M .gitignore => .gitignore +1 -1
@@ 1,3 1,3 @@
sr/etc/sr.ht/pgp.key
sr/etc/sr.ht/pgp.pubkey
-postgres
+**/datadir
R Makefile => Makefile.docker +64 -7
@@ 10,21 10,23 @@ HUTTESE_POSTGRES=huttpg
# configure redis
REDIS_TARGET=redis:alpine3.15
REDIS_LOCALNAME=my-redis
-REDIS_DATADIR=path/to/redis/db
+REDIS_DATADIR=/var/deploy/data/redis
# configure postgres
POSTGRES_TARGET=postgres:alpine3.15
POSTGRES_LOCALNAME=my-postgres
-POSTGRES_DATADIR=/home/al_dente/dev/huttese/postgres
-POSTGRES_CONF=/home/al_dente/dev/huttese/etc/postgresql/postgresql.conf
+POSTGRES_DATADIR=/var/deploy/data/postgres
+POSTGRES_CONF=/var/deploy/conf/postgres/postgresql.conf
# configure git
-GIT_DATADIR=/home/al_dente/dev/huttese/git/datadir
+GIT_DATADIR=/var/deploy/data/git
# set image tag data
SRHT_LOCALNAME=srht
SRHT_LOCALVERSION=1
+CERTDIR=/var/deploy/certs
+
cleanup:
$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_REDIS) >/dev/null 2>&1 || true
$(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true
@@ 74,13 76,28 @@ dbinit: image
$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
- $(CONMAN) exec \
- $(HUTTESE_POSTGRES) createdb -U postgres meta.sr.ht
+ $(CONMAN) exec $(HUTTESE_POSTGRES) \
+ createdb -U postgres meta.sr.ht
+ $(CONMAN) exec $(HUTTESE_POSTGRES) \
+ createdb -U postgres git.sr.ht
+ $(CONMAN) exec $(HUTTESE_POSTGRES) \
+ createdb -U postgres todo.sr.ht
+
$(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
--network $(HUTTESE_NETWORK) \
$(SRHT_LOCALNAME) metasrht-initdb
$(CONMAN) rm $(HUTTESE_SRHT)_dbinit
+ $(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
+ --network $(HUTTESE_NETWORK) \
+ $(SRHT_LOCALNAME) gitsrht-initdb
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbinit
+
+ $(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \
+ --network $(HUTTESE_NETWORK) \
+ $(SRHT_LOCALNAME) todosrht-initdb
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbinit
+
dbmigrate: image
$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
@@ 88,23 105,63 @@ dbmigrate: image
$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
--network $(HUTTESE_NETWORK) \
$(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+
$(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
--network $(HUTTESE_NETWORK) \
$(SRHT_LOCALNAME) metasrht-migrate -a upgrade head
$(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+ $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
+ --network $(HUTTESE_NETWORK) \
+ $(SRHT_LOCALNAME) srht-migrate git.sr.ht -a upgrade head
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+
+ $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
+ --network $(HUTTESE_NETWORK) \
+ $(SRHT_LOCALNAME) gitsrht-migrate -a upgrade head
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+
+ $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
+ --network $(HUTTESE_NETWORK) \
+ $(SRHT_LOCALNAME) srht-migrate todo.sr.ht -a upgrade head
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+
+ $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \
+ --network $(HUTTESE_NETWORK) \
+ $(SRHT_LOCALNAME) todosrht-migrate -a upgrade head
+ $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate
+
start: image
$(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
$(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
$(CONMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
