From b6b79d1f473bb953eb3f8efd9a848427f138a647 Mon Sep 17 00:00:00 2001 From: Gab Date: Fri, 16 Aug 2024 22:07:32 -0400 Subject: [PATCH] chore: clean up config and bump images --- .gitignore | 45 ++++++-- services/core/ddns/config.sample.json | 3 +- services/core/docker-compose.yml | 100 ++---------------- .../personal-mastodon-instance/.env.sample | 0 .../docker-compose.yml | 80 +++++++++++++- .../postgres-backup}/.keep | 0 .../postgres}/.keep | 0 .../redis-backup}/.keep | 0 .../redis}/.keep | 0 .../.env.sample | 0 .../docker-compose.yml | 98 ++++++++++++++--- .../postgres-backup}/.keep | 0 .../postgres/.keep | 0 .../redis-backup/.keep | 0 .../redis/.keep | 0 services/self-hosting-demo/.env.sample | 0 services/self-hosting-demo/docker-compose.yml | 3 +- 17 files changed, 209 insertions(+), 120 deletions(-) mode change 100644 => 100755 services/core/ddns/config.sample.json mode change 100644 => 100755 services/core/docker-compose.yml mode change 100644 => 100755 services/personal-mastodon-instance/.env.sample mode change 100644 => 100755 services/personal-mastodon-instance/docker-compose.yml rename services/{core/pgadmin => personal-mastodon-instance/postgres-backup}/.keep (100%) rename services/{core/postgres-backup => personal-mastodon-instance/postgres}/.keep (100%) rename services/{core/postgres => personal-mastodon-instance/redis-backup}/.keep (100%) rename services/{core/redis-backup => personal-mastodon-instance/redis}/.keep (100%) mode change 100644 => 100755 services/professional-mastodon-instance/.env.sample mode change 100644 => 100755 services/professional-mastodon-instance/docker-compose.yml rename services/{core/redis => professional-mastodon-instance/postgres-backup}/.keep (100%) create mode 100644 services/professional-mastodon-instance/postgres/.keep create mode 100644 services/professional-mastodon-instance/redis-backup/.keep create mode 100644 services/professional-mastodon-instance/redis/.keep mode change 100644 => 100755 services/self-hosting-demo/.env.sample mode change 100644 => 100755 services/self-hosting-demo/docker-compose.yml diff --git a/.gitignore b/.gitignore index 1687631..10c494f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ +# ---- # core +# ---- services/core/ddns/* !services/core/ddns/config.sample.json @@ -20,18 +22,45 @@ services/core/postgres/* services/core/postgres-backup/* !services/core/postgres-backup/.keep -# mastodon -services/professional-mastodon-instance/data/* +# -------------------------- +# personal mastodon instance +# -------------------------- + services/personal-mastodon-instance/data/* -# mobilizon -services/mobilizon/postgres/* -!services/mobilizon/postgres/.keep -!services/mobilizon/postgres/secrets/postgres-password.txt.sample -services/mobilizon/server/* -!services/mobilizon/server/.keep +services/personal-mastodon-instance/postgres/* +!services/personal-mastodon-instance/postgres/.keep + +services/personal-mastodon-instance/postgres-backup/* +!services/personal-mastodon-instance/postgres-backup/.keep + +services/personal-mastodon-instance/redis/* +!services/personal-mastodon-instance/redis/.keep + +services/personal-mastodon-instance/redis-backup/* +!services/personal-mastodon-instance/redis-backup/.keep + +# ------------------------------ +# professional mastodon instance +# ------------------------------ + +services/professional-mastodon-instance/data/* + +services/professional-mastodon-instance/postgres/* +!services/professional-mastodon-instance/postgres/.keep + +services/professional-mastodon-instance/postgres-backup/* +!services/professional-mastodon-instance/postgres-backup/.keep + +services/professional-mastodon-instance/redis/* +!services/professional-mastodon-instance/redis/.keep + +services/professional-mastodon-instance/redis-backup/* +!services/professional-mastodon-instance/redis-backup/.keep +# --- # env +# --- .env .env.