Compare commits
5 Commits
feature/sa
...
feature/do
Author | SHA1 | Date | |
---|---|---|---|
|
faf8d0af70 | ||
|
10e360e6db | ||
|
fc7d133167 | ||
|
6fa2957347 | ||
|
26aad68430 |
@ -7,5 +7,8 @@ COPYING
|
||||
elixir_buildpack.config
|
||||
test/
|
||||
|
||||
uploads/
|
||||
postgres/
|
||||
|
||||
# Required to get version
|
||||
!.git
|
||||
|
11
Dockerfile
11
Dockerfile
@ -17,6 +17,9 @@ FROM alpine:3.11
|
||||
ARG BUILD_DATE
|
||||
ARG VCS_REF
|
||||
|
||||
ARG UID=911
|
||||
ARG GID=911
|
||||
|
||||
LABEL maintainer="ops@pleroma.social" \
|
||||
org.opencontainers.image.title="pleroma" \
|
||||
org.opencontainers.image.description="Pleroma for Docker" \
|
||||
@ -32,9 +35,9 @@ ARG HOME=/opt/pleroma
|
||||
ARG DATA=/var/lib/pleroma
|
||||
|
||||
RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\
|
||||
apk update &&\
|
||||
apk update --allow-untrusted &&\
|
||||
apk add exiftool ffmpeg imagemagick libmagic ncurses postgresql-client &&\
|
||||
adduser --system --shell /bin/false --home ${HOME} pleroma &&\
|
||||
adduser --system --shell /bin/false -u $UID -g $GID --home ${HOME} pleroma &&\
|
||||
mkdir -p ${DATA}/uploads &&\
|
||||
mkdir -p ${DATA}/static &&\
|
||||
chown -R pleroma ${DATA} &&\
|
||||
@ -44,10 +47,10 @@ RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/
|
||||
USER pleroma
|
||||
|
||||
COPY --from=build --chown=pleroma:0 /release ${HOME}
|
||||
ENV PATH="${HOME}/bin:${PATH}"
|
||||
|
||||
COPY ./config/docker.exs /etc/pleroma/config.exs
|
||||
COPY ./docker-entrypoint.sh ${HOME}
|
||||
|
||||
EXPOSE 4000
|
||||
|
||||
ENTRYPOINT ["/opt/pleroma/docker-entrypoint.sh"]
|
||||
CMD ["pleroma", "start"]
|
||||
|
@ -15,7 +15,7 @@ config :pleroma, :instance,
|
||||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: System.get_env("DB_USER", "pleroma"),
|
||||
password: System.fetch_env!("DB_PASS"),
|
||||
password: System.get_env("DB_PASS", nil),
|
||||
database: System.get_env("DB_NAME", "pleroma"),
|
||||
hostname: System.get_env("DB_HOST", "db"),
|
||||
pool_size: 10
|
||||
@ -26,9 +26,10 @@ config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("
|
||||
config :pleroma, :database, rum_enabled: false
|
||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
||||
config :pleroma, configurable_from_database: true
|
||||
|
||||
# We can't store the secrets in this file, since this is baked into the docker image
|
||||
if not File.exists?("/var/lib/pleroma/secret.exs") do
|
||||
if not File.exists?("/var/lib/pleroma/config/secret.exs") do
|
||||
secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
|
||||
signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
|
||||
{web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
|
||||
@ -52,10 +53,10 @@ if not File.exists?("/var/lib/pleroma/secret.exs") do
|
||||
web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
|
||||
)
|
||||
|
||||
File.write("/var/lib/pleroma/secret.exs", secret_file)
|
||||
File.write("/var/lib/pleroma/config/secret.exs", secret_file)
|
||||
end
|
||||
|
||||
import_config("/var/lib/pleroma/secret.exs")
|
||||
import_config("/var/lib/pleroma/config/secret.exs")
|
||||
|
||||
# For additional user config
|
||||
if File.exists?("/var/lib/pleroma/config.exs"),
|
||||
|
77
docker-compose.yml
Normal file
77
docker-compose.yml
Normal file
@ -0,0 +1,77 @@
|
||||
version: '3'
|
||||
services:
|
||||
|
||||
web:
|
||||
build: .