- --hostname tatooine -p 80:8080 \
+ --hostname tatooine --hostname dominic-ricottone.com \
+ --publish 0.0.0.0:80:80 --publish 0.0.0.0:443:443\
--mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \
+ --mount type=bind,src=$(CERTDIR),dst=/var/lets-encrypt \
$(SRHT_LOCALNAME)
$(CONMAN) network connect --alias $(HUTTESE_SRHT) \
$(HUTTESE_NETWORK) $(HUTTESE_SRHT)
+USER_EMAIL?=
+USER_NAME?=
+adduser:
+ $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+ @echo "USAGE: USER_EMAIL=me@example.com USER_NAME=me make adduser"
+ $(CONMAN) exec -it $(HUTTESE_SRHT) metasrht-manageuser -e $(USER_EMAIL) -t admin $(USER_NAME)
+
+shell: image
+ $(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
+ $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+ $(CONMAN) exec -it $(HUTTESE_SRHT) sh
+
stop:
$(CONMAN) stop $(SRHT_LOCALNAME)
A Makefile.podman => Makefile.podman +160 -0
@@ 0,0 1,160 @@
+# set podman-compliant container management CLI binary
+PODMAN=podman
+
+# set fun names for the containers
+HUTTESE_POD=podracing
+HUTTESE_SRHT=huttsr
+HUTTESE_REDIS=huttredis
+HUTTESE_POSTGRES=huttpg
+
+# configure redis
+REDIS_TARGET=redis:alpine3.15
+REDIS_LOCALNAME=my-redis
+REDIS_DATADIR=/var/deploy/data/redis
+
+# configure postgres
+POSTGRES_TARGET=postgres:alpine3.15
+POSTGRES_LOCALNAME=my-postgres
+POSTGRES_DATADIR=/var/deploy/data/postgres
+POSTGRES_CONF=/var/deploy/conf/postgres/postgresql.conf
+
+# configure git
+GIT_DATADIR=/var/deploy/data/git
+
+# set image tag data
+SRHT_LOCALNAME=srht
+SRHT_LOCALVERSION=1
+
+CERTDIR=/var/deploy/certs
+
+pod:
+ $(PODMAN) pod exists $(HUTTESE_POD) >/dev/null 2>&1 \
+ || $(PODMAN) pod create --name $(HUTTESE_POD) \
+ --publish 0.0.0.0:80:80 --publish 0.0.0.0:443:443
+
+cleanup:
+ $(PODMAN) rm --force $(HUTTESE_REDIS) >/dev/null 2>&1 || true
+ $(PODMAN) image rm --force $(REDIS_LOCALNAME):latest >/dev/null 2>&1 || true
+
+ $(PODMAN) rm --force $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true
+ $(PODMAN) image rm --force $(POSTGRES_LOCALNAME):latest >/dev/null 2>&1 || true
+
+setup: pod
+ $(PODMAN) inspect $(REDIS_LOCALNAME) >/dev/null 2>&1 \
+ || $(PODMAN) pull $(REDIS_TARGET) \
+ && $(PODMAN) tag $(REDIS_TARGET) $(REDIS_LOCALNAME)
+ $(PODMAN) run --detach --name $(HUTTESE_REDIS) --restart always \
+ --pod podracing \
+ $(REDIS_LOCALNAME)
+ #if I need persistence later:
+ # --mount type=bind,src=$(REDIS_DATADIR),dst=/data \
+ # $(REDIS_LOCALNAME) redis-server --save 60 1 --loglevel warning
+ # redis is now available at redis://huttredis:6379
+
+ $(PODMAN) inspect $(POSTGRES_LOCALNAME) >/dev/null 2>&1 \
+ || $(PODMAN) pull $(POSTGRES_TARGET) \
+ && $(PODMAN) tag $(POSTGRES_TARGET) $(POSTGRES_LOCALNAME)
+ $(PODMAN) run --detach --name $(HUTTESE_POSTGRES) --restart always \
+ --env POSTGRES_HOST_AUTH_METHOD=trust \
+ --pod podracing \
+ --mount type=bind,src=$(POSTGRES_DATADIR),dst=/var/lib/postgresql/data \
+ --mount type=bind,src=$(POSTGRES_CONF),dst=/etc/postgresql/postgresql.conf \
+ $(POSTGRES_LOCALNAME) -c 'config_file=/etc/postgresql/postgresql.conf'
+ # postgres is now available at postgresql://postgres@huttpg:5432
+
+image:
+ $(PODMAN) inspect $(SRHT_LOCALNAME) >/dev/null 2>&1 \
+ || $(PODMAN) build \
+ --tag $(SRHT_LOCALNAME):latest \
+ --tag $(SRHT_LOCALNAME):$(SRHT_LOCALVERSION) \
+ sr/
+
+dbinit: pod image