* !.env.sample diff --git a/services/core/ddns/config.sample.json b/services/core/ddns/config.sample.json old mode 100644 new mode 100755 index c00b41a..8e48b4c --- a/services/core/ddns/config.sample.json +++ b/services/core/ddns/config.sample.json @@ -7,7 +7,8 @@ "host": "subdomain", "ttl": 1, "token": "REDACTED", - "ip_version": "ipv4" + "ip_version": "ipv4", + "proxied": true } ] } diff --git a/services/core/docker-compose.yml b/services/core/docker-compose.yml old mode 100644 new mode 100755 index 373a0bc..7a241b0 --- a/services/core/docker-compose.yml +++ b/services/core/docker-compose.yml @@ -1,8 +1,6 @@ -version: "3.8" - services: docker-socket-proxy: - image: tecnativa/docker-socket-proxy:latest + image: tecnativa/docker-socket-proxy:0.1.2 container_name: docker-socket-proxy restart: always networks: @@ -15,7 +13,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock ddns: - image: qmcgaw/ddns-updater:latest + image: qmcgaw/ddns-updater:2.6.0 container_name: ddns ports: - 8000:8000 @@ -23,101 +21,23 @@ services: - ./ddns:/updater/data restart: always - # local only for now - pgadmin: - image: dpage/pgadmin4:7.6 - container_name: pgadmin - restart: always - ports: - - 8888:80 - volumes: - # https://github.com/pgadmin-org/pgadmin4/blob/d2c3ab884450ad4dfacd8e5cb4d4b15c0bbe60f1/Dockerfile#L197 - # chown 5050:root -R ./pgadmin/data - - ./pgadmin/data:/var/lib/pgadmin - secrets: - - pgadmin-password - environment: - - PGADMIN_DEFAULT_EMAIL=gab@100terres.com - - PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin-password - - postgres: - # How to upgrade to a major version - # https://github.com/tianon/docker-postgres-upgrade - image: postgres:15.4-alpine - container_name: postgres - restart: always - healthcheck: - test: ["CMD", "pg_isready", "-U", "postgres"] - volumes: - - ./postgres/15/data:/var/lib/postgresql/data - secrets: - - postgres-password - environment: - - TZ=UTC - - PGTZ=UTC - - POSTGRES_DB=postgres - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD_FILE=/run/secrets/postgres-password - - postgres-backup: - image: tiredofit/db-backup:3.9.11 - container_name: postgres-backup - restart: always - volumes: - - ./postgres-backup/data:/backup - secrets: - - postgres-password - environment: - - CONTAINER_ENABLE_MONITORING=FALSE - - DB_TYPE=pgsql - - DB_HOST=postgres - - DB_NAME=ALL - - DB_USER=postgres - - DB_PASS_FILE=/run/secrets/postgres-password - - DB_DUMP_FREQ=180 # backup every 3 hours - - DB_CLEANUP_TIME=10080 # keep backups for a week - - CREATE_LATEST_SYMLINK=FALSE - - CHECKSUM=SHA1 - - COMPRESSION=GZ - - GZ_RSYNCABLE=TRUE - - redis: - image: redis:7.2.0-alpine - container_name: redis - restart: always - healthcheck: - test: ["CMD", "redis-cli", "ping"] - volumes: - - ./redis/data:/data - - redis-backup: - image: tiredofit/db-backup:3.9.11 - container_name: redis-backup - restart: always - volumes: - - ./redis-backup/data:/backup - environment: - - CONTAINER_ENABLE_MONITORING=FALSE - - DB_TYPE=redis - - DB_HOST=redis - - DB_DUMP_FREQ=60 # backup every hour - - DB_CLEANUP_TIME=10080 # keep backups for a week - - CREATE_LATEST_SYMLINK=FALSE - - CHECKSUM=SHA1 - - COMPRESSION=GZ - - GZ_RSYNCABLE=TRUE - traefik: - image: traefik:2.11.0 + image: traefik:3.1.2 container_name: traefik restart: always + labels: + # Whilist Cloudflare and local loopback IPs + # https://www.cloudflare.com/ips + # https://www.cloudflare.com/ips-v4 + # https://www.cloudflare.com/ips-v6 + - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32,127.0.0.1/8,::1/128,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7" networks: - default - docker-socket-proxy depends_on: - docker-socket-proxy command: - # - "--log.level=DEBUG" + # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" diff --git a/services/personal-mastodon-instance/.env.sample b/services/personal-mastodon-instance/.env.sample old mode 100644 new mode 100755 diff --git a/services/personal-mastodon-instance/docker-compose.yml b/services/personal-mastodon-instance/docker-compose.yml old mode 100644 new mode 100755 index 7de80d7..e29fe1c --- a/services/personal-mastodon-instance/docker-compose.yml +++ b/services/personal-mastodon-instance/docker-compose.yml @@ -1,8 +1,6 @@ -version: "3.8" - services: personal-mastodon-instance-web: - image: tootsuite/mastodon:v4.2.8 + image: tootsuite/mastodon:v4.2.11 container_name: personal-mastodon-instance-web restart: always env_file: .env @@ -21,7 +19,7 @@ services: - ./data/public/system:/mastodon/public/system personal-mastodon-instance-streaming: - image: tootsuite/mastodon:v4.2.8 + image: tootsuite/mastodon:v4.2.11 container_name: personal-mastodon-instance-streaming restart: always env_file: .env @@ -38,7 +36,7 @@ services: - "traefik.http.routers.personal-mastodon-instance-streaming.tls.certresolver=letsencrypt" personal-mastodon-instance-sidekiq: - image: tootsuite/mastodon:v4.2.8 + image: tootsuite/mastodon:v4.2.11 container_name: personal-mastodon-instance-sidekiq restart: always env_file: .env @@ -46,6 +44,78 @@ services: volumes: - ./data/public/system:/mastodon/public/system + personal-mastodon-instance-postgres: + # How to upgrade to a major version + # https://github.com/tianon/docker-postgres-upgrade + image: postgres:15.4-alpine + container_name: personal-mastodon-instance-postgres + restart: always + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres"] + volumes: + - ./postgres/15/data:/var/lib/postgresql/data + secrets: + - postgres-password + environment: + - TZ=UTC + - PGTZ=UTC + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres-password + + personal-mastodon-instance-postgres-backup: + image: tiredofit/db-backup:3.9.11 + container_name: personal-mastodon-instance-postgres-backup + restart: always + volumes: + - ./postgres-backup/data:/backup + secrets: + - postgres-password + environment: + - CONTAINER_ENABLE_MONITORING=FALSE + - DB_TYPE=pgsql + - DB_HOST=personal-mastodon-instance-postgres + - DB_NAME=ALL + - DB_USER=postgres + - DB_PASS_FILE=/run/secrets/postgres-password + - DB_DUMP_FREQ=180 # backup every 3 hours + - DB_CLEANUP_TIME=10080 # keep backups for a week + - CREATE_LATEST_SYMLINK=FALSE + - CHECKSUM=SHA1 + - COMPRESSION=GZ + - GZ_RSYNCABLE=TRUE + + personal-mastodon-instance-redis: + image: redis:7.2.0-alpine + container_name: personal-mastodon-instance-redis + restart: always + healthcheck: + test: ["CMD", "redis-cli", "ping"] + volumes: + - ./redis/data:/data + + personal-mastodon-instance-redis-backup: + image: tiredofit/db-backup:3.9.11 + container_name: personal-mastodon-instance-redis-backup + restart: always + volumes: + - ./redis-backup/data:/backup + environment: + - CONTAINER_ENABLE_MONITORING=FALSE + - DB_TYPE=redis + - DB_HOST=personal-mastodon-instance-redis + - DB_DUMP_FREQ=60 # backup every hour + - DB_CLEANUP_TIME=10080 # keep backups for a week + - CREATE_LATEST_SYMLINK=FALSE + - CHECKSUM=SHA1 + - COMPRESSION=GZ + - GZ_RSYNCABLE=TRUE + networks: default: name: intranet + external: true + +secrets: + postgres-password: + file: ./postgres/secrets/postgres-password.txt