~dricottone/huttese

6476da76a8eeec0a2a48c53eefcaf3eae20c144a — Dominic Ricottone 2 years ago 3792612
Refactoring

The site is no more functional now. But the databases are now in
separate containers, and there is a working recipe for managing the
database initialization/migration (via `make dbinit` and `make dbmigrate`).
This should speed up image builds and container starts, and make the
entire development cycle faster.

Sourcehut files have been moved to `sr/`.
26 files changed, 154 insertions(+), 74 deletions(-)

M .gitignore
M Makefile
M README.md
M etc/postgresql/postgresql.conf
R Dockerfile => sr/Dockerfile
R etc/apk/repositories => sr/etc/apk/repositories
R etc/nginx/graphql.conf => sr/etc/nginx/graphql.conf
R etc/nginx/headers.conf => sr/etc/nginx/headers.conf
R etc/nginx/http.d/default.conf => sr/etc/nginx/http.d/default.conf
R etc/nginx/http.d/git.conf => sr/etc/nginx/http.d/git.conf
R etc/nginx/http.d/lists.conf => sr/etc/nginx/http.d/lists.conf
R etc/nginx/http.d/meta.conf => sr/etc/nginx/http.d/meta.conf
R etc/nginx/http.d/test.conf => sr/etc/nginx/http.d/test.conf
R etc/nginx/http.d/todo.conf => sr/etc/nginx/http.d/todo.conf
R etc/nginx/nginx.conf => sr/etc/nginx/nginx.conf
R etc/nginx/web.conf => sr/etc/nginx/web.conf
R etc/postfix/generic => sr/etc/postfix/generic
R etc/postfix/main.cf => sr/etc/postfix/main.cf
R etc/postfix/master.cf => sr/etc/postfix/master.cf
R etc/postfix/sasl/sasl_passwd => sr/etc/postfix/sasl/sasl_passwd
R etc/postfix/transport => sr/etc/postfix/transport
R etc/sr.ht/config.ini => sr/etc/sr.ht/config.ini
R etc/supervisor/conf.d/supervisord.conf => sr/etc/supervisor/conf.d/supervisord.conf
R usr/share/nginx/html/index.html => sr/usr/share/nginx/html/index.html
R usr/share/nginx/html/test.cgi => sr/usr/share/nginx/html/test.cgi
R usr/share/nginx/html/test.php => sr/usr/share/nginx/html/test.php
M .gitignore => .gitignore +3 -4
@@ 1,4 1,3 @@
etc/sr.ht/pgp.key
etc/sr.ht/pgp.pubkey
postgresql-data
redis-data
sr/etc/sr.ht/pgp.key
sr/etc/sr.ht/pgp.pubkey
postgres

M Makefile => Makefile +111 -14
@@ 1,20 1,117 @@
# set docker-compliant container management CLI binary
CONMAN=docker

# set fun names for the containers
HUTTESE_NETWORK=holonet
HUTTESE_SRHT=huttsr
HUTTESE_REDIS=huttredis
HUTTESE_POSTGRES=huttpg

# configure redis
REDIS_TARGET=redis:alpine3.15
REDIS_LOCALNAME=my-redis
REDIS_DATADIR=path/to/redis/db

# configure postgres
POSTGRES_TARGET=postgres:alpine3.15
POSTGRES_LOCALNAME=my-postgres
POSTGRES_DATADIR=/home/al_dente/dev/huttese/postgres
POSTGRES_CONF=/home/al_dente/dev/huttese/etc/postgresql/postgresql.conf

# set image tag data
SRHT_LOCALNAME=srht
SRHT_LOCALVERSION=1

cleanup:
	$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_REDIS) >/dev/null 2>&1 || true
	$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true

	$(CONMAN) rm --force $(HUTTESE_REDIS) >/dev/null 2>&1 || true
	$(CONMAN) image rm --force $(REDIS_LOCALNAME):latest >/dev/null 2>&1 || true

	$(CONMAN) rm --force $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true
	$(CONMAN) image rm --force $(POSTGRES_LOCALNAME):latest >/dev/null 2>&1 || true

setup:
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 \
		|| $(CONMAN) network create $(HUTTESE_NETWORK)

