Docker: Update Dockerfile & Add docker-compose.yml (still tweaking the setup)
This commit is contained in:
parent
d077203b2f
commit
b7b6fd7a2e
8 changed files with 257 additions and 5 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -16,3 +16,4 @@ yesod-devel/
|
||||||
# vervis
|
# vervis
|
||||||
lib/
|
lib/
|
||||||
state/
|
state/
|
||||||
|
postgres15/
|
||||||
|
|
|
@ -115,9 +115,10 @@ COPY --from=builder /build/artifacts/* /app/
|
||||||
|
|
||||||
RUN mkdir /app/state /app/state/repos /app/state/deliveries && \
|
RUN mkdir /app/state /app/state/repos /app/state/deliveries && \
|
||||||
chown vervis:vervis /app/state /app/static /app/log
|
chown vervis:vervis /app/state /app/static /app/log
|
||||||
COPY settings-default.yaml /app/state/settings.yml
|
# COPY settings-sample-prod.yaml /app/settings.yml
|
||||||
RUN ssh-keygen -t rsa -m PEM -f /app/state/ssh-host-key
|
RUN ssh-keygen -t rsa -m PEM -f /app/state/ssh-host-key
|
||||||
|
|
||||||
|
VOLUME /app/settings.yml
|
||||||
VOLUME /app/state
|
VOLUME /app/state
|
||||||
|
|
||||||
RUN ls /app
|
RUN ls /app
|
||||||
|
|
20
INSTALL.md
20
INSTALL.md
|
@ -1,3 +1,16 @@
|
||||||
|
# 2024 update - docker setup
|
||||||
|
|
||||||
|
I'll update this file properly soon, but for now, instructions for deployment
|
||||||
|
using docker:
|
||||||
|
|
||||||
|
1. Create and edit `settings.yml` based on `settings-sample-prod.yml`
|
||||||
|
2. Check out `create-db.sql`, update it if you want to tweak the DB config
|
||||||
|
3. In `docker-compose.yml`, in particular update the database superuser
|
||||||
|
password
|
||||||
|
4. Ready for launch! `docker compose up`
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
Vervis is still in early development and the build process gets updates once in
|
Vervis is still in early development and the build process gets updates once in
|
||||||
a while, but this file tries to keep up and list the latest instructions for
|
a while, but this file tries to keep up and list the latest instructions for
|
||||||
running a Vervis instance.
|
running a Vervis instance.
|
||||||
|
@ -112,8 +125,9 @@ Generate a new SSH key with a blank password:
|
||||||
Update the settings to specify correct database connection details and other
|
Update the settings to specify correct database connection details and other
|
||||||
settings.
|
settings.
|
||||||
|
|
||||||
$ cp settings-default.yaml state/settings.yml
|
# Pick the right settings-sample-* file
|
||||||
$ vim state/settings.yml
|
$ cp settings-sample-dev.yaml settings.yml
|
||||||
|
$ vim settings.yml
|
||||||
|
|
||||||
Create a directory that will keep all the VCS repositories hosted by Vervis.
|
Create a directory that will keep all the VCS repositories hosted by Vervis.
|
||||||
Its name should match the `repo-dir` setting in `config/settings.yml`. For
|
Its name should match the `repo-dir` setting in `config/settings.yml`. For
|
||||||
|
@ -163,7 +177,7 @@ generating the rest, run this:
|
||||||
|
|
||||||
Run.
|
Run.
|
||||||
|
|
||||||
$ stack run -- state/settings.yml
|
$ stack run -- settings.yml
|
||||||
|
|
||||||
By default, Vervis is configured with User Registration disabled. This is to
|
By default, Vervis is configured with User Registration disabled. This is to
|
||||||
prevent any automatic spambot registration for bots that may be monitoring the
|
prevent any automatic spambot registration for bots that may be monitoring the
|
||||||
|
|
2
create-db.sql
Normal file
2
create-db.sql
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
CREATE USER vervis WITH NOSUPERUSER NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD 'abc123' ;
|
||||||
|
CREATE DATABASE vervis_production WITH OWNER vervis ENCODING UTF8 ;
|
42
docker-compose.yml
Normal file
42
docker-compose.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
restart: always
|
||||||
|
image: postgres:15-bookworm
|
||||||
|
shm_size: 128mb
|
||||||
|
networks:
|
||||||
|
- internal_network
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
|
volumes:
|
||||||
|
- ./postgres15:/var/lib/postgresql/data
|
||||||
|
- ./create-db.sql:/docker-entrypoint-initdb.d/create_database.sql
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "pg_superuser_password_xyz12345"
|
||||||
|
|
||||||
|
web:
|
||||||
|
# You can uncomment the following line if you want to not use the prebuilt
|
||||||
|
# image, for example if you have local code changes
|
||||||
|
#build: .