diff --git a/services/core/pgadmin/.keep b/services/personal-mastodon-instance/postgres-backup/.keep similarity index 100% rename from services/core/pgadmin/.keep rename to services/personal-mastodon-instance/postgres-backup/.keep diff --git a/services/core/postgres-backup/.keep b/services/personal-mastodon-instance/postgres/.keep similarity index 100% rename from services/core/postgres-backup/.keep rename to services/personal-mastodon-instance/postgres/.keep diff --git a/services/core/postgres/.keep b/services/personal-mastodon-instance/redis-backup/.keep similarity index 100% rename from services/core/postgres/.keep rename to services/personal-mastodon-instance/redis-backup/.keep diff --git a/services/core/redis-backup/.keep b/services/personal-mastodon-instance/redis/.keep similarity index 100% rename from services/core/redis-backup/.keep rename to services/personal-mastodon-instance/redis/.keep diff --git a/services/professional-mastodon-instance/.env.sample b/services/professional-mastodon-instance/.env.sample old mode 100644 new mode 100755 diff --git a/services/professional-mastodon-instance/docker-compose.yml b/services/professional-mastodon-instance/docker-compose.yml old mode 100644 new mode 100755 index 0237693..171c23a --- a/services/professional-mastodon-instance/docker-compose.yml +++ b/services/professional-mastodon-instance/docker-compose.yml @@ -1,8 +1,6 @@ -version: "3.8" - services: professional-mastodon-instance-web: - image: tootsuite/mastodon:v4.2.8 + image: tootsuite/mastodon:v4.2.11 container_name: professional-mastodon-instance-web restart: always env_file: .env @@ -21,7 +19,7 @@ services: - ./data/public/system:/mastodon/public/system professional-mastodon-instance-streaming: - image: tootsuite/mastodon:v4.2.8 + image: tootsuite/mastodon:v4.2.11 container_name: professional-mastodon-instance-streaming restart: always env_file: .env @@ -38,7 +36,7 @@ services: - "traefik.http.routers.professional-mastodon-instance-streaming.tls.certresolver=letsencrypt" professional-mastodon-instance-sidekiq: - image: tootsuite/mastodon:v4.2.8 + image: tootsuite/mastodon:v4.2.11 container_name: professional-mastodon-instance-sidekiq restart: always env_file: .env @@ -47,20 +45,92 @@ services: - ./data/public/system:/mastodon/public/system # this is temporary - mastodon-old-domain: + professional-mastodon-old-domain: image: traefik/whoami:latest - container_name: mastodon-old-domain + container_name: professional-mastodon-old-domain restart: always labels: - "traefik.enable=true" - - "traefik.http.middlewares.mastodon-old-domain-redirection.redirectregex.regex=^https?://${ALTERNATE_DOMAINS}(.*)" - - "traefik.http.middlewares.mastodon-old-domain-redirection.redirectregex.replacement=https://${WEB_DOMAIN}$${1}" - - "traefik.http.middlewares.mastodon-old-domain-redirection.redirectregex.permanent=true" - - "traefik.http.routers.mastodon-old-domain.rule=Host(`${ALTERNATE_DOMAINS}`)" - - "traefik.http.routers.mastodon-old-domain.entrypoints=websecure" - - "traefik.http.routers.mastodon-old-domain.tls.certresolver=letsencrypt" - - "traefik.http.routers.mastodon-old-domain.middlewares=mastodon-old-domain-redirection@docker" + - "traefik.http.middlewares.professional-mastodon-old-domain-redirection.redirectregex.regex=^https?://${ALTERNATE_DOMAINS}(.