	$(CONMAN) inspect $(REDIS_LOCALNAME) >/dev/null 2>&1 \
		|| $(CONMAN) pull $(REDIS_TARGET) \
		&& $(CONMAN) tag $(REDIS_TARGET) $(REDIS_LOCALNAME)
	$(CONMAN) run --detach --name $(HUTTESE_REDIS) --restart always \
		$(REDIS_LOCALNAME)
	#if I need persistence later:
	#	--mount type=bind,src=$(REDIS_DATADIR),dst=/data \
	#	$(REDIS_LOCALNAME) redis-server --save 60 1 --loglevel warning
	$(CONMAN) network connect --alias $(HUTTESE_REDIS) \
		$(HUTTESE_NETWORK) $(HUTTESE_REDIS)
	# redis is now available at redis://huttredis:6379

	$(CONMAN) inspect $(POSTGRES_LOCALNAME) >/dev/null 2>&1 \
		|| $(CONMAN) pull $(POSTGRES_TARGET) \
		&& $(CONMAN) tag $(POSTGRES_TARGET) $(POSTGRES_LOCALNAME)
	$(CONMAN) run --detach --name $(HUTTESE_POSTGRES) --restart always \
		--env POSTGRES_HOST_AUTH_METHOD=trust \
		--mount type=bind,src=$(POSTGRES_DATADIR),dst=/var/lib/postgresql/data \
		--mount type=bind,src=$(POSTGRES_CONF),dst=/etc/postgresql/postgresql.conf \
		$(POSTGRES_LOCALNAME) -c 'config_file=/etc/postgresql/postgresql.conf'
	$(CONMAN) network connect --alias $(HUTTESE_POSTGRES) \
		$(HUTTESE_NETWORK) $(HUTTESE_POSTGRES)
	# postgres is now available at postgresql://postgres@huttpg:5432

image:
	docker build . --tag tatooine
	$(CONMAN) inspect $(SRHT_LOCALNAME) >/dev/null 2>&1 \
		|| $(CONMAN) build \
		--tag $(SRHT_LOCALNAME):latest \
		--tag $(SRHT_LOCALNAME):$(SRHT_LOCALVERSION) \
		sr/

clean:
	docker rm --force tatooine-dev
dbinit: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1

run:
	docker run -it --name tatooine-dev \
		--hostname tatooine -p 80:8080 \
		--mount type=bind,src=/home/al_dente/dev/huttese/redis-data,dst=/data \
		--mount type=bind,src=/home/al_dente/dev/huttese/postgresql-data,dst=/var/lib/postgresql/data \
		tatooine
	$(CONMAN) exec \
		$(HUTTESE_POSTGRES) createdb -U postgres meta.sr.ht
	$(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) metasrht-initdb
	$(CONMAN) rm $(HUTTESE_SRHT)_dbinit

dbmigrate: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head
	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) metasrht-migrate -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

start: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

start:
	docker run --detach --name tatooine-dev \
	$(CONMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
		--hostname tatooine -p 80:8080 \
		--mount type=bind,src=/home/al_dente/dev/huttese/redis-data,dst=/data \
		--mount type=bind,src=/home/al_dente/dev/huttese/postgresql-data,dst=/var/lib/postgresql/data \
		tatooine
		$(SRHT_LOCALNAME)
	$(CONMAN) network connect --alias $(HUTTESE_SRHT) \
		$(HUTTESE_NETWORK) $(HUTTESE_SRHT)

stop:
	$(CONMAN) stop $(SRHT_LOCALNAME)

restart:
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	$(CONMAN) restart $(SRHT_LOCALNAME)

clean:
	$(CONMAN) rm --force $(SRHT_LOCALNAME) >/dev/null 2>&1 || true
	$(CONMAN) image rm --force $(SRHT_LOCALNAME):latest >/dev/null 2>&1 || true


M README.md => README.md +24 -19
@@ 1,39 1,44 @@
## Usage
# huttese

Disable the haproxy docker container.
The image is built in `sr/`.

Paste the following into the hosts file:
Volume mounts are in the top-level directory.

```
127.0.0.1       git.intra.dominic-ricottone.com lists.intra.dominic-ricottone.com meta.intra.dominic-ricottone.com todo.intra.dominic-ricottone.com
```

Run `make clean && make run`.
Makefile is in the top-level directory.


