mobilizon: work with the new single docker environment, perform setup

single-dockerfile
Ubuntu 2 years ago
parent 78fb46c35d
commit da94dbd1d5
  1. 1
      Makefile
  2. 62
      mobilizon.yaml
  3. 26
      mobilizon/docker-compose.yml
  4. 24
      mobilizon/env.production
  5. 4
      mobilizon/keycloak.sh
  6. 6
      mobilizon/nginx.conf
  7. 62
      mobilizon/setup

@ -6,6 +6,7 @@ MODULES += prometheus
MODULES += mastodon MODULES += mastodon
MODULES += matrix MODULES += matrix
MODULES += nextcloud MODULES += nextcloud
MODULES += mobilizon
#MODULES += pixelfed #MODULES += pixelfed
include env.production include env.production

@ -0,0 +1,62 @@
version: "3"
services:
mobilizon:
image: framasoft/mobilizon
container_name: mobilizon
restart: always
volumes:
- ./data/mobilizon/uploads:/var/lib/mobilizon/uploads
- ./mobilizon/config.exs:/etc/mobilizon/config.exs:ro
environment:
- KEYCLOAK_HOSTNAME=${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}
- REALM=${REALM}
- MOBILIZON_INSTANCE_NAME=${MOBILIZON_HOSTNAME}.${DOMAIN_NAME}
- MOBILIZON_INSTANCE_HOST=${MOBILIZON_HOSTNAME}.${DOMAIN_NAME}
- MOBILIZON_INSTANCE_SECRET_KEY_BASE=${MOBILIZON_ADMIN_PASSWORD}
- MOBILIZON_INSTANCE_SECRET_KEY=${MOBILIZON_SESSION_SECRET}
- MOBILIZON_CLIENT_SECRET=${MOBILIZON_CLIENT_SECRET}
- MOBILIZON_INSTANCE_EMAIL=events@${DOMAIN_NAME}
- MOBILIZON_REPLY_EMAIL=noreply@${DOMAIN_NAME}
- MOBILIZON_SMTP_SERVER=${SMTP_SERVER}
- MOBILIZON_SMTP_PORT=${SMTP_PORT}
- MOBILIZON_SMTP_USERNAME=${SMTP_USER}
- MOBILIZON_SMTP_PASSWORD=${SMTP_PASSWORD}
- MOBILIZON_SMTP_SSL=true
- MOBILIZON_DATABASE_USERNAME=mobilizon
- MOBILIZON_DATABASE_PASSWORD=mobilizon
- MOBILIZON_DATABASE_DBNAME=mobilizon
- MOBILIZON_DATABASE_HOST=mobilizon-db
- MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
- MOBILIZON_INSTANCE_PORT=7000
user: root
entrypoint:
- "/bin/sh"
- "-c"
- "chmod 777 /var/lib/mobilizon/uploads && exec su -p nobody -s /bin/sh /docker-entrypoint.sh"
# ports:
# - "7000:7000"
mobilizon-db:
image: postgis/postgis:13-3.1
container_name: mobilizon-db
restart: always
volumes:
- ./data/mobilizon/db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=mobilizon
- POSTGRES_PASSWORD=mobilizon
- POSTGRES_DB=mobilizon
# add the nginx configuration into the nginx volume
nginx:
volumes:
- ./mobilizon/nginx.conf:/etc/nginx/templates/mobilizon.conf.template:ro
# add the client secrets to the keycloak-setup volume
keycloak-setup:
env_file:
- data/mobilizon/secrets
volumes:
- ./mobilizon/keycloak.sh:/keycloak-setup/mobilizon.sh:ro

@ -1,26 +0,0 @@
version: "3"
services:
mobilizon:
image: framasoft/mobilizon
restart: always
env_file:
- ../env.production
- ./env.production
- ../data/mobilizon/env.secrets
volumes:
- ../data/mobilizon/uploads:/var/lib/mobilizon/uploads
- ./config.exs:/etc/mobilizon/config.exs:ro
# - ${PWD}/GeoLite2-City.mmdb:/var/lib/mobilizon/geo_db/GeoLite2-City.mmdb
ports:
- "7000:7000"
db:
image: postgis/postgis:13-3.1
restart: always
volumes:
- ../data/mobilizon/db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=mobilizon
- POSTGRES_PASSWORD=mobilizon
- POSTGRES_DB=mobilizon

