From c976d75090723c7792c995d225e1d05263524aaa Mon Sep 17 00:00:00 2001 From: Dominic Ricottone Date: Thu, 1 Sep 2022 22:33:48 -0500 Subject: [PATCH] Configuration updates The NGINX and Sourcehut configurations now are set for the final domains (i.e. git.dominic-ricottone.com not git.intra.dominic-ricottone.com). Paths in Makefiles are now set for deployment. The Makefile has been split between `docker` and `podman` versions. The `docker` version is effectively final. I will be working with `podman` from this point on. All services are up and running via `supervisord`, with possible exception for `todosrht-lmtp`. I continue to try small changes to Postfix and/or `todosrht` configurations. --- .gitignore | 2 +- Makefile => Makefile.docker | 71 +++++++++- Makefile.podman | 160 ++++++++++++++++++++++ {etc/postgresql => pg}/postgresql.conf | 0 sr/Dockerfile | 3 +- sr/etc/nginx/http.d/git.conf | 35 ++++- sr/etc/nginx/http.d/lists.conf | 36 ++++- sr/etc/nginx/http.d/meta.conf | 35 ++++- sr/etc/nginx/http.d/test.conf | 8 +- sr/etc/nginx/http.d/todo.conf | 35 ++++- sr/etc/postfix/transport | 1 + sr/etc/sr.ht/config.ini | 42 +++--- sr/etc/supervisor/conf.d/supervisord.conf | 50 ++++++- 13 files changed, 439 insertions(+), 39 deletions(-) rename Makefile => Makefile.docker (64%) create mode 100644 Makefile.podman rename {etc/postgresql => pg}/postgresql.conf (100%) diff --git a/.gitignore b/.gitignore index 7f62973..ffd4434 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ sr/etc/sr.ht/pgp.key sr/etc/sr.ht/pgp.pubkey -postgres +**/datadir diff --git a/Makefile b/Makefile.docker similarity index 64% rename from Makefile rename to Makefile.docker index c933072..1b8cc3a 100644 --- a/Makefile +++ b/Makefile.docker @@ -10,21 +10,23 @@ HUTTESE_POSTGRES=huttpg # configure redis REDIS_TARGET=redis:alpine3.15 REDIS_LOCALNAME=my-redis -REDIS_DATADIR=path/to/redis/db +REDIS_DATADIR=/var/deploy/data/redis # configure postgres POSTGRES_TARGET=postgres:alpine3.15 POSTGRES_LOCALNAME=my-postgres -POSTGRES_DATADIR=/home/al_dente/dev/huttese/postgres -POSTGRES_CONF=/home/al_dente/dev/huttese/etc/postgresql/postgresql.conf +POSTGRES_DATADIR=/var/deploy/data/postgres +POSTGRES_CONF=/var/deploy/conf/postgres/postgresql.conf # configure git -GIT_DATADIR=/home/al_dente/dev/huttese/git/datadir +GIT_DATADIR=/var/deploy/data/git # set image tag data SRHT_LOCALNAME=srht SRHT_LOCALVERSION=1 +CERTDIR=/var/deploy/certs + cleanup: $(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_REDIS) >/dev/null 2>&1 || true $(CONMAN) network disconnect --force $(HUTTESE_NETWORK) $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true @@ -74,13 +76,28 @@ dbinit: image $(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 - $(CONMAN) exec \ - $(HUTTESE_POSTGRES) createdb -U postgres meta.sr.ht + $(CONMAN) exec $(HUTTESE_POSTGRES) \ + createdb -U postgres meta.sr.ht + $(CONMAN) exec $(HUTTESE_POSTGRES) \ + createdb -U postgres git.sr.ht + $(CONMAN) exec $(HUTTESE_POSTGRES) \ + createdb -U postgres todo.sr.ht + $(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \ --network $(HUTTESE_NETWORK) \ $(SRHT_LOCALNAME) metasrht-initdb $(CONMAN) rm $(HUTTESE_SRHT)_dbinit + $(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \ + --network $(HUTTESE_NETWORK) \ + $(SRHT_LOCALNAME) gitsrht-initdb + $(CONMAN) rm $(HUTTESE_SRHT)_dbinit + + $(CONMAN) run --name $(HUTTESE_SRHT)_dbinit \ + --network $(HUTTESE_NETWORK) \ + $(SRHT_LOCALNAME) todosrht-initdb + $(CONMAN) rm $(HUTTESE_SRHT)_dbinit + dbmigrate: image $(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 @@ -88,23 +105,63 @@ dbmigrate: image $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \ --network $(HUTTESE_NETWORK) \ $(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head + $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate + $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \ --network $(HUTTESE_NETWORK) \ $(SRHT_LOCALNAME) metasrht-migrate -a upgrade head $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate + $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \ + --network $(HUTTESE_NETWORK) \ + $(SRHT_LOCALNAME) srht-migrate git.sr.ht -a upgrade head + $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate + + $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \ + --network $(HUTTESE_NETWORK) \ + $(SRHT_LOCALNAME) gitsrht-migrate -a upgrade head + $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate + + $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \ + --network $(HUTTESE_NETWORK) \ + $(SRHT_LOCALNAME) srht-migrate todo.sr.ht -a upgrade head + $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate + + $(CONMAN) run --name $(HUTTESE_SRHT)_dbmigrate \ + --network $(HUTTESE_NETWORK) \ + $(SRHT_LOCALNAME) todosrht-migrate -a upgrade head + $(CONMAN) rm $(HUTTESE_SRHT)_dbmigrate + start: image $(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 $(CONMAN) run --detach --name $(HUTTESE_SRHT) --restart always \ - --hostname tatooine -p 80:8080 \ + --hostname tatooine --hostname dominic-ricottone.com \ + --publish 0.0.0.0:80:80 --publish 0.0.0.0:443:443\ --mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \ + --mount type=bind,src=$(CERTDIR),dst=/var/lets-encrypt \ $(SRHT_LOCALNAME) $(CONMAN) network connect --alias $(HUTTESE_SRHT) \ $(HUTTESE_NETWORK) $(HUTTESE_SRHT) +USER_EMAIL?= +USER_NAME?= +adduser: + $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 + + @echo "USAGE: USER_EMAIL=me@example.com USER_NAME=me make adduser" + $(CONMAN) exec -it $(HUTTESE_SRHT) metasrht-manageuser -e $(USER_EMAIL) -t admin $(USER_NAME) + +shell: image + $(CONMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 + $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(CONMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 + + $(CONMAN) exec -it $(HUTTESE_SRHT) sh + stop: $(CONMAN) stop $(SRHT_LOCALNAME) diff --git a/Makefile.podman b/Makefile.podman new file mode 100644 index 0000000..e72e28c --- /dev/null +++ b/Makefile.podman @@ -0,0 +1,160 @@ +# set podman-compliant container management CLI binary +PODMAN=podman + +# set fun names for the containers +HUTTESE_POD=podracing +HUTTESE_SRHT=huttsr +HUTTESE_REDIS=huttredis +HUTTESE_POSTGRES=huttpg + +# configure redis +REDIS_TARGET=redis:alpine3.15 +REDIS_LOCALNAME=my-redis +REDIS_DATADIR=/var/deploy/data/redis + +# configure postgres +POSTGRES_TARGET=postgres:alpine3.15 +POSTGRES_LOCALNAME=my-postgres +POSTGRES_DATADIR=/var/deploy/data/postgres +POSTGRES_CONF=/var/deploy/conf/postgres/postgresql.conf + +# configure git +GIT_DATADIR=/var/deploy/data/git + +# set image tag data +SRHT_LOCALNAME=srht +SRHT_LOCALVERSION=1 + +CERTDIR=/var/deploy/certs + +pod: + $(PODMAN) pod exists $(HUTTESE_POD) >/dev/null 2>&1 \ + || $(PODMAN) pod create --name $(HUTTESE_POD) \ + --publish 0.0.0.0:80:80 --publish 0.0.0.0:443:443 + +cleanup: + $(PODMAN) rm --force $(HUTTESE_REDIS) >/dev/null 2>&1 || true + $(PODMAN) image rm --force $(REDIS_LOCALNAME):latest >/dev/null 2>&1 || true + + $(PODMAN) rm --force $(HUTTESE_POSTGRES) >/dev/null 2>&1 || true + $(PODMAN) image rm --force $(POSTGRES_LOCALNAME):latest >/dev/null 2>&1 || true + +setup: pod + $(PODMAN) inspect $(REDIS_LOCALNAME) >/dev/null 2>&1 \ + || $(PODMAN) pull $(REDIS_TARGET) \ + && $(PODMAN) tag $(REDIS_TARGET) $(REDIS_LOCALNAME) + $(PODMAN) run --detach --name $(HUTTESE_REDIS) --restart always \ + --pod podracing \ + $(REDIS_LOCALNAME) + #if I need persistence later: + # --mount type=bind,src=$(REDIS_DATADIR),dst=/data \ + # $(REDIS_LOCALNAME) redis-server --save 60 1 --loglevel warning + # redis is now available at redis://huttredis:6379 + + $(PODMAN) inspect $(POSTGRES_LOCALNAME) >/dev/null 2>&1 \ + || $(PODMAN) pull $(POSTGRES_TARGET) \ + && $(PODMAN) tag $(POSTGRES_TARGET) $(POSTGRES_LOCALNAME) + $(PODMAN) run --detach --name $(HUTTESE_POSTGRES) --restart always \ + --env POSTGRES_HOST_AUTH_METHOD=trust \ + --pod podracing \ + --mount type=bind,src=$(POSTGRES_DATADIR),dst=/var/lib/postgresql/data \ + --mount type=bind,src=$(POSTGRES_CONF),dst=/etc/postgresql/postgresql.conf \ + $(POSTGRES_LOCALNAME) -c 'config_file=/etc/postgresql/postgresql.conf' + # postgres is now available at postgresql://postgres@huttpg:5432 + +image: + $(PODMAN) inspect $(SRHT_LOCALNAME) >/dev/null 2>&1 \ + || $(PODMAN) build \ + --tag $(SRHT_LOCALNAME):latest \ + --tag $(SRHT_LOCALNAME):$(SRHT_LOCALVERSION) \ + sr/ + +dbinit: pod image + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(PODMAN) exec $(HUTTESE_POSTGRES) \ + createdb -U postgres meta.sr.ht + $(PODMAN) exec $(HUTTESE_POSTGRES) \ + createdb -U postgres git.sr.ht + $(PODMAN) exec $(HUTTESE_POSTGRES) \ + createdb -U postgres todo.sr.ht + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) metasrht-initdb + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) metasrht-initdb + $(SRHT_LOCALNAME) gitsrht-initdb + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbinit --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) todosrht-initdb + +dbmigrate: pod image + $(PODMAN) inspect $(HUTTESE_NETWORK) >/dev/null 2>&1 + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) srht-migrate meta.sr.ht -a upgrade head + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) metasrht-migrate -a upgrade head + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) srht-migrate git.sr.ht -a upgrade head + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) gitsrht-migrate -a upgrade head + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) srht-migrate todo.sr.ht -a upgrade head + + $(PODMAN) run --name $(HUTTESE_SRHT)_dbmigrate --rm \ + --pod podracing \ + $(SRHT_LOCALNAME) todosrht-migrate -a upgrade head + +start: pod image + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 + + $(PODMAN) run --detach --name $(HUTTESE_SRHT) --restart always \ + --hostname tatooine --hostname dominic-ricottone.com \ + --pod podracing \ + --mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \ + --mount type=bind,src=$(CERTDIR),dst=/var/lets-encrypt \ + $(SRHT_LOCALNAME) + +USER_EMAIL?= +USER_NAME?