Add dockerfile and compose for production

.gitlab-ci.yml

@@ -1,123 +0,0 @@
-image: tcitworld/mobilizon-ci
-
-stages:
-  - check
-  - test
-  - deploy
-
-variables:
-  MIX_ENV: "test"
-  # DB Variables for Postgres / Postgis
-  POSTGRES_DB: mobilizon_test
-  POSTGRES_USER: postgres
-  POSTGRES_PASSWORD: ""
-  POSTGRES_HOST: postgres
-  # DB Variables for Mobilizon
-  MOBILIZON_DATABASE_USERNAME: $POSTGRES_USER
-  MOBILIZON_DATABASE_PASSWORD: $POSTGRES_PASSWORD
-  MOBILIZON_DATABASE_DBNAME: $POSTGRES_DB
-  MOBILIZON_DATABASE_HOST: $POSTGRES_HOST
-  GEOLITE_CITIES_PATH: "/usr/share/GeoIP/GeoLite2-City.mmdb"
-  MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: "true"
-
-cache:
-  key: ${CI_COMMIT_REF_SLUG}
-  paths:
-    - ~/.cache/Cypress
-    - _build/
-    - deps/
-    - js/node_modules
-    - cache/Cypress
-
-lint:
-  stage: check
-  script:
-    - export EXITVALUE=0
-    - mix deps.get
-    - mix credo --strict -a || export EXITVALUE=1
-    - mix format --check-formatted --dry-run || export EXITVALUE=1
-    - cd js
-    - yarn install
-    #- yarn run lint || export EXITVALUE=1
-    - yarn run prettier --ignore-path="src/i18n/*" -c . || export EXITVALUE=1
-    - yarn run build
-    - cd ../
-    - exit $EXITVALUE
-  artifacts:
-    expire_in: 1 day
-    when: on_success
-    paths:
-      - priv/static
-
-deps:
-  stage: check
-  script:
-    - export EXITVALUE=0
-    - mix deps.get
-    - mix hex.outdated || export EXITVALUE=1
-    - cd js
-    - yarn outdated || export EXITVALUE=1
-    - exit $EXITVALUE
-  allow_failure: true
-
-exunit:
-  stage: test
-  services:
-    - name: mdillon/postgis:11
-      alias: postgres
-  before_script:
-    - cd js
-    - yarn install
-    - yarn run build
-    - cd ../
-    - mix deps.get
-    - MIX_ENV=test mix ecto.create
-    - MIX_ENV=test mix ecto.migrate
-  dependencies:
-    - lint
-  script:
-    - mix coveralls
-# cypress:
-#   stage: test
-#   services:
-#     - name: mdillon/postgis:11
-#       alias: postgres
-#   script:
-#     - mix deps.get
-#     - cd js
-#     - yarn install
-#     - npx cypress install # just to be sure
-#     - yarn run build
-#     - cd ../
-#     - MIX_ENV=e2e mix ecto.create
-#     - MIX_ENV=e2e mix ecto.migrate
-#     - MIX_ENV=e2e mix run priv/repo/e2e.seed.exs
-#     - MIX_ENV=e2e mix phx.server &
-#     - cd js
-#     - npx wait-on http://localhost:4000
-#     - if [ -z "$CYPRESS_KEY" ]; then npx cypress run; else npx cypress run --record --parallel --key $CYPRESS_KEY; fi
-#   artifacts:
-#     expire_in: 2 day
-#     paths:
-#       - js/tests/e2e/screenshots/**/*.png
-#       - js/tests/e2e/videos/**/*.mp4
-
-# pages:
-#   stage: deploy
-#   script:
-#     # - mkdir public
-#     # Mobilizon documentation is now on https://framagit.org/framasoft/joinmobilizon/documentation
-#     # Mix docs disabled because of https://github.com/elixir-lang/ex_doc/issues/1172
-#     # - mix deps.get
-#     # - mix docs
-#     # - mv doc public/backend
-#     #- cd js
-#     #- yarn install
-#     #- yarn run styleguide:build
-#     #- mv styleguide ../public/frontend
-#   only:
-#     - master
-#   artifacts:
-#     expire_in: 1 hour
-#     paths:
-#       - public

Dockerfile

@@ -1,10 +0,0 @@
-FROM bitwalker/alpine-elixir:latest
-
-RUN apk add inotify-tools postgresql-client yarn file
-RUN apk add --no-cache make gcc libc-dev argon2 imagemagick
-
-RUN mix local.hex --force && mix local.rebar --force
-
-WORKDIR /app
-
-EXPOSE 4000

