many small fixes and improvements

2024-02-10 20:03:04 +00:00 · 2024-02-10 20:03:04 +00:00 · bc66b6da18
parent d8e1caec53
commit bc66b6da18
12 changed files with 723 additions and 678 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -17,11 +17,11 @@ indent_style = space
 indent_size = 4

 # ShellCheck config
-shell_variant      = bash
-binary_next_line   = true
-case-indent 	   = true
-switch_case_indent = true
-space_redirects    = true
-function_next_line = true
+shell_variant      = bash  # like -ln=bash
+binary_next_line   = true  # like -bn
+switch_case_indent = true  # like -ci
+space_redirects    = false # like -sr
+keep_padding       = false  # like -kp
+function_next_line = true  # like -fn
+never_split        = true  # like -ns
 simplify           = true
-space-redirects    = true
--- a/.env.docker
+++ b/.env.docker
--- a/.env.example
+++ b/.env.example
@ -1,80 +0,0 @@
-# shellcheck disable=SC2034,SC2148
-
-APP_NAME="Pixelfed"
-APP_ENV="production"
-APP_KEY=
-APP_DEBUG="false"
-
-# Instance Configuration
-OPEN_REGISTRATION="false"
-ENFORCE_EMAIL_VERIFICATION="false"
-PF_MAX_USERS="1000"
-OAUTH_ENABLED="true"
-
-# Media Configuration
-PF_OPTIMIZE_IMAGES="true"
-IMAGE_QUALITY="80"
-MAX_PHOTO_SIZE="15000"
-MAX_CAPTION_LENGTH="500"
-MAX_ALBUM_LENGTH="4"
-
-# Instance URL Configuration
-APP_URL="http://localhost"
-APP_DOMAIN="localhost"
-ADMIN_DOMAIN="localhost"
-SESSION_DOMAIN="localhost"
-TRUST_PROXIES="*"
-
-# Database Configuration
-DB_CONNECTION="mysql"
-DB_HOST="127.0.0.1"
-DB_PORT="3306"
-DB_DATABASE="pixelfed"
-DB_USERNAME="pixelfed"
-DB_PASSWORD="pixelfed"
-
-# Redis Configuration
-REDIS_CLIENT="predis"
-REDIS_SCHEME="tcp"
-REDIS_HOST="127.0.0.1"
-REDIS_PASSWORD="null"
-REDIS_PORT="6379"
-
-# Laravel Configuration
-SESSION_DRIVER="database"
-CACHE_DRIVER="redis"
-QUEUE_DRIVER="redis"
-BROADCAST_DRIVER="log"
-LOG_CHANNEL="stack"
-HORIZON_PREFIX="horizon-"
-
-# ActivityPub Configuration
-ACTIVITY_PUB="false"
-AP_REMOTE_FOLLOW="false"
-AP_INBOX="false"
-AP_OUTBOX="false"
-AP_SHAREDINBOX="false"
-
-# Experimental Configuration
-EXP_EMC="true"
-
-## Mail Configuration (Post-Installer)
-MAIL_DRIVER=log
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-MAIL_USERNAME=null
-MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-MAIL_FROM_ADDRESS="pixelfed@example.com"
-MAIL_FROM_NAME="Pixelfed"
-
-## S3 Configuration (Post-Installer)
-PF_ENABLE_CLOUD=false
-FILESYSTEM_CLOUD=s3
-#AWS_ACCESS_KEY_ID=
-#AWS_SECRET_ACCESS_KEY=
-#AWS_DEFAULT_REGION=
-#AWS_BUCKET=<BucketName>
-#AWS_URL=
-#AWS_ENDPOINT=
-#AWS_USE_PATH_STYLE_ENDPOINT=false
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1,5 +1,19 @@
 {
    "shellformat.useEditorConfig": true,
+    "[shellscript]": {
+        "files.eol": "\n",
+        "editor.defaultFormatter": "foxundermoon.shell-format"
+    },
+    "[yaml]": {
+        "editor.defaultFormatter": "redhat.vscode-yaml"
+    },
+    "[dockercompose]": {
+        "editor.defaultFormatter": "redhat.vscode-yaml",
+        "editor.autoIndent": "advanced",
+    },
+    "yaml.schemas": {
+        "https://json.schemastore.org/composer": "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json"
+    },
    "files.associations": {
        ".env": "shellscript",
        ".env.*": "shellscript"
--- a/16
+++ b/16
@ -20,10 +20,8 @@ ARG FOREGO_VERSION="0.17.2"
 # See: https://github.com/hairyhenderson/gomplate
 ARG GOMPLATE_VERSION="v3.11.6"

