26 files changed, 154 insertions(+), 74 deletions(-)

M .gitignore
M Makefile
M README.md
M etc/postgresql/postgresql.conf
R Dockerfile => sr/Dockerfile
R etc/apk/repositories => sr/etc/apk/repositories
R etc/nginx/graphql.conf => sr/etc/nginx/graphql.conf
R etc/nginx/headers.conf => sr/etc/nginx/headers.conf
R etc/nginx/http.d/default.conf => sr/etc/nginx/http.d/default.conf
R etc/nginx/http.d/git.conf => sr/etc/nginx/http.d/git.conf
R etc/nginx/http.d/lists.conf => sr/etc/nginx/http.d/lists.conf
R etc/nginx/http.d/meta.conf => sr/etc/nginx/http.d/meta.conf
R etc/nginx/http.d/test.conf => sr/etc/nginx/http.d/test.conf
R etc/nginx/http.d/todo.conf => sr/etc/nginx/http.d/todo.conf
R etc/nginx/nginx.conf => sr/etc/nginx/nginx.conf
R etc/nginx/web.conf => sr/etc/nginx/web.conf
R etc/postfix/generic => sr/etc/postfix/generic
R etc/postfix/main.cf => sr/etc/postfix/main.cf
R etc/postfix/master.cf => sr/etc/postfix/master.cf
R etc/postfix/sasl/sasl_passwd => sr/etc/postfix/sasl/sasl_passwd
R etc/postfix/transport => sr/etc/postfix/transport
R etc/sr.ht/config.ini => sr/etc/sr.ht/config.ini
R etc/supervisor/conf.d/supervisord.conf => sr/etc/supervisor/conf.d/supervisord.conf
R usr/share/nginx/html/index.html => sr/usr/share/nginx/html/index.html
R usr/share/nginx/html/test.cgi => sr/usr/share/nginx/html/test.cgi
R usr/share/nginx/html/test.php => sr/usr/share/nginx/html/test.php

@@ 1,4 1,3 @@
-etc/sr.ht/pgp.key
-etc/sr.ht/pgp.pubkey
-postgresql-data
-redis-data
+sr/etc/sr.ht/pgp.key
+sr/etc/sr.ht/pgp.pubkey
+postgres