Dockerfile

@@ -0,0 +1 @@
+./docker/production/Dockerfile

docker/production/Dockerfile

@@ -0,0 +1,62 @@
+FROM elixir:slim
+
+# Install dependencies, NodeJS, YARN & clean apt
+RUN apt update \
+ && apt -y dist-upgrade \
+ && apt -y install build-essential \
+  curl \
+  wget \
+  unzip \
+  vim \
+  openssl \
+  git \
+  cmake \
+  imagemagick \
+  webp \
+  gifsicle \
+  jpegoptim \
+  optipng  \
+  pngquant \
+  postgresql-client \
+ && curl -sL https://deb.nodesource.com/setup_12.x | bash - \
+ && apt -y install nodejs \
+ && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+ && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
+ && apt -y update && apt -y install yarn \
+ && apt -y clean \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Add mobilizon user
+RUN groupadd -r mobilizon \
+    && useradd -r -g mobilizon -m mobilizon
+
+USER mobilizon
+
+# ENV
+ENV MIX_ENV=prod
+
+# PORT
+EXPOSE 4000
+
+# Copy repo
+COPY . /app
+WORKDIR /app
+
+# Compile dependencies, Mobilizon and build front-end
+RUN mix local.hex --force && mix local.rebar --force \
+ && HEX_HTTP_CONCURRENCY=4 HEX_HTTP_TIMEOUT=60 mix do deps.get, compile \
+ && cd js && NODE_BUILD_MEMORY=2024 yarn install && NODE_BUILD_MEMORY=2024 yarn run build \
+ # free space
+ && rm -rf js doc deps docs support \
+ && rm -rf /home/mobilizon/.cache/* \
+ # copy config secret env based file
+ && cp docker/production/prod.secret config/ \
+ # set start script mod
+ && chmod +x /app/docker/production/start.sh
+
+CMD /app/docker/production/start.sh
+
+## start.sh:
+# !/bin/bash
+# mix ecto.migrate
+# mix phx.server

docker/production/README.md

@@ -0,0 +1,50 @@
+# Build and deploy Mobilizon with docker
+
+You will need to :
+- build the image
+- adapte env file
+- run docker-compose
+
+## Build the image
+
+    docker build -t mymobilizon -f docker/prod/Dockerfile .
+
+## Adapt env file
+
+    cp env .env
+
+- Edit .env content with your params.
+- Edit docker-compose file with your params (environment section for mobilizon & posgres).
+
+You can generate `MOBILIZON_INSTANCE_SECRET_KEY_BASE` and `MOBILIZON_INSTANCE_SECRET_KEY` with:
+
+    gpg --gen-random --armor 1 50
+
+## run docker-compose
+
+    docker-compose -f docker-compose-simple.yml up
+    # set user for volumes
+    sudo chown 999:999 db public wal public/upload
+    # in another shell
+    docker-compose -f docker-compose-simple.yml exec -u 0 mobilizon bash
+    su - mobilizon
+    # backup secret
+    mv config/prod.secret.exs config/prod.secret.exs.env
+    # run config generation
+    MIX_ENV=prod mix mobilizon.instance gen -f
+    # reply anything (not used after) except for :
+    # - What is the name of your database? [mobilizon_prod]
+    # - What is the user used to connect to your database? [mobilizon] 
+    # - What is the password used to connect to your database? [autogenerated]
+    # get secret env based bak
+    mv config/prod.secret.exs.env config/prod.secret.exs 
+    # run the db init script as root
+    exit
+    psql -U postgres -p 5432 -h postgres -f setup_db.psql
+    # delete db init sript
+    rm setup_db.psql
+    # create an admin with mobilizon user
+    su - mobilizon
+    cd /app
+    MIX_ENV=prod mix mobilizon.users.new pascoual@tedomum.fr --password mobilizon
+    # exit with ctrl+d (twice times)

