Update listmonk icon.

discourse/deployment.yaml

@@ -21,8 +21,8 @@ spec:
       securityContext:
         fsGroup: 1000
         fsGroupChangePolicy: Always
-      containers:
+      initContainers:
-        - name: discourse
+        - name: discourse-migrate
           image: discourse/discourse:3.5.3
           imagePullPolicy: "IfNotPresent"
           securityContext:
@@ -42,7 +42,75 @@ spec:
             runAsUser: 0
             seccompProfile:
               type: RuntimeDefault
+          command:
+            - /bin/bash
+            - -c
+            - |
+              set -e
+              cd /var/www/discourse
+              export HOME=/root
+              git config --global --add safe.directory /var/www/discourse
+              bundle exec rake db:migrate
+              bundle exec rake assets:precompile
           env:
+            - name: RAILS_ENV
+              value: "production"
+            - name: DISCOURSE_DB_HOST
+              value: {{ .dbHostname }}
+            - name: DISCOURSE_DB_PORT
+              value: "{{ .dbPort }}"
+            - name: DISCOURSE_DB_NAME
+              value: {{ .dbName }}
+            - name: DISCOURSE_DB_USERNAME
+              value: {{ .dbUsername }}
+            - name: DISCOURSE_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: discourse-secrets
+                  key: dbPassword
+            - name: DISCOURSE_REDIS_HOST
+              value: {{ .redisHostname }}
+            - name: DISCOURSE_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: discourse-secrets
+                  key: redis.password
+            - name: DISCOURSE_HOSTNAME
+              value: {{ .domain }}
+            - name: DISCOURSE_SECRET_KEY_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: discourse-secrets
+                  key: secretKeyBase
+          volumeMounts:
+            - name: discourse-data
+              mountPath: /shared
+      containers:
+        - name: discourse
+          image: discourse/discourse:3.5.3
+          imagePullPolicy: "IfNotPresent"
+          command:
+            - /sbin/boot
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - CHOWN
+                - FOWNER
+                - SETGID
+                - SETUID
+                - DAC_OVERRIDE
+            privileged: false
+            readOnlyRootFilesystem: false
+            runAsNonRoot: false
+            runAsUser: 0
+            seccompProfile:
+              type: RuntimeDefault
+          env:
+            - name: RAILS_ENV
+              value: "production"
             # Discourse database configuration
             - name: DISCOURSE_DB_HOST
               value: {{ .dbHostname }}
@@ -91,7 +159,7 @@ spec:
               value: "{{ .smtp.startTls }}"
           ports:
             - name: http
-              containerPort: 3000
+              containerPort: 80
               protocol: TCP
           livenessProbe:
             httpGet:
@@ -146,8 +214,10 @@ spec:
           command:
             - /bin/bash
             - -c
-            - "cd /var/www/discourse && exec bundle exec sidekiq"
+            - "cd /var/www/discourse && export HOME=/root && exec bundle exec sidekiq"
           env:
+            - name: RAILS_ENV
+              value: "production"
             # Discourse database configuration
             - name: DISCOURSE_DB_HOST
               value: {{ .dbHostname }}

listmonk/manifest.yaml

@@ -3,7 +3,7 @@ is: listmonk
 description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager.
   It is fast, feature-rich, and packed into a single binary.
 version: 5.0.3
-icon: https://listmonk.app/static/images/logo.svg
+icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/listmonk.svg
 requires:
 - name: postgres
 defaultConfig:

loomio/db-init-job.yaml

@@ -8,57 +8,48 @@ spec:
       restartPolicy: OnFailure
       containers:
       - name: db-init
-        image: postgres:15-alpine
+        image: {{ .image }}
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          echo "Initializing Loomio database..."
+          # Patch schema.rb to use IF NOT EXISTS for pghero schema
+          sed -i 's/create_schema "pghero"/execute "CREATE SCHEMA IF NOT EXISTS pghero"/g' db/schema.rb
+          bundle exec rake db:schema:load db:seed
+          echo "Database initialization complete"
         env:
-        - name: PGHOST
+        - name: RAILS_ENV
-          value: "{{ .db.host }}"
+          value: production
-        - name: PGPORT
+        - name: DATABASE_URL
-          value: "{{ .db.port }}"
-        - name: PGUSER
-          value: postgres
-        - name: PGPASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: postgres-secrets
-              key: postgres.password
-        - name: LOOMIO_DB_NAME
-          value: "{{ .db.name }}"
-        - name: LOOMIO_DB_USER
-          value: "{{ .db.user }}"
-        - name: LOOMIO_DB_PASSWORD
           valueFrom:
             secretKeyRef:
               name: loomio-secrets
-              key: dbPassword
+              key: dbUrl
-        command:
+        - name: REDIS_URL
-        - sh
+          value: {{ .redisUrl }}
-        - -c
+        - name: DEVISE_SECRET
-        - |
+          valueFrom:
-          echo "Creating database and user for Loomio..."
+            secretKeyRef:
-
+              name: loomio-secrets
-          # Check if database exists, create if not
+              key: deviseSecret
-          psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \
+        - name: SECRET_COOKIE_TOKEN
-            psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\""
+          valueFrom:
-
+            secretKeyRef:
-          # Check if user exists, create or update password
+              name: loomio-secrets
-          psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \
+              key: secretCookieToken
-            psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
-            psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
-
-          # Grant all privileges
-          psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
-
-          # Connect to the database and grant schema permissions
-          psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
-
-          echo "Database initialization complete!"
         securityContext:
-          runAsNonRoot: true
+          runAsNonRoot: false
-          runAsUser: 999  # postgres user
+          runAsUser: 0
-          runAsGroup: 999
           allowPrivilegeEscalation: false
           capabilities:
             drop: [ALL]
-          readOnlyRootFilesystem: true
+          readOnlyRootFilesystem: false
           seccompProfile:
-            type: RuntimeDefault
+            type: RuntimeDefault
+      securityContext:
+        runAsNonRoot: false
+        runAsUser: 0
+        seccompProfile:
+          type: RuntimeDefault