= +adduser: + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 + + @echo "USAGE: USER_EMAIL=me@example.com USER_NAME=me make adduser" + $(PODMAN) exec -it $(HUTTESE_SRHT) metasrht-manageuser -e $(USER_EMAIL) -t admin $(USER_NAME) + +shell: + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 + + $(PODMAN) exec -it $(HUTTESE_SRHT) sh + +stop: + $(PODMAN) stop $(SRHT_LOCALNAME) + +restart: + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_POSTGRES) >/dev/null 2>&1 + $(PODMAN) inspect -f '{{.State.Running}}' $(HUTTESE_REDIS) >/dev/null 2>&1 + + $(PODMAN) restart $(SRHT_LOCALNAME) + +clean: + $(PODMAN) rm --force $(HUTTESE_SRHT) >/dev/null 2>&1 || true + $(PODMAN) image rm --force $(SRHT_LOCALNAME):latest >/dev/null 2>&1 || true + diff --git a/etc/postgresql/postgresql.conf b/pg/postgresql.conf similarity index 100% rename from etc/postgresql/postgresql.conf rename to pg/postgresql.conf diff --git a/sr/Dockerfile b/sr/Dockerfile index 85e5984..5ca4335 100644 --- a/sr/Dockerfile +++ b/sr/Dockerfile @@ -41,7 +41,8 @@ COPY etc/sr.ht/pgp.pubkey /etc/sr.ht/pgp.pubkey # setup supervisor USER root -EXPOSE 8080 +EXPOSE 80 +EXPOSE 443 COPY etc/supervisor/conf.d/supervisord.conf /etc/supervisor/conf.d/supervisord.conf CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"] diff --git a/sr/etc/nginx/http.d/git.conf b/sr/etc/nginx/http.d/git.conf index 8ad15f2..4d9e0b1 100644 --- a/sr/etc/nginx/http.d/git.conf +++ b/sr/etc/nginx/http.d/git.conf @@ -1,8 +1,31 @@ server { - listen 8080; + listen 80; + server_name git.dominic-ricottone.com; + + location / { + return 302 https://$server_name$request_uri; + } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } +} + +server { + listen 443 ssl http2; gzip on; gzip_types text/css text/html; - server_name git.intra.dominic-ricottone.com; + server_name git.dominic-ricottone.com; + + ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert; + ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers on; client_max_body_size 100M; @@ -41,5 +64,13 @@ server { include fastcgi_params; gzip off; } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } } diff --git a/sr/etc/nginx/http.d/lists.conf b/sr/etc/nginx/http.d/lists.conf index 7ee5187..ec5d2ba 100644 --- a/sr/etc/nginx/http.d/lists.conf +++ b/sr/etc/nginx/http.d/lists.conf @@ -1,8 +1,32 @@ server { - listen 8080; + listen 80; + server_name lists.dominic-ricottone.com; + + location / { + return 302 https://$server_name$request_uri; + } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } +} + +server { + listen 443 ssl http2; gzip on; gzip_types text/css text/html; - server_name lists.intra.dominic-ricottone.com; + server_name lists.dominic-ricottone.com; + + ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert; + ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers on; + client_max_body_size 100M; location / { @@ -21,5 +45,13 @@ server { root /usr/lib/python3.9/site-packages/listssrht; expires 30d; } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } } diff --git a/sr/etc/nginx/http.d/meta.conf b/sr/etc/nginx/http.d/meta.conf index 1a82db6..d5c86e3 100644 --- a/sr/etc/nginx/http.d/meta.conf +++ b/sr/etc/nginx/http.d/meta.conf @@ -1,8 +1,31 @@ server { - listen 8080; + listen 80; + server_name meta.dominic-ricottone.com; + + location / { + return 302 https://$server_name$request_uri; + } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } +} + +server { + listen 443 ssl http2; gzip on; gzip_types text/css text/html; - server_name meta.intra.dominic-ricottone.com; + server_name meta.dominic-ricottone.com; + + ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert; + ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:5000; @@ -25,5 +48,13 @@ server { root /usr/lib/python3.9/site-packages/metasrht; expires 30d; } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } } diff --git a/sr/etc/nginx/http.d/test.conf b/sr/etc/nginx/http.d/test.conf index 8ff742d..ce7cd10 100644 --- a/sr/etc/nginx/http.d/test.conf +++ b/sr/etc/nginx/http.d/test.conf @@ -1,5 +1,11 @@ server { - listen 8080 default_server; + listen 80 default_server; + listen 443 default_server; + ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert; + ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers on; server_name _; root /usr/share/nginx/html; diff --git a/sr/etc/nginx/http.d/todo.conf b/sr/etc/nginx/http.d/todo.conf index 10c1771..c65b29f 100644 --- a/sr/etc/nginx/http.d/todo.conf +++ b/sr/etc/nginx/http.d/todo.conf @@ -1,8 +1,31 @@ server { - listen 8080; + listen 80; + server_name todo.dominic-ricottone.com; + + location / { + return 302 https://$server_name$request_uri; + } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } +} + +server { + listen 443 ssl http2; gzip on; gzip_types text/css text/html; - server_name todo.intra.dominic-ricottone.com; + server_name todo.dominic-ricottone.com; + + ssl_certificate /var/lets-encrypt/inter.dominic-ricottone.com.cert; + ssl_certificate_key /var/lets-encrypt/inter.dominic-ricottone.com.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers on; client_max_body_size 100M; @@ -22,5 +45,13 @@ server { root /usr/lib/python3.9/site-packages/todosrht; expires 30d; } + + location ^~ /.well-known { + root /var/www; + } + + location = /robots.txt { + root /var/www; + } } diff --git a/sr/etc/postfix/transport b/sr/etc/postfix/transport index 61d8495..e93b103 100644 --- a/sr/etc/postfix/transport +++ b/sr/etc/postfix/transport @@ -1,3 +1,4 @@ lists.tatooine.localdomain lmtp:unix:/tmp/lists.sr.ht-lmtp.sock +lists.tatooine lmtp:unix:/tmp/lists.sr.ht-lmtp.sock tatooine.localdomain local:tatooine tatooine local:tatooine diff --git a/sr/etc/sr.ht/config.ini b/sr/etc/sr.ht/config.ini index c8b6fc3..37a8604 100644 --- a/sr/etc/sr.ht/config.ini +++ b/sr/etc/sr.ht/config.ini @@ -4,10 +4,9 @@ site-info=https://dominic-ricottone.com site-blurb=hutt owner-name=Dominic Ricottone owner-email=me@dominic-ricottone.com -global-domain=http://intra.dominic-ricottone.com +global-domain=dominic-ricottone.com -#environment=production -environment=development +environment=production # URL for source code? source-url=https://git.sr.ht/~sircmpwn/srht @@ -21,7 +20,7 @@ service-key=REDACTED # try: `srht-keygen network` network-key=REDACTED -redis-host=redis://huttredis +redis-host=redis://localhost [objects] @@ -39,7 +38,7 @@ smtp-user= smtp-password= # Email address to dump exceptions at? -error-to=REDACTED +error-to=root@tatooine error-from=hutt@tatooine pgp-privkey=/etc/sr.ht/pgp.key @@ -53,10 +52,10 @@ private-key=REDACTED [git.sr.ht] -origin=http://git.intra.dominic-ricottone.com +origin=http://git.dominic-ricottone.com debug-host=0.0.0.0 debug-port=5001 -api-origin=http://localhost:5101 +#api-origin=http://localhost:5101 # try: meta.localhost/oauth oauth-client-id=CHANGEME oauth-client-secret=CHANGEME @@ -65,12 +64,11 @@ post-update-script=/usr/bin/gitsrht-update-hook outgoing-domain=tatooine # SQLAlchemy connection string -#connection-string=postgresql://postgres@huttpg:5432/git.sr.ht -connection-string=postgresql://postgres@huttpg:5432/git.sr.ht?sslmode=disable +connection-string=postgresql://postgres@localhost:5432/git.sr.ht?sslmode=disable migrate-on-upgrade=yes # Webhooks connection string -webhooks=redis://huttredis:6379/1 +webhooks=redis://localhost:6379/1 s3-bucket= s3-prefix= @@ -89,21 +87,20 @@ internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8 [meta.sr.ht] -origin=http://localhost:5000 +origin=http://meta.dominic-ricottone.com welcome-emails=no -api-origin=http://localhost:5100 +#api-origin=http://localhost:5100 # Debug host debug-host=0.0.0.0 debug-port=5000 # SQLAlchemy connection string -#connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht -connection-string=postgresql://postgres@huttpg:5432/meta.sr.ht?sslmode=disable +connection-string=postgresql://postgres@localhost:5432/meta.sr.ht?sslmode=disable migrate-on-upgrade=yes # Webhooks connection string -webhooks=redis://huttredis:6379/1 +webhooks=redis://localhost:6379/1 [meta.sr.ht::api] @@ -135,7 +132,7 @@ auth-method=builtin [meta.sr.ht::auth::unix-pam] -email-default-domain=dominic-ricottone.com +email-default-domain=tatooine service=sshd admin-group=wheel create-users=no @@ -143,7 +140,7 @@ user-group=srht [todo.sr.ht] -origin=http://localhost:5003 +origin=http://todo.dominic-ricottone.com debug-host=0.0.0.0 debug-port=5003 # try: meta.localhost/oauth @@ -152,11 +149,16 @@ oauth-client-secret= notify-from=hutt@tatooine # SQLAlchemy connection string -#connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht -connection-string=postgresql://postgres@huttpg:5432/todo.sr.ht?sslmode=disable +connection-string=postgresql://postgres@localhost:5432/todo.sr.ht?sslmode=disable migrate-on-upgrade=yes # Webhooks connection string -webhooks=redis://huttredis:6379/1 +webhooks=redis://localhost:6379/1 + + +[todo.sr.ht::mail] +sock=/tmp/todo.sr.ht-lmtp.sock +sock-group=todo +posting-domain=lists.tatooine diff --git a/sr/etc/supervisor/conf.d/supervisord.conf b/sr/etc/supervisor/conf.d/supervisord.conf index fe9f916..bd570fd 100644 --- a/sr/etc/supervisor/conf.d/supervisord.conf +++ b/sr/etc/supervisor/conf.d/supervisord.conf @@ -29,10 +29,58 @@ user=meta [program:metasrht-api] autorestart=true -command=metasrht-api +command=metasrht-api -b :5100 redirect_stderr=true user=meta +[program:metasrht-webhooks] +autorestart=true +command=celery -A metasrht.webhooks worker --loglevel=info +redirect_stderr=true +user=meta + +[program:gitsrht] +autorestart=true +command=gunicorn gitsrht.app:app -b 127.0.0.1:5001 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py +redirect_stderr=true +user=git + +[program:gitsrht-api] +autorestart=true +command=gitsrht-api -b :5101 +redirect_stderr=true +user=git + +[program:gitsrht-webhooks] +autorestart=true +command=celery -A gitsrht.webhooks worker --loglevel=info +redirect_stderr=true +user=git + +[program:todosrht] +autorestart=true +command=gunicorn todosrht.app:app -b 127.0.0.1:5003 -c /etc/sr.ht/todo.sr.ht.gunicorn.conf.py +redirect_stderr=true +user=todo + +[program:todosrht-api] +autorestart=true +command=todosrht-api -b :5103 +redirect_stderr=true +user=todo + +[program:todosrht-webhooks] +autorestart=true +command=celery -A todosrht.webhooks worker --loglevel=info +redirect_stderr=true +user=todo + +[program:todosrht-lmtp] +autorestart=true +command=todosrht-lmtp +redirect_stderr=true +user=postfix + [program:nginx] autostart=true command=nginx -g 'daemon off;' -- 2.45.2