## To-Do

nginx proxying is not working
nginx proxying is not working.

need metasrht service to become accessible so that i can register oauth for git, lists, todo services.

need metasrht service to become accessible so that i can register oauth for git, lists, todo services
should also setup the metasrht-webhook process (`celery -A metasrht.webhooks worker --loglevel=info`).

should also setup the metasrht-webhook process (celery -A metasrht.webhooks worker --loglevel=info)
maybe should run migration (`metasrht-migrate -a upgrade head`) every time?

maybe should run migration (metasrht-migrate -a upgrade head) every time?
probably should not be running most of these services as `root`.
[apkbuilds repo](https://git.sr.ht/~sircmpwn/sr.ht-apkbuilds/tree) indicates that metasrht (and friends) run as `meta`.
Probably have `git`, `lists`, `todo`, and `build` users.

most importantly, need to figure out how to secure pgp keys, worker private key, network private key, and webhook private key
most importantly, need to figure out how to secure pgp keys, worker private key, network private key, and webhook private key.

cleanup the postgres files, probably to a `pg` directory.


## Installation

Run `make image && make start`.
Disable the haproxy docker container.

On first run, these need to be done manually. Or at least after the postgres database is running.
Paste the following into the hosts file:

```
su - postgres
initdb /var/lib/postgresql/data
createdb -U postgres meta.sr.ht
metasrht-initdb
127.0.0.1       git.intra.dominic-ricottone.com lists.intra.dominic-ricottone.com meta.intra.dominic-ricottone.com todo.intra.dominic-ricottone.com
```

Run `make setup && make image && make dbinit && make start`.

For subsequent use, run `make image && make dbmigrate && make start`.

Or to just restart the service if stopped, try `make restart`.


M etc/postgresql/postgresql.conf => etc/postgresql/postgresql.conf +1 -1
@@ 53,7 53,7 @@ ident_file = '/var/lib/postgresql/data/pg_ident.conf'   # ident configuration fi

# - Connection Settings -

listen_addresses = 'localhost'                # comma-separated list of addresses; defaults to 'localhost'; use '*' for all
listen_addresses = 'huttpg'                   # comma-separated list of addresses; defaults to 'localhost'; use '*' for all
port = 5432
#max_connections = 100
#superuser_reserved_connections = 3

R Dockerfile => sr/Dockerfile +1 -11
@@ 2,13 2,10 @@ FROM alpine:3.15
COPY etc/apk/repositories /etc/apk/repositories
RUN wget --quiet --output-document=/etc/apk/keys/alpine@sr.ht.rsa.pub https://mirror.sr.ht/alpine/alpine@sr.ht.rsa.pub
RUN apk update
RUN apk add redis postgresql14 postfix meta.sr.ht git.sr.ht todo.sr.ht supervisor nginx fcgiwrap spawn-fcgi py3-gunicorn celery
RUN apk add postfix meta.sr.ht git.sr.ht todo.sr.ht supervisor nginx fcgiwrap spawn-fcgi py3-gunicorn

# setup directories
RUN mkdir /etc/postfix/sasl && chmod 700 /etc/postfix/sasl
RUN mkdir /data
RUN mkdir /var/lib/postgresql/data && chown postgres:postgres /var/lib/postgresql/data && chmod 750 /var/lib/postgresql/data
RUN mkdir /run/postgresql && chown postgres:postgres /run/postgresql
RUN mkdir /var/log/supervisord

# setup nginx


@@ 36,13 33,6 @@ RUN postmap /etc/postfix/generic
COPY etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd
RUN postmap /etc/postfix/sasl/sasl_passwd

# setup redis
VOLUME /data

# setup postgresql
VOLUME /var/lib/postgresql/data
COPY --chown=postgres:postgres etc/postgresql/postgresql.conf /etc/postgresql/postgresql.conf

