apache2/conf/extra/httpd-vhosts.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>) - ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>) - ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">) - ] - }, - >, < - errprint(Invalid option __SCRIPT_USE_PROXY for ) - m4exit(<1>) - > - ) - >) - - "server": { - "build": { - "context": ".", - "args": [ - "env()", - "env()", - "env()", - "env_fb(, )" - ] - }, - "init": true, - "restart": "unless-stopped", - "links": [ - ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <"db">) - ], - "environment": [ - "env_fb(, )" - ], - "volumes": [ - "./custom.d:/custom.d:ro", - "./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro", - "env_inline()/uploads:env_inline_fb(, )" - ], - "labels": [ - ifelse(__SCRIPT_USE_PROXY, traefik, < - "traefik.enable=true", - "traefik.fe.port=4000", - "traefik.fe.protocol=http", - "traefik.fe.entryPoints=http,https", - "traefik.fe.frontend.rule=Host:patsubst(__PLEROMA_URL, , <>)", - "traefik.cache.port=4000", - "traefik.cache.protocol=http", - "traefik.cache.entryPoints=http,https", - "traefik.cache.frontend.rule=Host:patsubst(patsubst(__PLEROMA_MEDIA_PROXY_URL, , <>), , <>)" - >) - ] - } - } -} diff --git a/pleroma b/pleroma.sh similarity index 75% rename from pleroma rename to pleroma.sh index 93bc5dc..323e50b 100755 --- a/pleroma +++ b/pleroma.sh @@ -1,11 +1,6 @@ #!/bin/bash -######################################################### -# Options # -######################################################### - -set -e -set -o pipefail +set -Eeo pipefail ######################################################### # Globals # @@ -20,8 +15,6 @@ readonly ENDPOINT_TAG="$PREFIX_API/tags" readonly ENDPOINT_BLOB="$PREFIX_API/blobs" readonly ENDPOINT_BRANCH="$PREFIX_API/branches" -flags="" - ######################################################### # Helpers # ######################################################### @@ -57,31 +50,9 @@ throw_file_errors() { fi } -render_template() { - require_command m4 - require_command awk - - m4 $flags docker-compose.m4 | awk 'NF' -} - docker_compose() { require_command docker-compose - - docker-compose \ - -f <(render_template) \ - --project-directory . \ - "$@" -} - -load_env() { - while read -r line; do - if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then - continue; - fi - - export "${line?}" - flags="-D__${line?} $flags" - done < .env + docker-compose "$@" } download_file() { # $1: source, $2: target @@ -106,6 +77,16 @@ request_file_content() { # $1: source fi } +load_env() { + while read -r line; do + if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then + continue; + fi + + export "${line?}" + done < .env +} + ######################################################### # Subcommands # ######################################################### @@ -142,7 +123,7 @@ action__build() { cacheTag="$(date '+%s')" fi - # Alternative 3: Random number with awk + # Alternative 3: Random number with shell if [[ -z "$cacheTag" ]] && [[ -n "$RANDOM" ]]; then echo "" echo "WARNING WARNING WARNING" @@ -185,13 +166,10 @@ action__build() { cacheTag="broken-host-env" fi - echo -e "#> (Re-)Building with cache tag \`${cacheTag}\`...\n" + echo -e "#> (Re-)Building pleroma @$PLEROMA_VERSION with cache tag \`${cacheTag}\`...\n" + sleep 1 - docker_compose build --build-arg __CACHE_TAG="$cacheTag" server -} - -action__dump() { - cat <(render_template) + docker_compose build --build-arg __VIA_SCRIPT=1 --build-arg __CACHE_TAG="$cacheTag" --build-arg PLEROMA_VERSION="$PLEROMA_VERSION" server } action__enter() { @@ -206,14 +184,6 @@ action__mix() { docker_compose exec server sh -c "cd ~/pleroma && mix $*" } -action__passthrough() { - docker_compose "$@" -} - -action__p() { - action__passthrough "$@" -} - action__restart() { action__stop action__start @@ -243,38 +213,6 @@ action__ps() { action__status } -action__debug() { - require_command xhost - - local debug_mounts - debug_mounts=" - -v $(pwd)/custom.d:/custom.d \ - -v $(pwd)/debug.d/build:/home/pleroma/pleroma/_build \ - -v $(pwd)/debug.d/deps:/home/pleroma/pleroma/deps \ - " - - if [[ ! -d ./debug.d ]]; then - mkdir -p ./debug.d/{build,deps} - fi - - if [[ ! -d ./custom.d/lib ]]; then - mkdir -p ./custom.d/lib - fi - - action__stop - - docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" server bash -c 'cp -rvf /custom.d/* /home/pleroma/pleroma && mix deps.get' - - local x_flags="" - if [[ $NO_X_FORWARDING != 1 ]]; then - x_flags="-e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix" - fi - - [[ $NO_X_FORWARDING == 1 ]] || xhost +local:root - docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" "$x_flags" server bash -c "cp -rvf /custom.d/* /home/pleroma/pleroma && $*" - [[ $NO_X_FORWARDING == 1 ]] || xhost -local:root -} - action__mod() { require_command dialog require_command jq @@ -334,17 +272,7 @@ Usage: Actions: build (Re)build the pleroma container. - dump Dump the generated docker-compose.yml to stdout. - - debug [bin] [args...] Launches a new pleroma container but uses \$bin instead of phx.server as entrypoint. - **Warning**: This is intended for debugging pleroma with tools like :debugger and :observer. - It thus forwards your X-Server into docker and temporarily fiddles with your xhost - access controls. If this is a security concern for you, please export NO_X_FORWARDING=1 - before launching a debugger session. - enter Spawn a shell inside the container for debugging/maintenance. - This command does not link to the postgres container. - If you need that use #debug instead. logs Show the current container logs. @@ -353,8 +281,6 @@ Actions: mod [file] Creates the file in custom.d and downloads the content from pleroma.social. The download respects your \$PLEROMA_VERSION from .env. - passthrough / p [...] Pass any custom command to docker-compose. - restart Executes #stop and #start respectively. start / up Start pleroma and sibling services. @@ -367,17 +293,8 @@ Actions: This operation only works in one direction. For making permanent changes to the container use custom.d. -Environment: - DEBUG can be used to modify the loglevel. - DEBUG=1 prints all commands before they are executed. - DEBUG=2 prints all bash statements before they are executed (a lot). + ---------------------------- - SHOPT can be used to modify shell options. - Pass a list of options to this variable like SHOPT='-x -e'. - For setting long options with -o use a colon (:) instead of a space - to seperate the option from -o. For example: SHOPT='-x -e -o:pipefail'. - -Contributing: You can report bugs or contribute to this project at: https://glitch.sh/sn0w/pleroma-docker " From b44d428493844115773932fc456faf1c8682e367 Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 22:39:22 +0200 Subject: [PATCH 02/17] Scripting fixup --- Dockerfile | 3 --- entrypoint.sh | 9 ++++++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1ec4161..1166f50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -72,6 +72,3 @@ RUN \ cp ./config/dev.exs ./config/prod.secret.exs \ && BUILDTIME=1 /entrypoint.sh \ && rm ./config/prod.secret.exs - -# Insert overrides -COPY --chown=pleroma:pleroma ./custom.d /home/pleroma/pleroma diff --git a/entrypoint.sh b/entrypoint.sh index 789dcaf..dcce13a 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,13 +4,16 @@ set -e if [ -n "$BUILDTIME" ]; then - echo "#> Preparing compilation..." - + echo "#> Getting rebar..." mix local.rebar --force + + echo "#> Getting hex..." mix local.hex --force - echo "#> Compiling..." + echo "#> Getting dependencies..." mix deps.get + + echo "#> Precompiling..." mix compile exit 0 fi From b768471a7d3da6332df5dfc68d614899f27e5ae8 Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 23:29:34 +0200 Subject: [PATCH 03/17] Dockerfile and scripting improvements --- .env.dist | 16 ++++++++++++++++ .gitignore | 8 ++++---- Dockerfile | 47 ++++++++++++++++++++++++++-------------------- config.dist.exs | 9 +++++++-- docker-compose.yml | 41 ++++++++++++++++++++++++++++++++++++++++ entrypoint.sh | 22 +++++++++++++--------- pleroma.sh | 10 ++++++++-- 7 files changed, 116 insertions(+), 37 deletions(-) create mode 100644 docker-compose.yml diff --git a/.env.dist b/.env.dist index 805c8b9..3a3fd7a 100644 --- a/.env.dist +++ b/.env.dist @@ -8,3 +8,19 @@ DOCKER_DATADIR=./data # Pleroma's mix environment. # You should leave this at prod unless you know what you're doing. MIX_ENV=prod + +# The uid/gid used by pleroma. +# You should probably set this to the same +# uid/guid that cloned the pleroma-docker repo. +# This way modding pleroma becomes a lot easier. +DOCKER_UID=1000 +DOCKER_GID=1000 + +# The git repo where pleroma's sources are located. +# This will be used at build-time and to resolve PLEROMA_VERSION via "git ls-remote". +# The latter involves one connection per "pleroma.sh build" execution, even if a rebuild does not occur. +# +# You might want to change this if you're working on a fork, +# or if you do not trust the admins of pleroma's Gitlab