From 496debd6f3ca27109e9fd57f4149e693bfbd6dd5 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Mon, 1 Feb 2021 14:57:58 +0100 Subject: [PATCH] Change everything for releases Signed-off-by: Thomas Citharel --- .dockerignore | 1 + .gitignore | 1 - .gitlab-ci.yml | 3 +- config/config.exs | 22 +------ {docker/production => config}/releases.exs | 21 +++++-- config/test.exs | 18 ++++++ docker/production/Dockerfile | 20 ++++++- docker/tests/Dockerfile | 2 +- lib/config_provider.ex | 34 +++++++++++ lib/mix/tasks/mobilizon/instance.ex | 67 ++++++++++++++++------ lib/mobilizon/storage/repo.ex | 2 +- mix.exs | 3 +- priv/templates/config.template.eex | 1 + 13 files changed, 143 insertions(+), 52 deletions(-) rename {docker/production => config}/releases.exs (78%) create mode 100644 lib/config_provider.ex diff --git a/.dockerignore b/.dockerignore index 5d13bb1cc..bf9782836 100644 --- a/.dockerignore +++ b/.dockerignore @@ -17,3 +17,4 @@ SECURITY.md ssh_match_hostname support .js/package-lock.json +js/node_modules \ No newline at end of file diff --git a/.gitignore b/.gitignore index e8659535c..845929f4a 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,6 @@ erl_crash.dump # secrets files as long as you replace their contents by environment # variables. /config/*.secret.exs -/config/releases.exs /setup_db.psql diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 79f02f5cf..908dc0e78 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -183,7 +183,7 @@ pages: - mkdir -p /kaniko/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > /kaniko/.docker/config.json script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG build-docker-master: <<: *docker @@ -210,7 +210,6 @@ package-app: script: - mix local.hex --force - mix local.rebar --force - - cp docker/production/releases.exs ./config/ - mix deps.get - mix phx.digest - mix release diff --git a/config/config.exs b/config/config.exs index 0e753668a..7de920e5b 100644 --- a/config/config.exs +++ b/config/config.exs @@ -8,7 +8,7 @@ import Config # General application configuration config :mobilizon, ecto_repos: [Mobilizon.Storage.Repo], - env: Mix.env() + env: config_env() config :mobilizon, Mobilizon.Storage.Repo, types: Mobilizon.Storage.PostgresTypes @@ -142,24 +142,6 @@ config :ueberauth, config :mobilizon, :auth, oauth_consumer_strategies: [] -config :mobilizon, :ldap, - enabled: System.get_env("LDAP_ENABLED") == "true", - host: System.get_env("LDAP_HOST") || "localhost", - port: String.to_integer(System.get_env("LDAP_PORT") || "389"), - ssl: System.get_env("LDAP_SSL") == "true", - sslopts: [], - tls: System.get_env("LDAP_TLS") == "true", - tlsopts: [], - base: System.get_env("LDAP_BASE") || "dc=example,dc=com", - uid: System.get_env("LDAP_UID") || "cn", - require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"), - # The full CN to filter by `memberOf`, or `false` if disabled - group: false, - # Either the admin UID matching the field in `uid`, - # Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local} - bind_uid: System.get_env("LDAP_BIND_UID"), - bind_password: System.get_env("LDAP_BIND_PASSWORD") - config :geolix, databases: [ %{ @@ -313,4 +295,4 @@ config :mobilizon, :external_resource_providers, %{ # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. -import_config "#{Mix.env()}.exs" +import_config "#{config_env()}.exs" diff --git a/docker/production/releases.exs b/config/releases.exs similarity index 78% rename from docker/production/releases.exs rename to config/releases.exs index b4cd218c2..5e7dc5b1a 100644 --- a/docker/production/releases.exs +++ b/config/releases.exs @@ -3,10 +3,10 @@ import Config config :mobilizon, Mobilizon.Web.Endpoint, - server: true, - url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")], - http: [port: System.get_env("MOBILIZON_INSTANCE_PORT", "4000")], - secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "changethis") + server: true, + url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")], + http: [port: System.get_env("MOBILIZON_INSTANCE_PORT", "4000")], + secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "changethis") config :mobilizon, Mobilizon.Web.Auth.Guardian, secret_key: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY", "changethis") @@ -22,11 +22,9 @@ config :mobilizon, :instance, email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"), email_reply_to: System.get_env("MOBILIZON_REPLY_EMAIL", "noreply@mobilizon.lan") - config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: System.get_env("MOBILIZON_UPLOADS", "/app/uploads") - config :mobilizon, Mobilizon.Storage.Repo, adapter: Ecto.Adapters.Postgres, username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"), @@ -49,3 +47,14 @@ config :mobilizon, Mobilizon.Web.Email.Mailer, retries: 1, no_mx_lookups: false, auth: :if_available + +config :geolix, + databases: [ + %{ + id: :city, + adapter: Geolix.Adapter.MMDB2, + source: "/var/lib/mobilizon/geo_db/GeoLite2-City.mmdb" + } + ] + +config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: "/var/lib/mobilizon/uploads" diff --git a/config/test.exs b/config/test.exs index 28d61d351..4f024d17c 100644 --- a/config/test.exs +++ b/config/test.exs @@ -36,6 +36,24 @@ config :mobilizon, Mobilizon.Storage.Repo, port: System.get_env("MOBILIZON_DATABASE_PORT") || "5432", pool: Ecto.Adapters.SQL.Sandbox +config :mobilizon, :ldap, + enabled: System.get_env("LDAP_ENABLED") == "true", + host: System.get_env("LDAP_HOST") || "localhost", + port: String.to_integer(System.get_env("LDAP_PORT") || "389"), + ssl: System.get_env("LDAP_SSL") == "true", + sslopts: [], + tls: System.get_env("LDAP_TLS") == "true", + tlsopts: [], + base: System.get_env("LDAP_BASE") || "dc=example,dc=com", + uid: System.get_env("LDAP_UID") || "cn", + require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"), + # The full CN to filter by `memberOf`, or `false` if disabled + group: false, + # Either the admin UID matching the field in `uid`, + # Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local} + bind_uid: System.get_env("LDAP_BIND_UID"), + bind_password: System.get_env("LDAP_BIND_PASSWORD") + config :mobilizon, Mobilizon.Web.Email.Mailer, adapter: Bamboo.TestAdapter config :mobilizon, Mobilizon.Web.Upload, filters: [], link_name: false diff --git a/docker/production/Dockerfile b/docker/production/Dockerfile index b8b9c2574..e0904d22e 100644 --- a/docker/production/Dockerfile +++ b/docker/production/Dockerfile @@ -20,9 +20,8 @@ RUN mix local.hex --force \ COPY lib ./lib COPY priv ./priv -COPY config ./config +COPY config/config.exs config/prod.exs config/releases.exs ./config/ COPY rel ./rel -COPY docker/production/releases.exs ./config/ COPY --from=assets ./priv/static ./priv/static RUN mix phx.digest \ @@ -31,13 +30,30 @@ RUN mix phx.digest \ # Finally setup the app FROM alpine +ARG BUILD_DATE +ARG VCS_REF +ARG CI_COMMIT_TAG +ARG MOBILIZON_VERSION=${CI_COMMIT_TAG} + +LABEL org.opencontainers.image.title="mobilizon" \ + org.opencontainers.image.description="Mobilizon for Docker" \ + org.opencontainers.image.vendor="joinmobilizon.org" \ + org.opencontainers.image.documentation="https://docs.joinmobilizon.org" \ + org.opencontainers.image.licenses="AGPL-3.0" \ + org.opencontainers.image.url="https://joinmobilizon.org" \ + org.opencontainers.image.revision=$VCS_REF \ + org.opencontainers.image.created=$BUILD_DATE + RUN apk add --no-cache openssl ncurses-libs file postgresql-client RUN mkdir -p /app/uploads && chown nobody:nobody /app/uploads +RUN mkdir -p /etc/mobilizon && chown nobody:nobody /etc/mobilizon USER nobody EXPOSE 4000 +ENV MOBILIZON_DOCKER=true + COPY --from=builder --chown=nobody:nobody _build/prod/rel/mobilizon ./ COPY docker/production/docker-entrypoint.sh ./ diff --git a/docker/tests/Dockerfile b/docker/tests/Dockerfile index 1ed045939..e5a92bba8 100644 --- a/docker/tests/Dockerfile +++ b/docker/tests/Dockerfile @@ -1,7 +1,7 @@ FROM elixir:latest LABEL maintainer="Thomas Citharel " -ENV REFRESHED_AT=2020-10-22 +ENV REFRESHED_AT=2021-02-01 RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool RUN curl -sL https://deb.nodesource.com/setup_12.x | bash && apt-get install nodejs -yq RUN npm install -g yarn wait-on diff --git a/lib/config_provider.ex b/lib/config_provider.ex new file mode 100644 index 000000000..6b393f23a --- /dev/null +++ b/lib/config_provider.ex @@ -0,0 +1,34 @@ +defmodule Mobilizon.ConfigProvider do + @moduledoc """ + Module to provide configuration from a custom file + """ + @behaviour Config.Provider + + def init(path) when is_binary(path), do: path + + def load(config, path) do + config_path = System.get_env("MOBILIZON_CONFIG_PATH") || path + + cond do + File.exists?