-# See: https://github.com/dotenv-linter/dotenv-linter
-#
-# WARN: v3.3.0 and above requires newer libc version than Ubuntu ships with
-ARG DOTENV_LINTER_VERSION="v3.2.0"
+# See: https://github.com/jippi/dottie
+ARG DOTTIE_VERSION="v0.6.5"

 ###
 # PHP base configuration
@ -88,6 +86,13 @@ FROM nginx:${NGINX_VERSION} AS nginx-image
 # See: https://github.com/nginx-proxy/forego
 FROM nginxproxy/forego:${FOREGO_VERSION}-debian AS forego-image

+# Dottie makes working with .env files easier and safer
+#
+# NOTE: Docker will *not* pull this image unless it's referenced (via build target)
+#
+# See: https://github.com/jippi/dottie
+FROM ghcr.io/jippi/dottie:${DOTTIE_VERSION} AS dottie-image
+
 # gomplate-image grabs the gomplate binary from GitHub releases
 #
 # It's in its own layer so it can be fetched in parallel with other build steps
@ -116,7 +121,6 @@ FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base
 ARG BUILDKIT_SBOM_SCAN_STAGE="true"

 ARG APT_PACKAGES_EXTRA
-ARG DOTENV_LINTER_VERSION
 ARG PHP_DEBIAN_RELEASE
 ARG PHP_VERSION
 ARG RUNTIME_GID
@ -135,7 +139,6 @@ RUN set -ex \
 WORKDIR /var/www/

 ENV APT_PACKAGES_EXTRA=${APT_PACKAGES_EXTRA}
-ENV DOTENV_LINTER_VERSION="${DOTENV_LINTER_VERSION}"

 # Install and configure base layer
 COPY docker/shared/root/docker/install/base.sh /docker/install/base.sh
@ -226,6 +229,7 @@ ENV RUNTIME_UID=${RUNTIME_UID}
 ENV RUNTIME_GID=${RUNTIME_GID}

 COPY --link --from=forego-image /usr/local/bin/forego /usr/local/bin/forego
+COPY --link --from=dottie-image /dottie /usr/local/bin/dottie
 COPY --link --from=gomplate-image /usr/local/bin/gomplate /usr/local/bin/gomplate
 COPY --link --from=composer-image /usr/bin/composer /usr/bin/composer
 COPY --link --from=composer-and-src --chown=${RUNTIME_UID}:${RUNTIME_GID} /var/www /var/www
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,5 +1,6 @@
 ---
-version: "3"
+# Require 3.8 to ensure people use a recent version of Docker + Compose
+version: "3.8"

 ###############################################################
 # Please see docker/README.md for usage information
@ -53,7 +54,7 @@ services:
      - ${DOCKER_PROXY_ACME_PROFILE:-}
    environment:
      DEBUG: 0
-      DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
+      DEFAULT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}"
      NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy"
    depends_on:
      - proxy
@ -74,21 +75,21 @@ services:
    build:
      target: ${DOCKER_APP_RUNTIME}-runtime
      args:
-        PHP_VERSION: "${DOCKER_APP_PHP_VERSION}"
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
        PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
        PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
-        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
-        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
        PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}"
    volumes:
      - "./.env:/var/www/.env"
      - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache"
      - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage"
      - "${DOCKER_APP_HOST_OVERRIDES_PATH}:/docker/overrides:ro"
    environment:
-      LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
-      LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
-      LETSENCRYPT_TEST: "${LETSENCRYPT_TEST:-}"
+      LETSENCRYPT_HOST: "${DOCKER_PROXY_LETSENCRYPT_HOST:?error}"
+      LETSENCRYPT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}"
+      LETSENCRYPT_TEST: "${DOCKER_PROXY_LETSENCRYPT_TEST:-}"
      VIRTUAL_HOST: "${APP_DOMAIN}"
      VIRTUAL_PORT: "80"
    labels:
@ -117,12 +118,12 @@ services:
    build:
      target: ${DOCKER_APP_RUNTIME}-runtime
      args:
-        PHP_VERSION: "${DOCKER_APP_PHP_VERSION}"
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
        PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
        PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
-        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
-        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
        PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}"
    volumes:
      - "./.env:/var/www/.env"
      - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache"
@ -133,23 +134,37 @@ services:
      - redis
    healthcheck:
      test: gosu www-data php artisan horizon:status | grep running
-      interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL}"
+      interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL:?error}"
      timeout: 5s
      retries: 2

