Reorganized for new stable/waypoint versioning design.

loomio/versions/3/README.md

@@ -0,0 +1,34 @@
+# Loomio
+
+Loomio is a collaborative decision-making tool that makes it easy for groups to make decisions together. It supports proposals, polls, and structured discussions.
+
+## Dependencies
+
+- **PostgreSQL** - Database for storing groups, discussions, and decisions
+- **Redis** - Used for caching and background jobs
+
+## Configuration
+
+Key settings configured through your instance's `config.yaml`:
+
+- **domain** - Where Loomio will be accessible (default: `loomio.{your-cloud-domain}`)
+- **appName** - Display name for your instance (default: `Loomio`)
+- **adminEmail** - Admin contact email (defaults to your operator email)
+- **SMTP** - Email delivery settings inherited from your Wild Cloud instance
+
+## Access
+
+After deployment, Loomio will be available at:
+- `https://loomio.{your-cloud-domain}`
+
+## First-Time Setup
+
+1. Add and deploy the app:
+   ```bash
+   wild app add loomio
+   wild app deploy loomio
+   ```
+
+2. Create your account and set up your first group
+
+3. Invite members and start a discussion or poll

loomio/versions/3/db-init-job.yaml

@@ -0,0 +1,55 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: loomio-db-init
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: db-init
+        image: loomio/loomio:latest
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          echo "Initializing Loomio database..."
+          # Patch schema.rb to use IF NOT EXISTS for pghero schema
+          sed -i 's/create_schema "pghero"/execute "CREATE SCHEMA IF NOT EXISTS pghero"/g' db/schema.rb
+          bundle exec rake db:schema:load db:seed
+          echo "Database initialization complete"
+        env:
+        - name: RAILS_ENV
+          value: production
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: dbUrl
+        - name: REDIS_URL
+          value: {{ .redisUrl }}
+        - name: DEVISE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: deviseSecret
+        - name: SECRET_COOKIE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: secretCookieToken
+        securityContext:
+          runAsNonRoot: false
+          runAsUser: 0
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ALL]
+          readOnlyRootFilesystem: false
+          seccompProfile:
+            type: RuntimeDefault
+      securityContext:
+        runAsNonRoot: false
+        runAsUser: 0
+        seccompProfile:
+          type: RuntimeDefault

loomio/versions/3/deployment-worker.yaml

@@ -0,0 +1,106 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: loomio-worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: worker
+  template:
+    metadata:
+      labels:
+        component: worker
+    spec:
+      containers:
+      - name: worker
+        image: loomio/loomio:latest
+        env:
+        - name: TASK
+          value: worker
+        - name: RAILS_ENV
+          value: production
+        - name: SITE_NAME
+          value: {{ .appName }}
+        - name: CANONICAL_HOST
+          value: {{ .domain }}
+        - name: PUBLIC_APP_URL
+          value: https://{{ .domain }}
+        - name: SUPPORT_EMAIL
+          value: {{ .supportEmail }}
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: dbUrl
+        - name: REDIS_URL
+          value: {{ .redisUrl }}
+        - name: DEVISE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: deviseSecret
+        - name: SECRET_COOKIE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: secretCookieToken
+        - name: ACTIVE_STORAGE_SERVICE
+          value: local
+        - name: SMTP_AUTH
+          value: {{ .smtp.auth }}
+        - name: SMTP_DOMAIN
+          value: {{ .smtp.domain }}
+        - name: SMTP_SERVER
+          value: {{ .smtp.host }}
+        - name: SMTP_PORT
+          value: "{{ .smtp.port }}"
+        - name: SMTP_USERNAME
+          value: {{ .smtp.user }}
+        - name: SMTP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: smtpPassword
+        - name: SMTP_USE_SSL
+          value: "{{ .smtp.tls }}"
+        - name: REPLY_HOSTNAME
+          value: {{ .smtp.from }}
+        - name: BUNDLE_APP_CONFIG
+          value: /loomio/tmp/.bundle
+        volumeMounts:
+        - name: uploads
+          mountPath: /loomio/public/system
+        - name: storage
+          mountPath: /loomio/storage
+        - name: tmp
+          mountPath: /loomio/tmp
+        - name: log
+          mountPath: /loomio/log
+        resources:
+          requests:
+            memory: 256Mi
+            cpu: 100m
+          limits:
+            memory: 1Gi
+            cpu: 500m
+        securityContext:
+          runAsNonRoot: false
+          runAsUser: 0
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ALL]
+          readOnlyRootFilesystem: false
+          seccompProfile:
+            type: RuntimeDefault
+      volumes:
+      - name: uploads
+        persistentVolumeClaim:
+          claimName: loomio-uploads
+      - name: storage
+        persistentVolumeClaim:
+          claimName: loomio-storage
+      - name: tmp
+        emptyDir: {}
+      - name: log
+        emptyDir: {}

