d35b26c1c2
NOTE: The docker setup is still WIP, production deployment is discouraged until you see the container image uploaded to the project's Package Registry on Codeberg
204 lines
6.9 KiB
Markdown
204 lines
6.9 KiB
Markdown
# 2024 update - docker setup
|
|
|
|
I'll update this file properly soon, but for now, instructions for deployment
|
|
using docker:
|
|
|
|
1. In `create-db.sql`, update the `vervis` DB user's password
|
|
2. Create and edit `config/settings.yml` based on
|
|
`config/settings-sample-prod.yml`, remember to set the same DB password here
|
|
3. In `docker-compose.yml`, update the database superuser password (it's the
|
|
password for the `postgres` superuser, not `vervis`)
|
|
4. Create initial state: `./prepare-state.sh`
|
|
5. Ready for launch! `docker-compose up -d`
|
|
|
|
---
|
|
|
|
Vervis is still in early development and the build process gets updates once in
|
|
a while, but this file tries to keep up and list the latest instructions for
|
|
running a Vervis instance.
|
|
|
|
At the time of writing, you can get a running Vervis instance if you follow the
|
|
steps below.
|
|
|
|
UPDATE: There is a binary build you can use instead of building from source. It
|
|
can be found [here](https://box.angeley.es/nextcloud/s/oWHmQDtWTAfPR4Z). If you
|
|
use it, verify the download using `sha256sum` and `gpg`, make sure the settings
|
|
in your `config/settings.yml` (see below) match the downloaded file paths, and run the
|
|
web app using `./bin/vervis` and not `stack run`. This may be confusing;
|
|
hopefully I'll make a nicer binary release soon :)
|
|
|
|
2022 UPDATE: The binary release is unavailable right now. But a docker image is
|
|
being prepared. More news soon.
|
|
|
|
2024 UPDATE: For production hosting and deployment with Docker, use the
|
|
`Dockerfile` and `docker-compose.yml` files in this repo's root directory.
|
|
|
|
# (1) System libraries
|
|
|
|
Install dependency library development packages. It's very likely you already
|
|
have them all installed, and if you're missing some, the build process will
|
|
inform you. But it's still nice to have a list here. The list below isn't a
|
|
complete list, it's just libraries that people have found missing while
|
|
building, and let me know.
|
|
|
|
- libgmp
|
|
- libpcre
|
|
- ZLib
|
|
- libssl
|
|
- PostgreSQL client library
|
|
|
|
On Debian based distros, installation can be done like this:
|
|
|
|
$ sudo apt install libpq-dev zlib1g-dev libssl-dev libpcre3-dev libgmp-dev
|
|
|
|
# (2) Haskell development tools
|
|
|
|
Go to the [GHCup website](https://www.haskell.org/ghcup) and follow the
|
|
instructions.
|
|
|
|
$ curl --proto '=https' --tlsv1.2 -sSf https://get-ghcup.haskell.org | sh
|
|
|
|
# (3) Version control systems Darcs and Git
|
|
|
|
Install Darcs and Git. You can grab them from your distro, e.g.:
|
|
|
|
$ sudo apt install darcs git
|
|
|
|
# (4) The Vervis source code
|
|
|
|
Clone the Vervis repo:
|
|
|
|
$ git clone https://vervis.peers.community/repos/rjQ3E vervis
|
|
$ cd vervis
|
|
|
|
Clone dependency libraries:
|
|
|
|
$ ./update-deps.sh
|
|
|
|
# (5) Database
|
|
|
|
Install PostgreSQL. You'll need the server and the client library development
|
|
files. Note that PostgreSQL needs to be at least version 9.5.
|
|
|
|
$ sudo apt install postgresql libpq-dev
|
|
|
|
Switch to `postgres` system user:
|
|
|
|
$ sudo su - postgres
|
|
|
|
Create a PostgreSQL user.
|
|
|
|
With password:
|
|
|
|
$ createuser --no-createdb --no-createrole --no-superuser --encrypted --pwprompt vervis
|
|
|
|
No password (if you run Vervis as a user by the same name as the DB user):
|
|
|
|
$ createuser --no-createdb --no-createrole --no-superuser vervis
|
|
|
|
Create a PostgreSQL database:
|
|
|
|
$ createdb --encoding=UTF8 --owner=vervis vervis
|
|
|
|
# (6) Build Vervis
|
|
|
|
If you're building for a production deployment, set the `dev` flag to false in
|
|
`stack.yaml`:
|
|
|
|
flags:
|
|
vervis:
|
|
dev: false
|
|
|
|
Build. This will also automatically install the GHC Haskell compiler.