  db:
-    image: mariadb:${DB_VERSION}
+    image: ${DOCKER_DB_IMAGE:?error}
    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db"
-    command: --default-authentication-plugin=mysql_native_password
+    command: ${DOCKER_DB_COMMAND:-}
    restart: unless-stopped
    profiles:
      - ${DOCKER_DB_PROFILE:-}
-    env_file:
-      - ".env"
+    environment:
+      TZ: "${TZ:?error}"
+      # MySQL (Oracle) - "Environment Variables" at https://hub.docker.com/_/mysql
+      MYSQL_ROOT_PASSWORD: "${DB_PASSWORD:?error}"
+      MYSQL_USER: "${DB_USERNAME:?error}"
+      MYSQL_PASSWORD: "${DB_PASSWORD:?error}"
+      MYSQL_DATABASE: "${DB_DATABASE:?error}"
+      # MySQL (MariaDB) - "Start a mariadb server instance with user, password and database" at https://hub.docker.com/_/mariadb
+      MARIADB_ROOT_PASSWORD: "${DB_PASSWORD:?error}"
+      MARIADB_USER: "${DB_USERNAME:?error}"
+      MARIADB_PASSWORD: "${DB_PASSWORD:?error}"
+      MARIADB_DATABASE: "${DB_DATABASE:?error}"
+      # PostgreSQL - "Environment Variables" at https://hub.docker.com/_/postgres
+      POSTGRES_USER: "${DB_USERNAME:?error}"
+      POSTGRES_PASSWORD: "${DB_PASSWORD:?error}"
+      POSTGRES_DB: "${DB_DATABASE:?error}"
    volumes:
-      - "${DOCKER_DB_HOST_DATA_PATH}:/var/lib/mysql"
+      - "${DOCKER_DB_HOST_DATA_PATH:?error}:${DOCKER_DB_CONTAINER_DATA_PATH:?error}"
    ports:
-      - "${DOCKER_DB_HOST_PORT}:3306"
+      - "${DOCKER_DB_HOST_PORT:?error}:${DOCKER_DB_CONTAINER_PORT:?error}"
    healthcheck:
      test:
        [
@ -159,7 +174,7 @@ services:
          "--connect",
          "--innodb_initialized",
        ]
-      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL}"
+      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:?error}"
      retries: 2
      timeout: 5s

@ -169,9 +184,8 @@ services:
    restart: unless-stopped
    command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'"
    environment:
-      - REDISCLI_AUTH=${REDIS_PASSWORD:-}
-    env_file:
-      - ".env"
+      TZ: "${TZ:?error}"
+      REDISCLI_AUTH: ${REDIS_PASSWORD:-}
    volumes:
      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis"
      - "${DOCKER_REDIS_HOST_DATA_PATH}:/data"
@ -179,6 +193,6 @@ services:
      - "${DOCKER_REDIS_HOST_PORT}:6379"
    healthcheck:
      test: ["CMD", "redis-cli", "-p", "6379", "ping"]
-      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL}"
+      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:?error}"
      retries: 2
      timeout: 5s
--- a/docker/nginx/root/docker/templates/etc/nginx/nginx.conf
+++ b/docker/nginx/root/docker/templates/etc/nginx/nginx.conf
@ -0,0 +1,41 @@
+# This is changed from the original "nginx" in upstream to work properly
+# with permissions within pixelfed when serving static files.
+user www-data;
+
+worker_processes auto;
+
+# Ensure the PID is writable
+# Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged
+pid /tmp/nginx.pid;
+
+# Write error log to stderr (/proc/self/fd/2 -> /dev/stderr)
+error_log /proc/self/fd/2 notice;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+
+    # Write error log to stdout (/proc/self/fd/1 -> /dev/stdout)
+    access_log /proc/self/fd/1 main;
+
+    sendfile on;
+    tcp_nopush on;
+    keepalive_timeout 65;
+    gzip on;
+
+    # Ensure all temp paths are in a writable by "www-data" user.
+    # Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/docker/shared/root/docker/entrypoint.d/02-check-config.sh
+++ b/docker/shared/root/docker/entrypoint.d/02-check-config.sh
@ -13,5 +13,9 @@ for file in "${dot_env_files[@]}"; do
        continue
    fi

-    run-as-current-user dotenv-linter --skip=QuoteCharacter --skip=UnorderedKey "${file}"
+    # We ignore 'dir' + 'file' rules since they are validate *host* paths
+    # which do not (and should not) exists inside the container
+    #
+    # We disable fixer since its not interactive anyway
+    run-as-current-user dottie validate --file "${file}" --ignore-rule dir,file --no-fix
 done
--- a/docker/shared/root/docker/helpers.sh
+++ b/docker/shared/root/docker/helpers.sh
@ -20,9 +20,10 @@ declare -g script_name=
 declare -g script_name_previous=
 declare -g log_prefix=

