itepechi
/
akkoma
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: itepechi:eba3cce77b45e89028f7e6bfa708b469b7416914
Branches Tags
itepechi:bnakkoma
itepechi:itepechi
itepechi:develop
itepechi:v1.1.5
itepechi:v1.1.4
...
compare: itepechi:8cf20378770c28d802cbee3819f1a95fd8351587
Branches Tags
itepechi:bnakkoma
itepechi:itepechi
itepechi:develop
itepechi:v1.1.5
itepechi:v1.1.4

11 Commits
eba3cce77b ... 8cf2037877

Author SHA1 Message Date
itepechi 8cf2037877 Exclude docker-db from the image 2023-07-31 02:54:11 +09:00
itepechi 21b9dffb2f Merge branch 'develop' into itepechi 2023-07-30 04:47:24 +09:00
itepechi 320def023b Add an explanation of the repository 2023-07-30 01:35:48 +09:00
itepechi 84031ff4b3 Update Docker setup 2023-07-30 00:45:03 +09:00
itepechi f81f7def60 Remove runtime directory 2023-07-28 18:05:33 +09:00
FloatingGhost 801fe9fe32 Changelog 2023-07-27 14:41:18 +01:00
FloatingGhost 08768776e2 don't release arm64 into the amd64 filename 2023-07-27 14:24:29 +01:00
FloatingGhost 7a6ccf68f0 correct ARM build conditions 2023-07-27 14:21:44 +01:00
FloatingGhost 800c4bc442 correct build conditions 2023-07-27 14:21:12 +01:00
FloatingGhost b63fca2dd7 only build ARM AMD64 on develop 2023-07-27 14:19:28 +01:00
itepechi 69e0198af0 Fix Dockerfile CVE 2023-07-15 15:06:33 +09:00
16 changed files with 155 additions and 201 deletions
Show Stats Expand all files Collapse all files

26
.dockerignore
View File

@ -1,17 +1,33 @@
.* .*
*.md *.md
*.yml
*file
AGPL-3 AGPL-3
CC-BY-4.0
CC-BY-SA-4.0 CC-BY-SA-4.0
COPYING COPYING
*file _build
elixir_buildpack.config
test/
test
benchmarks benchmarks
ci
deps
docs/site docs/site
docker-db docs/venv
config/*.env
config/*.secret.exs
config/generated_config.exs
config/runtime.exs
config/setup_db*.psql
scripts
test
etc
static
uploads uploads
instance instance
docker-db
capture.pcap
erl_crash.dump
coveralls.json
SIGNING_KEY.pub
# Required to get version # Required to get version
!.git !.git

3
.gitignore vendored
View File

@ -25,6 +25,7 @@ vm.args
docker-resources/Dockerfile docker-resources/Dockerfile
docker-resources/Caddyfile docker-resources/Caddyfile
pgdata pgdata
uploads
# Prevent committing custom emojis # Prevent committing custom emojis
/priv/static/emoji/custom/* /priv/static/emoji/custom/*
@ -78,3 +79,5 @@ docs/venv
# docker stuff # docker stuff
docker-db docker-db
*.iml *.iml
static
etc

