initial commit

.env.docker.example

@@ -0,0 +1,162 @@
+## Crypto
+APP_KEY=secretsgohere
+
+## General Settings
+APP_NAME="Moe for Solarpunk Pix"
+APP_ENV=production
+APP_DEBUG=false
+APP_URL=https://pix.solarpunk.moe
+APP_DOMAIN="pix.solarpunk.moe"
+ADMIN_DOMAIN="pix.solarpunk.moe"
+SESSION_DOMAIN="pix.solarpunk.moe"
+
+OPEN_REGISTRATION=true
+ENFORCE_EMAIL_VERIFICATION=true
+PF_MAX_USERS=30
+OAUTH_ENABLED=true
+
+APP_TIMEZONE=UTC
+APP_LOCALE=en
+
+## Pixelfed Tweaks
+LIMIT_ACCOUNT_SIZE=true
+MAX_ACCOUNT_SIZE=1000000
+MAX_PHOTO_SIZE=15000
+MAX_AVATAR_SIZE=2000
+MAX_CAPTION_LENGTH=500
+MAX_BIO_LENGTH=125
+MAX_NAME_LENGTH=30
+MAX_ALBUM_LENGTH=4
+IMAGE_QUALITY=80
+PF_OPTIMIZE_IMAGES=true
+PF_OPTIMIZE_VIDEOS=true
+ADMIN_ENV_EDITOR=false
+ACCOUNT_DELETION=true
+ACCOUNT_DELETE_AFTER=false
+MAX_LINKS_PER_POST=0
+
+## Instance
+#INSTANCE_DESCRIPTION=
+INSTANCE_PUBLIC_HASHTAGS=false
+#INSTANCE_CONTACT_EMAIL=
+INSTANCE_PUBLIC_LOCAL_TIMELINE=false
+#BANNED_USERNAMES=
+STORIES_ENABLED=false
+RESTRICTED_INSTANCE=false
+
+## Mail
+MAIL_DRIVER=smtp
+MAIL_HOST=mail
+MAIL_PORT=25
+MAIL_FROM_ADDRESS="pixelfed@solarpunk.moe"
+MAIL_FROM_NAME="Moe for Solarpunk Pixelfed"
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+
+## Databases (MySQL)
+DB_CONNECTION=mysql
+DB_DATABASE=pixelfed_prod
+DB_HOST=db
+DB_PASSWORD=pixelfed_db_pass
+DB_PORT=3306
+DB_USERNAME=pixelfed
+# pass the same values to the db itself
+MYSQL_DATABASE=pixelfed_prod
+MYSQL_PASSWORD=pixelfed_db_pass
+MYSQL_RANDOM_ROOT_PASSWORD=true
+MYSQL_USER=pixelfed
+
+## Databases (Postgres)
+#DB_CONNECTION=pgsql
+#DB_HOST=db
+#DB_PORT=5432
+#DB_DATABASE=pixelfed
+#DB_USERNAME=postgres
+#DB_PASSWORD=9*K5JFNo
+#POSTGRES_DB=pixelfed
+#POSTGRES_USER=postgres
+#POSTGRES_PASSWORD=9*K5JFNo
+
+## Cache (Redis)
+REDIS_CLIENT=phpredis
+REDIS_SCHEME=tcp
+REDIS_HOST=redis
+REDIS_PASSWORD=secrets
+REDIS_PORT=6379
+REDIS_DATABASE=0
+
+## EXPERIMENTS 
+EXP_LC=false
+EXP_REC=false
+EXP_LOOPS=false
+
+## ActivityPub Federation
+ACTIVITY_PUB=true
+AP_REMOTE_FOLLOW=true
+AP_SHAREDINBOX=true
+AP_INBOX=true
+AP_OUTBOX=true
+ATOM_FEEDS=true
+NODEINFO=true
+WEBFINGER=true
+
+## S3
+FILESYSTEM_DRIVER=local
+FILESYSTEM_CLOUD=s3
+PF_ENABLE_CLOUD=true
+AWS_ACCESS_KEY_ID=secrets
+AWS_SECRET_ACCESS_KEY=secrets
+AWS_DEFAULT_REGION=region
+AWS_BUCKET=bucketname
+AWS_URL=https://something.something.digitaloceanspaces.com
+AWS_ENDPOINT=https://something.digitaloceanspaces.com
+#AWS_USE_PATH_STYLE_ENDPOINT=false
+
+## Horizon
+HORIZON_DARKMODE=true
+
+## COSTAR - Confirm Object Sentiment Transform and Reduce
+PF_COSTAR_ENABLED=false
+
+# Media
+MEDIA_EXIF_DATABASE=false
+
+## Logging
+LOG_CHANNEL=stdout
+
+## Image
+IMAGE_DRIVER=imagick
+
+## Broadcasting
+BROADCAST_DRIVER=redis  # log driver for local development
+
+## Cache
+CACHE_DRIVER=redis
+
+## Purify
+RESTRICT_HTML_TYPES=true
+
+## Queue
+QUEUE_DRIVER=redis
+
+## Session
+SESSION_DRIVER=redis
+
+## Trusted Proxy
+TRUST_PROXIES="*"
+
+## Passport
+#PASSPORT_PRIVATE_KEY=
+#PASSPORT_PUBLIC_KEY=
+#
+#
+
+PF_USER_INVITES=true
+PF_USER_INVITES_TOTAL_LIMIT=100
+PF_USER_INVITES_DAILY_LIMIT=10
+PF_USER_INVITES_MONTHLY_LIMIT=25
+
+# This needs to be set to false when doing initial migration!
+# It's awkward! Yeah!
+ENABLE_CONFIG_CACHE=true