*)" + - "traefik.http.middlewares.professional-mastodon-old-domain-redirection.redirectregex.replacement=https://${WEB_DOMAIN}$${1}" + - "traefik.http.middlewares.professional-mastodon-old-domain-redirection.redirectregex.permanent=true" + - "traefik.http.routers.professional-mastodon-old-domain.rule=Host(`${ALTERNATE_DOMAINS}`)" + - "traefik.http.routers.professional-mastodon-old-domain.entrypoints=websecure" + - "traefik.http.routers.professional-mastodon-old-domain.tls.certresolver=letsencrypt" + - "traefik.http.routers.professional-mastodon-old-domain.middlewares=professional-mastodon-old-domain-redirection@docker" + + professional-mastodon-instance-postgres: + # How to upgrade to a major version + # https://github.com/tianon/docker-postgres-upgrade + image: postgres:15.4-alpine + container_name: professional-mastodon-instance-postgres + restart: always + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres"] + volumes: + - ./postgres/15/data:/var/lib/postgresql/data + secrets: + - postgres-password + environment: + - TZ=UTC + - PGTZ=UTC + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD_FILE=/run/secrets/postgres-password + + professional-mastodon-instance-postgres-backup: + image: tiredofit/db-backup:3.9.11 + container_name: professional-mastodon-instance-postgres-backup + restart: always + volumes: + - ./postgres-backup/data:/backup + secrets: + - postgres-password + environment: + - CONTAINER_ENABLE_MONITORING=FALSE + - DB_TYPE=pgsql + - DB_HOST=professional-mastodon-instance-postgres + - DB_NAME=ALL + - DB_USER=postgres + - DB_PASS_FILE=/run/secrets/postgres-password + - DB_DUMP_FREQ=180 # backup every 3 hours + - DB_CLEANUP_TIME=10080 # keep backups for a week + - CREATE_LATEST_SYMLINK=FALSE + - CHECKSUM=SHA1 + - COMPRESSION=GZ + - GZ_RSYNCABLE=TRUE + + professional-mastodon-instance-redis: + image: redis:7.2.0-alpine + container_name: professional-mastodon-instance-redis + restart: always + healthcheck: + test: ["CMD", "redis-cli", "ping"] + volumes: + - ./redis/data:/data + + professional-mastodon-instance-redis-backup: + image: tiredofit/db-backup:3.9.11 + container_name: professional-mastodon-instance-redis-backup + restart: always + volumes: + - ./redis-backup/data:/backup + environment: + - CONTAINER_ENABLE_MONITORING=FALSE + - DB_TYPE=redis + - DB_HOST=professional-mastodon-instance-redis + - DB_DUMP_FREQ=60 # backup every hour + - DB_CLEANUP_TIME=10080 # keep backups for a week + - CREATE_LATEST_SYMLINK=FALSE + - CHECKSUM=SHA1 + - COMPRESSION=GZ + - GZ_RSYNCABLE=TRUE networks: default: name: intranet + external: true + +secrets: + postgres-password: + file: ./postgres/secrets/postgres-password.txt diff --git a/services/core/redis/.keep b/services/professional-mastodon-instance/postgres-backup/.keep similarity index 100% rename from services/core/redis/.keep rename to services/professional-mastodon-instance/postgres-backup/.keep diff --git a/services/professional-mastodon-instance/postgres/.keep b/services/professional-mastodon-instance/postgres/.keep new file mode 100644 index 0000000..e69de29 diff --git a/services/professional-mastodon-instance/redis-backup/.keep b/services/professional-mastodon-instance/redis-backup/.keep new file mode 100644 index 0000000..e69de29 diff --git a/services/professional-mastodon-instance/redis/.keep b/services/professional-mastodon-instance/redis/.keep new file mode 100644 index 0000000..e69de29 diff --git a/services/self-hosting-demo/.env.sample b/services/self-hosting-demo/.env.sample old mode 100644 new mode 100755 diff --git a/services/self-hosting-demo/docker-compose.yml b/services/self-hosting-demo/docker-compose.yml old mode 100644 new mode 100755 index 10cddc5..3a44542 --- a/services/self-hosting-demo/docker-compose.yml +++ b/services/self-hosting-demo/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.8" - services: self-hosting-demo: image: traefik/whoami:latest @@ -23,3 +21,4 @@ services: networks: default: name: intranet + external: true