red/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update deployment for pipeline

Browse source
This commit is contained in:
red 2025-07-13 10:26:13 -04:00
parent 0d910fe43e
commit 29a9c30664
3 changed files with 93 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

191
manifests/pleroma/deployment.yaml
View file

@ -1,191 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pleromax
namespace: darkdork-dev
spec:
replicas: 1
selector:
matchLabels:
app: pleroma
template:
metadata:
labels:
app: pleroma
spec:
imagePullSecrets:
- name: registry-credentials
initContainers:
- name: init
image: cr.forge.lan/darkdork-dev/pleromax
imagePullPolicy: IfNotPresent
command: [ "sh", "-c", "mix ecto.migrate" ]
env:
- name: MIX_ENV
value: prod
- name: SIGNING_SALT
value: quYau0c
- name: DOMAIN
value: darkdork.dev
- name: INSTANCE_NAME
value: DarkDork.dev
- name: ADMIN_EMAIL
value: pwm@crlf.ninja
- name: NOTIFY_EMAIL
value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN
value: "false"
- name: INVITES_ENABLED
value: "true"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: pleroma
key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-private-key
- name: DEFAULT_SIGNER
valueFrom:
secretKeyRef:
name: pleroma
key: default-signer
- name: MEDIA_URL
value: "https://media.darkdork.dev"
- name: S3_BUCKET
value: pleroma.darkdork.dev
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-secret-key
- name: S3_SCHEME
value: "http://"
- name: S3_HOST
value: minio
- name: S3_PORT
value: "80"
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-config-volume
mountPath: /pleroma/config/prod.secret.exs
subPath: prod.secret.exs
containers:
- name: pleroma
image: cr.forge.lan/darkdork-dev/pleromax
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"]
ports:
- containerPort: 4000
env:
- name: MIX_ENV
value: prod
- name: SIGNING_SALT
value: quYau0c
- name: DOMAIN
value: darkdork.dev
- name: INSTANCE_NAME
value: DarkDork.dev
- name: ADMIN_EMAIL
value: pwm@crlf.ninja
- name: NOTIFY_EMAIL
value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN
value: "false"
- name: INVITES_ENABLED
value: "true"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: pleroma
key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-private-key
- name: DEFAULT_SIGNER
valueFrom:
secretKeyRef:
name: pleroma
key: default-signer
- name: MEDIA_URL
value: "https://media.darkdork.dev"
- name: S3_BUCKET
value: pleroma.darkdork.dev
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-secret-key
- name: S3_SCHEME
value: "http://"
- name: S3_HOST
value: minio
- name: S3_PORT
value: "80"
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-config-volume
mountPath: /pleroma/config/prod.secret.exs
subPath: prod.secret.exs
- name: pleroma-emoji-volume
mountPath: /static-files/emoji/
subPath: emoji/
volumes:
- name: pleroma-config-volume
configMap:
name: pleroma-config
defaultMode: 0640 # Pleroma is picky about config file permissions.
items:
- key: config.exs
path: prod.secret.exs
- name: pleroma-emoji-volume
persistentVolumeClaim:
claimName: pleroma-emoji
securityContext:
fsGroup: 1000 # Ensures peroma can still read the config file
---