loomio/deployment-worker.yaml

@@ -66,6 +66,8 @@ spec:
           value: "{{ .smtp.tls }}"
         - name: REPLY_HOSTNAME
           value: {{ .smtp.from }}
+        - name: BUNDLE_APP_CONFIG
+          value: /loomio/tmp/.bundle
         volumeMounts:
         - name: uploads
           mountPath: /loomio/public/system
@@ -73,6 +75,8 @@ spec:
           mountPath: /loomio/storage
         - name: tmp
           mountPath: /loomio/tmp
+        - name: log
+          mountPath: /loomio/log
         resources:
           requests:
             memory: 256Mi
@@ -81,9 +85,8 @@ spec:
             memory: 1Gi
             cpu: 500m
         securityContext:
-          runAsNonRoot: true
+          runAsNonRoot: false
-          runAsUser: 1000
+          runAsUser: 0
-          runAsGroup: 1000
           allowPrivilegeEscalation: false
           capabilities:
             drop: [ALL]
@@ -98,4 +101,6 @@ spec:
         persistentVolumeClaim:
           claimName: loomio-storage
       - name: tmp
+        emptyDir: {}
+      - name: log
         emptyDir: {}

loomio/deployment.yaml

@@ -15,6 +15,13 @@ spec:
       containers:
       - name: loomio
         image: {{ .image }}
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          bundle exec rake db:schema:load db:seed
+          bundle exec thrust puma -C config/puma.rb
         ports:
         - containerPort: 3000
           name: http
@@ -73,10 +80,12 @@ spec:
             secretKeyRef:
               name: loomio-secrets
               key: smtpPassword
-        - name: SMTP_USE_SSL
-          value: "{{ .smtp.tls }}"
         - name: REPLY_HOSTNAME
           value: {{ .smtp.from }}
+        - name: CHANNELS_URI
+          value: wss://{{ .domain }}
+        - name: BUNDLE_APP_CONFIG
+          value: /loomio/tmp/.bundle
         volumeMounts:
         - name: uploads
           mountPath: /loomio/public/system
@@ -84,6 +93,8 @@ spec:
           mountPath: /loomio/storage
         - name: tmp
           mountPath: /loomio/tmp
+        - name: log
+          mountPath: /loomio/log
         resources:
           requests:
             memory: 512Mi
@@ -92,21 +103,18 @@ spec:
             memory: 2Gi
             cpu: 1000m
         livenessProbe:
-          httpGet:
+          tcpSocket:
-            path: /health
             port: 3000
           initialDelaySeconds: 60
           periodSeconds: 30
         readinessProbe:
-          httpGet:
+          tcpSocket:
-            path: /health
             port: 3000
           initialDelaySeconds: 30
           periodSeconds: 10
         securityContext:
-          runAsNonRoot: true
+          runAsNonRoot: false
-          runAsUser: 1000
+          runAsUser: 0
-          runAsGroup: 1000
           allowPrivilegeEscalation: false
           capabilities:
             drop: [ALL]
@@ -121,4 +129,6 @@ spec:
         persistentVolumeClaim:
           claimName: loomio-storage
       - name: tmp
+        emptyDir: {}
+      - name: log
         emptyDir: {}

loomio/manifest.yaml

@@ -10,8 +10,8 @@ requires:
 defaultConfig:
   namespace: loomio
   externalDnsDomain: "{{ .cloud.domain }}"
-  image: loomio/loomio:v3.0.11
+  image: loomio/loomio:latest
-  workerImage: loomio/loomio:v3.0.11
+  workerImage: loomio/loomio:latest
   appName: Loomio
   domain: "loomio.{{ .cloud.domain }}"
   tlsSecretName: wildcard-wild-cloud-tls
@@ -52,5 +52,6 @@ defaultSecrets:
   - key: secretCookieToken
     default: "{{ random.AlphaNum 32 }}"
   - key: smtpPassword
+    default: "{{ .secrets.smtp.password }}"
 requiredSecrets:
   - postgres.password

loomio/pvc-storage.yaml

@@ -4,7 +4,7 @@ metadata:
   name: loomio-storage
 spec:
   accessModes:
-  - ReadWriteOnce
+  - ReadWriteMany
   resources:
     requests:
       storage: {{ .storage.files }}

loomio/pvc-uploads.yaml

@@ -4,7 +4,7 @@ metadata:
   name: loomio-uploads
 spec:
   accessModes:
-  - ReadWriteOnce
+  - ReadWriteMany
   resources:
     requests:
       storage: {{ .storage.uploads }}