wild-cloud/wild-directory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add loomio.

Browse Source
This commit is contained in:
Paul Payne
2026-01-01 20:56:41 +00:00
parent 434769ac7a
commit c93198d13a
6 changed files with 68 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
loomio/db-init-job.yaml
View File

@@ -8,57 +8,48 @@ spec:
restartPolicy: OnFailure restartPolicy: OnFailure
containers: containers:
- name: db-init - name: db-init
image: postgres:15-alpine image: {{ .image }}
command:
- /bin/bash
- -c
- |
set -e
echo "Initializing Loomio database..."
# Patch schema.rb to use IF NOT EXISTS for pghero schema
sed -i 's/create_schema "pghero"/execute "CREATE SCHEMA IF NOT EXISTS pghero"/g' db/schema.rb
bundle exec rake db:schema:load db:seed
echo "Database initialization complete"
env: env:
- name: PGHOST - name: RAILS_ENV
value: "{{ .db.host }}" value: production
- name: PGPORT - name: DATABASE_URL
value: "{{ .db.port }}"
- name: PGUSER
value: postgres
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: postgres-secrets
key: postgres.password
- name: LOOMIO_DB_NAME
value: "{{ .db.name }}"
- name: LOOMIO_DB_USER
value: "{{ .db.user }}"
- name: LOOMIO_DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: loomio-secrets name: loomio-secrets
key: dbPassword key: dbUrl
command: - name: REDIS_URL
- sh value: {{ .redisUrl }}
- -c - name: DEVISE_SECRET
- | valueFrom:
echo "Creating database and user for Loomio..." secretKeyRef:
name: loomio-secrets
# Check if database exists, create if not key: deviseSecret
psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \ - name: SECRET_COOKIE_TOKEN
psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\"" valueFrom:
secretKeyRef:
# Check if user exists, create or update password name: loomio-secrets
psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \ key: secretCookieToken
psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
# Grant all privileges
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
# Connect to the database and grant schema permissions
psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
echo "Database initialization complete!"
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: false
runAsUser: 999 # postgres user runAsUser: 0
runAsGroup: 999
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: [ALL] drop: [ALL]
readOnlyRootFilesystem: true readOnlyRootFilesystem: false
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
securityContext:
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault

11
loomio/deployment-worker.yaml
View File

@@ -66,6 +66,8 @@ spec:
value: "{{ .smtp.tls }}" value: "{{ .smtp.tls }}"
- name: REPLY_HOSTNAME - name: REPLY_HOSTNAME
value: {{ .smtp.from }} value: {{ .smtp.from }}
- name: BUNDLE_APP_CONFIG
value: /loomio/tmp/.bundle
volumeMounts: volumeMounts:
- name: uploads - name: uploads
mountPath: /loomio/public/system mountPath: /loomio/public/system
@@ -73,6 +75,8 @@ spec:
mountPath: /loomio/storage mountPath: /loomio/storage
- name: tmp - name: tmp
mountPath: /loomio/tmp mountPath: /loomio/tmp
- name: log
mountPath: /loomio/log
resources: resources:
requests: requests:
memory: 256Mi memory: 256Mi
@@ -81,9 +85,8 @@ spec:
memory: 1Gi memory: 1Gi
cpu: 500m cpu: 500m
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: false
runAsUser: 1000 runAsUser: 0
runAsGroup: 1000
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: [ALL] drop: [ALL]
@@ -98,4 +101,6 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: loomio-storage claimName: loomio-storage
- name: tmp - name: tmp
emptyDir: {}
- name: log
emptyDir: {} emptyDir: {}

28
loomio/deployment.yaml
View File

@@ -15,6 +15,13 @@ spec:
containers: containers:
- name: loomio - name: loomio
image: {{ .image }} image: {{ .image }}
command:
- /bin/bash
- -c
- |
set -e
bundle exec rake db:schema:load db:seed
bundle exec thrust puma -C config/puma.rb
ports: ports:
- containerPort: 3000 - containerPort: 3000
name: http name: http
@@ -73,10 +80,12 @@ spec:
secretKeyRef: secretKeyRef:
name: loomio-secrets name: loomio-secrets
key: smtpPassword key: smtpPassword
- name: SMTP_USE_SSL
value: "{{ .smtp.tls }}"
- name: REPLY_HOSTNAME - name: REPLY_HOSTNAME
value: {{ .smtp.from }} value: {{ .smtp.from }}
- name: CHANNELS_URI
value: wss://{{ .domain }}
- name: BUNDLE_APP_CONFIG
value: /loomio/tmp/.bundle
volumeMounts: volumeMounts:
- name: uploads - name: uploads
mountPath: /loomio/public/system mountPath: /loomio/public/system
@@ -84,6 +93,8 @@ spec:
mountPath: /loomio/storage mountPath: /loomio/storage
- name: tmp - name: tmp
mountPath: /loomio/tmp mountPath: /loomio/tmp
- name: log
mountPath: /loomio/log
resources: resources:
requests: requests:
memory: 512Mi memory: 512Mi
@@ -92,21 +103,18 @@ spec:
memory: 2Gi memory: 2Gi
cpu: 1000m cpu: 1000m
livenessProbe: livenessProbe:
httpGet: tcpSocket:
path: /health
port: 3000 port: 3000
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 30 periodSeconds: 30
readinessProbe: readinessProbe:
httpGet: tcpSocket:
path: /health
port: 3000 port: 3000
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 10 periodSeconds: 10
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: false
runAsUser: 1000 runAsUser: 0
runAsGroup: 1000
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: [ALL] drop: [ALL]
@@ -121,4 +129,6 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: loomio-storage claimName: loomio-storage
- name: tmp - name: tmp
emptyDir: {}
- name: log
emptyDir: {} emptyDir: {}

5
loomio/manifest.yaml
View File

@@ -10,8 +10,8 @@ requires:
defaultConfig: defaultConfig:
namespace: loomio namespace: loomio
externalDnsDomain: "{{ .cloud.domain }}" externalDnsDomain: "{{ .cloud.domain }}"
image: loomio/loomio:v3.0.11 image: loomio/loomio:latest
workerImage: loomio/loomio:v3.0.11 workerImage: loomio/loomio:latest
appName: Loomio appName: Loomio
domain: "loomio.{{ .cloud.domain }}" domain: "loomio.{{ .cloud.domain }}"
tlsSecretName: wildcard-wild-cloud-tls tlsSecretName: wildcard-wild-cloud-tls
@@ -52,5 +52,6 @@ defaultSecrets:
- key: secretCookieToken - key: secretCookieToken
default: "{{ random.AlphaNum 32 }}" default: "{{ random.AlphaNum 32 }}"
- key: smtpPassword - key: smtpPassword
default: "{{ .secrets.smtp.password }}"
requiredSecrets: requiredSecrets:
- postgres.password - postgres.password

2
loomio/pvc-storage.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: loomio-storage name: loomio-storage
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteMany
resources: resources:
requests: requests:
storage: {{ .storage.files }} storage: {{ .storage.files }}

2
loomio/pvc-uploads.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: loomio-uploads name: loomio-uploads
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteMany
resources: resources:
requests: requests:
storage: {{ .storage.uploads }} storage: {{ .storage.uploads }}