From 29a9c30664656728852cffdcb698011b0e90095e Mon Sep 17 00:00:00 2001 From: red Date: Sun, 13 Jul 2025 10:26:13 -0400 Subject: [PATCH] update deployment for pipeline --- manifests/pleroma/deployment.yaml | 191 -------------------- manifests/pleroma/templates/deployment.yaml | 118 +++++++++--- pleroma/Dockerfile | 31 +--- 3 files changed, 93 insertions(+), 247 deletions(-) delete mode 100644 manifests/pleroma/deployment.yaml diff --git a/manifests/pleroma/deployment.yaml b/manifests/pleroma/deployment.yaml deleted file mode 100644 index d370ca1..0000000 --- a/manifests/pleroma/deployment.yaml +++ /dev/null @@ -1,191 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pleromax - namespace: darkdork-dev -spec: - replicas: 1 - selector: - matchLabels: - app: pleroma - template: - metadata: - labels: - app: pleroma - spec: - imagePullSecrets: - - name: registry-credentials - initContainers: - - name: init - image: cr.forge.lan/darkdork-dev/pleromax - imagePullPolicy: IfNotPresent - command: [ "sh", "-c", "mix ecto.migrate" ] - env: - - name: MIX_ENV - value: prod - - name: SIGNING_SALT - value: quYau0c - - name: DOMAIN - value: darkdork.dev - - name: INSTANCE_NAME - value: DarkDork.dev - - name: ADMIN_EMAIL - value: pwm@crlf.ninja - - name: NOTIFY_EMAIL - value: pleroma@crlf.ninja - - name: REGISTRATIONS_OPEN - value: "false" - - name: INVITES_ENABLED - value: "true" - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: pleroma - key: secret-key-base - - name: WEB_PUSH_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-public-key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-private-key - - name: DEFAULT_SIGNER - valueFrom: - secretKeyRef: - name: pleroma - key: default-signer - - name: MEDIA_URL - value: "https://media.darkdork.dev" - - name: S3_BUCKET - value: pleroma.darkdork.dev - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-access-key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-secret-key - - name: S3_SCHEME - value: "http://" - - name: S3_HOST - value: minio - - name: S3_PORT - value: "80" - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /pleroma/config/prod.secret.exs - subPath: prod.secret.exs - containers: - - name: pleroma - image: cr.forge.lan/darkdork-dev/pleromax - imagePullPolicy: IfNotPresent - command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] - ports: - - containerPort: 4000 - env: - - name: MIX_ENV - value: prod - - name: SIGNING_SALT - value: quYau0c - - name: DOMAIN - value: darkdork.dev - - name: INSTANCE_NAME - value: DarkDork.dev - - name: ADMIN_EMAIL - value: pwm@crlf.ninja - - name: NOTIFY_EMAIL - value: pleroma@crlf.ninja - - name: REGISTRATIONS_OPEN - value: "false" - - name: INVITES_ENABLED - value: "true" - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: pleroma - key: secret-key-base - - name: WEB_PUSH_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-public-key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-private-key - - name: DEFAULT_SIGNER - valueFrom: - secretKeyRef: - name: pleroma - key: default-signer - - name: MEDIA_URL - value: "https://media.darkdork.dev" - - name: S3_BUCKET - value: pleroma.darkdork.dev - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-access-key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-secret-key - - name: S3_SCHEME - value: "http://" - - name: S3_HOST - value: minio - - name: S3_PORT - value: "80" - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /pleroma/config/prod.secret.exs - subPath: prod.secret.exs - - name: pleroma-emoji-volume - mountPath: /static-files/emoji/ - subPath: emoji/ - volumes: - - name: pleroma-config-volume - configMap: - name: pleroma-config - defaultMode: 0640 # Pleroma is picky about config file permissions. - items: - - key: config.exs - path: prod.secret.exs - - name: pleroma-emoji-volume - persistentVolumeClaim: - claimName: pleroma-emoji - securityContext: - fsGroup: 1000 # Ensures peroma can still read the config file ---- \ No newline at end of file diff --git a/manifests/pleroma/templates/deployment.yaml b/manifests/pleroma/templates/deployment.yaml index 3832d61..3b01ab6 100644 --- a/manifests/pleroma/templates/deployment.yaml +++ b/manifests/pleroma/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: pleroma + name: pleromax namespace: darkdork-dev spec: replicas: 1 @@ -18,32 +18,14 @@ spec: - name: registry-credentials initContainers: - name: init - image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} + image: cr.forge.lan/darkdork-dev/pleromax:${CI_COMMIT_SHA} imagePullPolicy: IfNotPresent - command: [ "/init-pleroma.sh" ] - env: - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /etc/pleroma/config.exs - subPath: config.exs - containers: - - name: pleroma - image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 4000 + command: [ "sh", "-c", "mix ecto.migrate" ] env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c - name: DOMAIN value: darkdork.dev - name: INSTANCE_NAME @@ -109,8 +91,87 @@ spec: key: postgres-password volumeMounts: - name: pleroma-config-volume - mountPath: /etc/pleroma/config.exs - subPath: config.exs + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs + containers: + - name: pleroma + image: cr.forge.lan/darkdork-dev/pleromax:${CI_COMMIT_SHA} + imagePullPolicy: IfNotPresent + command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] + ports: + - containerPort: 4000 + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs - name: pleroma-emoji-volume mountPath: /static-files/emoji/ subPath: emoji/ @@ -119,6 +180,9 @@ spec: configMap: name: pleroma-config defaultMode: 0640 # Pleroma is picky about config file permissions. + items: + - key: config.exs + path: prod.secret.exs - name: pleroma-emoji-volume persistentVolumeClaim: claimName: pleroma-emoji diff --git a/pleroma/Dockerfile b/pleroma/Dockerfile index 1b18c09..912df20 100644 --- a/pleroma/Dockerfile +++ b/pleroma/Dockerfile @@ -1,36 +1,9 @@ -FROM alpine - -ARG HOME=/opt/pleroma -ENV HOME=${HOME} -ARG DATA=/var/lib/pleroma -ENV DATA=${DATA} - -RUN wget 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl' -O /tmp/pleroma.zip -RUN unzip /tmp/pleroma.zip -d /tmp/ - -RUN apk update && \ - apk add exiftool ffmpeg vips libmagic ncurses postgresql-client curl - -RUN adduser --system --shell /bin/false --home ${HOME} -u 1000 pleroma &&\ - addgroup -g 1000 -S pleroma &&\ - addgroup pleroma pleroma &&\ - mkdir -p ${DATA} &&\ - chown -R pleroma:pleroma ${DATA} &&\ - mkdir -p /etc/pleroma &&\ - chown -R pleroma:pleroma /etc/pleroma &&\ - mv /tmp/release/* ${HOME} &&\ - chown -R pleroma:pleroma ${HOME} - -RUN rm -r /tmp/release -RUN rm /tmp/pleroma.zip +FROM cr.forge.lan/darkdork-dev/pleromax COPY --chmod=0764 --chown=pleroma:pleroma ./static-files/ /static-files/ COPY --chmod=0755 --chown=pleroma:pleroma ./init-pleroma.sh / -COPY --chmod=0755 --chown=pleroma:pleroma ./docker-entrypoint.sh ${HOME} -COPY --chmod=0764 --chown=pleroma:pleroma ./custom-modules/ /custom-modules/ +COPY --chmod=0755 --chown=pleroma:pleroma ./docker-entrypoint.sh /pleroma EXPOSE 4000 -USER pleroma - ENTRYPOINT ["/opt/pleroma/docker-entrypoint.sh"]