|
||||
image: pleroma/pleroma
|
||||
restart: always
|
||||
# env_file: .env.production
|
||||
networks:
|
||||
- external_network
|
||||
- internal_network
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-s", "-f", "--noproxy", "localhost:4000", "localhost:4000/health"]
|
||||
ports:
|
||||
- "127.0.0.1:4000:4000"
|
||||
depends_on:
|
||||
- db
|
||||
# - es
|
||||
volumes:
|
||||
- ./uploads:/var/lib/pleroma/uploads
|
||||
- ./config:/var/lib/pleroma/config
|
||||
|
||||
db:
|
||||
restart: always
|
||||
image: postgres:14-alpine
|
||||
# shm_size: 256mb
|
||||
networks:
|
||||
- internal_network
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready", "-U", "postgres"]
|
||||
volumes:
|
||||
- ./postgres:/var/lib/postgresql/data
|
||||
environment:
|
||||
- "POSTGRES_HOST_AUTH_METHOD=trust"
|
||||
|
||||
## https://coffee-and-dreams.uk/tutorials/2021/12/15/integrating-elasticsearch-with-pleroma.html
|
||||
## https://git.pleroma.social/pleroma/pleroma/-/issues/1331
|
||||
# es:
|
||||
# restart: always
|
||||
# image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
|
||||
# environment:
|
||||
# - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
|
||||
# - "cluster.name=es-pleroma"
|
||||
# - "discovery.type=single-node"
|
||||
# - "bootstrap.memory_lock=true"
|
||||
# networks:
|
||||
# - internal_network
|
||||
# healthcheck:
|
||||
# test: ["CMD", "curl", "-s", "-f", "localhost:9200/_cluster/health"]
|
||||
# volumes:
|
||||
# - ./elasticsearch:/usr/share/elasticsearch/data
|
||||
# ulimits:
|
||||
# memlock:
|
||||
# soft: -1
|
||||
# hard: -1
|
||||
|
||||
## Uncomment to enable federation with tor instances along with adding the following ENV variables
|
||||
## http_proxy=http://privoxy:8118
|
||||
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||
# tor:
|
||||
# image: sirboops/tor
|
||||
# networks:
|
||||
# - external_network
|
||||
# - internal_network
|
||||
#
|
||||
# privoxy:
|
||||
# image: sirboops/privoxy
|
||||
# volumes:
|
||||
# - ./priv-config:/opt/config
|
||||
# networks:
|
||||
# - external_network
|
||||
# - internal_network
|
||||
|
||||
networks:
|
||||
external_network:
|
||||
internal_network:
|
||||
internal: true
|
@ -1,14 +0,0 @@
|
||||
#!/bin/ash
|
||||
|
||||
set -e
|
||||
|
||||
echo "-- Waiting for database..."
|
||||
while ! pg_isready -U ${DB_USER:-pleroma} -d postgres://${DB_HOST:-db}:5432/${DB_NAME:-pleroma} -t 1; do
|
||||
sleep 1s
|
||||
done
|
||||
|
||||
echo "-- Running migrations..."
|
||||
$HOME/bin/pleroma_ctl migrate
|
||||
|
||||
echo "-- Starting!"
|
||||
exec $HOME/bin/pleroma start
|
@ -34,7 +34,7 @@ defmodule Pleroma.MFA.TOTP do
|
||||
defp default_digits, do: Config.get(@config_ns ++ [:digits])
|
||||
|
||||
defp default_issuer,
|
||||
do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :host]))
|
||||
do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :name]))
|
||||
|
||||
@doc "Creates a random Base 32 encoded string"
|
||||
def generate_secret do
|
||||
|
@ -41,7 +41,7 @@ defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do
|
||||
def setup(%{assigns: %{user: user}} = conn, %{"method" => "totp"} = _params) do
|
||||
with {:ok, user} <- MFA.setup_totp(user),
|
||||
%{secret: secret} = _ <- user.multi_factor_authentication_settings.totp do
|
||||
provisioning_uri = TOTP.provisioning_uri(secret, "#{user.ap_id}")
|
||||
provisioning_uri = TOTP.provisioning_uri(secret, "#{user.email}")
|
||||
|
||||
json(conn, %{provisioning_uri: provisioning_uri, key: secret})
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user