docker/production/docker-compose.yml

@@ -0,0 +1,44 @@
+version: "2.1"
+
+services:
+  mobilizon:
+    image: mobilizon
+    environment:
+      - MOBILIZON_INSTANCE_NAME="My Mobilizon Instance"
+      - MOBILIZON_INSTANCE_HOST=mobilizon.lan
+      - MOBILIZON_INSTANCE_EMAIL=noreply@mobilizon.lan
+      - MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
+      - MOBILIZON_DATABASE_USERNAME
+      - MOBILIZON_DATABASE_PASSWORD
+      - MOBILIZON_DATABASE_DBNAME=mobilizon_prod
+      - MOBILIZON_DATABASE_HOST=postgres
+      - MOBILIZON_INSTANCE_SECRET_KEY_BASE
+      - MOBILIZON_INSTANCE_SECRET_KEY
+      - MOBILIZON_ADMIN_EMAIL=your@email.com
+      - MOBILIZON_SMPT_SERVER=yoursmtpserver
+      - MOBILIZON_SMPT_MOBILIZON_SMPT_HOSTNAME=your.smtp.domain
+      - MOBILIZON_SMPT_PORT=25
+      - MOBILIZON_SMPT_USERNAME
+      - MOBILIZON_SMPT_PASSWORD
+      - MOBILIZON_SMPT_SSL=false
+    volumes:
+      - ./public/upload:/app/upload
+    ports:
+     - "4000:4000"
+    depends_on:
+      - postgres
+
+  postgres:
+    image: postgis/postgis
+    volumes:
+      - ./db:/var/lib/postgresql/data
+      - ./wal:/wal
+      - ./postgresql.conf:/var/lib/postgresql/data/postgresql.conf
+    environment:
+      - POSTGRES_PASSWORD
+      - PGDATA=/var/lib/postgresql/data/pgdata
+
+networks:
+  default:
+    ipam:
+      driver: default

docker/production/env

@@ -0,0 +1,10 @@
+# You need to:
+# cp env .env
+# edite .env with your settings
+MOBILIZON_DATABASE_PASSWORD=postgres
+MOBILIZON_DATABASE_USERNAME=postgres
+MOBILIZON_INSTANCE_SECRET_KEY_BASE=MmU1NWQyYWQtM2MzZC00ZTU5LTg0MmItMmY5NDZlMmNhNmEwCg
+MOBILIZON_INSTANCE_SECRET_KEY=NjJhMGU5MDctZGNkOC00NGM0LWI5OWItZDEyY2FkNjRlODYyCg
+MOBILIZON_SMPT_USERNAME=username
+MOBILIZON_SMPT_PASSWORD=password
+POSTGRES_PASSWORD=postgres

docker/production/prod.secret.exs

@@ -0,0 +1,49 @@
+# Mobilizon instance configuration
+
+import Config
+
+config :mobilizon, Mobilizon.Web.Endpoint,
+   url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")],
+   http: [port: 4000],
+   secret_key_base: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY_BASE", "ZcvexeC7cnwtKR8ADMBDwrYu2aYHUyjrOu4yA181Z112HNu/I5jyRleo4hoxOMqQ")
+
+config :mobilizon, Mobilizon.Web.Auth.Guardian,
+  secret_key: System.get_env("MOBILIZON_INSTANCE_SECRET_KEY", "KsdUIvp6hQ7b97yxUZcDQyGH0g4LS3fF0OvIsIATpkKzd1MDvSS4KexWXsjXeMQZ")
+
+config :mobilizon, :instance,
+  name: System.get_env("MOBILIZON_INSTANCE_NAME", "Mobilizon"),
+  description: "Change this to a proper description of your instance",
+  hostname: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan"),
+  registrations_open: System.get_env("MOBILIZON_INSTANCE_REGISTRATIONS_OPEN", "false"),
+  demo: false,
+  allow_relay: true,
+  federating: true,
+  email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"),
+  email_reply_to: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan")
+
+config :mobilizon, Mobilizon.Storage.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"),
+  password: System.get_env("MOBILIZON_DATABASE_PASSWORD", "password"),
+  database: System.get_env("MOBILIZON_DATABASE_DBNAME", "mobilizon"),
+  hostname: System.get_env("MOBILIZON_DATABASE_HOST", "postgres"),
+  port: "5432",
+  pool_size: 10
+
+config :mobilizon, Mobilizon.Web.Email.Mailer,
+  adapter: Bamboo.SMTPAdapter,
+  server: System.get_env("MOBILIZON_SMPT_SERVER", "localhost"),
+  hostname: System.get_env("MOBILIZON_SMPT_HOSTNAME", "localhost"),
+  port: System.get_env("MOBILIZON_SMPT_PORT", "25"),
+  username: System.get_env("MOBILIZON_SMPT_USERNAME", nil),
+  password: System.get_env("MOBILIZON_SMPT_PASSWORD", nil),
+  # can be `:always` or `:never`
+  tls: :if_available,
+  allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"],
+  # can be `true`
+  ssl: System.get_env("MOBILIZON_SMPT_SSL", "false"),
+  retries: 1,
+  # can be `true`
+  no_mx_lookups: false,
+  # can be `:always`. If your smtp relay requires authentication set it to `:always`.
+  auth: :if_available

docker/production/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+mix ecto.migrate
+mix phx.server