loomio/versions/3/deployment.yaml

@@ -0,0 +1,136 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: loomio
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      component: web
+  template:
+    metadata:
+      labels:
+        component: web
+    spec:
+      containers:
+      - name: loomio
+        image: loomio/loomio:latest
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          bundle exec rake db:migrate db:seed
+          bundle exec thrust puma -C config/puma.rb
+        ports:
+        - containerPort: 3000
+          name: http
+        env:
+        - name: RAILS_ENV
+          value: production
+        - name: SITE_NAME
+          value: {{ .appName }}
+        - name: CANONICAL_HOST
+          value: {{ .domain }}
+        - name: PUBLIC_APP_URL
+          value: https://{{ .domain }}
+        - name: SUPPORT_EMAIL
+          value: {{ .supportEmail }}
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: dbUrl
+        - name: REDIS_URL
+          value: {{ .redisUrl }}
+        - name: DEVISE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: deviseSecret
+        - name: SECRET_COOKIE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: secretCookieToken
+        - name: FORCE_SSL
+          value: "1"
+        - name: USE_RACK_ATTACK
+          value: "1"
+        - name: PUMA_WORKERS
+          value: "2"
+        - name: MIN_THREADS
+          value: "5"
+        - name: MAX_THREADS
+          value: "5"
+        - name: ACTIVE_STORAGE_SERVICE
+          value: local
+        - name: SMTP_AUTH
+          value: {{ .smtp.auth }}
+        - name: SMTP_DOMAIN
+          value: {{ .smtp.domain }}
+        - name: SMTP_SERVER
+          value: {{ .smtp.host }}
+        - name: SMTP_PORT
+          value: "{{ .smtp.port }}"
+        - name: SMTP_USERNAME
+          value: {{ .smtp.user }}
+        - name: SMTP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: smtpPassword
+        - name: REPLY_HOSTNAME
+          value: {{ .smtp.from }}
+        - name: CHANNELS_URI
+          value: wss://{{ .domain }}
+        - name: BUNDLE_APP_CONFIG
+          value: /loomio/tmp/.bundle
+        volumeMounts:
+        - name: uploads
+          mountPath: /loomio/public/system
+        - name: storage
+          mountPath: /loomio/storage
+        - name: tmp
+          mountPath: /loomio/tmp
+        - name: log
+          mountPath: /loomio/log
+        resources:
+          requests:
+            memory: 512Mi
+            cpu: 200m
+          limits:
+            memory: 2Gi
+            cpu: 1000m
+        livenessProbe:
+          tcpSocket:
+            port: 3000
+          initialDelaySeconds: 60
+          periodSeconds: 30
+        readinessProbe:
+          tcpSocket:
+            port: 3000
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        securityContext:
+          runAsNonRoot: false
+          runAsUser: 0
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ALL]
+          readOnlyRootFilesystem: false
+          seccompProfile:
+            type: RuntimeDefault
+      volumes:
+      - name: uploads
+        persistentVolumeClaim:
+          claimName: loomio-uploads
+      - name: storage
+        persistentVolumeClaim:
+          claimName: loomio-storage
+      - name: tmp
+        emptyDir: {}
+      - name: log
+        emptyDir: {}

loomio/versions/3/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: loomio
+  annotations:
+    external-dns.alpha.kubernetes.io/target: {{ .externalDnsDomain }}
+    external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - {{ .domain }}
+    secretName: {{ .tlsSecretName }}
+  rules:
+  - host: {{ .domain }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: loomio
+            port:
+              number: 80

loomio/versions/3/kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: loomio
+
+resources:
+  - namespace.yaml
+  - pvc-uploads.yaml
+  - pvc-storage.yaml
+  - deployment.yaml
+  - deployment-worker.yaml
+  - service.yaml
+  - ingress.yaml
+  - db-init-job.yaml
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app: loomio
+      managedBy: kustomize
+      partOf: wild-cloud

loomio/versions/3/manifest.yaml

@@ -0,0 +1,45 @@
+version: 3.0.11-2
+requires:
+  - name: postgres
+    installed_as: postgres
+  - name: redis
+  - name: smtp
+defaultConfig:
+  namespace: loomio
+  externalDnsDomain: '{{ .cloud.domain }}'
+  appName: Loomio
+  domain: 'loomio.{{ .cloud.domain }}'
+  tlsSecretName: wildcard-wild-cloud-tls
+  storage:
+    uploads: 5Gi
+    files: 5Gi
+    plugins: 1Gi
+  redisUrl: '{{ .apps.redis.uri }}'
+  adminEmail: '{{ .operator.email }}'
+  supportEmail: '{{ .operator.email }}'
+  db:
+    name: loomio
+    user: loomio
+    host: '{{ .apps.postgres.host }}'
+    port: '{{ .apps.postgres.port }}'
+  smtp:
+    auth: plain
+    domain: '{{ .cloud.domain }}'
+    host: '{{ .apps.smtp.host }}'
+    port: '{{ .apps.smtp.port }}'
+    user: '{{ .apps.smtp.user }}'
+    tls: '{{ .apps.smtp.tls }}'
+    from: '{{ .apps.smtp.from }}'
+defaultSecrets:
+  - key: dbPassword
+    default: "{{ random.AlphaNum 32 }}"
+  - key: dbUrl
+    default: "postgresql://{{ .app.db.user }}:{{ .secrets.dbPassword }}@{{ .app.db.host }}:{{ .app.db.port }}/{{ .app.db.name }}?pool=30"
+  - key: deviseSecret
+    default: "{{ random.AlphaNum 32 }}"
+  - key: secretCookieToken
+    default: "{{ random.AlphaNum 32 }}"
+  - key: smtpPassword
+    default: "{{ .secrets.smtp.password }}"
+requiredSecrets:
+  - postgres.password

loomio/versions/3/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .namespace }}

loomio/versions/3/pvc-storage.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: loomio-storage
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .storage.files }}
+  storageClassName: longhorn

loomio/versions/3/pvc-uploads.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: loomio-uploads
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .storage.uploads }}
+  storageClassName: longhorn

loomio/versions/3/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: loomio
+spec:
+  type: ClusterIP
+  selector:
+    component: web
+  ports:
+  - name: http
+    port: 80
+    targetPort: 3000
+    protocol: TCP