118
manifests/pleroma/templates/deployment.yaml
View file

@ -2,7 +2,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: pleroma name: pleromax
namespace: darkdork-dev namespace: darkdork-dev
spec: spec:
replicas: 1 replicas: 1
@ -18,32 +18,14 @@ spec:
- name: registry-credentials - name: registry-credentials
initContainers: initContainers:
- name: init - name: init
image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} image: cr.forge.lan/darkdork-dev/pleromax:${CI_COMMIT_SHA}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: [ "/init-pleroma.sh" ] command: [ "sh", "-c", "mix ecto.migrate" ]
env:
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-config-volume
mountPath: /etc/pleroma/config.exs
subPath: config.exs
containers:
- name: pleroma
image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 4000
env: env:
- name: MIX_ENV
value: prod
- name: SIGNING_SALT
value: quYau0c
- name: DOMAIN - name: DOMAIN
value: darkdork.dev value: darkdork.dev
- name: INSTANCE_NAME - name: INSTANCE_NAME
@ -109,8 +91,87 @@ spec:
key: postgres-password key: postgres-password
volumeMounts: volumeMounts:
- name: pleroma-config-volume - name: pleroma-config-volume
mountPath: /etc/pleroma/config.exs mountPath: /pleroma/config/prod.secret.exs
subPath: config.exs subPath: prod.secret.exs
containers:
- name: pleroma
image: cr.forge.lan/darkdork-dev/pleromax:${CI_COMMIT_SHA}
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"]
ports:
- containerPort: 4000
env:
- name: MIX_ENV
value: prod
- name: SIGNING_SALT
value: quYau0c
- name: DOMAIN
value: darkdork.dev
- name: INSTANCE_NAME
value: DarkDork.dev
- name: ADMIN_EMAIL
value: pwm@crlf.ninja
- name: NOTIFY_EMAIL
value: pleroma@crlf.ninja
- name: REGISTRATIONS_OPEN
value: "false"
- name: INVITES_ENABLED
value: "true"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: pleroma
key: secret-key-base
- name: WEB_PUSH_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-public-key
- name: WEB_PUSH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: web-push-private-key
- name: DEFAULT_SIGNER
valueFrom:
secretKeyRef:
name: pleroma
key: default-signer
- name: MEDIA_URL
value: "https://media.darkdork.dev"
- name: S3_BUCKET
value: pleroma.darkdork.dev
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: pleroma
key: minio-secret-key
- name: S3_SCHEME
value: "http://"
- name: S3_HOST
value: minio
- name: S3_PORT
value: "80"
- name: DB_HOST
value: postgres
- name: DB_NAME
value: pleroma
- name: DB_USER
value: pleroma
- name: DB_PASS
valueFrom:
secretKeyRef:
name: postgres
key: postgres-password
volumeMounts:
- name: pleroma-config-volume
mountPath: /pleroma/config/prod.secret.exs
subPath: prod.secret.exs
- name: pleroma-emoji-volume - name: pleroma-emoji-volume
mountPath: /static-files/emoji/ mountPath: /static-files/emoji/
subPath: emoji/ subPath: emoji/
@ -119,6 +180,9 @@ spec:
configMap: configMap:
name: pleroma-config name: pleroma-config
defaultMode: 0640 # Pleroma is picky about config file permissions. defaultMode: 0640 # Pleroma is picky about config file permissions.
items:
- key: config.exs
path: prod.secret.exs
- name: pleroma-emoji-volume - name: pleroma-emoji-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: pleroma-emoji claimName: pleroma-emoji

31
pleroma/Dockerfile
View file

@ -1,36 +1,9 @@
FROM alpine FROM cr.forge.lan/darkdork-dev/pleromax
ARG HOME=/opt/pleroma
ENV HOME=${HOME}
ARG DATA=/var/lib/pleroma
ENV DATA=${DATA}
RUN wget 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl' -O /tmp/pleroma.zip
RUN unzip /tmp/pleroma.zip -d /tmp/
RUN apk update && \
apk add exiftool ffmpeg vips libmagic ncurses postgresql-client curl
RUN adduser --system --shell /bin/false --home ${HOME} -u 1000 pleroma &&\
addgroup -g 1000 -S pleroma &&\
addgroup pleroma pleroma &&\
mkdir -p ${DATA} &&\
chown -R pleroma:pleroma ${DATA} &&\
mkdir -p /etc/pleroma &&\
chown -R pleroma:pleroma /etc/pleroma &&\
mv /tmp/release/* ${HOME} &&\
chown -R pleroma:pleroma ${HOME}
RUN rm -r /tmp/release
RUN rm /tmp/pleroma.zip
COPY --chmod=0764 --chown=pleroma:pleroma ./static-files/ /static-files/ COPY --chmod=0764 --chown=pleroma:pleroma ./static-files/ /static-files/
COPY --chmod=0755 --chown=pleroma:pleroma ./init-pleroma.sh / COPY --chmod=0755 --chown=pleroma:pleroma ./init-pleroma.sh /
COPY --chmod=0755 --chown=pleroma:pleroma ./docker-entrypoint.sh ${HOME} COPY --chmod=0755 --chown=pleroma:pleroma ./docker-entrypoint.sh /pleroma
COPY --chmod=0764 --chown=pleroma:pleroma ./custom-modules/ /custom-modules/
EXPOSE 4000 EXPOSE 4000
USER pleroma
ENTRYPOINT ["/opt/pleroma/docker-entrypoint.sh"] ENTRYPOINT ["/opt/pleroma/docker-entrypoint.sh"]