~dricottone/huttese

c976d75090723c7792c995d225e1d05263524aaa — Dominic Ricottone 2 years ago fe46d74
Configuration updates

The NGINX and Sourcehut configurations now are set for the final domains
(i.e. git.dominic-ricottone.com not git.intra.dominic-ricottone.com).

Paths in Makefiles are now set for deployment.

The Makefile has been split between `docker` and `podman` versions. The
`docker` version is effectively final. I will be working with `podman`
from this point on.

All services are up and running via `supervisord`, with possible exception
for `todosrht-lmtp`. I continue to try small changes to Postfix and/or
`todosrht` configurations.
M .gitignore => .gitignore +1 -1
@@ 1,3 1,3 @@
sr/etc/sr.ht/pgp.key
sr/etc/sr.ht/pgp.pubkey
postgres
**/datadir

R Makefile => Makefile.docker +64 -7
@@ 10,21 10,23 @@ HUTTESE_POSTGRES=huttpg
# configure redis
REDIS_TARGET=redis:alpine3.15
REDIS_LOCALNAME=my-redis
REDIS_DATADIR=path/to/redis/db
REDIS_DATADIR=/var/deploy/data/redis

# configure postgres
POSTGRES_TARGET=postgres:alpine3.15
POSTGRES_LOCALNAME=my-postgres
POSTGRES_DATADIR=/home/al_dente/dev/huttese/postgres
POSTGRES_CONF=/home/al_dente/dev/huttese/etc/postgresql/postgresql.conf
POSTGRES_DATADIR=/var/deploy/data/postgres
POSTGRES_CONF=/var/deploy/conf/postgres/postgresql.conf

# configure git
GIT_DATADIR=/home/al_dente/dev/huttese/git/datadir
GIT_DATADIR=/var/deploy/data/git

# set image tag data
SRHT_LOCALNAME=srht
SRHT_LOCALVERSION=1

CERTDIR=/var/deploy/certs

cleanup:
	$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_REDIS) >/dev/null 2>&1 || true
	$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true


@@ 74,13 76,28 @@ dbinit: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1

	$(CONMAN) exec \
		$(HUTTESE_POSTGRES) createdb -U postgres meta.sr.ht
	$(CONMAN) exec $(HUTTESE_POSTGRES) \
		createdb -U postgres meta.sr.ht
	$(CONMAN) exec $(HUTTESE_POSTGRES) \
		createdb -U postgres git.sr.ht
	$(CONMAN) exec $(HUTTESE_POSTGRES) \
		createdb -U postgres todo.sr.ht

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) metasrht-initdb
	$(CONMAN) rm $(HUTTESE_SRHT)_dbinit

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) gitsrht-initdb
	$(CONMAN) rm $(HUTTESE_SRHT)_dbinit

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) todosrht-initdb
	$(CONMAN) rm $(HUTTESE_SRHT)_dbinit

dbmigrate: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1


@@ 88,23 105,63 @@ dbmigrate: image
	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) metasrht-migrate -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) srht-migrate git.sr.ht -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) gitsrht-migrate -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) srht-migrate todo.sr.ht -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

	$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
		--network $(HUTTESE_NETWORK) \
		$(SRHT_LOCALNAME) todosrht-migrate -a upgrade head
	$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate

start: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	$(CONMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
		--hostname tatooine -p 80:8080 \
		--hostname tatooine --hostname dominic-ricottone.com \
		--publish 0.0.0.0:80:80 --publish 0.0.0.0:443:443\
		--mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \
		--mount type=bind,src=$(CERTDIR),dst=/var/lets-encrypt \
		$(SRHT_LOCALNAME)
	$(CONMAN) network connect --alias $(HUTTESE_SRHT) \
		$(HUTTESE_NETWORK) $(HUTTESE_SRHT)

USER_EMAIL?=
USER_NAME?=
adduser:
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	@echo "USAGE: USER_EMAIL=me@example.com USER_NAME=me make adduser"
	$(CONMAN) exec -it $(HUTTESE_SRHT) metasrht-manageuser -e $(USER_EMAIL) -t admin $(USER_NAME)

shell: image
	$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	$(CONMAN) exec -it $(HUTTESE_SRHT) sh

stop:
	$(CONMAN) stop $(SRHT_LOCALNAME)


A Makefile.podman => Makefile.podman +160 -0
@@ 0,0 1,160 @@
# set podman-compliant container management CLI binary
PODMAN=podman

# set fun names for the containers
HUTTESE_POD=podracing
HUTTESE_SRHT=huttsr
HUTTESE_REDIS=huttredis
HUTTESE_POSTGRES=huttpg

