forge/Vervis
1
0
Fork 0
Code Pull requests Activity

Docker: Update Dockerfile & Add docker-compose.yml (still tweaking the setup)

Browse source
This commit is contained in:
Pere Lev 2024-10-19 14:28:53 +03:00
parent d077203b2f
commit b7b6fd7a2e
No known key found for this signature in database
GPG key ID: 5252C5C863E5E57D
8 changed files with 257 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -16,3 +16,4 @@ yesod-devel/
# vervis # vervis
lib/ lib/
state/ state/
postgres15/

3
Dockerfile
View file

@ -115,9 +115,10 @@ COPY --from=builder /build/artifacts/* /app/
RUN mkdir /app/state /app/state/repos /app/state/deliveries && \ RUN mkdir /app/state /app/state/repos /app/state/deliveries && \
chown vervis:vervis /app/state /app/static /app/log chown vervis:vervis /app/state /app/static /app/log
COPY settings-default.yaml /app/state/settings.yml # COPY settings-sample-prod.yaml /app/settings.yml
RUN ssh-keygen -t rsa -m PEM -f /app/state/ssh-host-key RUN ssh-keygen -t rsa -m PEM -f /app/state/ssh-host-key
VOLUME /app/settings.yml
VOLUME /app/state VOLUME /app/state
RUN ls /app RUN ls /app

20
INSTALL.md
View file

@ -1,3 +1,16 @@
# 2024 update - docker setup
I'll update this file properly soon, but for now, instructions for deployment
using docker:
1. Create and edit `settings.yml` based on `settings-sample-prod.yml`
2. Check out `create-db.sql`, update it if you want to tweak the DB config
3. In `docker-compose.yml`, in particular update the database superuser
password
4. Ready for launch! `docker compose up`
---
Vervis is still in early development and the build process gets updates once in Vervis is still in early development and the build process gets updates once in
a while, but this file tries to keep up and list the latest instructions for a while, but this file tries to keep up and list the latest instructions for
running a Vervis instance. running a Vervis instance.
@ -112,8 +125,9 @@ Generate a new SSH key with a blank password:
Update the settings to specify correct database connection details and other Update the settings to specify correct database connection details and other
settings. settings.
$ cp settings-default.yaml state/settings.yml # Pick the right settings-sample-* file
$ vim state/settings.yml $ cp settings-sample-dev.yaml settings.yml
$ vim settings.yml
Create a directory that will keep all the VCS repositories hosted by Vervis. Create a directory that will keep all the VCS repositories hosted by Vervis.
Its name should match the `repo-dir` setting in `config/settings.yml`. For Its name should match the `repo-dir` setting in `config/settings.yml`. For
@ -163,7 +177,7 @@ generating the rest, run this:
Run. Run.
$ stack run -- state/settings.yml $ stack run -- settings.yml
By default, Vervis is configured with User Registration disabled. This is to By default, Vervis is configured with User Registration disabled. This is to
prevent any automatic spambot registration for bots that may be monitoring the prevent any automatic spambot registration for bots that may be monitoring the

2
create-db.sql Normal file
View file

@ -0,0 +1,2 @@
CREATE USER vervis WITH NOSUPERUSER NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD 'abc123' ;
CREATE DATABASE vervis_production WITH OWNER vervis ENCODING UTF8 ;

42
docker-compose.yml Normal file
View file

@ -0,0 +1,42 @@
services:
db:
restart: always
image: postgres:15-bookworm
shm_size: 128mb
networks:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- ./postgres15:/var/lib/postgresql/data
- ./create-db.sql:/docker-entrypoint-initdb.d/create_database.sql
environment:
POSTGRES_PASSWORD: "pg_superuser_password_xyz12345"
web:
# You can uncomment the following line if you want to not use the prebuilt
# image, for example if you have local code changes
#build: .
image: codeberg.org/forgefed/vervis:v0.1
restart: always
command: ./vervis settings.yml > log/vervis.log 2>&1
networks:
- external_network
- internal_network
healthcheck:
# prettier-ignore
# test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000 | grep -q 'OK' || exit 1"]
ports:
- '127.0.0.1:3000:3000'
- '127.0.0.1:22:5022'
depends_on:
- db
volumes:
- ./state:/app/state
- ./settings.yml:/app/settings.yml
networks:
external_network:
internal_network:
internal: true

