Compare commits
1 Commits
feature/do
...
feature/sa
| Author | SHA1 | Date | |
|---|---|---|---|
|
21fe97fa16 |
@ -7,8 +7,5 @@ COPYING
|
|||||||
elixir_buildpack.config
|
elixir_buildpack.config
|
||||||
test/
|
test/
|
||||||
|
|
||||||
uploads/
|
|
||||||
postgres/
|
|
||||||
|
|
||||||
# Required to get version
|
# Required to get version
|
||||||
!.git
|
!.git
|
||||||
|
|||||||
11
Dockerfile
11
Dockerfile
@ -17,9 +17,6 @@ FROM alpine:3.11
|
|||||||
ARG BUILD_DATE
|
ARG BUILD_DATE
|
||||||
ARG VCS_REF
|
ARG VCS_REF
|
||||||
|
|
||||||
ARG UID=911
|
|
||||||
ARG GID=911
|
|
||||||
|
|
||||||
LABEL maintainer="ops@pleroma.social" \
|
LABEL maintainer="ops@pleroma.social" \
|
||||||
org.opencontainers.image.title="pleroma" \
|
org.opencontainers.image.title="pleroma" \
|
||||||
org.opencontainers.image.description="Pleroma for Docker" \
|
org.opencontainers.image.description="Pleroma for Docker" \
|
||||||
@ -35,9 +32,9 @@ ARG HOME=/opt/pleroma
|
|||||||
ARG DATA=/var/lib/pleroma
|
ARG DATA=/var/lib/pleroma
|
||||||
|
|
||||||
RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\
|
RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\
|
||||||
apk update --allow-untrusted &&\
|
apk update &&\
|
||||||
apk add exiftool ffmpeg imagemagick libmagic ncurses postgresql-client &&\
|
apk add exiftool ffmpeg imagemagick libmagic ncurses postgresql-client &&\
|
||||||
adduser --system --shell /bin/false -u $UID -g $GID --home ${HOME} pleroma &&\
|
adduser --system --shell /bin/false --home ${HOME} pleroma &&\
|
||||||
mkdir -p ${DATA}/uploads &&\
|
mkdir -p ${DATA}/uploads &&\
|
||||||
mkdir -p ${DATA}/static &&\
|
mkdir -p ${DATA}/static &&\
|
||||||
chown -R pleroma ${DATA} &&\
|
chown -R pleroma ${DATA} &&\
|
||||||
@ -47,10 +44,10 @@ RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/
|
|||||||
USER pleroma
|
USER pleroma
|
||||||
|
|
||||||
COPY --from=build --chown=pleroma:0 /release ${HOME}
|
COPY --from=build --chown=pleroma:0 /release ${HOME}
|
||||||
ENV PATH="${HOME}/bin:${PATH}"
|
|
||||||
|
|
||||||
COPY ./config/docker.exs /etc/pleroma/config.exs
|
COPY ./config/docker.exs /etc/pleroma/config.exs
|
||||||
|
COPY ./docker-entrypoint.sh ${HOME}
|
||||||
|
|
||||||
EXPOSE 4000
|
EXPOSE 4000
|
||||||
|
|
||||||
CMD ["pleroma", "start"]
|
ENTRYPOINT ["/opt/pleroma/docker-entrypoint.sh"]
|
||||||
|
|||||||
@ -15,7 +15,7 @@ config :pleroma, :instance,
|
|||||||
config :pleroma, Pleroma.Repo,
|
config :pleroma, Pleroma.Repo,
|
||||||
adapter: Ecto.Adapters.Postgres,
|
adapter: Ecto.Adapters.Postgres,
|
||||||
username: System.get_env("DB_USER", "pleroma"),
|
username: System.get_env("DB_USER", "pleroma"),
|
||||||
password: System.get_env("DB_PASS", nil),
|
password: System.fetch_env!("DB_PASS"),
|
||||||
database: System.get_env("DB_NAME", "pleroma"),
|
database: System.get_env("DB_NAME", "pleroma"),
|
||||||
hostname: System.get_env("DB_HOST", "db"),
|
hostname: System.get_env("DB_HOST", "db"),
|
||||||
pool_size: 10
|
pool_size: 10
|
||||||
@ -26,10 +26,9 @@ config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("
|
|||||||
config :pleroma, :database, rum_enabled: false
|
config :pleroma, :database, rum_enabled: false
|
||||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
|
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
|
||||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
||||||
config :pleroma, configurable_from_database: true
|
|
||||||
|
|
||||||
# We can't store the secrets in this file, since this is baked into the docker image
|
# We can't store the secrets in this file, since this is baked into the docker image
|
||||||
if not File.exists?("/var/lib/pleroma/config/secret.exs") do
|
if not File.exists?("/var/lib/pleroma/secret.exs") do
|
||||||
secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
|
secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
|
||||||
signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
|
signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
|
||||||
{web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
|
{web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
|
||||||
@ -53,10 +52,10 @@ if not File.exists?("/var/lib/pleroma/config/secret.exs") do
|
|||||||
web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
|
web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
|
||||||
)
|
)
|
||||||
|
|
||||||
File.write("/var/lib/pleroma/config/secret.exs", secret_file)
|
File.write("/var/lib/pleroma/secret.exs", secret_file)
|
||||||
end
|
end
|
||||||
|
|
||||||
import_config("/var/lib/pleroma/config/secret.exs")
|
import_config("/var/lib/pleroma/secret.exs")
|
||||||
|
|
||||||
# For additional user config
|
# For additional user config
|
||||||
if File.exists?("/var/lib/pleroma/config.exs"),
|
if File.exists?("/var/lib/pleroma/config.exs"),
|
||||||
|
|||||||
@ -1,77 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
services:
|
|
||||||
|
|
||||||
web:
|
|
||||||
build: .