instance. +# +PLEROMA_GIT_REPO=https://git.pleroma.social/pleroma/pleroma.git diff --git a/.gitignore b/.gitignore index 4e5fca7..e797e62 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,10 @@ -data -.env -config.yml +data/ +cache/ custom.d/ !custom.d/.gitkeep -docker-compose.yml config.exs +secret.exs +.env # Created by https://www.gitignore.io/api/osx,linux,windows diff --git a/Dockerfile b/Dockerfile index 1166f50..c1b1eb4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,8 @@ RUN \ # Set up environment ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 -ENV MIX_ENV=prod +ARG MIX_ENV +ENV MIX_ENV=$MIX_ENV # Prepare mounts VOLUME /custom.d @@ -22,12 +23,14 @@ EXPOSE 4000 RUN \ apk add --no-cache --virtual .tools \ git curl rsync postgresql-client \ - \ - && apk add --no-cache --virtual .sdk \ + && \ + apk add --no-cache --virtual .sdk \ build-base \ - \ - && apk add --no-cache --virtual .runtime \ - imagemagick erlang erlang-runtime-tools erlang-xmerl erlang-ssl erlang-eldap elixir + && \ + apk add --no-cache --virtual .runtime \ + imagemagick \ + elixir erlang erlang-runtime-tools \ + erlang-xmerl erlang-ssl erlang-ssh erlang-eldap # Add entrypoint COPY ./entrypoint.sh / @@ -35,21 +38,25 @@ RUN chmod a+x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] # Limit permissions -ARG DOCKER_UID=1000 -ARG DOCKER_GID=1000 -ARG PLEROMA_UPLOADS_PATH=/uploads +ARG DOCKER_UID +ARG DOCKER_GID RUN \ - addgroup -g ${DOCKER_GID} pleroma \ - && adduser -S -s /bin/ash -G pleroma -u ${DOCKER_UID} pleroma \ - && mkdir -p /custom.d $PLEROMA_UPLOADS_PATH \ - && chown -R pleroma:pleroma /custom.d $PLEROMA_UPLOADS_PATH + echo "#> Pleroma user will be ${DOCKER_UID}:${DOCKER_GID}" 1>&2 && \ + addgroup -g ${DOCKER_GID} pleroma && \ + adduser -S -s /bin/ash -G pleroma -u ${DOCKER_UID} pleroma && \ + mkdir -p /custom.d /uploads && \ + chown -R pleroma:pleroma /custom.d /uploads USER pleroma WORKDIR /home/pleroma # Get pleroma sources -RUN git clone --progress https://git.pleroma.social/pleroma/pleroma.git ./pleroma +ARG PLEROMA_GIT_REPO +RUN \ + echo "#> Getting pleroma sources from $PLEROMA_GIT_REPO..." 1>&2 && \ + git clone --progress $PLEROMA_GIT_REPO ./pleroma + WORKDIR /home/pleroma/pleroma # Bust the build cache (if needed) @@ -63,12 +70,12 @@ ENV __CACHE_TAG $__CACHE_TAG # Fetch changes, checkout ARG PLEROMA_VERSION RUN \ - git fetch --all \ - && git checkout $PLEROMA_VERSION \ - && git pull --rebase --autostash + git fetch --all && \ + git checkout $PLEROMA_VERSION && \ + git pull --rebase --autostash # Precompile RUN \ - cp ./config/dev.exs ./config/prod.secret.exs \ - && BUILDTIME=1 /entrypoint.sh \ - && rm ./config/prod.secret.exs + cp ./config/dev.exs ./config/prod.secret.exs && \ + BUILDTIME=1 /entrypoint.sh && \ + rm ./config/prod.secret.exs diff --git a/config.dist.exs b/config.dist.exs index 2a14d17..059762c 100644 --- a/config.dist.exs +++ b/config.dist.exs @@ -11,8 +11,10 @@ config :pleroma, Pleroma.Repo, hostname: "db", pool_size: 10 -# Listening to 0.0.0.0 is required in a container -# Do not change this +# Listening to 0.0.0.0 is required in a container since the IP is not known in advance +# You should not change the options below this. +# Instead, go change the mapping to your host ports in "docker-compose.yml" + config :pleroma, Pleroma.Web.Endpoint, http: [ ip: {0, 0, 0, 0}, @@ -23,6 +25,9 @@ config :pleroma, :gopher, ip: {0, 0, 0, 0}, port: 9999 +config :esshd, + port: 2222 + # vvv Your awesome config options go here vvv ### diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..dc66a2e --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3.7" + +services: + db: + image: postgres:10-alpine + init: true + restart: unless-stopped + environment: + POSTGRES_DB: pleroma + POSTGRES_USER: pleroma + POSTGRES_PASSWORD: pleroma + volumes: + - $DOCKER_DATADIR/db:/var/lib/postgresql/data + - ./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql + + server: + build: . + init: true + restart: unless-stopped + links: + - db + ports: [ + # Uncomment/Change port mappings below as needed. + # The left side is your host machine, the right one is the pleroma container. + # You can prefix the left side with an ip. + + # Webserver (for reverse-proxies outside of docker) + # If you use a dockerized proxy (see README), you can leave this commented + # and use a container link instead. + # "127.0.0.1:4000:4000", + + # SSH support + # "2222:2222", + + # Gopher support + # "9999:9999", + ] + volumes: + - ./custom.d:/custom.d:ro + - ./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro + - $DOCKER_DATADIR/uploads:/uploads diff --git a/entrypoint.sh b/entrypoint.sh index dcce13a..5b29c81 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,34 +3,38 @@ set -e +log() { + echo -e "\n#> $@\n" 1>&2 +} + if [ -n "$BUILDTIME" ]; then - echo "#> Getting rebar..." + log "Getting rebar..." mix local.rebar --force - echo "#> Getting hex..." + log "Getting hex..." mix local.hex --force - echo "#> Getting dependencies..." + log "Getting dependencies..." mix deps.get - echo "#> Precompiling..." + log "Precompiling..." mix compile exit 0 fi -echo "#> Applying customizations and patches.." +log "Syncing changes and patches..." rsync -av /custom.d/ /home/pleroma/pleroma/ -echo "#> Recompiling..." +log "Recompiling..." mix compile -echo "#> Waiting until database is ready..." +log "Waiting for postgres..." while ! pg_isready -U pleroma -d postgres://db:5432/pleroma -t 1; do sleep 1s done -echo "#> Upgrading database..." +log "Migrating database..." mix ecto.migrate -echo "#> Liftoff!" +log "Liftoff o/" exec mix phx.server diff --git a/pleroma.sh b/pleroma.sh index 323e50b..e92efc2 100755 --- a/pleroma.sh +++ b/pleroma.sh @@ -77,12 +77,14 @@ request_file_content() { # $1: source fi } +builds_args="" load_env() { while read -r line; do if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then continue; fi + builds_args="${builds_args} --build-arg ${line?}" export "${line?}" done < .env } @@ -98,7 +100,7 @@ action__build() { if [[ -z "$cacheTag" ]] && has_command git && has_command grep && has_command awk; then set +o pipefail local resolvedHash - resolvedHash="$(git ls-remote $GITLAB_URI/$ENDPOINT_REPO | grep "/$PLEROMA_VERSION" | awk '{ print $1 }')" + resolvedHash="$(git ls-remote $PLEROMA_GIT_REPO | grep "/$PLEROMA_VERSION" | awk '{ print $1 }')" set -o pipefail if [[ -n "$resolvedHash" ]]; then @@ -169,7 +171,11 @@ action__build() { echo -e "#> (Re-)Building pleroma @$PLEROMA_VERSION with cache tag \`${cacheTag}\`...\n" sleep 1 - docker_compose build --build-arg __VIA_SCRIPT=1 --build-arg __CACHE_TAG="$cacheTag" --build-arg PLEROMA_VERSION="$PLEROMA_VERSION" server + docker_compose build \ + $builds_args \ + --build-arg __VIA_SCRIPT=1 \ + --build-arg __CACHE_TAG="$cacheTag" \ + server } action__enter() { From 140b52353bffd56a944b1e46db85006950f8519f Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 23:32:13 +0200 Subject: [PATCH 04/17] Expose Gopher/SSH in dockerfile --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index c1b1eb4..6ea2ebd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ ENV MIX_ENV=$MIX_ENV # Prepare mounts VOLUME /custom.d -# Expose default pleroma port to host -EXPOSE 4000 +# Expose HTTP, Gopher, and SSH ports, respectively +EXPOSE 4000 9999 2222 # Get dependencies RUN \ @@ -40,7 +40,6 @@ ENTRYPOINT ["/entrypoint.sh"] # Limit permissions ARG DOCKER_UID ARG DOCKER_GID - RUN \ echo "#> Pleroma user will be ${DOCKER_UID}:${DOCKER_GID}" 1>&2 && \ addgroup -g ${DOCKER_GID} pleroma && \ From da4c279fff5b30af6bdf6d8c999e58a25b64e6cc Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 23:41:08 +0200 Subject: [PATCH 05/17] documentation updates --- Dockerfile | 2 -- README.md | 2 +- config.dist.exs | 29 +++++++++++++++-------------- docker-compose.yml | 15 +++++++++++---- 4 files changed, 27 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6ea2ebd..ed96195 100644 --- a/Dockerfile +++ b/Dockerfile @@ -61,8 +61,6 @@ WORKDIR /home/pleroma/pleroma # Bust the build cache (if needed) # This works by setting an environment variable with the last # used version/branch/tag/commit/... which originates in the script. -# If the host doesn't have the required tool for "smart version detection" -# we'll just use the current timestamp here which forces a rebuild every time. ARG __CACHE_TAG ENV __CACHE_TAG $__CACHE_TAG diff --git a/README.md b/README.md index 9e275b0..26b2c0f 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ For other problems related to this script, contact me or open an issue :) - Clone this repository - Create a `config.exs` and `.env` file - Run `./pleroma.sh build` and `./pleroma.sh up` -- Configure a reverse-proxy +- [Configure a reverse-proxy](#my-instance-is-up-how-do-i-reach-it) - Profit! Hint:
