psw/rebased-podman
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

first commit for pleroma via podman

Browse source
This commit is contained in:
Paul Wilde 2022-03-16 15:21:51 +00:00
commit 3f1cb3fd6e
7 changed files with 424 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.dockerignore Normal file
View file

@ -0,0 +1,4 @@
.git
LICENSE
README.md
uploads/

43
Dockerfile Normal file
View file

@ -0,0 +1,43 @@
FROM elixir:1.11.4-alpine
ENV UID=911 GID=911 \
MIX_ENV=prod
ARG PLEROMA_VER=develop
ENV UID=911 GID=911 MIX_ENV=prod
ENV MIX_ENV=prod
RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories \
&& apk update \
&& apk add git gcc g++ musl-dev make cmake file-dev \
exiftool imagemagick libmagic ncurses postgresql-client ffmpeg
RUN addgroup -g ${GID} pleroma \
&& adduser -h /pleroma -s /bin/false -D -G pleroma -u ${UID} pleroma
ARG DATA=/var/lib/pleroma
RUN mkdir -p /etc/pleroma \
&& chown -R pleroma /etc/pleroma \
&& mkdir -p ${DATA}/uploads \
&& mkdir -p ${DATA}/static \
&& chown -R pleroma ${DATA}
USER pleroma
WORKDIR /pleroma
RUN git clone -b develop https://git.pleroma.social/pleroma/pleroma.git /pleroma \
&& git checkout ${PLEROMA_VER}
RUN echo "import Mix.Config" > config/prod.secret.exs \
&& mix local.hex --force \
&& mix local.rebar --force \
&& mix deps.get --only prod \
&& mkdir release \
&& mix release --path /pleroma
COPY ./config.exs /etc/pleroma/config.exs
EXPOSE 4000
ENTRYPOINT ["/pleroma/docker-entrypoint.sh"]

21
LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2018 Angristan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

193
README.md Normal file
View file

@ -0,0 +1,193 @@
# Pleroma
[Pleroma](https://pleroma.social/) is a federated social networking platform, compatible with GNU social and other OStatus implementations. It is free software licensed under the AGPLv3.
It actually consists of two components: a backend, named simply Pleroma, and a user-facing frontend, named Pleroma-FE.
Its main advantages are its lightness and speed.
![Pleroma](https://i.imgur.com/VftiTlR.png)
_Pleromians trying to understand the memes_
## Features
- Based on the elixir:alpine image
- Ran as an unprivileged user
- It works great
Sadly, this is not a reusable (e.g. I can't upload it to the Docker Hub), because for now Pleroma needs to compile the configuration. 😢
Thus you will need to build the image yourself, but I explain how to do it below.
## Build-time variables
- **`PLEROMA_VER`** : Pleroma version (latest commit of the [`develop` branch](https://git.pleroma.social/pleroma/pleroma) by default)
- **`GID`**: group id (default: `911`)
- **`UID`**: user id (default: `911`)
## Usage
### Installation
Create a folder for your Pleroma instance. Inside, you should have `Dockerfile` and `docker-compose.yml` from this repo.
Here is the `docker-compose.yml`. You should change the `POSTGRES_PASSWORD` variable.
```yaml
version: '2.3'
services:
postgres:
image: postgres:9.6-alpine
container_name: pleroma_postgres
restart: always
environment:
POSTGRES_USER: pleroma
POSTGRES_PASSWORD: pleroma
POSTGRES_DB: pleroma
volumes:
- ./postgres:/var/lib/postgresql/data
web:
build: .
image: pleroma
container_name: pleroma_web
restart: always
ports:
- '127.0.0.1:4000:4000'
volumes:
- ./uploads:/pleroma/uploads
depends_on:
- postgres
```
Create the upload and config folder and give write permissions for the uploads:
```sh
mkdir uploads config
chown -R 911:911 uploads
```
Pleroma needs the `citext` PostgreSQL extension, here is how to add it:
```sh
docker-compose up -d postgres
docker exec -i pleroma_postgres psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;"
docker-compose down
```
Configure Pleroma. Copy the following to `config/secret.exs`:
```exs
use Mix.Config
config :pleroma, Pleroma.Web.Endpoint,
http: [ ip: {0, 0, 0, 0}, ],
url: [host: "pleroma.domain.tld", scheme: "https", port: 443],
secret_key_base: "<use 'openssl rand -base64 48' to generate a key>"
config :pleroma, :instance,
name: "Pleroma",
email: "admin@email.tld",
limit: 5000,
registrations_open: true
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true,
base_url: "https://cache.domain.tld"
# Configure your database
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "pleroma",
database: "pleroma",
hostname: "postgres",
pool_size: 10
```
You need to change at least:
- `host`
- `secret_key_base`
- `email`
Make sure your PostgreSQL parameters are ok.
You can now build the image. 2 way of doing it:
```sh
docker-compose build
# or
docker build -t pleroma .
```
I prefer the latter because it's more verbose.
Setup the database:
```sh
docker-compose run --rm web mix ecto.migrate
```
Get your web push keys and copy them to `secret.exs`:
```
docker-compose run --rm web mix web_push.gen.keypair
```
You will need to build the image again, to pick up your updated `secret.exs` file:
```
docker-compose build
# or
docker build -t pleroma .
```
You can now launch your instance:
```sh
docker-compose up -d
```
Check if everything went well with:
```sh
docker logs -f pleroma_web
```
You can now setup a Nginx reverse proxy in a container or on your host by using the [example Nginx config](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx).
### Update
By default, the Dockerfile will be built from the latest commit of the `develop` branch as Pleroma does not have releases for now.
Thus to update, just rebuild your image and recreate your containers:
```sh
docker-compose pull # update the PostgreSQL if needed
docker-compose build .
# or
docker build -t pleroma .
docker-compose run --rm web mix ecto.migrate # migrate the database if needed
docker-compose up -d # recreate the containers if needed
```
If you want to run a specific commit, you can use the `PLEROMA_VER` variable:
```sh
docker build -t pleroma . --build-arg PLEROMA_VER=develop # a branch
docker build -t pleroma . --build-arg PLEROMA_VER=a9203ab3 # a commit
docker build -t pleroma . --build-arg PLEROMA_VER=v2.0.7 # a version
```
`a9203ab3` being the hash of the commit. (They're [here](https://git.pleroma.social/pleroma/pleroma/commits/develop))
## Other Docker images
Here are other Pleroma Docker images that helped me build mine:
- [potproject/docker-pleroma](https://github.com/potproject/docker-pleroma)
- [rysiek/docker-pleroma](https://git.pleroma.social/rysiek/docker-pleroma)
- [RX14/iscute.moe](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile)