|
|
||||||
image: pleroma/pleroma
|
|
||||||
restart: always
|
|
||||||
# env_file: .env.production
|
|
||||||
networks:
|
|
||||||
- external_network
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "curl", "-s", "-f", "--noproxy", "localhost:4000", "localhost:4000/health"]
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:4000:4000"
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
# - es
|
|
||||||
volumes:
|
|
||||||
- ./uploads:/var/lib/pleroma/uploads
|
|
||||||
- ./config:/var/lib/pleroma/config
|
|
||||||
|
|
||||||
db:
|
|
||||||
restart: always
|
|
||||||
image: postgres:14-alpine
|
|
||||||
# shm_size: 256mb
|
|
||||||
networks:
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "pg_isready", "-U", "postgres"]
|
|
||||||
volumes:
|
|
||||||
- ./postgres:/var/lib/postgresql/data
|
|
||||||
environment:
|
|
||||||
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
|
||||||
|
|
||||||
## https://coffee-and-dreams.uk/tutorials/2021/12/15/integrating-elasticsearch-with-pleroma.html
|
|
||||||
## https://git.pleroma.social/pleroma/pleroma/-/issues/1331
|
|
||||||
# es:
|
|
||||||
# restart: always
|
|
||||||
# image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
|
|
||||||
# environment:
|
|
||||||
# - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
|
||||||
# - "cluster.name=es-pleroma"
|
|
||||||
# - "discovery.type=single-node"
|
|
||||||
# - "bootstrap.memory_lock=true"
|
|
||||||
# networks:
|
|
||||||
# - internal_network
|
|
||||||
# healthcheck:
|
|
||||||
# test: ["CMD", "curl", "-s", "-f", "localhost:9200/_cluster/health"]
|
|
||||||
# volumes:
|
|
||||||
# - ./elasticsearch:/usr/share/elasticsearch/data
|
|
||||||
# ulimits:
|
|
||||||
# memlock:
|
|
||||||
# soft: -1
|
|
||||||
# hard: -1
|
|
||||||
|
|
||||||
## Uncomment to enable federation with tor instances along with adding the following ENV variables
|
|
||||||
## http_proxy=http://privoxy:8118
|
|
||||||
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
|
||||||
# tor:
|
|
||||||
# image: sirboops/tor
|
|
||||||
# networks:
|
|
||||||
# - external_network
|
|
||||||
# - internal_network
|
|
||||||
#
|
|
||||||
# privoxy:
|
|
||||||
# image: sirboops/privoxy
|
|
||||||
# volumes:
|
|
||||||
# - ./priv-config:/opt/config
|
|
||||||
# networks:
|
|
||||||
# - external_network
|
|
||||||
# - internal_network
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_network:
|
|
||||||
internal_network:
|
|
||||||
internal: true
|
|
||||||
14
docker-entrypoint.sh
Executable file
14
docker-entrypoint.sh
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/ash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
echo "-- Waiting for database..."
|
||||||
|
while ! pg_isready -U ${DB_USER:-pleroma} -d postgres://${DB_HOST:-db}:5432/${DB_NAME:-pleroma} -t 1; do
|
||||||
|
sleep 1s
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "-- Running migrations..."
|
||||||
|
$HOME/bin/pleroma_ctl migrate
|
||||||
|
|
||||||
|
echo "-- Starting!"
|
||||||
|
exec $HOME/bin/pleroma start
|
||||||
@ -34,7 +34,7 @@ defmodule Pleroma.MFA.TOTP do
|
|||||||
defp default_digits, do: Config.get(@config_ns ++ [:digits])
|
defp default_digits, do: Config.get(@config_ns ++ [:digits])
|
||||||
|
|
||||||
defp default_issuer,
|
defp default_issuer,
|
||||||
do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :name]))
|
do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :host]))
|
||||||
|
|
||||||
@doc "Creates a random Base 32 encoded string"
|
@doc "Creates a random Base 32 encoded string"
|
||||||
def generate_secret do
|
def generate_secret do
|
||||||
|
|||||||
@ -41,7 +41,7 @@ defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do
|
|||||||
def setup(%{assigns: %{user: user}} = conn, %{"method" => "totp"} = _params) do
|
def setup(%{assigns: %{user: user}} = conn, %{"method" => "totp"} = _params) do
|
||||||
with {:ok, user} <- MFA.setup_totp(user),
|
with {:ok, user} <- MFA.setup_totp(user),
|
||||||
%{secret: secret} = _ <- user.multi_factor_authentication_settings.totp do
|
%{secret: secret} = _ <- user.multi_factor_authentication_settings.totp do
|
||||||
provisioning_uri = TOTP.provisioning_uri(secret, "#{user.email}")
|
provisioning_uri = TOTP.provisioning_uri(secret, "#{user.ap_id}")
|
||||||
|
|
||||||
json(conn, %{provisioning_uri: provisioning_uri, key: secret})
|
json(conn, %{provisioning_uri: provisioning_uri, key: secret})
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user