(config_path) -> + runtime_config = Config.Reader.read!(config_path) + + Config.Reader.merge(config, runtime_config) + + is_nil(System.get_env("MOBILIZON_DOCKER")) -> + warning = [ + IO.ANSI.red(), + IO.ANSI.bright(), + "!!! #{config_path} not found! Please ensure it exists and that MOBILIZON_CONFIG_PATH is unset or points to an existing file", + IO.ANSI.reset() + ] + + IO.puts(warning) + config + + true -> + IO.puts("No runtime config file found, but using environment variables for Docker") + config + end + end +end diff --git a/lib/mix/tasks/mobilizon/instance.ex b/lib/mix/tasks/mobilizon/instance.ex index 7cb4da48d..4055a24cd 100644 --- a/lib/mix/tasks/mobilizon/instance.ex +++ b/lib/mix/tasks/mobilizon/instance.ex @@ -61,7 +61,7 @@ defmodule Mix.Tasks.Mobilizon.Instance do paths = [config_path, psql_path] = [ - Keyword.get(options, :output, "config/prod.secret.exs"), + Keyword.get(options, :output, "config/runtime.exs"), Keyword.get(options, :output_psql, "setup_db.psql") ] @@ -146,7 +146,6 @@ defmodule Mix.Tasks.Mobilizon.Instance do database_port: Keyword.get(options, :dbport, 5432), database_username: dbuser, database_password: dbpass, - version: Mobilizon.Mixfile.project() |> Keyword.get(:version), instance_secret: instance_secret, auth_secret: auth_secret, listen_port: listen_port @@ -160,22 +159,22 @@ defmodule Mix.Tasks.Mobilizon.Instance do database_password: dbpass ) - shell_info("Writing config to #{config_path}.") - - File.write(config_path, result_config) - shell_info("Writing #{psql_path}.") - File.write(psql_path, result_psql) - - shell_info( - "\n" <> - """ - To get started: - 1. Check the contents of the generated files. - 2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)} && rm #{ - escape_sh_path(psql_path) - }`. - """ - ) + with :ok <- write_config(config_path, result_config), + :ok <- write_psql(psql_path, result_psql) do + shell_info( + "\n" <> + """ + To get started: + 1. Check the contents of the generated files. + 2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)} && rm #{ + escape_sh_path(psql_path) + }`. + """ + ) + else + {:error, err} -> exit(err) + _ -> exit(:unknown_error) + end else shell_error( "The task would have overwritten the following files:\n" <> @@ -184,4 +183,36 @@ defmodule Mix.Tasks.Mobilizon.Instance do ) end end + + defp write_config(config_path, result_config) do + shell_info("Writing config to #{config_path}.") + + case File.write(config_path, result_config) do + :ok -> + :ok + + {:error, err} -> + shell_error( + "\nERROR: Unable to write config file to #{config_path}. Make sure you have permissions on the destination.\n" + ) + + {:error, err} + end + end + + defp write_psql(psql_path, result_psql) do + shell_info("Writing #{psql_path}.") + + case File.write(psql_path, result_psql) do + :ok -> + :ok + + {:error, err} -> + shell_error( + "\nERROR: Unable to write psql file to #{psql_path}. Make sure you have permissions on the destination.\n" + ) + + {:error, err} + end + end end diff --git a/lib/mobilizon/storage/repo.ex b/lib/mobilizon/storage/repo.ex index 8cdde1a45..3b209a3cc 100644 --- a/lib/mobilizon/storage/repo.ex +++ b/lib/mobilizon/storage/repo.ex @@ -11,6 +11,6 @@ defmodule Mobilizon.Storage.Repo do Dynamically loads the repository url from the DATABASE_URL environment variable. """ def init(_, opts) do - {:ok, Keyword.put(opts, :url, System.get_env("DATABASE_URL"))} + {:ok, opts} end end diff --git a/mix.exs b/mix.exs index dc4154216..e8cf448d0 100644 --- a/mix.exs +++ b/mix.exs @@ -31,7 +31,8 @@ defmodule Mobilizon.Mixfile do docs: docs(), releases: [ mobilizon: [ - applications: [eldap: :transient] + applications: [eldap: :transient], + config_providers: [{Mobilizon.ConfigProvider, "/etc/mobilizon/config.exs"}] ] ] ] diff --git a/priv/templates/config.template.eex b/priv/templates/config.template.eex index 710c63875..f0cc0e680 100644 --- a/priv/templates/config.template.eex +++ b/priv/templates/config.template.eex @@ -3,6 +3,7 @@ import Config config :mobilizon, Mobilizon.Web.Endpoint, + server: true, url: [host: "<%= instance_domain %>"], http: [port: <%= listen_port %>], secret_key_base: "<%= instance_secret %>"