36
.woodpecker/build-amd64.yml
View File

@ -17,8 +17,6 @@ variables:
branch: branch:
- develop - develop
- stable - stable
- refs/tags/v*
- refs/tags/stable-*
- &on-stable - &on-stable
when: when:
event: event:
@ -26,14 +24,6 @@ variables:
- tag - tag
branch: branch:
- stable - stable
- refs/tags/stable-*
- &on-point-release
when:
event:
- push
branch:
- develop
- stable
- &on-pr-open - &on-pr-open
when: when:
event: event:
@ -104,7 +94,7 @@ pipeline:
# Canonical amd64-musl # Canonical amd64-musl
musl: musl:
image: hexpm/elixir:1.14.3-erlang-25.2.2-alpine-3.18.0 image: hexpm/elixir:1.14.3-erlang-25.2.2-alpine-3.18.0
<<: *on-release <<: *on-stable
environment: environment:
MIX_ENV: prod MIX_ENV: prod
commands: commands:
@ -119,31 +109,9 @@ pipeline:
release-musl: release-musl:
image: akkoma/releaser image: akkoma/releaser
<<: *on-release <<: *on-stable
secrets: *scw-secrets secrets: *scw-secrets
commands: commands:
- export SOURCE=akkoma-amd64-musl.zip - export SOURCE=akkoma-amd64-musl.zip
- export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-musl.zip - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-amd64-musl.zip
- /bin/sh /entrypoint.sh - /bin/sh /entrypoint.sh
docs:
<<: *on-point-release
secrets:
- SCW_ACCESS_KEY
- SCW_SECRET_KEY
- SCW_DEFAULT_ORGANIZATION_ID
environment:
CI: "true"
image: python:3.10-slim
commands:
- apt-get update && apt-get install -y rclone wget git zip
- wget https://github.com/scaleway/scaleway-cli/releases/download/v2.5.1/scaleway-cli_2.5.1_linux_amd64
- mv scaleway-cli_2.5.1_linux_amd64 scaleway-cli
- chmod +x scaleway-cli
- ./scaleway-cli object config install type=rclone
- cd docs
- pip install -r requirements.txt
- mkdocs build
- zip -r docs.zip site/*
- cd site
- rclone copy . scaleway:akkoma-docs/$CI_COMMIT_BRANCH/

44
.woodpecker/build-arm64.yml
View File

@ -15,10 +15,8 @@ variables:
- push - push
- tag - tag
branch: branch:
- develop
- stable - stable
- refs/tags/v* - develop
- refs/tags/stable-*
- &on-stable - &on-stable
when: when:
event: event:
@ -26,14 +24,6 @@ variables:
- tag - tag
branch: branch:
- stable - stable
- refs/tags/stable-*
- &on-point-release
when:
event:
- push
branch:
- develop
- stable
- &on-pr-open - &on-pr-open
when: when:
event: event:
@ -68,14 +58,12 @@ pipeline:
secrets: *scw-secrets secrets: *scw-secrets
commands: commands:
- export SOURCE=akkoma-ubuntu-jammy.zip - export SOURCE=akkoma-ubuntu-jammy.zip
- export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-ubuntu-jammy.zip
- /bin/sh /entrypoint.sh
- export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-ubuntu-jammy.zip - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-ubuntu-jammy.zip
- /bin/sh /entrypoint.sh - /bin/sh /entrypoint.sh
debian-bullseye: debian-bullseye:
image: hexpm/elixir:1.14.3-erlang-25.2.2-debian-bullseye-20230109 image: hexpm/elixir:1.14.3-erlang-25.2.2-debian-bullseye-20230109
<<: *on-release <<: *on-stable
environment: environment:
MIX_ENV: prod MIX_ENV: prod
DEBIAN_FRONTEND: noninteractive DEBIAN_FRONTEND: noninteractive
@ -92,7 +80,7 @@ pipeline:
release-debian: release-debian:
image: akkoma/releaser:arm64 image: akkoma/releaser:arm64
<<: *on-release <<: *on-stable
secrets: *scw-secrets secrets: *scw-secrets
commands: commands:
- export SOURCE=akkoma-arm64.zip - export SOURCE=akkoma-arm64.zip
@ -104,7 +92,7 @@ pipeline:
# Canonical arm64-musl # Canonical arm64-musl
musl: musl:
image: hexpm/elixir:1.14.3-erlang-25.2.2-alpine-3.18.0 image: hexpm/elixir:1.14.3-erlang-25.2.2-alpine-3.18.0
<<: *on-release <<: *on-stable
environment: environment:
MIX_ENV: prod MIX_ENV: prod
commands: commands:
@ -119,31 +107,9 @@ pipeline:
release-musl: release-musl:
image: akkoma/releaser:arm64 image: akkoma/releaser:arm64
<<: *on-release <<: *on-stable
secrets: *scw-secrets secrets: *scw-secrets
commands: commands:
- export SOURCE=akkoma-arm64-musl.zip - export SOURCE=akkoma-arm64-musl.zip
- export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-musl.zip - export DEST=scaleway:akkoma-updates/$${CI_COMMIT_TAG:-"$CI_COMMIT_BRANCH"}/akkoma-arm64-musl.zip
- /bin/sh /entrypoint.sh - /bin/sh /entrypoint.sh
docs:
<<: *on-point-release
secrets:
- SCW_ACCESS_KEY
- SCW_SECRET_KEY
- SCW_DEFAULT_ORGANIZATION_ID
environment:
CI: "true"
image: python:3.10-slim
commands:
- apt-get update && apt-get install -y rclone wget git zip
- wget https://github.com/scaleway/scaleway-cli/releases/download/v2.5.1/scaleway-cli_2.5.1_linux_arm64
- mv scaleway-cli_2.5.1_linux_arm64 scaleway-cli
- chmod +x scaleway-cli
- ./scaleway-cli object config install type=rclone
- cd docs
- pip install -r requirements.txt
- mkdocs build
- zip -r docs.zip site/*
- cd site
- rclone copy . scaleway:akkoma-docs/$CI_COMMIT_BRANCH/