|
||||||
|
image: codeberg.org/forgefed/vervis:v0.1
|
||||||
|
restart: always
|
||||||
|
command: ./vervis settings.yml > log/vervis.log 2>&1
|
||||||
|
networks:
|
||||||
|
- external_network
|
||||||
|
- internal_network
|
||||||
|
healthcheck:
|
||||||
|
# prettier-ignore
|
||||||
|
# test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
|
||||||
|
test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000 | grep -q 'OK' || exit 1"]
|
||||||
|
ports:
|
||||||
|
- '127.0.0.1:3000:3000'
|
||||||
|
- '127.0.0.1:22:5022'
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
volumes:
|
||||||
|
- ./state:/app/state
|
||||||
|
- ./settings.yml:/app/settings.yml
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_network:
|
||||||
|
internal_network:
|
||||||
|
internal: true
|
191
settings-sample-prod.yaml
Normal file
191
settings-sample-prod.yaml
Normal file
|
@ -0,0 +1,191 @@
|
||||||
|
# Values formatted like "_env:ENV_VAR_NAME:default_value" can be overridden by
|
||||||
|
# the specified environment variable. See the Yesod wiki, Configuration page.
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# HTTP server
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# any IPv4 host
|
||||||
|
host: "_env:HOST:*4"
|
||||||
|
|
||||||
|
# The port `yesod devel` uses is distinct from this value. Set the
|
||||||
|
# `yesod devel` port from the command line.
|
||||||
|
http-port: "_env:PORT:3000"
|
||||||
|
|
||||||
|
ip-from-header: "_env:IP_FROM_HEADER:false"
|
||||||
|
|
||||||
|
# The instance's host (e.g. "mycoolforge.org"). Used for determining which
|
||||||
|
# requests are federated and which are for this instance, and for generating
|
||||||
|
# URLs. The database relies on this value, and you shouldn't change it once
|
||||||
|
# you deploy an instance.
|
||||||
|
instance-host: "_env:INSTANCE_HOST:dev.example.org"
|
||||||
|
|
||||||
|
# How much time after the last request it takes for the session cookie to
|
||||||
|
# expire
|
||||||
|
client-session-timeout:
|
||||||
|
amount: 60
|
||||||
|
unit: days
|
||||||
|
|
||||||
|
# Maximal accepted time difference between request date and current time, when
|
||||||
|
# performing this check during HTTP signature verification
|
||||||
|
request-time-limit:
|
||||||
|
amount: 5
|
||||||
|
unit: minutes
|
||||||
|
|
||||||
|
# How often to generate a new actor key for HTTP-signing requests
|
||||||
|
actor-key-rotation:
|
||||||
|
amount: 1
|
||||||
|
unit: days
|
||||||
|
|
||||||
|
# Whether to use personal actor keys, or an instance-wide key
|
||||||
|
per-actor-keys: false
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Development
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# Optional values with the following production defaults.
|
||||||
|
# In development, they default to the inverse.
|
||||||
|
#
|
||||||
|
# development: false
|
||||||
|
# detailed-logging: false
|
||||||
|
# should-log-all: false
|
||||||
|
# mutable-static: false
|
||||||
|
|
||||||
|
# This setting isn't used anymore (because no more need for SVG fonts)
|
||||||
|
# load-font-from-lib-data: false
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Database
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# If you need a numeric value (e.g. 123) to parse as a String, wrap it in
|
||||||
|
# single quotes (e.g. "_env:PGPASS:'123'"). See the Yesod wiki, Configuration
|
||||||
|
# page.
|
||||||
|
|
||||||
|
database:
|
||||||
|
user: "_env:PGUSER:vervis"
|
||||||
|
password: "_env:PGPASS:abc123"
|
||||||
|
host: "_env:PGHOST:db"
|
||||||
|
port: "_env:PGPORT:5432"
|
||||||
|
database: "_env:PGDATABASE:vervis_production"
|
||||||
|
poolsize: "_env:PGPOOLSIZE:10"
|
||||||
|
|
||||||
|
max-instance-keys: 2
|
||||||
|
max-actor-keys: 2
|
||||||
|
|
||||||
|
state-dir: state
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Version control repositories
