diff --git a/build-images.sh b/build-images.sh index 82ce62f..4b9c2fd 100644 --- a/build-images.sh +++ b/build-images.sh @@ -14,23 +14,23 @@ images=() repobase="${REPOBASE:-ghcr.io/geniusdynamics}" # Configure the image name reponame="maybe" -APP_VERSION="0.1.0-alpha.13" +APP_VERSION="sha-8c97c9d31a391b889d558a04cca468c05aa7bb9d" # Create a new empty container image container=$(buildah from scratch) # Reuse existing nodebuilder-maybe container, to speed up builds if ! buildah containers --format "{{.ContainerName}}" | grep -q nodebuilder-maybe; then - echo "Pulling NodeJS runtime..." - buildah from --name nodebuilder-maybe -v "${PWD}:/usr/src:Z" docker.io/library/node:lts + echo "Pulling NodeJS runtime..." + buildah from --name nodebuilder-maybe -v "${PWD}:/usr/src:Z" docker.io/library/node:lts fi echo "Build static UI files with node..." buildah run \ - --workingdir=/usr/src/ui \ - --env="NODE_OPTIONS=--openssl-legacy-provider" \ - nodebuilder-maybe \ - sh -c "yarn install && yarn build" + --workingdir=/usr/src/ui \ + --env="NODE_OPTIONS=--openssl-legacy-provider" \ + nodebuilder-maybe \ + sh -c "yarn install && yarn build" # Add imageroot directory to the container image buildah add "${container}" imageroot /imageroot @@ -43,11 +43,11 @@ buildah add "${container}" ui/dist /ui # rootfull=0 === rootless container # tcp-ports-demand=1 number of tcp Port to reserve , 1 is the minimum, can be udp or tcp buildah config --entrypoint=/ \ - --label="org.nethserver.authorizations=traefik@node:routeadm" \ - --label="org.nethserver.tcp-ports-demand=1" \ - --label="org.nethserver.rootfull=0" \ - --label="org.nethserver.images=docker.io/postgres:15.5-alpine3.19 ghcr.io/maybe-finance/maybe:${APP_VERSION}" \ - "${container}" + --label="org.nethserver.authorizations=traefik@node:routeadm" \ + --label="org.nethserver.tcp-ports-demand=1" \ + --label="org.nethserver.rootfull=0" \ + --label="org.nethserver.images=docker.io/postgres:15.5-alpine3.19 ghcr.io/maybe-finance/maybe:${APP_VERSION} docker.io/redis:7" \ + "${container}" # Commit the image buildah commit "${container}" "${repobase}/${reponame}" @@ -65,14 +65,14 @@ images+=("${repobase}/${reponame}") # # -# Setup CI when pushing to Github. +# Setup CI when pushing to Github. # Warning! docker::// protocol expects lowercase letters (,,) if [[ -n "${CI}" ]]; then - # Set output value for Github Actions - printf "images=%s\n" "${images[*],,}" >> "${GITHUB_OUTPUT}" + # Set output value for Github Actions + printf "images=%s\n" "${images[*],,}" >>"${GITHUB_OUTPUT}" else - # Just print info for manual push - printf "Publish the images with:\n\n" - for image in "${images[@],,}"; do printf " buildah push %s docker://%s:%s\n" "${image}" "${image}" "${IMAGETAG:-latest}" ; done - printf "\n" + # Just print info for manual push + printf "Publish the images with:\n\n" + for image in "${images[@],,}"; do printf " buildah push %s docker://%s:%s\n" "${image}" "${image}" "${IMAGETAG:-latest}"; done + printf "\n" fi diff --git a/imageroot/actions/configure-module/10configure_environment_vars b/imageroot/actions/configure-module/10configure_environment_vars index 4a4403c..b983521 100755 --- a/imageroot/actions/configure-module/10configure_environment_vars +++ b/imageroot/actions/configure-module/10configure_environment_vars @@ -14,37 +14,27 @@ import os # If parsing fails, output everything to stderr data = json.load(sys.stdin) -HOST = data.get('host') -#This is specific to you module, so you need to change it accordingly. +HOST = data.get("host") +# This is specific to you module, so you need to change it accordingly. # GET MAYBE SECRET KEY FROM ENVIROMENT -SECRET_KEY_BASE = os.getenv('SECRET_KEY_BASE') -MAYBE_PREPL_HOST="0.0.0.0" -APP_DOMAIN="https://"+HOST -MAYBE_REDIS_URI="redis://redis-app/0" +MAYBE_PREPL_HOST = "0.0.0.0" +APP_DOMAIN = "https://" + HOST # EMAIL SETTINGS rdb = agent.redis_connect(use_replica=True) smtp_settings = agent.get_smarthost_settings(rdb) # SMTP Configuration -# This is only needed if you intend on sending emails from your Maybe instance (such as for password resets or email financial reports). -# Resend.com is a good option that offers a free tier for sending emails. -# SMTP_ADDRESS= -# SMTP_PORT=465 -# SMTP_USERNAME= -# SMTP_PASSWORD= -# SMTP_TLS_ENABLED=true - - -SMTP_ADDRESS=smtp_settings['host'] -SMTP_PORT=smtp_settings['port'] -SMTP_USERNAME=smtp_settings['username'] -SMTP_PASSWORD=smtp_settings['password'] -SMTP_TLS_ENABLED='true' if smtp_settings['tls_verify'] else 'false' -EMAIL_SENDER=smtp_settings['username'] + + +SMTP_ADDRESS = smtp_settings["host"] +SMTP_PORT = smtp_settings["port"] +SMTP_USERNAME = smtp_settings["username"] +SMTP_PASSWORD = smtp_settings["password"] +SMTP_TLS_ENABLED = "true" if smtp_settings["tls_verify"] else "false" +EMAIL_SENDER = smtp_settings["username"] maybe_config = { "APP_DOMAIN": APP_DOMAIN, - "SECRET_KEY_BASE": SECRET_KEY_BASE, "SELF_HOSTING_ENABLED": "true", "RAILS_FORCE_SSL": "false", "RAILS_ASSUME_SS": "false", @@ -54,8 +44,8 @@ maybe_config = { "SMTP_USERNAME": SMTP_USERNAME, "SMTP_PASSWORD": SMTP_PASSWORD, "SMTP_TLS_ENABLED": SMTP_TLS_ENABLED, - "EMAIL_SENDER": EMAIL_SENDER + "EMAIL_SENDER": EMAIL_SENDER, } agent.write_envfile("maybe.env", maybe_config) # just before starting systemd unit -#agent.dump_env() +# agent.dump_env() diff --git a/imageroot/actions/create-module/10configure_environment_vars b/imageroot/actions/create-module/10configure_environment_vars index 71ccaca..8a86445 100755 --- a/imageroot/actions/create-module/10configure_environment_vars +++ b/imageroot/actions/create-module/10configure_environment_vars @@ -15,7 +15,7 @@ import base64 # If parsing fails, output everything to stderr data = json.load(sys.stdin) -#This is specific to you module, so you need to change it accordingly. +# This is specific to you module, so you need to change it accordingly. # Database Configuration # DB_HOST=localhost # May need to be changed to `DB_HOST=db` if using devcontainer # DB_PORT=5432 @@ -28,36 +28,37 @@ def generate_random_password(): return password[:16] -#This is specific to you module, so you need to change it accordingly. +# This is specific to you module, so you need to change it accordingly. # POSTGRES DB CONFIGURATION -POSTGRES_DB = data.get('POSTGRES_DB', 'maybe') -POSTGRES_USER = data.get('POSTGRES_USER', 'maybe') +POSTGRES_DB = data.get("POSTGRES_DB", "maybe") +POSTGRES_USER = data.get("POSTGRES_USER", "maybe") POSTGRES_PASSWORD = generate_random_password() postgres_config = { - 'POSTGRES_DB': POSTGRES_DB, - 'POSTGRES_USER': POSTGRES_USER, - 'POSTGRES_PASSWORD': POSTGRES_PASSWORD + "POSTGRES_DB": POSTGRES_DB, + "POSTGRES_USER": POSTGRES_USER, + "POSTGRES_PASSWORD": POSTGRES_PASSWORD, } agent.write_envfile("database.env", postgres_config) +random_bytes = os.urandom(24) +# Encode the binary string to a 32-character string using base64 +SECRET_KEY_BASE = base64.urlsafe_b64encode(random_bytes).rstrip(b"=").decode("ascii") maybe_database = { - 'DB_HOST': 'postgresql-app', - 'DB_PORT': '5432', - 'POSTGRES_PASSWORD': POSTGRES_PASSWORD, - 'POSTGRES_USER': POSTGRES_USER, - 'GITHUB_REPO_OWNER': 'maybe-finance', - 'GITHUB_REPO_NAME': 'maybe', - 'GITHUB_REPO_BRANCH': 'main', + "DB_HOST": "postgresql-app", + "DB_PORT": "5432", + "POSTGRES_PASSWORD": POSTGRES_PASSWORD, + "POSTGRES_USER": POSTGRES_USER, + "GITHUB_REPO_OWNER": "maybe-finance", + "GITHUB_REPO_NAME": "maybe", + "GITHUB_REPO_BRANCH": "main", + "SECRET_KEY_BASE": SECRET_KEY_BASE, + "SELF_HOSTED": "true", + "REDIS_URL": "redis://redis-app:6379/1", } agent.write_envfile("maybe-database.env", maybe_database) # Generate a 32-byte random binary string -random_bytes = os.urandom(24) - -# Encode the binary string to a 32-character string using base64 -SECRET_KEY_BASE = base64.urlsafe_b64encode(random_bytes).rstrip(b'=').decode('ascii') -agent.set_env('SECRET_KEY_BASE', SECRET_KEY_BASE) # just before starting systemd unit agent.dump_env() diff --git a/imageroot/systemd/user/maybe-worker-app.service b/imageroot/systemd/user/maybe-worker-app.service new file mode 100644 index 0000000..4fec7ff --- /dev/null +++ b/imageroot/systemd/user/maybe-worker-app.service @@ -0,0 +1,36 @@ +# +# Copyright (C) 2022 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +[Unit] +Description=Podman maybe-worker-app.service +BindsTo=maybe.service +After=maybe.service postgresql-app.service redis-app.