diff --git a/config.dist.exs b/config.dist.exs index 059762c..803a033 100644 --- a/config.dist.exs +++ b/config.dist.exs @@ -1,19 +1,8 @@ use Mix.Config -# pleroma/pleroma/pleroma are the default credentials for the -# managed database container. "db" is the default interlinked hostname. -# You shouldn't need to change this unless you modifed .env -config :pleroma, Pleroma.Repo, - adapter: Ecto.Adapters.Postgres, - username: "pleroma", - password: "pleroma", - database: "pleroma", - hostname: "db", - pool_size: 10 - -# Listening to 0.0.0.0 is required in a container since the IP is not known in advance -# You should not change the options below this. -# Instead, go change the mapping to your host ports in "docker-compose.yml" +# Listening to 0.0.0.0 is required in a container since the IP is not known in advance. +# You should not change the following three ip/port mappings. +# Instead, change the mapping to your host ports in "docker-compose.yml". config :pleroma, Pleroma.Web.Endpoint, http: [ @@ -28,7 +17,19 @@ config :pleroma, :gopher, config :esshd, port: 2222 +# pleroma/pleroma/pleroma are the default credentials. +# "db" is the default interlinked hostname. +# You shouldn't need to change this. +config :pleroma, Pleroma.Repo, + adapter: Ecto.Adapters.Postgres, + username: "pleroma", + password: "pleroma", + database: "pleroma", + hostname: "db" + +# # vvv Your awesome config options go here vvv +# ### # Here are some example values. diff --git a/docker-compose.yml b/docker-compose.yml index dc66a2e..9f4c367 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,10 +5,17 @@ services: image: postgres:10-alpine init: true restart: unless-stopped - environment: - POSTGRES_DB: pleroma - POSTGRES_USER: pleroma - POSTGRES_PASSWORD: pleroma + environment: { + # This might seem insecure but is usually not a problem. + # You should leave this at the "pleroma" default. + # The DB is only reachable by containers in the same docker network, + # and is not exposed to the open internet. + # + # If you do change this, remember to update "config.exs". + POSTGRES_DB: pleroma, + POSTGRES_USER: pleroma, + POSTGRES_PASSWORD: pleroma, + } volumes: - $DOCKER_DATADIR/db:/var/lib/postgresql/data - ./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql From 2c4f3f481f94bdcb9ce2f98c4ca420fe21e5badb Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 23:43:43 +0200 Subject: [PATCH 06/17] update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 26b2c0f..e3f7c35 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ This will work automagically when the proxy also lives inside of docker. Something that cofe.rocks uses is simple port-forwarding of the `server` container to the host's `127.0.0.1`. From there on, the natively installed nginx server acts as a proxy to the open internet. -You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) if that setup sounds interesting. +You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) and [cofe's proxy config](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/proxy.xconf) if that setup sounds interesting. If you need help with this, or if you think that this needs more documentation, please let me know. From 2f283393e539ba1214dcb8cb64c42020c0ad3362 Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 23:47:25 +0200 Subject: [PATCH 07/17] update readme --- README.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e3f7c35..640a326 100644 --- a/README.md +++ b/README.md @@ -76,11 +76,14 @@ For example: `/pleroma.sh mix pleroma.user new sn0w ...` ### My instance is up, how do I reach it? -Older versions of this script contained a huge amount of scripting to support all kinds of reverse-proxy setups.
-This newer version tries to focus only on providing good setup tooling. +To reach Gopher or SSH, just uncomment the port-forward in your `docker-compose.yml`. -You will have to configure your own reverse-proxy.
-You can use Caddy, Traefik, Apache, nginx, or whatever else you could come up with.
+To reach HTTP you will have to configure a "reverse-proxy". +Older versions of this script contained a huge amount of scripting to support all kinds of reverse-proxy setups. +This newer version tries to focus only on providing good pleroma tooling. +That makes the whole process a bit more manual, but also more flexible. + +You can use Caddy, Traefik, Apache, nginx, or whatever else you come up with.
Just modify your `docker-compose.yml` accordingly. One example would be to add an [nginx server](https://hub.docker.com/_/nginx) to your `docker-compose.yml`: @@ -107,12 +110,12 @@ Using apache would work in a very similar way (see [Apache Docker Docs](https:// The target that you proxy to is called `http://server:4000/`.