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
diff-context-lines: 5
|
||||||
|
post-receive-hook: /app/vervis-post-receive
|
||||||
|
post-apply-hook: /app/vervis-post-apply
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# SSH server
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
ssh-port: 5022
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Accounts
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
registration: false
|
||||||
|
max-accounts: 3
|
||||||
|
|
||||||
|
# Whether to verify users' email addresses by sending them email with a
|
||||||
|
# verification link. If not set below, the default is not to verify in
|
||||||
|
# development, and to verify otherwise.
|
||||||
|
email-verification: true
|
||||||
|
|
||||||
|
# Person usernames who are allowed to create Factory actors
|
||||||
|
can-create-factories: []
|
||||||
|
|
||||||
|
# KeyHashids of local Factory actors who will auto-send a develop-Grant to
|
||||||
|
# every newly created account
|
||||||
|
#
|
||||||
|
# If empty or unset, and there's exactly 1 local factory in DB, it will
|
||||||
|
# automatically become the resident
|
||||||
|
resident-factories: []
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Mail
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# Optional SMTP server settings for sending email. If not provided, no email
|
||||||
|
# will be sent. The login field is optional, provide if you need SMTP
|
||||||
|
# authentication.
|
||||||
|
|
||||||
|
mail:
|
||||||
|
smtp:
|
||||||
|
login:
|
||||||
|
user: "_env:SMTPUSER:vervis@dev.example.org"
|
||||||
|
password: "_env:SMTPPASS:abcd0123456789"
|
||||||
|
host: "_env:SMTPHOST:smtp.example.org"
|
||||||
|
port: "_env:SMTPPORT:587"
|
||||||
|
sender:
|
||||||
|
name: "_env:SENDERNAME:Vervis"
|
||||||
|
email: "_env:SENDEREMAIL:vervis@dev.example.org"
|
||||||
|
allow-reply: false
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Federation
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# Whether to support federation. This includes:
|
||||||
|
#
|
||||||
|
# * Accept activities from other servers in the inbox
|
||||||
|
# * Accept activities from users in the outbox
|
||||||
|
# * Deliver local activities to other servers
|
||||||
|
federation: true
|
||||||
|
|
||||||
|
# Whether to reject an HTTP signature when we want to insert a new key or usage
|
||||||
|
# record but reached the limit setting
|
||||||
|
reject-on-max-keys: true
|
||||||
|
|
||||||
|
# The duration of time during which a remote actor is unreachable and we
|
||||||
|
# periodically retry to deliver them activities. After that period of time, we
|
||||||
|
# stop trying to deliver and we remove them from follower lists of local
|
||||||
|
# actors.
|
||||||
|
#
|
||||||
|
# TODO this probably isn't working anymore since the switch to DeliveryTheater
|
||||||
|
drop-delivery-after:
|
||||||
|
amount: 25
|
||||||
|
unit: weeks
|
||||||
|
|
||||||
|
# Base of the exponential backoff for inbox POST delivery to remote actors,
|
||||||
|
# i.e. how much time to wait before the first retry. Afterwards this time
|
||||||
|
# interval will be doubled with each retry.
|
||||||
|
retry-delivery-base:
|
||||||
|
amount: 5
|
||||||
|
unit: minutes
|
||||||
|
|
||||||
|
# How many activities to remember in the debug report list, showing latest
|
||||||
|
# activities received in local inboxes and the result of their processing.
|
||||||
|
# 'null' means disable the report page entirely.
|
||||||
|
#activity-debug-reports: 10
|
||||||
|
|
||||||
|
# List of (hosts of) other known federating instances.
|
||||||
|
#instances: []
|
||||||
|
|
||||||
|
# Maximal length we allow for Grant chains (default: 16)
|
||||||
|
max-grant-chain-length: 16
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# User interface
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
# Default color scheme for syntax highlighing of code blocks inside rendered
|
||||||
|
# documents. The available styles are listed in the "Text.Pandoc.Highlighting"
|
||||||
|
# module documentation.
|
||||||
|
highlight-style: zenburn
|
||||||
|
|
||||||
|
# Color scheme to use for UI header, footer, links on pages etc., should help
|
||||||
|
# with visually identifying instances that may otherwise look very much alike.
|
||||||
|
# Any number is valid; the scheme is chosen via modulo the number of available
|
||||||
|
# schemes.
|
||||||
|
main-color: 0
|
|
@ -466,7 +466,7 @@ getAppSettings = do
|
||||||
path <- do
|
path <- do
|
||||||
as <- getArgs
|
as <- getArgs
|
||||||
case as of
|
case as of
|
||||||
[] -> pure "state/settings.yml"
|
[] -> pure "settings.yml"
|
||||||
[p] -> pure p
|
[p] -> pure p
|
||||||
_ -> throwIO $ userError "Expected 1 argument, the settings filename"
|
_ -> throwIO $ userError "Expected 1 argument, the settings filename"
|
||||||
loadYamlSettings [path] [] useEnv
|
loadYamlSettings [path] [] useEnv
|
||||||
|
@ -562,6 +562,7 @@ appMain :: IO ()
|
||||||
appMain = do
|
appMain = do
|
||||||
-- Remove in 2025
|
-- Remove in 2025
|
||||||
moveFileIfExists "config/settings.yml" "state/settings.yml"
|
moveFileIfExists "config/settings.yml" "state/settings.yml"
|
||||||
|
moveFileIfExists "state/settings.yml" "settings.yml"
|
||||||
|
|
||||||
-- Get the settings from all relevant sources
|
-- Get the settings from all relevant sources
|
||||||
settings <- getAppSettings
|
settings <- getAppSettings
|
||||||
|
|
Loading…
Reference in a new issue