wild-cloud/wild-directory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add loomio.

Browse Source
This commit is contained in:
Paul Payne
2026-01-01 20:56:41 +00:00
parent 434769ac7a
commit c93198d13a
6 changed files with 68 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
loomio/db-init-job.yaml
View File

@@ -8,57 +8,48 @@ spec:
restartPolicy: OnFailure
containers:
- name: db-init
image: postgres:15-alpine
image: {{ .image }}
command:
- /bin/bash
- -c
- |
set -e
echo "Initializing Loomio database..."
# Patch schema.rb to use IF NOT EXISTS for pghero schema
sed -i 's/create_schema "pghero"/execute "CREATE SCHEMA IF NOT EXISTS pghero"/g' db/schema.rb
bundle exec rake db:schema:load db:seed
echo "Database initialization complete"
env:
- name: PGHOST
value: "{{ .db.host }}"
- name: PGPORT
value: "{{ .db.port }}"
- name: PGUSER
value: postgres
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: postgres-secrets
key: postgres.password
- name: LOOMIO_DB_NAME
value: "{{ .db.name }}"
- name: LOOMIO_DB_USER
value: "{{ .db.user }}"
- name: LOOMIO_DB_PASSWORD
- name: RAILS_ENV
value: production
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: loomio-secrets
key: dbPassword
command:
- sh
- -c
- |
echo "Creating database and user for Loomio..."
# Check if database exists, create if not
psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \
psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\""
# Check if user exists, create or update password
psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \
psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
# Grant all privileges
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
# Connect to the database and grant schema permissions
psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
echo "Database initialization complete!"
key: dbUrl
- name: REDIS_URL
value: {{ .redisUrl }}
- name: DEVISE_SECRET
valueFrom:
secretKeyRef:
name: loomio-secrets
key: deviseSecret
- name: SECRET_COOKIE_TOKEN
valueFrom:
secretKeyRef:
name: loomio-secrets
key: secretCookieToken
securityContext:
runAsNonRoot: true
runAsUser: 999 # postgres user
runAsGroup: 999
runAsNonRoot: false
runAsUser: 0
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
readOnlyRootFilesystem: false
seccompProfile:
type: RuntimeDefault
type: RuntimeDefault
securityContext:
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault

11
loomio/deployment-worker.yaml
View File

@@ -66,6 +66,8 @@ spec:
value: "{{ .smtp.tls }}"
- name: REPLY_HOSTNAME
value: {{ .smtp.from }}
- name: BUNDLE_APP_CONFIG
value: /loomio/tmp/.bundle
volumeMounts:
- name: uploads
mountPath: /loomio/public/system
@@ -73,6 +75,8 @@ spec:
mountPath: /loomio/storage
- name: tmp
mountPath: /loomio/tmp
- name: log
mountPath: /loomio/log
resources:
requests:
memory: 256Mi
@@ -81,9 +85,8 @@ spec:
memory: 1Gi
cpu: 500m
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: false
runAsUser: 0
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
@@ -98,4 +101,6 @@ spec:
persistentVolumeClaim:
claimName: loomio-storage
- name: tmp
emptyDir: {}
- name: log
emptyDir: {}

28
loomio/deployment.yaml
View File

@@ -15,6 +15,13 @@ spec:
containers:
- name: loomio
image: {{ .image }}
command:
- /bin/bash
- -c
- |
set -e
bundle exec rake db:schema:load db:seed
bundle exec thrust puma -C config/puma.rb
ports:
- containerPort: 3000
name: http
@@ -73,10 +80,12 @@ spec:
secretKeyRef:
name: loomio-secrets
key: smtpPassword
- name: SMTP_USE_SSL
value: "{{ .smtp.tls }}"
- name: REPLY_HOSTNAME
value: {{ .smtp.from }}
- name: CHANNELS_URI
value: wss://{{ .domain }}
- name: BUNDLE_APP_CONFIG
value: /loomio/tmp/.bundle
volumeMounts:
- name: uploads
mountPath: /loomio/public/system
@@ -84,6 +93,8 @@ spec:
mountPath: /loomio/storage
- name: tmp
mountPath: /loomio/tmp
- name: log
mountPath: /loomio/log
resources:
requests:
memory: 512Mi
@@ -92,21 +103,18 @@ spec:
memory: 2Gi
cpu: 1000m
livenessProbe:
httpGet:
path: /health
tcpSocket:
port: 3000
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
tcpSocket:
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: false
runAsUser: 0
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
@@ -121,4 +129,6 @@ spec:
persistentVolumeClaim:
claimName: loomio-storage
- name: tmp
emptyDir: {}
- name: log
emptyDir: {}

5
loomio/manifest.yaml
View File

@@ -10,8 +10,8 @@ requires:
defaultConfig:
namespace: loomio
externalDnsDomain: "{{ .cloud.domain }}"
image: loomio/loomio:v3.0.11
workerImage: loomio/loomio:v3.0.11
image: loomio/loomio:latest
workerImage: loomio/loomio:latest
appName: Loomio
domain: "loomio.{{ .cloud.domain }}"
tlsSecretName: wildcard-wild-cloud-tls
@@ -52,5 +52,6 @@ defaultSecrets:
- key: secretCookieToken
default: "{{ random.AlphaNum 32 }}"
- key: smtpPassword
default: "{{ .secrets.smtp.password }}"
requiredSecrets:
- postgres.password

2
loomio/pvc-storage.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: loomio-storage
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
resources:
requests:
storage: {{ .storage.files }}

2
loomio/pvc-uploads.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: loomio-uploads
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
resources:
requests:
storage: {{ .storage.uploads }}