This will work automagically when the proxy also lives inside of docker. +If you need help with this, or if you think that this needs more documentation, please let me know. + Something that cofe.rocks uses is simple port-forwarding of the `server` container to the host's `127.0.0.1`. From there on, the natively installed nginx server acts as a proxy to the open internet. You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) and [cofe's proxy config](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/proxy.xconf) if that setup sounds interesting. -If you need help with this, or if you think that this needs more documentation, please let me know. - ### Customization Add your customizations (and their folder structure) to `custom.d/`.
From 7234cee371fadd2b868a0fc1c3ab4d59d3e2f4f4 Mon Sep 17 00:00:00 2001 From: sn0w Date: Sun, 25 Aug 2019 23:59:29 +0200 Subject: [PATCH 08/17] Update docs and add mnesia --- Dockerfile | 2 +- README.md | 54 ++++++++++++++++++++++++++++-------------------------- 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/Dockerfile b/Dockerfile index ed96195..f5e33e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN \ apk add --no-cache --virtual .runtime \ imagemagick \ elixir erlang erlang-runtime-tools \ - erlang-xmerl erlang-ssl erlang-ssh erlang-eldap + erlang-xmerl erlang-ssl erlang-ssh erlang-eldap erlang-mnesia # Add entrypoint COPY ./entrypoint.sh / diff --git a/README.md b/README.md index 640a326..e79dcc1 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ For other problems related to this script, contact me or open an issue :) ### Prerequisites -- ~500mb of free HDD space +- ~1GB of free HDD space - `git` if you want smart build caches - `curl`, `jq`, and `dialog` if you want to use `./pleroma.sh mod` - Bash 4+ @@ -60,6 +60,13 @@ Hint:
You can also use normal `docker-compose` commands to maintain your setup.
The only command that you cannot use is `docker-compose build` due to build caching. +### Configuration + +All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`. + +`.env` stores config values that need to be known at orchestration/build time.
+Documentation for the possible values is inside of that file. + ### Updates Run `./pleroma.sh build` again and start the updated image with `./pleroma.sh up`. @@ -69,11 +76,31 @@ You don't need to stop your pleroma server for either of those commands. ### Maintenance Pleroma maintenance is usually done with mix tasks. + You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`. + If you need to fix some bigger issues you can also spawn a shell with `./pleroma.sh enter`. For example: `/pleroma.sh mix pleroma.user new sn0w ...` +### Customization + +Add your customizations (and their folder structure) to `custom.d/`.
+They will be copied into the right place when the container starts.
+You can even replace/patch pleroma’s code with this, +because the project is recompiled at startup if needed. + +In general: Prepending `custom.d/` to pleroma’s customization guides should work all the time.
+Check them out in the official pleroma wiki. + +For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instance/thumbnail.jpeg`. + +### Patches + +Works exactly like customization, but we have a neat little helper here. + +Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without having to type the complete path. + ### My instance is up, how do I reach it? To reach Gopher or SSH, just uncomment the port-forward in your `docker-compose.yml`. @@ -116,31 +143,6 @@ Something that cofe.rocks uses is simple port-forwarding of the `server` contain From there on, the natively installed nginx server acts as a proxy to the open internet. You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) and [cofe's proxy config](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/proxy.xconf) if that setup sounds interesting. -### Customization - -Add your customizations (and their folder structure) to `custom.d/`.
-They will be copied into the right place when the container starts.
-You can even replace/patch pleroma’s code with this, -because the project is recompiled at startup if needed. - -In general: Prepending `custom.d/` to pleroma’s customization guides should work all the time.
-Check them out in the official pleroma wiki. - -For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instance/thumbnail.jpeg`. - -### Patches - -Works exactly like customization, but we have a neat little helper here. - -Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without having to type the complete path. - -### Configuration - -All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`. - -`.env` stores config values that need to be known at orchestration/build time.
-Documentation for the possible values is inside of that file. - ### Attribution Thanks to [Angristan](https://github.com/Angristan/dockerfiles/tree/master/pleroma) and [RX14](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile) for their dockerfiles, which served as an inspiration for the early versions of this script. From 8fd6c3f9597b5421b882386fa3364347931b0cf4 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:02:45 +0200 Subject: [PATCH 09/17] update docs --- README.md | 4 ++-- pleroma.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e79dcc1..5fcca9c 100644 --- a/README.md +++ b/README.md @@ -79,10 +79,10 @@ Pleroma maintenance is usually done with mix tasks. You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`. -If you need to fix some bigger issues you can also spawn a shell with `./pleroma.sh enter`. - For example: `/pleroma.sh mix pleroma.user new sn0w ...` +If you need to fix bigger problems you can also spawn a shell with `./pleroma.sh enter`. + ### Customization Add your customizations (and their folder structure) to `custom.d/`.