8
CHANGELOG.md
View File

@ -11,6 +11,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Added a new configuration option to the MediaProxy feature that allows the blocking of specific domains from using the media proxy or being explicitly allowed by the Content-Security-Policy. - Added a new configuration option to the MediaProxy feature that allows the blocking of specific domains from using the media proxy or being explicitly allowed by the Content-Security-Policy.
- Please make sure instances you wanted to block media from are not in the MediaProxy `whitelist`, and instead use `blocklist`. - Please make sure instances you wanted to block media from are not in the MediaProxy `whitelist`, and instead use `blocklist`.
- `OnlyMedia` Upload Filter to simplify restricting uploads to audio, image, and video types - `OnlyMedia` Upload Filter to simplify restricting uploads to audio, image, and video types
- ARM64 OTP builds
- Ubuntu22 builds are available for develop and stable
- other distributions are stable only
## Changed
- Alpine OTP builds are now from alpine 3.18, which is SSLv3 compatible.
If you use alpine OTP builds you will have to update your local system.
## Fixed ## Fixed

83
Dockerfile
View File

@ -1,34 +1,69 @@
FROM hexpm/elixir:1.14.3-erlang-25.2.2-alpine-3.18.0 FROM elixir:1.14-alpine as build
ENV MIX_ENV=prod ENV MIX_ENV=prod
ENV ERL_EPMD_ADDRESS=127.0.0.1 ENV ERL_EPMD_ADDRESS=127.0.0.1
ARG HOME=/opt/akkoma ARG BUILD_DIR=/opt/akkoma/
ARG UID=1000
ARG GID=1000
LABEL org.opencontainers.image.title="akkoma" \ RUN addgroup -g ${GID} akkoma \
org.opencontainers.image.description="Akkoma for Docker" \ && adduser -u ${UID} -G akkoma -s /bin/sh -D akkoma \
org.opencontainers.image.vendor="akkoma.dev" \ && apk add --no-cache \
org.opencontainers.image.documentation="https://docs.akkoma.dev/stable/" \ git \
org.opencontainers.image.licenses="AGPL-3.0" \ gcc \
org.opencontainers.image.url="https://akkoma.dev" \ g++ \
org.opencontainers.image.revision=$VCS_REF \ musl-dev \
org.opencontainers.image.created=$BUILD_DATE make \
cmake \
file-dev
RUN apk add git gcc g++ musl-dev make cmake file-dev exiftool ffmpeg imagemagick libmagic ncurses postgresql-client WORKDIR ${BUILD_DIR}
COPY . .
RUN mkdir -p "${BUILD_DIR}_build/" \
&& mix local.hex --force \
&& mix local.rebar --force \
&& mix deps.get --only prod \
&& mix release --path "${BUILD_DIR}_build"
FROM elixir:1.14-alpine as web
ENV MIX_ENV=prod
ENV ERL_EPMD_ADDRESS=127.0.0.1
ARG DATA_DIR=/var/lib/akkoma/
ARG INSTALL_DIR=/opt/akkoma/
ARG CONFIG_DIR=/etc/akkoma/
ARG UID=1000
ARG GID=1000
RUN addgroup -g ${GID} akkoma \
&& adduser -u ${UID} -G akkoma -s /bin/sh -D akkoma \
&& apk add --no-cache \
exiftool \
ffmpeg \
imagemagick \
libmagic \
ncurses \
postgresql-client
RUN mkdir -p "${DATA_DIR}uploads/" \
&& mkdir -p "${DATA_DIR}static/" \
&& mkdir -p "${INSTALL_DIR}" \
&& mkdir -p "${CONFIG_DIR}"
COPY --from=build ${INSTALL_DIR}_build/ ${INSTALL_DIR}
COPY ./docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENV PATH="/opt/akkoma/bin:${PATH}"
WORKDIR ${INSTALL_DIR}
EXPOSE 4000 EXPOSE 4000
ARG UID=1000 ENTRYPOINT [ "docker-entrypoint.sh" ]
ARG GID=1000
ARG UNAME=akkoma
RUN addgroup -g $GID $UNAME CMD [ "pleroma", "start" ]
RUN adduser -u $UID -G $UNAME -D -h $HOME $UNAME
WORKDIR /opt/akkoma
USER $UNAME
RUN mix local.hex --force &&\
mix local.rebar --force
CMD ["/opt/akkoma/docker-entrypoint.sh"]