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(PODMAN) exec $(HUTTESE_POSTGRES) \
+ createdb -U postgres meta.sr.ht
+ $(PODMAN) exec $(HUTTESE_POSTGRES) \
+ createdb -U postgres git.sr.ht
+ $(PODMAN) exec $(HUTTESE_POSTGRES) \
+ createdb -U postgres todo.sr.ht
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) metasrht-initdb
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) metasrht-initdb
+ $(SRHT_LOCALNAME) gitsrht-initdb
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) todosrht-initdb
+
+dbmigrate: pod image
+ $(PODMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) metasrht-migrate -a upgrade head
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) srht-migrate git.sr.ht -a upgrade head
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) gitsrht-migrate -a upgrade head
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) srht-migrate todo.sr.ht -a upgrade head
+
+ $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \
+ --pod podracing \
+ $(SRHT_LOCALNAME) todosrht-migrate -a upgrade head
+
+start: pod image
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+ $(PODMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
+ --hostname tatooine --hostname dominic-ricottone.com \
+ --pod podracing \
+ --mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \
+ --mount type=bind,src=$(CERTDIR),dst=/var/lets-encrypt \
+ $(SRHT_LOCALNAME)
+
+USER_EMAIL?=
+USER_NAME?=
+adduser:
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+ @echo "USAGE: USER_EMAIL=me@example.com USER_NAME=me make adduser"
+ $(PODMAN) exec -it $(HUTTESE_SRHT) metasrht-manageuser -e $(USER_EMAIL) -t admin $(USER_NAME)
+
+shell:
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+ $(PODMAN) exec -it $(HUTTESE_SRHT) sh
+
+stop:
+ $(PODMAN) stop $(SRHT_LOCALNAME)
+
+restart:
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1
+ $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1
+
+ $(PODMAN) restart $(SRHT_LOCALNAME)
+
+clean:
+ $(PODMAN) rm --force $(HUTTESE_SRHT) >/dev/null 2>&1 || true
+ $(PODMAN) image rm --force $(SRHT_LOCALNAME):latest >/dev/null 2>&1 || true
+
R etc/postgresql/postgresql.conf => pg/postgresql.conf +0 -0
M sr/Dockerfile => sr/Dockerfile +2 -1
@@ 41,7 41,8 @@ COPY etc/sr.ht/pgp.pubkey /etc/sr.ht/pgp.pubkey
# setup supervisor
USER root
-EXPOSE 8080
+EXPOSE 80
+EXPOSE 443
COPY etc/supervisor/conf.d/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"]
M sr/etc/nginx/http.d/git.conf => sr/etc/nginx/http.d/git.conf +33 -2
@@ 1,8 1,31 @@
server {
- listen 8080;
+ listen 80;
+ server_name git.dominic-ricottone.com;
+
+ location / {
+ return 302 https://$server_name$request_uri;
+ }
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
+}
+
+server {
+ listen 443 ssl http2;
gzip on;
gzip_types text/css text/html;
- server_name git.intra.dominic-ricottone.com;
+ server_name git.dominic-ricottone.com;
+
+ ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
+ ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_prefer_server_ciphers on;
client_max_body_size 100M;
@@ 41,5 64,13 @@ server {
include fastcgi_params;
gzip off;
}
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
}
M sr/etc/nginx/http.d/lists.conf => sr/etc/nginx/http.d/lists.conf +34 -2
@@ 1,8 1,32 @@
server {
- listen 8080;
+ listen 80;
+ server_name lists.dominic-ricottone.com;
+
+ location / {