@@ 1,20 1,117 @@
+# set docker-compliant container management CLI binary
+CONMAN=docker
+
+# set fun names for the containers
+HUTTESE_NETWORK=holonet
+HUTTESE_SRHT=huttsr
+HUTTESE_REDIS=huttredis
+HUTTESE_POSTGRES=huttpg
+
+# configure redis
+REDIS_TARGET=redis:alpine3.15
+REDIS_LOCALNAME=my-redis
+REDIS_DATADIR=path/to/redis/db
+
+# configure postgres
+POSTGRES_TARGET=postgres:alpine3.15
+POSTGRES_LOCALNAME=my-postgres
+POSTGRES_DATADIR=/home/al_dente/dev/huttese/postgres
+POSTGRES_CONF=/home/al_dente/dev/huttese/etc/postgresql/postgresql.conf
+
+# set image tag data
+SRHT_LOCALNAME=srht
+SRHT_LOCALVERSION=1
+
+cleanup:
+	$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_REDIS) >/dev/null 2>&1 || true
+	$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true
+
+	$(CONMAN) rm --force $(HUTTESE_REDIS) >/dev/null 2>&1 || true
+	$(CONMAN) image rm --force $(REDIS_LOCALNAME):latest >/dev/null 2>&1 || true
+
+	$(CONMAN) rm --force $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true
+	$(CONMAN) image rm --force $(POSTGRES_LOCALNAME):latest >/dev/null 2>&1 || true
+
+setup:
+	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 \
+		|| $(CONMAN) network create $(HUTTESE_NETWORK)
+
+	$(CONMAN) inspect $(REDIS_LOCALNAME) >/dev/null 2>&1 \
+		|| $(CONMAN) pull $(REDIS_TARGET) \
+		&& $(CONMAN) tag $(REDIS_TARGET) $(REDIS_LOCALNAME)
+	$(CONMAN) run --detach --name $(HUTTESE_REDIS) --restart always \
+		$(REDIS_LOCALNAME)
+	#if I need persistence later:
+	#	--mount type=bind,src=$(REDIS_DATADIR),dst=/data \
+	#	$(REDIS_LOCALNAME) redis-server --save 60 1 --loglevel warning
+	$(CONMAN) network connect --alias $(HUTTESE_REDIS) \
+		$(HUTTESE_NETWORK) $(HUTTESE_REDIS)
+	# redis is now available at redis://huttredis:6379
+
+	$(CONMAN) inspect $(POSTGRES_LOCALNAME) >/dev/null 2>&1 \
+		|| $(CONMAN) pull $(POSTGRES_TARGET) \
+		&& $(CONMAN) tag $(POSTGRES_TARGET) $(POSTGRES_LOCALNAME)
+	$(CONMAN) run --detach --name $(HUTTESE_POSTGRES) --restart always \
+		--env POSTGRES_HOST_AUTH_METHOD=trust \
+		--mount type=bind,src=$(POSTGRES_DATADIR),dst=/var/lib/postgresql/data \
+		--mount type=bind,src=$(POSTGRES_CONF),dst=/etc/postgresql/postgresql.conf \
+		$(POSTGRES_LOCALNAME) -c 'config_file=/etc/postgresql/postgresql.conf'
+	$(CONMAN) network connect --alias $(HUTTESE_POSTGRES) \
+		$(HUTTESE_NETWORK) $(HUTTESE_POSTGRES)
+	# postgres is now available at postgresql://postgres@huttpg:5432
+
 image:
-	docker build . --tag tatooine
+	$(CONMAN) inspect $(SRHT_LOCALNAME) >/dev/null 2>&1 \
+		|| $(CONMAN) build \
+		--tag $(SRHT_LOCALNAME):latest \
+		--tag $(SRHT_LOCALNAME):$(SRHT_LOCALVERSION) \
+		sr/
 
-clean:
-	docker rm --force tatooine-dev
+dbinit: image
+	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
+	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
 
-run:
-	docker run -it --name tatooine-dev \
-		--hostname tatooine -p 80:8080 \
-		--mount type=bind,src=/home/al_dente/dev/huttese/redis-data,dst=/data \
-		--mount type=bind,src=/home/al_dente/dev/huttese/postgresql-data,dst=/var/lib/postgresql/data \
-		tatooine
+	$(CONMAN) exec \
+		$(HUTTESE_POSTGRES) createdb -U postgres meta.sr.ht
+	$(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
+		--network $(HUTTESE_NETWORK) \
+		$(SRHT_LOCALNAME) metasrht-initdb
+	$(CONMAN) rm $(HUTTESE_SRHT)_dbinit
+
+dbmigrate: image
+	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
+	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+
+	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
+		--network $(HUTTESE_NETWORK) \
+		$(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head
+	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
+		--network $(HUTTESE_NETWORK) \
+		$(SRHT_LOCALNAME) metasrht-migrate -a upgrade head
+	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+
+start: image
+	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
+	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
 
-start:
-	docker run --detach --name tatooine-dev \
+	$(CONMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
 		--hostname tatooine -p 80:8080 \
-		--mount type=bind,src=/home/al_dente/dev/huttese/redis-data,dst=/data \
-		--mount type=bind,src=/home/al_dente/dev/huttese/postgresql-data,dst=/var/lib/postgresql/data \
-		tatooine
+		$(SRHT_LOCALNAME)
+	$(CONMAN) network connect --alias $(HUTTESE_SRHT) \
+		$(HUTTESE_NETWORK) $(HUTTESE_SRHT)
+
+stop:
+	$(CONMAN) stop $(SRHT_LOCALNAME)
+
+restart:
+	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
+	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+	$(CONMAN) restart $(SRHT_LOCALNAME)
+
+clean:
+	$(CONMAN) rm --force $(SRHT_LOCALNAME) >/dev/null 2>&1 || true
+	$(CONMAN) image rm --force $(SRHT_LOCALNAME):latest >/dev/null 2>&1 || true
 

@@ 1,39 1,44 @@
-## Usage
+# huttese
 
-Disable the haproxy docker container.
+The image is built in `sr/`.
 