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +EnvironmentFile=%S/state/environment +EnvironmentFile=-%S/state/smarthost.env +WorkingDirectory=%S/state +Restart=always +TimeoutStopSec=70 +ExecStartPre=/bin/mkdir -p config +ExecStartPre=/bin/rm -f %t/maybe-worker-app.pid %t/maybe-worker-app.ctr-id +ExecStartPre=-runagent discover-smarthost +ExecStart=/usr/bin/podman run --conmon-pidfile %t/maybe-worker-app.pid \ + --cidfile %t/maybe-worker-app.ctr-id --cgroups=no-conmon \ + --pod-id-file %t/maybe.pod-id --replace -d --name maybe-worker-app \ + --env-file=%S/state/maybe-database.env \ + --env-file=%S/state/maybe.env \ + --volume app-storage:/rails/storage:Z \ + ${MAYBE_IMAGE} bundle exec sidekiq +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/maybe-worker-app.ctr-id -t 10 +ExecReload=/usr/bin/podman kill -s HUP maybe-worker-app +SyslogIdentifier=%u +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/maybe-worker-app.ctr-id +PIDFile=%t/maybe-worker-app.pid +Type=forking + +[Install] +WantedBy=default.target diff --git a/imageroot/systemd/user/maybe.service b/imageroot/systemd/user/maybe.service index 3e5a10a..3dadd1e 100644 --- a/imageroot/systemd/user/maybe.service +++ b/imageroot/systemd/user/maybe.service @@ -10,8 +10,8 @@ [Unit] Description=Podman maybe.service -Requires=postgresql-app.service maybe-app.service -Before=postgresql-app.service maybe-app.service +Requires=postgresql-app.service maybe-app.service maybe-worker-app.service redis-app.service +Before=postgresql-app.service maybe-app.service maybe-worker-app.service redis-app.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n diff --git a/imageroot/systemd/user/postgresql-app.service b/imageroot/systemd/user/postgresql-app.service index 7caabac..d05676a 100644 --- a/imageroot/systemd/user/postgresql-app.service +++ b/imageroot/systemd/user/postgresql-app.service @@ -24,7 +24,6 @@ ExecStart=/usr/bin/podman run --conmon-pidfile %t/postgresql-app.pid \ --volume %S/state/restore/:/docker-entrypoint-initdb.d/:Z \ --env TZ=UTC \ ${POSTGRES_IMAGE} -ExecStartPost=/usr/bin/bash -c "while ! podman exec postgresql-app psql -U maybe -d maybe ; do sleep 5 ; done" ExecStop=/usr/bin/podman stop --ignore --cidfile %t/postgresql-app.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/postgresql-app.ctr-id ExecReload=/usr/bin/podman kill -s HUP postgresql-app diff --git a/imageroot/systemd/user/redis-app.service b/imageroot/systemd/user/redis-app.service new file mode 100644 index 0000000..4a8ab06 --- /dev/null +++ b/imageroot/systemd/user/redis-app.service @@ -0,0 +1,32 @@ +# +# Copyright (C) 2022 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +[Unit] +Description=Podman redis-app.service +BindsTo=maybe.service +After=maybe.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +EnvironmentFile=%S/state/environment +# EnvironmentFile=%S/state/secrets/passwords.secret +Restart=always +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/redis-app.pid %t/redis-app.ctr-id +ExecStartPre=/bin/mkdir -p %S/state/restore/ +ExecStart=/usr/bin/podman run --conmon-pidfile %t/redis-app.pid \ + --cidfile %t/redis-app.ctr-id --cgroups=no-conmon \ + --pod-id-file %t/maybe.pod-id --replace -d --name redis-app \ + --volume redis-data:/data \ + ${REDIS_IMAGE} +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/redis-app.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/redis-app.ctr-id +ExecReload=/usr/bin/podman kill -s HUP redis-app +SyslogIdentifier=%u +PIDFile=%t/redis-app.pid +Type=forking + +[Install] +WantedBy=default.target