+ return 302 https://$server_name$request_uri;
+ }
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
+}
+
+server {
+ listen 443 ssl http2;
gzip on;
gzip_types text/css text/html;
- server_name lists.intra.dominic-ricottone.com;
+ server_name lists.dominic-ricottone.com;
+
+ ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
+ ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_prefer_server_ciphers on;
+
client_max_body_size 100M;
location / {
@@ 21,5 45,13 @@ server {
root /usr/lib/python3.9/site-packages/listssrht;
expires 30d;
}
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
}
M sr/etc/nginx/http.d/meta.conf => sr/etc/nginx/http.d/meta.conf +33 -2
@@ 1,8 1,31 @@
server {
- listen 8080;
+ listen 80;
+ server_name meta.dominic-ricottone.com;
+
+ location / {
+ return 302 https://$server_name$request_uri;
+ }
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
+}
+
+server {
+ listen 443 ssl http2;
gzip on;
gzip_types text/css text/html;
- server_name meta.intra.dominic-ricottone.com;
+ server_name meta.dominic-ricottone.com;
+
+ ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
+ ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5000;
@@ 25,5 48,13 @@ server {
root /usr/lib/python3.9/site-packages/metasrht;
expires 30d;
}
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
}
M sr/etc/nginx/http.d/test.conf => sr/etc/nginx/http.d/test.conf +7 -1
@@ 1,5 1,11 @@
server {
- listen 8080 default_server;
+ listen 80 default_server;
+ listen 443 default_server;
+ ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
+ ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_prefer_server_ciphers on;
server_name _;
root /usr/share/nginx/html;
M sr/etc/nginx/http.d/todo.conf => sr/etc/nginx/http.d/todo.conf +33 -2
@@ 1,8 1,31 @@
server {
- listen 8080;
+ listen 80;
+ server_name todo.dominic-ricottone.com;
+
+ location / {
+ return 302 https://$server_name$request_uri;
+ }
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
+}
+
+server {
+ listen 443 ssl http2;
gzip on;
gzip_types text/css text/html;
- server_name todo.intra.dominic-ricottone.com;
+ server_name todo.dominic-ricottone.com;
+
+ ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert;
+ ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_prefer_server_ciphers on;
client_max_body_size 100M;
@@ 22,5 45,13 @@ server {
root /usr/lib/python3.9/site-packages/todosrht;
expires 30d;
}
+
+ location ^~ /.well-known {
+ root /var/www;
+ }
+
+ location = /robots.txt {
+ root /var/www;
+ }
}
M sr/etc/postfix/transport => sr/etc/postfix/transport +1 -0
@@ 1,3 1,4 @@
lists.tatooine.localdomain lmtp:unix:/tmp/lists.sr.ht-lmtp.sock
+lists.tatooine lmtp:unix:/tmp/lists.sr.ht-lmtp.sock
tatooine.localdomain local:tatooine
tatooine local:tatooine
M sr/etc/sr.ht/config.ini => sr/etc/sr.ht/config.ini +22 -20
@@ 4,10 4,9 @@ site-info=https://dominic-ricottone.com
site-blurb=hutt
owner-name=Dominic Ricottone
owner-email=me@dominic-ricottone.com
-global-domain=http://intra.dominic-ricottone.com
+global-domain=dominic-ricottone.com
-#environment=production
-environment=development
+environment=production
# URL for source code?
source-url=https://git.sr.ht/~sircmpwn/srht
@@ 21,7 20,7 @@ service-key=REDACTED
# try: `srht-keygen network`
network-key=REDACTED
-redis-host=redis://huttredis
+redis-host=redis://localhost
[objects]