|
|
|
|
$ mkdir static
|
|
$ stack build
|
|
|
|
# (7) Configuration
|
|
|
|
Create a directory to hold mutable application state:
|
|
|
|
$ mkdir state
|
|
|
|
Generate a new SSH key with a blank password:
|
|
|
|
$ ssh-keygen -t rsa -m PEM -f state/ssh-host-key
|
|
|
|
Update the settings to specify correct database connection details and other
|
|
settings.
|
|
|
|
# Pick the right settings-sample-* file
|
|
$ cp config/settings-sample-dev.yaml config/settings.yml
|
|
$ vim config/settings.yml
|
|
|
|
Create a directory that will keep all the VCS repositories hosted by Vervis.
|
|
|
|
$ mkdir state/repos
|
|
|
|
Create a directory that will keep remote delivery state.
|
|
|
|
$ mkdir state/delivery-states
|
|
|
|
# (8) Development and deployment
|
|
|
|
To update your local clone of Vervis, run:
|
|
|
|
$ git pull
|
|
$ ./update-deps.sh
|
|
$ stack build
|
|
|
|
For convenience, at least on actual deployments, you may wish to run the Vervis
|
|
SSH server on port 22, so that people don't have to specify a custom port. For
|
|
that to work, the user that runs the Vervis server needs to get permission to
|
|
bind to ports below 1024. There are several ways to do that. One of them is to
|
|
use file capabilities to give the Vervis executable the permission to bind to
|
|
such ports (if you prefer not to trust the code, try one of the other methods,
|
|
such as sudo):
|
|
|
|
$ sudo setcap CAP_NET_BIND_SERVICE=+ep `stack exec which vervis`
|
|
|
|
Vervis uses various key files for cryptography and other data generation, and
|
|
once these key files are created, they shouldn't change. For some of them, it's
|
|
*critical* they don't change, because some usage or interpretation of data in
|
|
the PostgreSQL database depends on them. For this reason, by default, key file
|
|
loading happens as follows: When Vervis runs for the first time (this is
|
|
checked by detecting that the database is empty, no tables), it generates and
|
|
writes key files, and it's an error if any of them already exist. Otherwise, on
|
|
the next time(s) Vervis runs, it requires all key files to exist, and an error
|
|
is raised if any are missing.
|
|
|
|
If you're running Vervis for the first time, i.e. the database is still empty,
|
|
and for some reason you'd like Vervis to load some existing key files, while
|
|
generating the rest, run this:
|
|
|
|
$ touch _keyfile_import_existing
|
|
|
|
Run.
|
|
|
|
$ stack run -- config/settings.yml
|
|
|
|
By default, Vervis is configured with User Registration disabled. This is to
|
|
prevent any automatic spambot registration for bots that may be monitoring the
|
|
Federated Network. In order to enable user registration on your instance,
|
|
change "registration: false" to "registration: "true" in the config/
|
|
settings.yml file. Also, the maximum # of accounts is limited to 3. You
|
|
can increase/decrease this setting to change the maximum. If you do not wish
|
|
to have a limit, you can comment out this line entirely.
|
|
|
|
When you update Vervis to a newer version, it's possible the software now uses
|
|
some new key files, and Vervis will raise an error about those key files
|
|
missing in the filesystem. You can ask Vervis to generate missing files, and
|
|
load the rest as usual:
|
|
|
|
$ touch _keyfile_write_missing
|
|
$ stack run
|
|
|
|
Browse to `http://localhost:3000` and have fun!
|
|
|
|
`yesod devel` is another way to run the application, useful for rapid
|
|
development, but I haven't been using it and I'm not sure it works, possibly I
|
|
broke something along the way. But feel free to try!
|
|
|
|
I have a little script for deploying Vervis on my server. I just haven't
|
|
published it yet and haven't explained how it works. If you're interested, ask
|
|
me about it, and it will motivate me to write about it sooner :)
|