0
settings-default.yaml → settings-sample-dev.yaml
View file

191
settings-sample-prod.yaml Normal file
View file

@ -0,0 +1,191 @@
# Values formatted like "_env:ENV_VAR_NAME:default_value" can be overridden by
# the specified environment variable. See the Yesod wiki, Configuration page.
###############################################################################
# HTTP server
###############################################################################
# any IPv4 host
host: "_env:HOST:*4"
# The port `yesod devel` uses is distinct from this value. Set the
# `yesod devel` port from the command line.
http-port: "_env:PORT:3000"
ip-from-header: "_env:IP_FROM_HEADER:false"
# The instance's host (e.g. "mycoolforge.org"). Used for determining which
# requests are federated and which are for this instance, and for generating
# URLs. The database relies on this value, and you shouldn't change it once
# you deploy an instance.
instance-host: "_env:INSTANCE_HOST:dev.example.org"
# How much time after the last request it takes for the session cookie to
# expire
client-session-timeout:
amount: 60
unit: days
# Maximal accepted time difference between request date and current time, when
# performing this check during HTTP signature verification
request-time-limit:
amount: 5
unit: minutes
# How often to generate a new actor key for HTTP-signing requests
actor-key-rotation:
amount: 1
unit: days
# Whether to use personal actor keys, or an instance-wide key
per-actor-keys: false
###############################################################################
# Development
###############################################################################
# Optional values with the following production defaults.
# In development, they default to the inverse.
#
# development: false
# detailed-logging: false
# should-log-all: false
# mutable-static: false
# This setting isn't used anymore (because no more need for SVG fonts)
# load-font-from-lib-data: false
###############################################################################
# Database
###############################################################################
# If you need a numeric value (e.g. 123) to parse as a String, wrap it in
# single quotes (e.g. "_env:PGPASS:'123'"). See the Yesod wiki, Configuration
# page.
database:
user: "_env:PGUSER:vervis"
password: "_env:PGPASS:abc123"
host: "_env:PGHOST:db"
port: "_env:PGPORT:5432"
database: "_env:PGDATABASE:vervis_production"
poolsize: "_env:PGPOOLSIZE:10"
max-instance-keys: 2
max-actor-keys: 2
state-dir: state
###############################################################################
# Version control repositories
###############################################################################
diff-context-lines: 5
post-receive-hook: /app/vervis-post-receive
post-apply-hook: /app/vervis-post-apply
###############################################################################
# SSH server
###############################################################################
ssh-port: 5022
###############################################################################
# Accounts
###############################################################################
registration: false
max-accounts: 3
# Whether to verify users' email addresses by sending them email with a
# verification link. If not set below, the default is not to verify in
# development, and to verify otherwise.
email-verification: true
# Person usernames who are allowed to create Factory actors
can-create-factories: []
# KeyHashids of local Factory actors who will auto-send a develop-Grant to
# every newly created account
#
# If empty or unset, and there's exactly 1 local factory in DB, it will
# automatically become the resident
resident-factories: []
###############################################################################
# Mail
###############################################################################
# Optional SMTP server settings for sending email. If not provided, no email
# will be sent. The login field is optional, provide if you need SMTP
# authentication.
mail:
smtp:
login:
user: "_env:SMTPUSER:vervis@dev.example.org"
password: "_env:SMTPPASS:abcd0123456789"
host: "_env:SMTPHOST:smtp.example.org"
port: "_env:SMTPPORT:587"
sender:
name: "_env:SENDERNAME:Vervis"
email: "_env:SENDEREMAIL:vervis@dev.example.org"
allow-reply: false
###############################################################################
# Federation
###############################################################################
# Whether to support federation. This includes:
#
# * Accept activities from other servers in the inbox
# * Accept activities from users in the outbox
# * Deliver local activities to other servers
federation: true
# Whether to reject an HTTP signature when we want to insert a new key or usage
# record but reached the limit setting
reject-on-max-keys: true
# The duration of time during which a remote actor is unreachable and we
# periodically retry to deliver them activities. After that period of time, we
# stop trying to deliver and we remove them from follower lists of local
# actors.
#
# TODO this probably isn't working anymore since the switch to DeliveryTheater
drop-delivery-after:
amount: 25
unit: weeks
# Base of the exponential backoff for inbox POST delivery to remote actors,
# i.e. how much time to wait before the first retry. Afterwards this time
# interval will be doubled with each retry.
retry-delivery-base:
amount: 5
unit: minutes
# How many activities to remember in the debug report list, showing latest
# activities received in local inboxes and the result of their processing.
# 'null' means disable the report page entirely.
#activity-debug-reports: 10
# List of (hosts of) other known federating instances.
#instances: []
# Maximal length we allow for Grant chains (default: 16)
max-grant-chain-length: 16
###############################################################################
# User interface
###############################################################################
# Default color scheme for syntax highlighing of code blocks inside rendered
# documents. The available styles are listed in the "Text.Pandoc.Highlighting"
# module documentation.
highlight-style: zenburn
# Color scheme to use for UI header, footer, links on pages etc., should help
# with visually identifying instances that may otherwise look very much alike.
# Any number is valid; the scheme is chosen via modulo the number of available
# schemes.
main-color: 0

3
src/Vervis/Application.hs
View file

@ -466,7 +466,7 @@ getAppSettings = do
path <- do path <- do
as <- getArgs as <- getArgs
case as of case as of
[] -> pure "state/settings.yml" [] -> pure "settings.yml"
[p] -> pure p [p] -> pure p
_ -> throwIO $ userError "Expected 1 argument, the settings filename" _ -> throwIO $ userError "Expected 1 argument, the settings filename"
loadYamlSettings [path] [] useEnv loadYamlSettings [path] [] useEnv
@ -562,6 +562,7 @@ appMain :: IO ()
appMain = do appMain = do
-- Remove in 2025 -- Remove in 2025
moveFileIfExists "config/settings.yml" "state/settings.yml" moveFileIfExists "config/settings.yml" "state/settings.yml"
moveFileIfExists "state/settings.yml" "settings.yml"
-- Get the settings from all relevant sources -- Get the settings from all relevant sources
settings <- getAppSettings settings <- getAppSettings