Compare commits
3 Commits
434769ac7a
...
a159c90816
| Author | SHA1 | Date | |
|---|---|---|---|
|
a159c90816 | ||
|
|
32498c73b8 | ||
|
|
c93198d13a |
@@ -21,8 +21,8 @@ spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: Always
|
||||
containers:
|
||||
- name: discourse
|
||||
initContainers:
|
||||
- name: discourse-migrate
|
||||
image: discourse/discourse:3.5.3
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
securityContext:
|
||||
@@ -42,7 +42,75 @@ spec:
|
||||
runAsUser: 0
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -e
|
||||
cd /var/www/discourse
|
||||
export HOME=/root
|
||||
git config --global --add safe.directory /var/www/discourse
|
||||
bundle exec rake db:migrate
|
||||
bundle exec rake assets:precompile
|
||||
env:
|
||||
- name: RAILS_ENV
|
||||
value: "production"
|
||||
- name: DISCOURSE_DB_HOST
|
||||
value: {{ .dbHostname }}
|
||||
- name: DISCOURSE_DB_PORT
|
||||
value: "{{ .dbPort }}"
|
||||
- name: DISCOURSE_DB_NAME
|
||||
value: {{ .dbName }}
|
||||
- name: DISCOURSE_DB_USERNAME
|
||||
value: {{ .dbUsername }}
|
||||
- name: DISCOURSE_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: discourse-secrets
|
||||
key: dbPassword
|
||||
- name: DISCOURSE_REDIS_HOST
|
||||
value: {{ .redisHostname }}
|
||||
- name: DISCOURSE_REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: discourse-secrets
|
||||
key: redis.password
|
||||
- name: DISCOURSE_HOSTNAME
|
||||
value: {{ .domain }}
|
||||
- name: DISCOURSE_SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: discourse-secrets
|
||||
key: secretKeyBase
|
||||
volumeMounts:
|
||||
- name: discourse-data
|
||||
mountPath: /shared
|
||||
containers:
|
||||
- name: discourse
|
||||
image: discourse/discourse:3.5.3
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
command:
|
||||
- /sbin/boot
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
add:
|
||||
- CHOWN
|
||||
- FOWNER
|
||||
- SETGID
|
||||
- SETUID
|
||||
- DAC_OVERRIDE
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
env:
|
||||
- name: RAILS_ENV
|
||||
value: "production"
|
||||
# Discourse database configuration
|
||||
- name: DISCOURSE_DB_HOST
|
||||
value: {{ .dbHostname }}
|
||||
@@ -91,7 +159,7 @@ spec:
|
||||
value: "{{ .smtp.startTls }}"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
@@ -146,8 +214,10 @@ spec:
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- "cd /var/www/discourse && exec bundle exec sidekiq"
|
||||
- "cd /var/www/discourse && export HOME=/root && exec bundle exec sidekiq"
|
||||
env:
|
||||
- name: RAILS_ENV
|
||||
value: "production"
|
||||
# Discourse database configuration
|
||||
- name: DISCOURSE_DB_HOST
|
||||
value: {{ .dbHostname }}
|
||||
|
||||
@@ -3,7 +3,7 @@ is: listmonk
|
||||
description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager.
|
||||
It is fast, feature-rich, and packed into a single binary.
|
||||
version: 5.0.3
|
||||
icon: https://listmonk.app/static/images/logo.svg
|
||||
icon: https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/listmonk.svg
|
||||
requires:
|
||||
- name: postgres
|
||||
defaultConfig:
|
||||
|
||||
@@ -8,57 +8,48 @@ spec:
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: db-init
|
||||
image: postgres:15-alpine
|
||||
image: {{ .image }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -e
|
||||
echo "Initializing Loomio database..."
|
||||
# Patch schema.rb to use IF NOT EXISTS for pghero schema
|
||||
sed -i 's/create_schema "pghero"/execute "CREATE SCHEMA IF NOT EXISTS pghero"/g' db/schema.rb
|
||||
bundle exec rake db:schema:load db:seed
|
||||
echo "Database initialization complete"
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: "{{ .db.host }}"
|
||||
- name: PGPORT
|
||||
value: "{{ .db.port }}"
|
||||
- name: PGUSER
|
||||
value: postgres
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secrets
|
||||
key: postgres.password
|
||||
- name: LOOMIO_DB_NAME
|
||||
value: "{{ .db.name }}"
|
||||
- name: LOOMIO_DB_USER
|
||||
value: "{{ .db.user }}"
|
||||
- name: LOOMIO_DB_PASSWORD
|
||||
- name: RAILS_ENV
|
||||
value: production
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: loomio-secrets
|
||||
key: dbPassword
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
echo "Creating database and user for Loomio..."