@ -1,24 +0,0 @@
# Database settings
POSTGRES_USER=mobilizon
POSTGRES_PASSWORD=changethis
POSTGRES_DB=mobilizon
MOBILIZON_DATABASE_USERNAME=mobilizon
MOBILIZON_DATABASE_PASSWORD=mobilizon
MOBILIZON_DATABASE_DBNAME=mobilizon
MOBILIZON_DATABASE_HOST=db
# Instance configuration
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
MOBILIZON_INSTANCE_PORT=7000
MOBILIZON_INSTANCE_EMAIL=noreply@mobilizon.lan
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
# Email settings
MOBILIZON_SMTP_SERVER=localhost
MOBILIZON_SMTP_PORT=25
MOBILIZON_SMTP_HOSTNAME=localhost
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
MOBILIZON_SMTP_PASSWORD=password
MOBILIZON_SMTP_SSL=false

@ -0,0 +1,4 @@
#!/bin/bash -x
# Setup the OAuth client connection
client-create mobilizon "$MOBILIZON_HOSTNAME.$DOMAIN_NAME" "$MOBILIZON_CLIENT_SECRET" </dev/null

@ -1,5 +1,5 @@
server { server {
server_name ${MOBILIZON_HOSTNAME}; server_name ${MOBILIZON_HOSTNAME} ${MOBILIZON_HOSTNAME}.${DOMAIN_NAME};
client_max_body_size 128m; client_max_body_size 128m;
sendfile on; sendfile on;
@ -14,7 +14,7 @@ server {
proxy_read_timeout 1800s; proxy_read_timeout 1800s;
location / { location / {
proxy_pass http://host.docker.internal:7000; proxy_pass http://mobilizon:7000;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -23,7 +23,7 @@ server {
# force login with OIDC # force login with OIDC
location /login { location /login {
return 302 https://${MOBILIZON_HOSTNAME}/auth/keycloak; return 302 https://${MOBILIZON_HOSTNAME}.${DOMAIN_NAME}/auth/keycloak;
} }
listen 443 ssl; listen 443 ssl;

@ -1,62 +0,0 @@
#!/bin/bash
die() { echo >&2 "mobilizon: $@" ; exit 1 ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
source ../env.production || die "no top level env?"
source env.production || die "no local env?"
source ../env.smtp 2>/dev/null
DATA="../data/mobilizon"
SECRETS="$DATA/env.secrets"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "unable to start"
exit 0
fi
docker-compose down 2>/dev/null
CLIENT_SECRET="$(openssl rand -hex 20)"
mkdir -p "$DATA/uploads"
chmod 777 "$DATA/uploads"
mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN
MOBILIZON_INSTANCE_NAME=${DOMAIN_NAME}
MOBILIZON_INSTANCE_HOST=${MOBILIZON_HOSTNAME}
MOBILIZON_INSTANCE_SECRET_KEY_BASE=$(openssl rand -hex 20)
MOBILIZON_INSTANCE_SECRET_KEY=$(openssl rand -hex 20)
MOBILIZON_CLIENT_SECRET=${CLIENT_SECRET}
EOF
if [ -n "$SMTP_SERVER" ]; then
cat <<EOF >> "$SECRETS"
MOBILIZON_INSTANCE_EMAIL=events@${DOMAIN_NAME}
MOBILIZON_REPLY_EMAIL=noreply@${DOMAIN_NAME}
MOBILIZON_SMTP_SERVER=${SMTP_SERVER}
MOBILIZON_SMTP_PORT=${SMTP_PORT}
MOBILIZON_SMTP_USERNAME=${SMTP_USER}
MOBILIZON_SMTP_PASSWORD=${SMTP_PASSWORD}
EOF
fi
../keycloak/client-delete mobilizon
../keycloak/client-create <<EOF || die "unable to create client"
{
"clientId": "mobilizon",
"rootUrl": "https://$MOBILIZON_HOSTNAME",
"adminUrl": "https://$MOBILIZON_HOSTNAME",
"redirectUris": [ "https://$MOBILIZON_HOSTNAME/*" ],
"webOrigins": [ "https://$MOBILIZON_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$CLIENT_SECRET"
}
EOF
docker-compose up -d || die "unable to start container"
Loading…
Cancel
Save