# configure redis
REDIS_TARGET=redis:alpine3.15
REDIS_LOCALNAME=my-redis
REDIS_DATADIR=/var/deploy/data/redis

# configure postgres
POSTGRES_TARGET=postgres:alpine3.15
POSTGRES_LOCALNAME=my-postgres
POSTGRES_DATADIR=/var/deploy/data/postgres
POSTGRES_CONF=/var/deploy/conf/postgres/postgresql.conf

# configure git
GIT_DATADIR=/var/deploy/data/git

# set image tag data
SRHT_LOCALNAME=srht
SRHT_LOCALVERSION=1

CERTDIR=/var/deploy/certs

pod:
	$(PODMAN) pod exists $(HUTTESE_POD) >/dev/null 2>&1 \
		|| $(PODMAN) pod create --name $(HUTTESE_POD) \
		--publish 0.0.0.0:80:80 --publish 0.0.0.0:443:443

cleanup:
	$(PODMAN) rm --force $(HUTTESE_REDIS) >/dev/null 2>&1 || true
	$(PODMAN) image rm --force $(REDIS_LOCALNAME):latest >/dev/null 2>&1 || true

	$(PODMAN) rm --force $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true
	$(PODMAN) image rm --force $(POSTGRES_LOCALNAME):latest >/dev/null 2>&1 || true

setup: pod
	$(PODMAN) inspect $(REDIS_LOCALNAME) >/dev/null 2>&1 \
		|| $(PODMAN) pull $(REDIS_TARGET) \
		&& $(PODMAN) tag $(REDIS_TARGET) $(REDIS_LOCALNAME)
	$(PODMAN) run --detach --name $(HUTTESE_REDIS) --restart always \
		--pod podracing \
		$(REDIS_LOCALNAME)
	#if I need persistence later:
	#	--mount type=bind,src=$(REDIS_DATADIR),dst=/data \
	#	$(REDIS_LOCALNAME) redis-server --save 60 1 --loglevel warning
	# redis is now available at redis://huttredis:6379

	$(PODMAN) inspect $(POSTGRES_LOCALNAME) >/dev/null 2>&1 \
		|| $(PODMAN) pull $(POSTGRES_TARGET) \
		&& $(PODMAN) tag $(POSTGRES_TARGET) $(POSTGRES_LOCALNAME)
	$(PODMAN) run --detach --name $(HUTTESE_POSTGRES) --restart always \
		--env POSTGRES_HOST_AUTH_METHOD=trust \
		--pod podracing \
		--mount type=bind,src=$(POSTGRES_DATADIR),dst=/var/lib/postgresql/data \
		--mount type=bind,src=$(POSTGRES_CONF),dst=/etc/postgresql/postgresql.conf \
		$(POSTGRES_LOCALNAME) -c 'config_file=/etc/postgresql/postgresql.conf'
	# postgres is now available at postgresql://postgres@huttpg:5432

image:
	$(PODMAN) inspect $(SRHT_LOCALNAME) >/dev/null 2>&1 \
		|| $(PODMAN) build \
		--tag $(SRHT_LOCALNAME):latest \
		--tag $(SRHT_LOCALNAME):$(SRHT_LOCALVERSION) \
		sr/

dbinit: pod image
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(PODMAN) exec $(HUTTESE_POSTGRES) \
		createdb -U postgres meta.sr.ht
	$(PODMAN) exec $(HUTTESE_POSTGRES) \
		createdb -U postgres git.sr.ht
	$(PODMAN) exec $(HUTTESE_POSTGRES) \
		createdb -U postgres todo.sr.ht

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) metasrht-initdb

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) metasrht-initdb
		$(SRHT_LOCALNAME) gitsrht-initdb

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) todosrht-initdb

dbmigrate: pod image
	$(PODMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) metasrht-migrate -a upgrade head

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) srht-migrate git.sr.ht -a upgrade head

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) gitsrht-migrate -a upgrade head

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) srht-migrate todo.sr.ht -a upgrade head

	$(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
		--pod podracing \
		$(SRHT_LOCALNAME) todosrht-migrate -a upgrade head

start: pod image
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	$(PODMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
		--hostname tatooine --hostname dominic-ricottone.com \
		--pod podracing \
		--mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \
		--mount type=bind,src=$(CERTDIR),dst=/var/lets-encrypt \
		$(SRHT_LOCALNAME)

USER_EMAIL?=
USER_NAME?=
adduser:
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	@echo "USAGE: USER_EMAIL=me@example.com USER_NAME=me make adduser"
	$(PODMAN) exec -it $(HUTTESE_SRHT) metasrht-manageuser -e $(USER_EMAIL) -t admin $(USER_NAME)

shell:
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	$(PODMAN) exec -it $(HUTTESE_SRHT) sh

stop:
	$(PODMAN) stop $(SRHT_LOCALNAME)

restart:
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
	$(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1

