diff --git a/config/service/writefreely/Containerfile b/config/service/writefreely/Containerfile new file mode 100644 index 0000000..626200f --- /dev/null +++ b/config/service/writefreely/Containerfile @@ -0,0 +1,20 @@ +FROM docker.io/debian:bullseye-slim +ARG VERSION=0.13.1 + +RUN apt-get update -y && apt-get upgrade -y && \ + apt-get install -y --no-install-recommends curl ca-certificates gettext gosu + +ENV PACKAGE_URL https://github.com/writefreely/writefreely/releases/download/v${VERSION}/writefreely_${VERSION}_linux_amd64.tar.gz +RUN curl -L ${PACKAGE_URL} | tar -C /opt --no-same-owner -xvzf - && \ + mv /opt/writefreely/writefreely /bin/writefreely && chmod +x /bin/writefreely + +RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false curl + +RUN addgroup --system --gid 10000 writefreely +RUN adduser --system --uid 10000 --ingroup writefreely --home /var/lib/writefreely writefreely + +COPY container/config /etc/writefreely +COPY container/run-writefreely /run-writefreely + +EXPOSE 8080 +ENTRYPOINT ["/run-writefreely"] diff --git a/config/service/writefreely/container/config/config.ini.template b/config/service/writefreely/container/config/config.ini.template new file mode 100644 index 0000000..90d3d41 --- /dev/null +++ b/config/service/writefreely/container/config/config.ini.template @@ -0,0 +1,29 @@ +[server] +bind = 0.0.0.0 +port = 8080 +templates_parent_dir = /opt/writefreely +static_parent_dir = /opt/writefreely +pages_parent_dir = /opt/writefreely +keys_parent_dir = /var/lib/writefreely + +[database] +type = sqlite3 +filename = /var/lib/writefreely/writefreely.db + +[app] +site_name = WriteFreely +site_description = +host = ${WRITEFREELY_SITE_HOST} +theme = ${WRITEFREELY_SITE_THEME} +editor = ${WRITEFREELY_EDITOR} +wf_modesty = true +single_user = ${WRITEFREELY_SINGLE_USER} +open_registration = false +open_deletion = false +user_invites = admin +min_username_len = 3 +max_blogs = 100 +federation = false +private = false +update_checks = false +disable_password_auth = false diff --git a/config/service/writefreely/container/run-writefreely b/config/service/writefreely/container/run-writefreely new file mode 100755 index 0000000..6eaf1ea --- /dev/null +++ b/config/service/writefreely/container/run-writefreely @@ -0,0 +1,31 @@ +#!/bin/sh + +# Create configuration file from collected templates. +envsubst < /etc/writefreely/config.ini.template > /etc/writefreely/config.ini +mkdir -p /var/lib/writefreely/keys + +# Initialize and run migrates on database if needed. New instances of WriteFreely will have a +# default administrator be created with a random password, which is echoed back to the system. It +# is intended that both the username and password are changed by whoever manages this instance. +if ! test -f /var/lib/writefreely/writefreely.db; then + writefreely -c /etc/writefreely/config.ini db init + ( + password="$(dd if=/dev/urandom | tr -dc '[:alnum:]' | head -c 50)" + writefreely -c /etc/writefreely/config.ini user add --admin "default:${password}" + echo "Created an administrator user with username 'default' and password '${password}'" + echo "Make sure to change this immediately after logging in for the first time!" + ) +fi + +writefreely -c /etc/writefreely/config.ini db migrate + +# Generate keys, if none have already been generated. +if test -z "$(ls -A /var/lib/writefreely/keys)"; then + writefreely -c /etc/writefreely/config.ini keys generate +fi + +# Correct permissions for data files. +chown -R writefreely:writefreely /var/lib/writefreely + +# Run entrypoint under specific user. +gosu writefreely /bin/writefreely -c /etc/writefreely/config.ini "$@" diff --git a/config/service/writefreely/spec.bu b/config/service/writefreely/spec.bu new file mode 100644 index 0000000..f2926f2 --- /dev/null +++ b/config/service/writefreely/spec.bu @@ -0,0 +1,10 @@ +variant: fcos +version: 1.3.0 +storage: + trees: + - path: /etc/systemd/system + local: service/writefreely/systemd/ +systemd: + units: + - name: writefreely.service + enabled: true diff --git a/config/service/writefreely/systemd/writefreely.service b/config/service/writefreely/systemd/writefreely.service new file mode 100644 index 0000000..227bfc5 --- /dev/null +++ b/config/service/writefreely/systemd/writefreely.service @@ -0,0 +1,20 @@ +[Unit] +Description=WriteFreely Federated Writing Application +Wants=container-build@%N.service container-volume@%N.service +After=container-build@%N.service container-volume@%N.service + +[Service] +Type=notify +NotifyAccess=all +SyslogIdentifier=%N +Restart=on-failure +Environment=PODMAN_SYSTEMD_UNIT=%n +ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \ + --env-file %E/coreos-home-server/%N/%N.env \ + --volume %N:/var/lib/%N:z \ + localhost/%N:latest +ExecStop=/bin/podman stop --ignore --time 10 %N +ExecStopPost=/bin/podman rm --ignore --force %N + +[Install] +WantedBy=multi-user.target diff --git a/config/service/writefreely/writefreely.env.template b/config/service/writefreely/writefreely.env.template new file mode 100644 index 0000000..8480b94 --- /dev/null +++ b/config/service/writefreely/writefreely.env.template @@ -0,0 +1,5 @@ +# Site options. +WRITEFREELY_SITE_HOST=${WRITEFREELY_SITE_HOST} +WRITEFREELY_SITE_THEME=write +WRITEFREELY_EDITOR=pad +WRITEFREELY_SINGLE_USER=true diff --git a/host/lhr01nuc/lhr01nuc.env.gpg b/host/lhr01nuc/lhr01nuc.env.gpg index 8755b68..58d9f2b 100644 Binary files a/host/lhr01nuc/lhr01nuc.env.gpg and b/host/lhr01nuc/lhr01nuc.env.gpg differ diff --git a/host/lhr01srv/lhr01srv.env.gpg b/host/lhr01srv/lhr01srv.env.gpg index d62d952..f2316eb 100644 Binary files a/host/lhr01srv/lhr01srv.env.gpg and b/host/lhr01srv/lhr01srv.env.gpg differ diff --git a/host/virtual/virtual.env b/host/virtual/virtual.env index 860baae..071eb70 100644 --- a/host/virtual/virtual.env +++ b/host/virtual/virtual.env @@ -38,3 +38,6 @@ RSPAMD_CONTROLLER_PASSWORD=password # Configuration for RSS2Email. RSS2EMAIL_FROM=noreply@localhost RSS2EMAIL_TO=root@localhost + +# Configuration for WriteFreely. +WRITEFREELY_SITE_HOST=https://writefreely.localhost