diff --git a/pleroma.sh b/pleroma.sh index e92efc2..30b217c 100755 --- a/pleroma.sh +++ b/pleroma.sh @@ -179,7 +179,7 @@ action__build() { } action__enter() { - docker_compose exec server sh -c 'cd ~/pleroma && bash' + docker_compose exec server sh -c 'cd ~/pleroma && ash' } action__logs() { From 19ac2c74cf3ec516aaf7b6ae8b658c4cb1d1b282 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:03:08 +0200 Subject: [PATCH 10/17] update docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5fcca9c..4318d5a 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ Pleroma maintenance is usually done with mix tasks. You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`. -For example: `/pleroma.sh mix pleroma.user new sn0w ...` +For example: `./pleroma.sh mix pleroma.user new sn0w ...` If you need to fix bigger problems you can also spawn a shell with `./pleroma.sh enter`. From 4f603d0caeed5de860b7e0f9d8c7cc07efea4d42 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:06:00 +0200 Subject: [PATCH 11/17] update docs --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4318d5a..e6b5d5f 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Let me know and I'll add you to this list. These docs assume that you have at least a basic understanding of the pleroma installation process and common docker commands. -If you have questions about Pleroma head over to https://docs-develop.pleroma.social/.
+If you have questions about Pleroma head over to https://docs.pleroma.social/.
For help with docker check out https://docs.docker.com/. For other problems related to this script, contact me or open an issue :) @@ -91,7 +91,7 @@ You can even replace/patch pleroma’s code with this, because the project is recompiled at startup if needed. In general: Prepending `custom.d/` to pleroma’s customization guides should work all the time.
-Check them out in the official pleroma wiki. +Check them out in the [pleroma documentation](https://docs.pleroma.social/small_customizations.html#content). For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instance/thumbnail.jpeg`. @@ -147,5 +147,5 @@ You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4 Thanks to [Angristan](https://github.com/Angristan/dockerfiles/tree/master/pleroma) and [RX14](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile) for their dockerfiles, which served as an inspiration for the early versions of this script. -The current version is based on the [official wiki guides](https://git.pleroma.social/pleroma/pleroma/tree/develop/docs/installation).
+The current version is based on the [offical install instructions](https://docs.pleroma.social/alpine_linux_en.html).
Thanks to all people who contributed to those. From 0d49d8914460a654c092440e9d3dccc4f272266f Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:07:59 +0200 Subject: [PATCH 12/17] update disclaimer --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e6b5d5f..92bbc1c 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,12 @@ This repository dockerizes it for easier deployment. /* * This repository comes with ABSOLUTELY NO WARRANTY * - * I am not responsible for burning servers, angry users, fedi drama, + * I will happily help you with issues related to this script, + * but I am not responsible for burning servers, angry users, fedi drama, * thermonuclear war, or you getting fired because your boss saw your NSFW posts. - * Please do some research if you have any concerns about included - * features or the software used by this script ***before*** using it. + * + * Please do some research if you have any concerns about the + * included features or software ***before*** using it. * */ ``` From d11af523448d3fe9f73e609e950c8c8b85ae2821 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:10:48 +0200 Subject: [PATCH 13/17] Also mount dev config --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 9f4c367..3b8348a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,4 +45,5 @@ services: volumes: - ./custom.d:/custom.d:ro - ./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro + - ./config.exs:/home/pleroma/pleroma/config/dev.secret.exs:ro - $DOCKER_DATADIR/uploads:/uploads From daf6d4896f62fca927c8533d7a1f81f4928054f6 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:12:05 +0200 Subject: [PATCH 14/17] update docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 92bbc1c..f5edd55 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without To reach Gopher or SSH, just uncomment the port-forward in your `docker-compose.yml`. To reach HTTP you will have to configure a "reverse-proxy". -Older versions of this script contained a huge amount of scripting to support all kinds of reverse-proxy setups. +Older versions of this project contained a huge amount of scripting to support all kinds of reverse-proxy setups. This newer version tries to focus only on providing good pleroma tooling. That makes the whole process a bit more manual, but also more flexible. From