.gitignore

@@ -0,0 +1,2 @@
+# Secrets!
+.env.docker

contrib/docker-nginx.conf

@@ -0,0 +1,39 @@
+upstream fpm {
+  server pixelfed-app:9000;
+}
+
+server {
+    listen ${NGINX_PORT};
+    server_name pix.solarpunk.moe;                    # change this to your fqdn
+    root /var/www/public;         # path to repo/public
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.html index.htm index.php;
+
+    charset utf-8;
+    client_max_body_size 32M;   # or your desired limit
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass fpm;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

contrib/docker/start.fpm.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Create the storage tree if needed and fix permissions
+cp -r storage.skel/* storage/
+chown -R www-data:www-data storage/ bootstrap/ public/
+
+# Refresh the environment
+php artisan storage:link
+php artisan horizon:publish
+php artisan route:cache
+php artisan view:cache
+php artisan config:cache
+
+# Finally run FPM
+php-fpm

contrib/docker/start.nginx.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+rm -rf /var/www/public/storage
+ln -s /var/www/storage/app/public /var/www/public/storage
+
+chown -R www-data /var/www/public/
+
+./docker-entrypoint.sh nginx -g "daemon off;"

contrib/docker/start.php.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Create the storage tree if needed and fix permissions
+cp -r storage.skel/* storage/
+chown -R www-data:www-data storage/ bootstrap/
+
+# Refresh the environment
+php artisan storage:link
+php artisan horizon:publish
+php artisan route:cache
+php artisan view:cache
+php artisan config:cache
+
+# Finally run php
+php

docker-compose.yml

@@ -0,0 +1,109 @@
+---
+version: '3'
+
+# In order to set configuration, please use a .env file in
+# your compose project directory (the same directory as your
+# docker-compose.yml), and set database options, application
+# name, key, and other settings there.
+# A list of available settings is available in .env.example
+#
+# The services should scale properly across a swarm cluster
+# if the volumes are properly shared between cluster members.
+
+services:
+## App and Worker
+  pixelfed-app:
+    # Comment to use dockerhub image
+    build:
+      context: .
+      dockerfile: contrib/docker/Dockerfile.fpm
+    image: porttown.solarpunk.moe/pixelfed
+    restart: unless-stopped
+    env_file:
+      - .env.docker
+    volumes:
+      - app-storage:/var/www/storage
+      - app-bootstrap:/var/www/bootstrap
+      - "./.env.docker:/var/www/.env"
+    networks:
+      internal:
+      external:
+      mail:
+
+    depends_on:
+      - db
+      - redis
+
+  worker:
+    build:
+      context: .
+      dockerfile: contrib/docker/Dockerfile.fpm
+    image: porttown.solarpunk.moe/pixelfed
+    restart: unless-stopped
+    env_file:
+      - .env.docker
+    volumes:
+      - app-storage:/var/www/storage
+      - app-bootstrap:/var/www/bootstrap
+    networks:
+      - internal
+      - mail
+    command: gosu www-data php artisan horizon
+    depends_on:
+      - db
+      - redis
+
+## DB and Cache
+  db:
+    image: mysql:8.0
+    restart: unless-stopped
+    networks:
+      - internal
+    command: --default-authentication-plugin=mysql_native_password
+    env_file:
+      - .env.docker
+    volumes:
+      - "db-data:/var/lib/lib/mysql"
+
+  redis:
+    image: redis:5-alpine
+    restart: unless-stopped
+    env_file:
+      - .env.docker
+    volumes:
+      - "redis-data:/data"
+    networks:
+      - internal
+
+  nginx:
+    image: nginx
+    restart: always
+    command: /var/www/start.nginx.sh
+    networks:
+      - httpsproxy
+      - external
+    volumes:
+      - ./contrib/docker-nginx.conf:/etc/nginx/templates/default.conf.template
+      - ./contrib/docker/start.nginx.sh:/var/www/start.nginx.sh
+      - ./public:/var/www/public
+      - app-storage:/var/www/storage
+    environment:
+      - LETSENCRYPT_HOST=pix.solarpunk.moe
+      - VIRTUAL_HOST=pix.solarpunk.moe
+      - VIRTUAL_PORT=80
+      - NGINX_PORT=80
+
+volumes:
+  db-data:
+  redis-data:
+  app-storage:
+  app-bootstrap:
+
+networks:
+  internal:
+    internal: true
+  external:
+  mail:
+    external: true
+  httpsproxy:
+    external: true