23
README.md
View File

@ -1,8 +1,22 @@
## What is This?
This is a fork of [AkkomaGang/akkoma](https://akkoma.dev/AkkomaGang/akkoma/), with an opinionated Docker setup.
The differences between the upstream repository are described below:
- Uses the official Elixir image from Docker Hub
- Automatically builds the Akkoma backend when building the Docker image, instead of requiring complex commands after pulling/building images
- Files/directories to mount are minified and completely separated from the repository files, allowing better control over file permissions
- Has a better Docker entry point where you can control the backend without using pre-written shell scripts
- Supports Podman quite well
---
## akkoma ## akkoma
*a smallish microblogging platform, aka the cooler pleroma* *a smallish microblogging platform, aka the cooler pleroma*
![English OK](https://img.shields.io/badge/English-OK-blueviolet) ![日本語OK](https://img.shields.io/badge/%E6%97%A5%E6%9C%AC%E8%AA%9E-OK-blueviolet) ![English OK](https://img.shields.io/badge/English-OK-blueviolet?style=for-the-badge) ![日本語OK](https://img.shields.io/badge/%E6%97%A5%E6%9C%AC%E8%AA%9E-OK-blueviolet?style=for-the-badge)
## About ## About
@ -23,6 +37,7 @@ This should not be considered a one-for-one match with pleroma; it is more opini
bad depending on your view) bad depending on your view)
For example, Akkoma has: For example, Akkoma has:
- Custom Emoji reactions (compatible with misskey) - Custom Emoji reactions (compatible with misskey)
- Misskey-flavoured markdown support - Misskey-flavoured markdown support
- Elasticsearch and Meilisearch support for search - Elasticsearch and Meilisearch support for search
@ -38,9 +53,11 @@ Take a look at the Changelog if you want a full list of recent changes, everythi
## Installation ## Installation
### OTP releases (Recommended) ### OTP releases (Recommended)
If you are running Linux (glibc or musl) on x86, the recommended way to install Akkoma is by using OTP releases. OTP releases are as close as you can get to binary releases with Erlang/Elixir. The release is self-contained, and provides everything needed to boot it. The installation instructions are available [here](https://docs.akkoma.dev/stable/installation/otp_en/). If you are running Linux (glibc or musl) on x86, the recommended way to install Akkoma is by using OTP releases. OTP releases are as close as you can get to binary releases with Erlang/Elixir. The release is self-contained, and provides everything needed to boot it. The installation instructions are available [here](https://docs.akkoma.dev/stable/installation/otp_en/).
### From Source ### From Source
If your platform is not supported, or you just want to be able to edit the source code easily, you may install Akkoma from source. If your platform is not supported, or you just want to be able to edit the source code easily, you may install Akkoma from source.
- [Alpine Linux](https://docs.akkoma.dev/stable/installation/alpine_linux_en/) - [Alpine Linux](https://docs.akkoma.dev/stable/installation/alpine_linux_en/)
@ -52,12 +69,15 @@ If your platform is not supported, or you just want to be able to edit the sourc
- [OpenBSD](https://docs.akkoma.dev/stable/installation/openbsd_en/) - [OpenBSD](https://docs.akkoma.dev/stable/installation/openbsd_en/)
### Docker ### Docker
Docker installation is supported via [this setup](https://docs.akkoma.dev/stable/installation/docker_en/) Docker installation is supported via [this setup](https://docs.akkoma.dev/stable/installation/docker_en/)
### Packages ### Packages
Akkoma is packaged for [YunoHost](https://yunohost.org) and can be found and installed from the [YunoHost app catalogue](https://yunohost.org/#/apps). Akkoma is packaged for [YunoHost](https://yunohost.org) and can be found and installed from the [YunoHost app catalogue](https://yunohost.org/#/apps).
### Compilation Troubleshooting ### Compilation Troubleshooting
If you ever encounter compilation issues during the updating of Akkoma, you can try these commands and see if they fix things: If you ever encounter compilation issues during the updating of Akkoma, you can try these commands and see if they fix things:
- `mix deps.clean --all` - `mix deps.clean --all`
@ -66,5 +86,6 @@ If you ever encounter compilation issues during the updating of Akkoma, you can
- `rm -r _build` - `rm -r _build`
## Documentation ## Documentation
- https://docs.akkoma.dev/stable - https://docs.akkoma.dev/stable
- https://docs.akkoma.dev/develop - https://docs.akkoma.dev/develop

66
docker-compose.yml
View File

@ -1,61 +1,33 @@
# This file is for testing only, as I don't recommend using Docker Compose in a production environment
version: "3.7" version: "3.7"
services: services:
db: db:
image: akkoma-db:latest image: postgres:14-alpine
build: ./docker-resources/database
restart: unless-stopped restart: unless-stopped
user: ${DOCKER_USER} environment:
environment: { POSTGRES_DB: akkoma
# This might seem insecure but is usually not a problem. POSTGRES_USER: akkoma
# You should leave this at the "akkoma" default. POSTGRES_PASSWORD: akkoma
# The DB is only reachable by containers in the same docker network, # Comment out the volume below if you encounter any permission errors
# and is not exposed to the open internet.
#
# If you do change this, remember to update "config.exs".
POSTGRES_DB: akkoma,
POSTGRES_USER: akkoma,
POSTGRES_PASSWORD: akkoma,
}
env_file:
- .env
volumes: volumes:
- type: bind - ./docker-db/:/var/lib/postgresql/data/:Z
source: ./pgdata
target: /var/lib/postgresql/data
akkoma: akkoma:
image: akkoma:latest image: akkoma:latest
build: . build: .
restart: unless-stopped restart: unless-stopped
env_file: environment:
- .env MIX_ENV: prod
ERL_EPMD_ADDRESS: 127.0.0.1
DB_NAME: akkoma
DB_USER: akkoma
DB_PASS: akkoma
links: links:
- db - db
ports: [ ports:
# Uncomment/Change port mappings below as needed. - "0.0.0.0:4000:4000"
# The left side is your host machine, the right one is the akkoma container.
# You can prefix the left side with an ip.
# Webserver (for reverse-proxies outside of docker)
# If you use a dockerized proxy, you can leave this commented
# and use a container link instead.
"127.0.0.1:4000:4000",
]
volumes: volumes:
- .:/opt/akkoma - ./static/:/var/lib/akkoma/static/:Z
- ./uploads/:/var/lib/akkoma/uploads/:Z
# Uncomment the following if you want to use a reverse proxy - ./etc/:/etc/akkoma/:Z
#proxy:
# image: caddy:2-alpine
# restart: unless-stopped
# links:
# - akkoma
# ports: [
# "443:443",
# "80:80"
# ]
# volumes:
# - ./docker-resources/Caddyfile:/etc/caddy/Caddyfile
# - ./caddy-data:/data
# - ./caddy-config:/config

22
docker-entrypoint.sh
View File

@ -1,14 +1,18 @@
#!/bin/ash #!/bin/sh
set -e set -e
echo "-- Waiting for database..." if [ "$1" = 'pleroma' ] || [ "$1" = 'pleroma_ctl' ]; then
while ! pg_isready -U ${DB_USER:-pleroma} -d postgres://${DB_HOST:-db}:5432/${DB_NAME:-pleroma} -t 1; do echo "-- Waiting for database..."
while ! pg_isready -U "${DB_USER:-pleroma}" -d postgres://"${DB_HOST:-db}:5432/${DB_NAME:-pleroma}" -t 1; do
sleep 1s sleep 1s
done done
fi
echo "-- Running migrations..." if [ "$1" = 'pleroma' ]; then
mix ecto.migrate echo "-- Running migrations..."
pleroma_ctl migrate
echo "-- Starting!" echo "-- Starting!"
mix phx.server fi
exec "$@"

14
docker-resources/Caddyfile.example
View File

@ -1,14 +0,0 @@
# default docker Caddyfile config for Akkoma
#
# Simple installation instructions:
# 1. Replace 'example.tld' with your instance's domain wherever it appears.
example.tld {
log {
output file /var/log/caddy/akkoma.log
}
encode gzip
reverse_proxy akkoma:4000
}

4
docker-resources/build.sh
View File

@ -1,4 +0,0 @@
#!/bin/sh
docker compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) akkoma
docker compose build --build-arg UID=$(id -u) --build-arg GID=$(id -g) db

10
docker-resources/database/Dockerfile
View File

@ -1,10 +0,0 @@
FROM postgres:14-alpine
ARG UID=1000
ARG GID=1000
ARG UNAME=akkoma
RUN addgroup -g $GID $UNAME
RUN adduser -u $UID -G $UNAME -D -h $HOME $UNAME
USER akkoma

5
docker-resources/env.example
View File

@ -1,5 +0,0 @@
MIX_ENV=prod
ERL_EPMD_ADDRESS=127.0.0.1
DB_NAME=akkoma
DB_USER=akkoma
DB_PASS=akkoma

3
docker-resources/manage.sh
View File

@ -1,3 +0,0 @@
#!/bin/sh
docker compose run --rm akkoma $@

4
docs/docs/installation/otp_en.md
View File

@ -22,9 +22,9 @@ Use the following mapping to figure out your flavour:
| distribution | architecture | flavour | available branches | | distribution | architecture | flavour | available branches |
| --------------- | ------------------ | ------------------- | ------------------- | | --------------- | ------------------ | ------------------- | ------------------- |
| debian bullseye | amd64 | amd64 | develop, stable | | debian bullseye | amd64 | amd64 | develop, stable |
| debian bullseye | arm64 | arm64 | develop, stable | | debian bullseye | arm64 | arm64 | stable |
| ubuntu focal | amd64 | amd64 | develop, stable | | ubuntu focal | amd64 | amd64 | develop, stable |
| ubuntu focal | arm64 | arm64 | develop, stable | | ubuntu focal | arm64 | arm64 | stable |
| ubuntu jammy | amd64 | amd64-ubuntu-jammy | develop, stable | | ubuntu jammy | amd64 | amd64-ubuntu-jammy | develop, stable |
| ubuntu jammy | arm64 | arm64-ubuntu-jammy | develop, stable | | ubuntu jammy | arm64 | arm64-ubuntu-jammy | develop, stable |
| alpine | amd64 | amd64-musl | stable | | alpine | amd64 | amd64-musl | stable |

3
uploads/.gitignore vendored
View File

@ -1,3 +0,0 @@
# Git will ignore everything in this directory except this file.
*
!.gitignore