-Paste the following into the hosts file:
+Volume mounts are in the top-level directory.
 
-```
-127.0.0.1       git.intra.dominic-ricottone.com lists.intra.dominic-ricottone.com meta.intra.dominic-ricottone.com todo.intra.dominic-ricottone.com
-```
-
-Run `make clean && make run`.
+Makefile is in the top-level directory.
 
 
 ## To-Do
 
-nginx proxying is not working
+nginx proxying is not working.
+
+need metasrht service to become accessible so that i can register oauth for git, lists, todo services.
 
-need metasrht service to become accessible so that i can register oauth for git, lists, todo services
+should also setup the metasrht-webhook process (`celery -A metasrht.webhooks worker --loglevel=info`).
 
-should also setup the metasrht-webhook process (celery -A metasrht.webhooks worker --loglevel=info)
+maybe should run migration (`metasrht-migrate -a upgrade head`) every time?
 
-maybe should run migration (metasrht-migrate -a upgrade head) every time?
+probably should not be running most of these services as `root`.
+[apkbuilds repo](https://git.sr.ht/~sircmpwn/sr.ht-apkbuilds/tree) indicates that metasrht (and friends) run as `meta`.
+Probably have `git`, `lists`, `todo`, and `build` users.
 
-most importantly, need to figure out how to secure pgp keys, worker private key, network private key, and webhook private key
+most importantly, need to figure out how to secure pgp keys, worker private key, network private key, and webhook private key.
+
+cleanup the postgres files, probably to a `pg` directory.
 
 
 ## Installation
 
-Run `make image && make start`.
+Disable the haproxy docker container.
 
-On first run, these need to be done manually. Or at least after the postgres database is running.
+Paste the following into the hosts file:
 
 ```
-su - postgres
-initdb /var/lib/postgresql/data
-createdb -U postgres meta.sr.ht
-metasrht-initdb
+127.0.0.1       git.intra.dominic-ricottone.com lists.intra.dominic-ricottone.com meta.intra.dominic-ricottone.com todo.intra.dominic-ricottone.com
 ```
 
+Run `make setup && make image && make dbinit && make start`.
+
+For subsequent use, run `make image && make dbmigrate && make start`.
+
+Or to just restart the service if stopped, try `make restart`.
+

@@ 53,7 53,7 @@ ident_file = '/var/lib/postgresql/data/pg_ident.conf'   # ident configuration fi
 
 # - Connection Settings -
 
-listen_addresses = 'localhost'                # comma-separated list of addresses; defaults to 'localhost'; use '*' for all
+listen_addresses = 'huttpg'                   # comma-separated list of addresses; defaults to 'localhost'; use '*' for all
 port = 5432
 #max_connections = 100
 #superuser_reserved_connections = 3

@@ 2,13 2,10 @@ FROM alpine:3.15
 COPY etc/apk/repositories /etc/apk/repositories
 RUN wget --quiet --output-document=/etc/apk/keys/alpine@sr.ht.rsa.pub https://mirror.sr.ht/alpine/alpine@sr.ht.rsa.pub
 RUN apk update
-RUN apk add redis postgresql14 postfix meta.sr.ht git.sr.ht todo.sr.ht supervisor nginx fcgiwrap spawn-fcgi py3-gunicorn celery
+RUN apk add postfix meta.sr.ht git.sr.ht todo.sr.ht supervisor nginx fcgiwrap spawn-fcgi py3-gunicorn
 
 # setup directories
 RUN mkdir /etc/postfix/sasl && chmod 700 /etc/postfix/sasl
-RUN mkdir /data
-RUN mkdir /var/lib/postgresql/data && chown postgres:postgres /var/lib/postgresql/data && chmod 750 /var/lib/postgresql/data
-RUN mkdir /run/postgresql && chown postgres:postgres /run/postgresql
 RUN mkdir /var/log/supervisord
 