76
config.exs Normal file
View file

@ -0,0 +1,76 @@
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443],
http: [ip: {0, 0, 0, 0}, port: 4000]
config :pleroma, :instance,
name: System.get_env("INSTANCE_NAME", "Pleroma"),
email: System.get_env("ADMIN_EMAIL"),
notify_email: System.get_env("NOTIFY_EMAIL"),
limit: 5000,
registrations_open: false,
federating: true,
healthcheck: true
config :pleroma, configurable_from_database: true
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true,
base_url: "https://example.tld"
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: System.get_env("DB_USER", "pleroma"),
password: System.fetch_env!("DB_PASS"),
database: System.get_env("DB_NAME", "pleroma"),
hostname: System.get_env("DB_HOST", "localhost"),
pool_size: 10
# Configure web push notifications
config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("NOTIFY_EMAIL")}"
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
# We can't store the secrets in this file, since this is baked into the docker image
if not File.exists?("/var/lib/pleroma/secret.exs") do
secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
{web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
secret_file =
EEx.eval_string(
"""
import Config
config :pleroma, Pleroma.Web.Endpoint,
secret_key_base: "<%= secret %>",
signing_salt: "<%= signing_salt %>"
config :web_push_encryption, :vapid_details,
public_key: "<%= web_push_public_key %>",
private_key: "<%= web_push_private_key %>"
""",
secret: secret,
signing_salt: signing_salt,
web_push_public_key: Base.url_encode64(web_push_public_key, padding: false),
web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
)
File.write("/var/lib/pleroma/secret.exs", secret_file)
end
import_config("/var/lib/pleroma/secret.exs")
# For additional user config
if File.exists?("/var/lib/pleroma/config.exs"),
do: import_config("/var/lib/pleroma/config.exs"),
else:
File.write("/var/lib/pleroma/config.exs", """
import Config
# For additional configuration outside of environmental variables
""")

29
config/secret.exs Normal file
View file

@ -0,0 +1,29 @@
use Mix.Config
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Web.Endpoint,
http: [ ip: {0, 0, 0, 0}, ],
url: [host: "example.tld", scheme: "https", port: 443],
secret_key_base: "<use 'openssl rand -base64 48' to generate a key>"
config :pleroma, :instance,
name: "Pleroma",
email: "admin@example.tld",
limit: 5000,
registrations_open: true
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true,
base_url: "https://example.tld"
# Configure your database
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "pleroma",
database: "pleroma",
hostname: "localhost",
pool_size: 10

58
podman-run.sh Executable file
View file

@ -0,0 +1,58 @@
#!/bin/bash
mkdir ./postgres
mkdir ./uploads
mkdir ./static
touch config.exs
chown -R 911:911 ./uploads
podman pod create \
--name pleroma-pod \
-p 4000:4000
podman run -d \
--name pleroma-db \
--pod pleroma-pod \
-e POSTGRES_USER=pleroma \
-e POSTGRES_PASSWORD=CHANGHEME \
-e POSTGRES_DB=pleroma \
-v ./postgres:/var/lib/postgresql/data \
postgres:12.1-alpine
if [[ $1 == "db-setup" ]]; then
podman exec -i pleroma-db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;"
exit 0
fi
runvars="pleroma:"
runmode="-d"
if [[ $1 == "build-setup" ]]; then
podman build -f Dockerfile -t pleroma:$1
runvars=$runvars$1" mix ecto.migrate"
runmode="--rm"
elif [[ $1 == "final-build" ]]; then
podman build -f Dockerfile -t pleroma:run
runvars=$runvars"run"
fi
podman run $runmode \
--name pleroma-web \
--pod pleroma-pod \
-v ./uploads:/var/lib/pleroma/uploads \
-v ./static:/var/lib/pleroma/static \
-v ./config.exs:/etc/pleroma/config.exs:ro \
-e DOMAIN=example.tld \
-e INSTANCE_NAME=Pleroma \
-e ADMIN_EMAIL=admin@example.tld \
-e NOTIFY_EMAIL=notify@example.tld \
-e DB_USER=pleroma \
-e DB_PASS=CHANGEME \
-e DB_NAME=pleroma \
-e DB_HOST=localhost \
-e POSTGRES_HOST=localhost \
$runvars
if [[ $1 == "gen-keypair" ]]; then
podman exec pleroma-web mix web_push.gen.keypair
fi