	$(PODMAN) restart $(SRHT_LOCALNAME)

clean:
	$(PODMAN) rm --force $(HUTTESE_SRHT) >/dev/null 2>&1 || true
	$(PODMAN) image rm --force $(SRHT_LOCALNAME):latest >/dev/null 2>&1 || true


R etc/postgresql/postgresql.conf => pg/postgresql.conf +0 -0
M sr/Dockerfile => sr/Dockerfile +2 -1
@@ 41,7 41,8 @@ COPY etc/sr.ht/pgp.pubkey /etc/sr.ht/pgp.pubkey

# setup supervisor
USER root
EXPOSE 8080
EXPOSE 80
EXPOSE 443
COPY etc/supervisor/conf.d/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"]


M sr/etc/nginx/http.d/git.conf => sr/etc/nginx/http.d/git.conf +33 -2
@@ 1,8 1,31 @@
server {
	listen 8080;
	listen 80;
	server_name git.dominic-ricottone.com;

	location / {
		return 302 https://$server_name$request_uri;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}

server {
	listen 443 ssl http2;
	gzip on;
	gzip_types text/css text/html;
	server_name git.intra.dominic-ricottone.com;
	server_name git.dominic-ricottone.com;

	ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
	ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;

	client_max_body_size 100M;



@@ 41,5 64,13 @@ server {
		include fastcgi_params;
		gzip off;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}


M sr/etc/nginx/http.d/lists.conf => sr/etc/nginx/http.d/lists.conf +34 -2
@@ 1,8 1,32 @@
server {
	listen 8080;
	listen 80;
	server_name lists.dominic-ricottone.com;

	location / {
		return 302 https://$server_name$request_uri;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}

server {
	listen 443 ssl http2;
	gzip on;
	gzip_types text/css text/html;
	server_name lists.intra.dominic-ricottone.com;
	server_name lists.dominic-ricottone.com;

	ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
	ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;

	client_max_body_size 100M;

	location / {


@@ 21,5 45,13 @@ server {
		root /usr/lib/python3.9/site-packages/listssrht;
		expires 30d;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}


M sr/etc/nginx/http.d/meta.conf => sr/etc/nginx/http.d/meta.conf +33 -2
@@ 1,8 1,31 @@
server {
	listen 8080;
	listen 80;
	server_name meta.dominic-ricottone.com;

	location / {
		return 302 https://$server_name$request_uri;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}

server {
	listen 443 ssl http2;
	gzip on;
	gzip_types text/css text/html;
	server_name meta.intra.dominic-ricottone.com;
	server_name meta.dominic-ricottone.com;

	ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
	ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;

	location / {
		proxy_pass http://localhost:5000;


@@ 25,5 48,13 @@ server {
		root /usr/lib/python3.9/site-packages/metasrht;
		expires 30d;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}


M sr/etc/nginx/http.d/test.conf => sr/etc/nginx/http.d/test.conf +7 -1
@@ 1,5 1,11 @@
server {
	listen 8080 default_server;
	listen 80 default_server;
	listen 443 default_server;
	ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
	ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;
	server_name _;

	root /usr/share/nginx/html;

M sr/etc/nginx/http.d/todo.conf => sr/etc/nginx/http.d/todo.conf +33 -2
@@ 1,8 1,31 @@
server {
	listen 8080;
	listen 80;
	server_name todo.dominic-ricottone.com;

	location / {
		return 302 https://$server_name$request_uri;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}

server {
	listen 443 ssl http2;
	gzip on;
	gzip_types text/css text/html;
	server_name todo.intra.dominic-ricottone.com;
	server_name todo.dominic-ricottone.com;

	ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
	ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;

	client_max_body_size 100M;



@@ 22,5 45,13 @@ server {
		root /usr/lib/python3.9/site-packages/todosrht;
		expires 30d;
	}

	location ^~ /.well-known {
		root /var/www;
	}

	location = /robots.txt {
		root /var/www;
	}
}


M sr/etc/postfix/transport => sr/etc/postfix/transport +1 -0
@@ 1,3 1,4 @@
lists.tatooine.localdomain lmtp:unix:/tmp/lists.sr.ht-lmtp.sock
lists.tatooine lmtp:unix:/tmp/lists.sr.ht-lmtp.sock
tatooine.localdomain local:tatooine
tatooine local:tatooine

M sr/etc/sr.ht/config.ini => sr/etc/sr.ht/config.ini +22 -20
@@ 4,10 4,9 @@ site-info=https://dominic-ricottone.com
site-blurb=hutt
owner-name=Dominic Ricottone
owner-email=me@dominic-ricottone.com
global-domain=http://intra.dominic-ricottone.com
global-domain=dominic-ricottone.com