 # setup nginx


@@ 36,13 33,6 @@ RUN postmap /etc/postfix/generic
 COPY etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd
 RUN postmap /etc/postfix/sasl/sasl_passwd
 
-# setup redis
-VOLUME /data
-
-# setup postgresql
-VOLUME /var/lib/postgresql/data
-COPY --chown=postgres:postgres etc/postgresql/postgresql.conf /etc/postgresql/postgresql.conf
-
 # setup sourcehut
 COPY etc/sr.ht/config.ini /etc/sr.ht/config.ini
 COPY etc/sr.ht/pgp.key /etc/sr.ht/pgp.key

@@ 20,7 20,7 @@ service-key=REDACTED
 # try: `srht-keygen network`
 network-key=REDACTED
 
-redis-host=redis://localhost
+redis-host=redis://huttredis
 
 
 [objects]


@@ 64,12 64,12 @@ post-update-script=/usr/bin/gitsrht-update-hook
 outgoing-domain=tatooine
 
 # SQLAlchemy connection string
-#connection-string=postgresql://postgres@localhost/git.sr.ht
-connection-string=postgresql://postgres@localhost/git.sr.ht?sslmode=disable
+#connection-string=postgresql://postgres@huttpg:5432/git.sr.ht
+connection-string=postgresql://postgres@huttpg:5432/git.sr.ht?sslmode=disable
 migrate-on-upgrade=yes
 
 # Webhooks connection string
-webhooks=redis://localhost:6379/1
+webhooks=redis://huttredis:6379/1
 
 s3-bucket=
 s3-prefix=


@@ 101,15 101,15 @@ debug-host=0.0.0.0
 debug-port=5006
 
 # SQLAlchemy connection string
-#connection-string=postgresql://postgres@localhost/lists.sr.ht
-connection-string=postgresql://postgres@localhost/lists.sr.ht?sslmode=disable
+#connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht
+connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht?sslmode=disable
 migrate-on-upgrade=yes
 
 # Webhooks connection string
-webhooks=redis://localhost:6379/1
+webhooks=redis://huttredis:6379/1
 
 # Celery connection string
-redis=redis://localhost:6379/0
+redis=redis://huttredis:6379/0
 
 # Trusted upstream SMTP server generating Authentication-Results header fields
 msgauth-server=tatooine


@@ 146,12 146,12 @@ debug-host=0.0.0.0
 debug-port=5000
 
 # SQLAlchemy connection string
-#connection-string=postgresql://postgres@localhost/meta.sr.ht
-connection-string=postgresql://postgres@localhost/meta.sr.ht?sslmode=disable
+#connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht
+connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht?sslmode=disable
 migrate-on-upgrade=yes
 
 # Webhooks connection string
-webhooks=redis://localhost:6379/1
+webhooks=redis://huttredis:6379/1
 
 
 [meta.sr.ht::api]


@@ 200,11 200,11 @@ oauth-client-secret=
 notify-from=hutt@tatooine
 
 # SQLAlchemy connection string
-#connection-string=postgresql://postgres@localhost/todo.sr.ht
-connection-string=postgresql://postgres@localhost/todo.sr.ht?sslmode=disable
+#connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht
+connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht?sslmode=disable
 migrate-on-upgrade=yes
 
 # Webhooks connection string
-webhooks=redis://localhost:6379/1
+webhooks=redis://huttredis:6379/1
 
 

@@ 16,17 16,6 @@ command=postfix start
 startsecs=0
 redirect_stderr=true
 
-[program:postgresql]
-autorestart=true
-command=postgres -c config_file=/etc/postgresql/postgresql.conf
-redirect_stderr=true
-user=postgres
-
-[program:redis]
-autorestart=true
-command=redis-server --save 60 1 --loglevel warning
-redirect_stderr=true
-
 [program:spawn-fcgi]
 autorestart=true
 command=spawn-fcgi -n -u nginx -p 9000 -- /usr/bin/fcgiwrap -f