@@ 39,7 38,7 @@ smtp-user=
smtp-password=
# Email address to dump exceptions at?
-error-to=REDACTED
+error-to=root@tatooine
error-from=hutt@tatooine
pgp-privkey=/etc/sr.ht/pgp.key
@@ 53,10 52,10 @@ private-key=REDACTED
[git.sr.ht]
-origin=http://git.intra.dominic-ricottone.com
+origin=http://git.dominic-ricottone.com
debug-host=0.0.0.0
debug-port=5001
-api-origin=http://localhost:5101
+#api-origin=http://localhost:5101
# try: meta.localhost/oauth
oauth-client-id=CHANGEME
oauth-client-secret=CHANGEME
@@ 65,12 64,11 @@ post-update-script=/usr/bin/gitsrht-update-hook
outgoing-domain=tatooine
# SQLAlchemy connection string
-#connection-string=postgresql://postgres@huttpg:5432/git.sr.ht
-connection-string=postgresql://postgres@huttpg:5432/git.sr.ht?sslmode=disable
+connection-string=postgresql://postgres@localhost:5432/git.sr.ht?sslmode=disable
migrate-on-upgrade=yes
# Webhooks connection string
-webhooks=redis://huttredis:6379/1
+webhooks=redis://localhost:6379/1
s3-bucket=
s3-prefix=
@@ 89,21 87,20 @@ internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
[meta.sr.ht]
-origin=http://localhost:5000
+origin=http://meta.dominic-ricottone.com
welcome-emails=no
-api-origin=http://localhost:5100
+#api-origin=http://localhost:5100
# Debug host
debug-host=0.0.0.0
debug-port=5000
# SQLAlchemy connection string
-#connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht
-connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht?sslmode=disable
+connection-string=postgresql://postgres@localhost:5432/meta.sr.ht?sslmode=disable
migrate-on-upgrade=yes
# Webhooks connection string
-webhooks=redis://huttredis:6379/1
+webhooks=redis://localhost:6379/1
[meta.sr.ht::api]
@@ 135,7 132,7 @@ auth-method=builtin
[meta.sr.ht::auth::unix-pam]
-email-default-domain=dominic-ricottone.com
+email-default-domain=tatooine
service=sshd
admin-group=wheel
create-users=no
@@ 143,7 140,7 @@ user-group=srht
[todo.sr.ht]
-origin=http://localhost:5003
+origin=http://todo.dominic-ricottone.com
debug-host=0.0.0.0
debug-port=5003
# try: meta.localhost/oauth
@@ 152,11 149,16 @@ oauth-client-secret=
notify-from=hutt@tatooine
# SQLAlchemy connection string
-#connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht
-connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht?sslmode=disable
+connection-string=postgresql://postgres@localhost:5432/todo.sr.ht?sslmode=disable
migrate-on-upgrade=yes
# Webhooks connection string
-webhooks=redis://huttredis:6379/1
+webhooks=redis://localhost:6379/1
+
+
+[todo.sr.ht::mail]
+sock=/tmp/todo.sr.ht-lmtp.sock
+sock-group=todo
+posting-domain=lists.tatooine
M sr/etc/supervisor/conf.d/supervisord.conf => sr/etc/supervisor/conf.d/supervisord.conf +49 -1
@@ 29,10 29,58 @@ user=meta
[program:metasrht-api]
autorestart=true
-command=metasrht-api
+command=metasrht-api -b :5100
redirect_stderr=true
user=meta
+[program:metasrht-webhooks]
+autorestart=true
+command=celery -A metasrht.webhooks worker --loglevel=info
+redirect_stderr=true
+user=meta
+
+[program:gitsrht]
+autorestart=true
+command=gunicorn gitsrht.app:app -b 127.0.0.1:5001 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py
+redirect_stderr=true
+user=git
+
+[program:gitsrht-api]
+autorestart=true
+command=gitsrht-api -b :5101
+redirect_stderr=true
+user=git
+
+[program:gitsrht-webhooks]
+autorestart=true
+command=celery -A gitsrht.webhooks worker --loglevel=info
+redirect_stderr=true
+user=git
+
+[program:todosrht]
+autorestart=true
+command=gunicorn todosrht.app:app -b 127.0.0.1:5003 -c /etc/sr.ht/todo.sr.ht.gunicorn.conf.py
+redirect_stderr=true
+user=todo
+
+[program:todosrht-api]
+autorestart=true
+command=todosrht-api -b :5103
+redirect_stderr=true
+user=todo
+
+[program:todosrht-webhooks]
+autorestart=true
+command=celery -A todosrht.webhooks worker --loglevel=info
+redirect_stderr=true
+user=todo
+
+[program:todosrht-lmtp]
+autorestart=true
+command=todosrht-lmtp
+redirect_stderr=true
+user=postfix
+
[program:nginx]
autostart=true
command=nginx -g 'daemon off;'