|
||||
|
||||
# Check if database exists, create if not
|
||||
psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \
|
||||
psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\""
|
||||
|
||||
# Check if user exists, create or update password
|
||||
psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \
|
||||
psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
|
||||
psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
|
||||
|
||||
# Grant all privileges
|
||||
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
|
||||
|
||||
# Connect to the database and grant schema permissions
|
||||
psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
|
||||
|
||||
echo "Database initialization complete!"
|
||||
key: dbUrl
|
||||
- name: REDIS_URL
|
||||
value: {{ .redisUrl }}
|
||||
- name: DEVISE_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: loomio-secrets
|
||||
key: deviseSecret
|
||||
- name: SECRET_COOKIE_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: loomio-secrets
|
||||
key: secretCookieToken
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 999 # postgres user
|
||||
runAsGroup: 999
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: [ALL]
|
||||
readOnlyRootFilesystem: true
|
||||
readOnlyRootFilesystem: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
@@ -66,6 +66,8 @@ spec:
|
||||
value: "{{ .smtp.tls }}"
|
||||
- name: REPLY_HOSTNAME
|
||||
value: {{ .smtp.from }}
|
||||
- name: BUNDLE_APP_CONFIG
|
||||
value: /loomio/tmp/.bundle
|
||||
volumeMounts:
|
||||
- name: uploads
|
||||
mountPath: /loomio/public/system
|
||||
@@ -73,6 +75,8 @@ spec:
|
||||
mountPath: /loomio/storage
|
||||
- name: tmp
|
||||
mountPath: /loomio/tmp
|
||||
- name: log
|
||||
mountPath: /loomio/log
|
||||
resources:
|
||||
requests:
|
||||
memory: 256Mi
|
||||
@@ -81,9 +85,8 @@ spec:
|
||||
memory: 1Gi
|
||||
cpu: 500m
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: [ALL]
|
||||
@@ -99,3 +102,5 @@ spec:
|
||||
claimName: loomio-storage
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: log
|
||||
emptyDir: {}
|
||||
@@ -15,6 +15,13 @@ spec:
|
||||
containers:
|
||||
- name: loomio
|
||||
image: {{ .image }}
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
set -e
|
||||
bundle exec rake db:schema:load db:seed
|
||||
bundle exec thrust puma -C config/puma.rb
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: http
|
||||
@@ -73,10 +80,12 @@ spec:
|
||||
secretKeyRef:
|
||||
name: loomio-secrets
|
||||
key: smtpPassword
|
||||
- name: SMTP_USE_SSL
|
||||
value: "{{ .smtp.tls }}"
|
||||
- name: REPLY_HOSTNAME
|
||||
value: {{ .smtp.from }}
|
||||
- name: CHANNELS_URI
|
||||
value: wss://{{ .domain }}
|
||||
- name: BUNDLE_APP_CONFIG
|
||||
value: /loomio/tmp/.bundle
|
||||
volumeMounts:
|
||||
- name: uploads
|
||||
mountPath: /loomio/public/system
|
||||
@@ -84,6 +93,8 @@ spec:
|
||||
mountPath: /loomio/storage
|
||||
- name: tmp
|
||||
mountPath: /loomio/tmp
|
||||
- name: log
|
||||
mountPath: /loomio/log
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
@@ -92,21 +103,18 @@ spec:
|
||||
memory: 2Gi
|
||||
cpu: 1000m
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
tcpSocket:
|
||||
port: 3000
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
tcpSocket:
|
||||
port: 3000
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: [ALL]
|
||||
@@ -122,3 +130,5 @@ spec:
|
||||
claimName: loomio-storage
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: log
|
||||
emptyDir: {}
|
||||
@@ -10,8 +10,8 @@ requires:
|
||||
defaultConfig:
|
||||
namespace: loomio
|
||||
externalDnsDomain: "{{ .cloud.domain }}"
|
||||
image: loomio/loomio:v3.0.11
|
||||
workerImage: loomio/loomio:v3.0.11
|
||||
image: loomio/loomio:latest
|
||||
workerImage: loomio/loomio:latest
|
||||
appName: Loomio
|
||||
domain: "loomio.{{ .cloud.domain }}"
|
||||
tlsSecretName: wildcard-wild-cloud-tls
|
||||
@@ -52,5 +52,6 @@ defaultSecrets:
|
||||
- key: secretCookieToken
|
||||
default: "{{ random.AlphaNum 32 }}"
|
||||
- key: smtpPassword
|
||||
default: "{{ .secrets.smtp.password }}"
|
||||
requiredSecrets:
|
||||
- postgres.password
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: loomio-storage
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .storage.files }}
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: loomio-uploads
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .storage.uploads }}
|
||||
|
||||
Reference in New Issue
Block a user