+declare -Ag lock_fds=()
+
 # dot-env files to source when reading config
 declare -a dot_env_files=(
-    /var/www/.env.docker
    /var/www/.env
 )

@ -166,7 +167,7 @@ function log-error()
        log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty"
    fi

-    echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" > /dev/stderr
+    echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" >/dev/stderr
 }

 # @description Print the given error message to stderr and exit 1
@ -197,7 +198,7 @@ function log-warning()
        log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty"
    fi

-    echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" > /dev/stderr
+    echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" >/dev/stderr
 }

 # @description Print the given message to stdout unless [ENTRYPOINT_QUIET_LOGS] is set
@ -236,7 +237,7 @@ function log-info-stderr()
    fi

    if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then
-        echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" > /dev/stderr
+        echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" >/dev/stderr
    fi
 }

@ -377,17 +378,20 @@ function acquire-lock()
 {
    local name="${1:-$script_name}"
    local file="${docker_locks_path}/${name}"
+    local lock_fd

    ensure-directory-exists "$(dirname "${file}")"

+    exec {lock_fd}>"$file"
+
    log-info "🔑 Trying to acquire lock: ${file}: "
-    while file-exists "${file}"; do
+    while ! ([[ -v lock_fds[$name] ]] || flock -n -x "$lock_fd"); do
        log-info "🔒 Waiting on lock ${file}"

        staggered-sleep
    done

-    stream-prefix-command-output touch "${file}"
+    [[ -v lock_fds[$name] ]] || lock_fds[$name]=$lock_fd

    log-info "🔐 Lock acquired [${file}]"

@ -403,7 +407,11 @@ function release-lock()

    log-info "🔓 Releasing lock [${file}]"

-    stream-prefix-command-output rm -fv "${file}"
+    [[ -v lock_fds[$name] ]] || return
+
+    # shellcheck disable=SC1083,SC2086
+    flock --unlock ${lock_fds[$name]}
+    unset 'lock_fds[$name]'
 }

 # @description Helper function to append multiple actions onto
@ -450,14 +458,14 @@ function await-database-ready()
    case "${DB_CONNECTION:-}" in
        mysql)
            # shellcheck disable=SC2154
-            while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" "${DB_DATABASE}" --silent > /dev/null; do
+            while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" "${DB_DATABASE}" --silent >/dev/null; do
                staggered-sleep
            done
            ;;

        pgsql)
            # shellcheck disable=SC2154
-            while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" "${DB_DATABASE}" > /dev/null; do
+            while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" "${DB_DATABASE}" >/dev/null; do
                staggered-sleep
            done
            ;;
--- a/docker/shared/root/docker/install/base.sh
+++ b/docker/shared/root/docker/install/base.sh
@ -59,6 +59,3 @@ apt-get install -y "${packages[@]}"

 locale-gen
 update-locale
-
-# Install dotenv linter (https://github.com/dotenv-linter/dotenv-linter)
-curl -sSfL https://raw.githubusercontent.com/dotenv-linter/dotenv-linter/master/install.sh | sh -s -- -b /usr/local/bin "${DOTENV_LINTER_VERSION:-}"
--- a/docker/shared/root/docker/templates/usr/local/etc/php/php.ini
+++ b/docker/shared/root/docker/templates/usr/local/etc/php/php.ini
@ -406,7 +406,7 @@ max_input_time = 60

 ; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
-memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "128M" }}
+memory_limit = {{ getenv "DOCKER_APP_PHP_MEMORY_LIMIT" "128M" }}

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@ -570,8 +570,9 @@ report_memleaks = On
 ; Log errors to specified file. PHP's default behavior is to leave this value
 ; empty.
 ; http://php.net/error-log
-; Example:
-;error_log = php_errors.log
+;
+; NOTE: Write error log to stderr (/proc/self/fd/2 -> /dev/stderr)
+error_log = /proc/self/fd/2
 ; Log errors to syslog (Event Log on Windows).
 ;error_log = syslog

--- a/goss.yaml
+++ b/goss.yaml
@ -114,7 +114,7 @@ command:
 {{ end }}

 {{ if eq .Env.PHP_BASE_TYPE "apache" }}
-  nginx-version:
+  apache-version:
    exit-status: 0
    exec: 'apachectl -v'
    stdout: