Merge branch 'mobilizon' into 'master'

Mobilizon

See merge request !55

pica-mobilizon/app/Dockerfile

+# inspired from https://framagit.org/Windyo/mobilizon/-/blob/a1e0b9730e9c63de6058c3f5d803b2743efafed4/docker/app/Dockerfile
+
+# **** Temporary docker image ****
+# elixir version MUST match
+FROM elixir:1.10.4 as builder
+ARG MOBILIZON_GIT_URL
+ARG MOBILIZON_GIT_TAG
+ARG NODE_V
+ENV MIX_ENV prod
+ENV INSTANCE_CONFIG prod
+RUN apt-get update -y \
+	&& apt-get install -y apt-utils \
+	&& curl -sL https://deb.nodesource.com/setup_"$NODE_V".x | bash - \
+	&& apt-get install -y nodejs build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 python3-pip cmake \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+	&& npm install -g yarn wait-on
+RUN useradd -ms /bin/bash -p ! mobilizon
+USER mobilizon
+WORKDIR /home/mobilizon
+RUN git clone -b "$MOBILIZON_GIT_TAG" "$MOBILIZON_GIT_URL" ./build
+WORKDIR /home/mobilizon/build
+COPY ./prod.secret.exs /home/mobilizon/build/config/
+RUN mix local.hex --force \
+	&& mix local.rebar --force
+RUN mix deps.get
+RUN mix deps.compile
+RUN mix compile
+WORKDIR /home/mobilizon/build/js
+RUN yarn install \
+	&& yarn run build
+WORKDIR /home/mobilizon/build
+RUN rm -rf ./.dockerignore ./.gitignore ./.gitlab-ci.yml ./CHANGELOG.md ./CONTRIBUTING.md ./docker ./docker-compose.test.yml ./docker-compose.yml ./Dockerfile ./docs ./js ./Makefile ./README.md ./SECURITY.md ./setup_db.psql ./support \
+        && curl https://dbip.mirror.framasoft.org/files/dbip-city-lite-latest.mmdb --output GeoLite2-City.mmdb -s \
+        && mv GeoLite2-City.mmdb /home/mobilizon/build/priv/data/GeoLite2-City.mmdb
+
+# Final docker image
+FROM elixir:1.10.4-slim
+ENV INIT=FALSE \
+	ADMIN_EMAIL=test@test.com \
+	ADMIN_PASSWORD=passwd \
+	MIX_ENV=prod \
+	INSTANCE_CONFIG=prod
+RUN useradd -ms /bin/bash -p ! mobilizon  \
+        && apt-get update \
+ 	&& apt-get install -y git \
+        && apt-get clean \
+        && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+COPY --from=builder /home/mobilizon/build/ /home/mobilizon/live/
+COPY --from=builder /home/mobilizon/.mix/ /home/mobilizon/.mix/
+COPY ./entrypoint.sh /home/mobilizon/entrypoint.sh
+RUN chmod +x /home/mobilizon/entrypoint.sh
+WORKDIR /home/mobilizon/live
+USER mobilizon
+ENTRYPOINT [ "/home/mobilizon/entrypoint.sh" ]

pica-mobilizon/app/entrypoint.sh

+#!/bin/bash
+set -e
+export MIX_ENV=prod
+if [ "$INIT" = TRUE ]; then
+	echo "Initialization. Only run this once."
+	mix ecto.migrate 
+	mix mobilizon.users.new "$ADMIN_EMAIL" --admin --password "$ADMIN_PASSWORD" 
+	mix phx.server 
+else
+	echo "Running normal mode."
+	mix ecto.migrate --no-deps-check
+	mix phx.server --no-deps-check
+fi
+
+exec "$@"

pica-mobilizon/app/prod.secret.exs

+# Mobilizon instance configuration
+# Via Thomas Clavier
+
+# Warning : cfg is overrided by the ../docker-compose.yml and ../secrets/*.secrets files
+
+import Config
+
+config :mobilizon, Mobilizon.Web.Endpoint,
+   url: [host: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan")],
+   http: [port: System.get_env("MOBILIZON_INSTANCE_LISTEN_PORT", "4000")],
+   secret_key_base: System.get_env("MOBILIZON_SECRET_KEY_BASE", "ZcvexeC7cnwtKR8ADMBDwrYu2aYHUyjrOu4yA181Z112HNu/I5jyRleo4hoxOMqQ")
+
+config :mobilizon, Mobilizon.Web.Auth.Guardian,
+  secret_key: System.get_env("MOBILIZON_SECRET_KEY", "KsdUIvp6hQ7b97yxUZcDQyGH0g4LS3fF0OvIsIATpkKzd1MDvSS4KexWXsjXeMQZ")
+
+config :mobilizon, :instance,
+  name: System.get_env("MOBILIZON_INSTANCE_NAME", "Mobilizon"),
+  description: "Change this to a proper description of your instance",
+  hostname: System.get_env("MOBILIZON_INSTANCE_HOST", "mobilizon.lan"),
+  registrations_open: System.get_env("MOBILIZON_INSTANCE_REGISTRATIONS_OPEN", "false"),
+  demo: false,
+  allow_relay: true,
+  federating: true,
+  email_from: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan"),
+  email_reply_to: System.get_env("MOBILIZON_INSTANCE_EMAIL", "noreply@mobilizon.lan")
+
+config :mobilizon, Mobilizon.Storage.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: System.get_env("MOBILIZON_DATABASE_USERNAME", "username"),
+  password: System.get_env("MOBILIZON_DATABASE_PASSWORD", "password"),
+  database: System.get_env("MOBILIZON_DATABASE_DBNAME", "mobilizon"),
+  hostname: System.get_env("MOBILIZON_DATABASE_HOST", "postgres"),
+  port: System.get_env("MOBILIZON_DATABASE_PORT", "5432"),
+  pool_size: 10
+
+config :mobilizon, Mobilizon.Web.Email.Mailer,
+  adapter: Bamboo.SMTPAdapter,
+  server: System.get_env("MOBILIZON_SMTP_SERVER", "localhost"),
+  hostname: System.get_env("MOBILIZON_SMTP_HOSTNAME", "localhost"),
+  port: System.get_env("MOBILIZON_SMTP_PORT", "25"),
+  username: System.get_env("MOBILIZON_SMTP_USERNAME", nil),
+  password: System.get_env("MOBILIZON_SMTP_PASSWORD", nil),
+  # can be `:always` or `:never`
+  tls: :if_available,
+  allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2", :"tlsv1.3"],
+  # can be `true`
+  ssl: System.get_env("MOBILIZON_SMTP_SSL", "false"),
+  retries: 1,
+  # can be `true`
+  no_mx_lookups: false,
+  # can be `:if_available`. If your smtp relay requires authentication set it to `:always`.
+  auth: :always

pica-mobilizon/db/Dockerfile

+# Same Dockerfile as official image, but different extensions :
+# https://github.com/postgis/docker-postgis/blob/7639baab95220201b87476b2dd09e011423ebd55/12-3.0/alpine/initdb-postgis.sh
+FROM postgis/postgis:12-3.0-alpine
+
+COPY ./initdb-postgis.sh /docker-entrypoint-initdb.d/10_postgis.sh

pica-mobilizon/db/initdb-postgis.sh

+#!/bin/sh
+
+set -e
+
+# Perform all actions as $POSTGRES_USER
+export PGUSER="$POSTGRES_USER"
+
+# Create the 'template_postgis' template db
+"${psql[@]}" <<- 'EOSQL'
+CREATE DATABASE template_postgis IS_TEMPLATE true;
+EOSQL
+
+# Load PostGIS into both template_database and $POSTGRES_DB
+for DB in template_postgis "$POSTGRES_DB"; do
+	echo "Loading PostGIS extensions into $DB"
+	"${psql[@]}" --dbname="$DB" <<-'EOSQL'
+		CREATE EXTENSION IF NOT EXISTS postgis;
+		CREATE EXTENSION IF NOT EXISTS pg_trgm;
+		CREATE EXTENSION IF NOT EXISTS unaccent;
+EOSQL
+done

pica-mobilizon/docker-compose.yml

+# inspired from https://framagit.org/Windyo/mobilizon/-/blob/a1e0b9730e9c63de6058c3f5d803b2743efafed4/docker/docker-compose.yml
+
+version: "3.7"
+
+networks:
+    proxy:
+      external: true
+    mobilizon:
+
+volumes:
+    mobilizon-data:
+        name: mobilizon-data
+    mobilizon-db:
+        name: mobilizon-db
+
+services:
+    mobilizon:
+        image: registry.picasoft.net/pica-mobilizon:1.0.0
+        build:
+            context: ./app
+            dockerfile: Dockerfile
+            args:
+                - NODE_V=14
+                - MOBILIZON_GIT_URL=https://framagit.org/framasoft/mobilizon.git
+                - MOBILIZON_GIT_TAG=1.0.0
+                - MIX_ENV=prod
+        container_name: mobilizon-app
+        volumes:
+            - mobilizon-data:/app
+            - /etc/localtime:/etc/localtime:ro
+        environment:
+            - MIX_ENV=prod
+            # setup the instance config
+            - MOBILIZON_INSTANCE_HOST=mobilizon.picasoft.net
+            - MOBILIZON_INSTANCE_NAME=Instance Mobilizon de Picasoft
+            - MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
+            - MOBILIZON_INSTANCE_EMAIL=mobilizon@picasoft.net
+            - MOBILIZON_DATABASE_HOST=mobilizon-db
+            # standard ports, don't really need changing
+            - MOBILIZON_DATABASE_PORT=5432
+            - MOBILIZON_INSTANCE_LISTEN_PORT=4000
+        env_file:
+            - ./secrets/mobilizon-db.secrets
+            - ./secrets/mobilizon-app.secrets
+        labels:
+            traefik.enable: true
+            traefik.http.routers.mobilizon-app.entrypoints: websecure
+            traefik.http.routers.mobilizon-app.rule: Host(`mobilizon.picasoft.net`)
+            traefik.http.services.mobilizon-app.loadbalancer.server.port: 4000
+        networks:
+            - proxy
+            - mobilizon
+        depends_on:
+            - mobilizon-db
+        restart: unless-stopped
+    
+    mobilizon-db:
+        image: registry.picasoft.net/pica-postgres-postgis:12-alpine
+        build:
+            context: ./db
+            dockerfile: Dockerfile
+            args:
+                - POSTGRES_DB=postgres_mobilizon
+        container_name: mobilizon-db
+        volumes:
+            - mobilizon-db:/var/lib/postgresql/data
+            - /etc/localtime:/etc/localtime:ro
+        env_file:
+            - ./secrets/mobilizon-db.secrets
+        networks:
+            - mobilizon
+        restart: unless-stopped
+        
\ No newline at end of file

pica-mobilizon/secrets/mobilizon-app.secrets.example

+INIT=FALSE
+ADMIN_EMAIL=your@email.com
+ADMIN_PASSWORD=yourpasswordtologin
+MOBILIZON_SMTP_SERVER=host.fr
+MOBILIZON_SMTP_HOSTNAME=your.host.fr
+MOBILIZON_SMTP_PORT=25
+MOBILIZON_SMTP_USERNAME=your@email.com
+MOBILIZON_SMTP_PASSWORD=yourpasswordtologin
+MOBILIZON_SMTP_SSL=false

pica-mobilizon/secrets/mobilizon-db.secrets.example

+POSTGRES_DB=postgres_mobilizon
+POSTGRES_USER=mobilizon
+POSTGRES_PASSWORD=superSecretPsswrd
+MOBILIZON_DATABASE_DBNAME=postgres_mobilizon
+MOBILIZON_DATABASE_USERNAME=mobilizon
+MOBILIZON_DATABASE_PASSWORD=superSecretPsswrd