# setup sourcehut
COPY etc/sr.ht/config.ini /etc/sr.ht/config.ini
COPY etc/sr.ht/pgp.key /etc/sr.ht/pgp.key

R etc/apk/repositories => sr/etc/apk/repositories +0 -0
R etc/nginx/graphql.conf => sr/etc/nginx/graphql.conf +0 -0
R etc/nginx/headers.conf => sr/etc/nginx/headers.conf +0 -0
R etc/nginx/http.d/default.conf => sr/etc/nginx/http.d/default.conf +0 -0
R etc/nginx/http.d/git.conf => sr/etc/nginx/http.d/git.conf +0 -0
R etc/nginx/http.d/lists.conf => sr/etc/nginx/http.d/lists.conf +0 -0
R etc/nginx/http.d/meta.conf => sr/etc/nginx/http.d/meta.conf +0 -0
R etc/nginx/http.d/test.conf => sr/etc/nginx/http.d/test.conf +0 -0
R etc/nginx/http.d/todo.conf => sr/etc/nginx/http.d/todo.conf +0 -0
R etc/nginx/nginx.conf => sr/etc/nginx/nginx.conf +0 -0
R etc/nginx/web.conf => sr/etc/nginx/web.conf +0 -0
R etc/postfix/generic => sr/etc/postfix/generic +0 -0
R etc/postfix/main.cf => sr/etc/postfix/main.cf +0 -0
R etc/postfix/master.cf => sr/etc/postfix/master.cf +0 -0
R etc/postfix/sasl/sasl_passwd => sr/etc/postfix/sasl/sasl_passwd +0 -0
R etc/postfix/transport => sr/etc/postfix/transport +0 -0
R etc/sr.ht/config.ini => sr/etc/sr.ht/config.ini +14 -14
@@ 20,7 20,7 @@ service-key=REDACTED
# try: `srht-keygen network`
network-key=REDACTED

redis-host=redis://localhost
redis-host=redis://huttredis


[objects]


@@ 64,12 64,12 @@ post-update-script=/usr/bin/gitsrht-update-hook
outgoing-domain=tatooine

# SQLAlchemy connection string
#connection-string=postgresql://postgres@localhost/git.sr.ht
connection-string=postgresql://postgres@localhost/git.sr.ht?sslmode=disable
#connection-string=postgresql://postgres@huttpg:5432/git.sr.ht
connection-string=postgresql://postgres@huttpg:5432/git.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://localhost:6379/1
webhooks=redis://huttredis:6379/1

s3-bucket=
s3-prefix=


@@ 101,15 101,15 @@ debug-host=0.0.0.0
debug-port=5006

# SQLAlchemy connection string
#connection-string=postgresql://postgres@localhost/lists.sr.ht
connection-string=postgresql://postgres@localhost/lists.sr.ht?sslmode=disable
#connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht
connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://localhost:6379/1
webhooks=redis://huttredis:6379/1

# Celery connection string
redis=redis://localhost:6379/0
redis=redis://huttredis:6379/0

# Trusted upstream SMTP server generating Authentication-Results header fields
msgauth-server=tatooine


@@ 146,12 146,12 @@ debug-host=0.0.0.0
debug-port=5000

# SQLAlchemy connection string
#connection-string=postgresql://postgres@localhost/meta.sr.ht
connection-string=postgresql://postgres@localhost/meta.sr.ht?sslmode=disable
#connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht
connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://localhost:6379/1
webhooks=redis://huttredis:6379/1


[meta.sr.ht::api]


@@ 200,11 200,11 @@ oauth-client-secret=
notify-from=hutt@tatooine

# SQLAlchemy connection string
#connection-string=postgresql://postgres@localhost/todo.sr.ht
connection-string=postgresql://postgres@localhost/todo.sr.ht?sslmode=disable
#connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht
connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://localhost:6379/1
webhooks=redis://huttredis:6379/1



R etc/supervisor/conf.d/supervisord.conf => sr/etc/supervisor/conf.d/supervisord.conf +0 -11
@@ 16,17 16,6 @@ command=postfix start
startsecs=0
redirect_stderr=true

[program:postgresql]
autorestart=true
command=postgres -c config_file=/etc/postgresql/postgresql.conf
redirect_stderr=true
user=postgres

[program:redis]
autorestart=true
command=redis-server --save 60 1 --loglevel warning
redirect_stderr=true

[program:spawn-fcgi]
autorestart=true
command=spawn-fcgi -n -u nginx -p 9000 -- /usr/bin/fcgiwrap -f

R usr/share/nginx/html/index.html => sr/usr/share/nginx/html/index.html +0 -0
R usr/share/nginx/html/test.cgi => sr/usr/share/nginx/html/test.cgi +0 -0
R usr/share/nginx/html/test.php => sr/usr/share/nginx/html/test.php +0 -0