daf8eeebc0055dbb35b9e4ac1e9aa4fffece4a53 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:28:14 +0200 Subject: [PATCH 15/17] Update config sample --- Dockerfile | 2 +- config.dist.exs | 48 ++++++++++++++++++++++++++++++------------------ 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index f5e33e7..3a5f9ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ ARG MIX_ENV ENV MIX_ENV=$MIX_ENV # Prepare mounts -VOLUME /custom.d +VOLUME /custom.d /uploads # Expose HTTP, Gopher, and SSH ports, respectively EXPOSE 4000 9999 2222 diff --git a/config.dist.exs b/config.dist.exs index 803a033..49957f4 100644 --- a/config.dist.exs +++ b/config.dist.exs @@ -1,14 +1,14 @@ use Mix.Config -# Listening to 0.0.0.0 is required in a container since the IP is not known in advance. # You should not change the following three ip/port mappings. +# Listening to 0.0.0.0 is required in a container since the IP is not known in advance. # Instead, change the mapping to your host ports in "docker-compose.yml". config :pleroma, Pleroma.Web.Endpoint, - http: [ - ip: {0, 0, 0, 0}, - port: 4000 - ] + http: [ + ip: {0, 0, 0, 0}, + port: 4000 + ] config :pleroma, :gopher, ip: {0, 0, 0, 0}, @@ -17,35 +17,47 @@ config :pleroma, :gopher, config :esshd, port: 2222 +# You shouldn't need to change this. # pleroma/pleroma/pleroma are the default credentials. # "db" is the default interlinked hostname. -# You shouldn't need to change this. config :pleroma, Pleroma.Repo, - adapter: Ecto.Adapters.Postgres, - username: "pleroma", - password: "pleroma", - database: "pleroma", - hostname: "db" + adapter: Ecto.Adapters.Postgres, + username: "pleroma", + password: "pleroma", + database: "pleroma", + hostname: "db" + +# You should not change this. +config :pleroma, Pleroma.Uploaders.Local, uploads: "/uploads" # # vvv Your awesome config options go here vvv # +config :pleroma, Pleroma.Upload, + filters: [Pleroma.Upload.Filter.Dedupe, Pleroma.Upload.Filter.Mogrify] + +config :pleroma, Pleroma.Upload.Filter.Mogrify, + args: ["strip"] + +# Set your URL and key-base here +# On Linux, you can use the following command to get a random key base: +# dd if=/dev/urandom bs=1 count=128 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev +config :pleroma, Pleroma.Web.Endpoint, + url: [host: "ihatedocker.io", scheme: "https", port: 443], + secret_key_base: "" + ### -# Here are some example values. -# Uncomment what you need or delete it all. +# Now follow some example config values. +# Uncomment/Change what you need, or delete it all. # # Want to use pleroma's config generator instead? -# Try `./pleroma mix pleroma.instance gen` and then `./pleroma cp /home/pleroma/pleroma/config/generated_config.exs config.exs`. +# Try `./pleroma.sh mix pleroma.instance gen` and then `./pleroma.sh cp /home/pleroma/pleroma/config/generated_config.exs config.exs`. # # Need some inspiration? # Take a look at https://git.pleroma.social/pleroma/pleroma/tree/develop/config ### -# config :pleroma, Pleroma.Web.Endpoint, -# url: [host: "example.com", scheme: "https", port: 443], -# secret_key_base: "" - # config :pleroma, :instance, # name: "example instance", # email: "example@example.com", From 9a4e89272c9d80d7641bae9f1c77965bb89466cb Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 00:58:22 +0200 Subject: [PATCH 16/17] Add upload sanity check --- config.dist.exs | 2 +- entrypoint.sh | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/config.dist.exs b/config.dist.exs index 49957f4..e8bc4dd 100644 --- a/config.dist.exs +++ b/config.dist.exs @@ -44,7 +44,7 @@ config :pleroma, Pleroma.Upload.Filter.Mogrify, # On Linux, you can use the following command to get a random key base: # dd if=/dev/urandom bs=1 count=128 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev config :pleroma, Pleroma.Web.Endpoint, - url: [host: "ihatedocker.io", scheme: "https", port: 443], + url: [host: "example.com", scheme: "https", port: 443], secret_key_base: "" ### diff --git a/entrypoint.sh b/entrypoint.sh index 5b29c81..bed1764 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -33,6 +33,17 @@ while ! pg_isready -U pleroma -d postgres://db:5432/pleroma -t 1; do sleep 1s done +log "Performing sanity checks..." +if ! touch /uploads/.sanity-check; then + log "\ +The uploads datadir is NOT writable by `id -u`:`id -g`!\n\ +This will break all upload functionality.\n\ +Please fix the permissions and try again.\ + " + exit 1 +fi +rm /uploads/.sanity-check + log "Migrating database..." mix ecto.migrate From 9bf389c02c5b111fa985710812aa0c99918723f8 Mon Sep 17 00:00:00 2001 From: sn0w Date: Mon, 26 Aug 2019 01:14:08 +0200 Subject: [PATCH 17/17] Remove unused rebase from dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3a5f9ad..e620de1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,8 +68,7 @@ ENV __CACHE_TAG $__CACHE_TAG ARG PLEROMA_VERSION RUN \ git fetch --all && \ - git checkout $PLEROMA_VERSION && \ - git pull --rebase --autostash + git checkout $PLEROMA_VERSION # Precompile RUN \