#environment=production
environment=development
environment=production

# URL for source code?
source-url=https://git.sr.ht/~sircmpwn/srht


@@ 21,7 20,7 @@ service-key=REDACTED
# try: `srht-keygen network`
network-key=REDACTED

redis-host=redis://huttredis
redis-host=redis://localhost


[objects]


@@ 39,7 38,7 @@ smtp-user=
smtp-password=

# Email address to dump exceptions at?
error-to=REDACTED
error-to=root@tatooine
error-from=hutt@tatooine

pgp-privkey=/etc/sr.ht/pgp.key


@@ 53,10 52,10 @@ private-key=REDACTED


[git.sr.ht]
origin=http://git.intra.dominic-ricottone.com
origin=http://git.dominic-ricottone.com
debug-host=0.0.0.0
debug-port=5001
api-origin=http://localhost:5101
#api-origin=http://localhost:5101
# try: meta.localhost/oauth
oauth-client-id=CHANGEME
oauth-client-secret=CHANGEME


@@ 65,12 64,11 @@ post-update-script=/usr/bin/gitsrht-update-hook
outgoing-domain=tatooine

# SQLAlchemy connection string
#connection-string=postgresql://postgres@huttpg:5432/git.sr.ht
connection-string=postgresql://postgres@huttpg:5432/git.sr.ht?sslmode=disable
connection-string=postgresql://postgres@localhost:5432/git.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://huttredis:6379/1
webhooks=redis://localhost:6379/1

s3-bucket=
s3-prefix=


@@ 89,21 87,20 @@ internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8


[meta.sr.ht]
origin=http://localhost:5000
origin=http://meta.dominic-ricottone.com
welcome-emails=no
api-origin=http://localhost:5100
#api-origin=http://localhost:5100

# Debug host
debug-host=0.0.0.0
debug-port=5000

# SQLAlchemy connection string
#connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht
connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht?sslmode=disable
connection-string=postgresql://postgres@localhost:5432/meta.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://huttredis:6379/1
webhooks=redis://localhost:6379/1


[meta.sr.ht::api]


@@ 135,7 132,7 @@ auth-method=builtin


[meta.sr.ht::auth::unix-pam]
email-default-domain=dominic-ricottone.com
email-default-domain=tatooine
service=sshd
admin-group=wheel
create-users=no


@@ 143,7 140,7 @@ user-group=srht


[todo.sr.ht]
origin=http://localhost:5003
origin=http://todo.dominic-ricottone.com
debug-host=0.0.0.0
debug-port=5003
# try: meta.localhost/oauth


@@ 152,11 149,16 @@ oauth-client-secret=
notify-from=hutt@tatooine

# SQLAlchemy connection string
#connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht
connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht?sslmode=disable
connection-string=postgresql://postgres@localhost:5432/todo.sr.ht?sslmode=disable
migrate-on-upgrade=yes

# Webhooks connection string
webhooks=redis://huttredis:6379/1
webhooks=redis://localhost:6379/1


[todo.sr.ht::mail]
sock=/tmp/todo.sr.ht-lmtp.sock
sock-group=todo
posting-domain=lists.tatooine



M sr/etc/supervisor/conf.d/supervisord.conf => sr/etc/supervisor/conf.d/supervisord.conf +49 -1
@@ 29,10 29,58 @@ user=meta

[program:metasrht-api]
autorestart=true
command=metasrht-api
command=metasrht-api -b :5100
redirect_stderr=true
user=meta

[program:metasrht-webhooks]
autorestart=true
command=celery -A metasrht.webhooks worker --loglevel=info
redirect_stderr=true
user=meta

[program:gitsrht]
autorestart=true
command=gunicorn gitsrht.app:app -b 127.0.0.1:5001 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py
redirect_stderr=true
user=git

[program:gitsrht-api]
autorestart=true
command=gitsrht-api -b :5101
redirect_stderr=true
user=git

[program:gitsrht-webhooks]
autorestart=true
command=celery -A gitsrht.webhooks worker --loglevel=info
redirect_stderr=true
user=git

[program:todosrht]
autorestart=true
command=gunicorn todosrht.app:app -b 127.0.0.1:5003 -c /etc/sr.ht/todo.sr.ht.gunicorn.conf.py
redirect_stderr=true
user=todo

[program:todosrht-api]
autorestart=true
command=todosrht-api -b :5103
redirect_stderr=true
user=todo

[program:todosrht-webhooks]
autorestart=true
command=celery -A todosrht.webhooks worker --loglevel=info
redirect_stderr=true
user=todo

[program:todosrht-lmtp]
autorestart=true
command=todosrht-lmtp
redirect_stderr=true
user=postfix

[program:nginx]
autostart=true
command=nginx -g 'daemon off;'