diff --git a/.editorconfig b/.editorconfig index 9551fdc60..a56c5a37a 100644 --- a/.editorconfig +++ b/.editorconfig @@ -17,11 +17,11 @@ indent_style = space indent_size = 4 # ShellCheck config -shell_variant = bash -binary_next_line = true -case-indent = true -switch_case_indent = true -space_redirects = true -function_next_line = true +shell_variant = bash # like -ln=bash +binary_next_line = true # like -bn +switch_case_indent = true # like -ci +space_redirects = false # like -sr +keep_padding = false # like -kp +function_next_line = true # like -fn +never_split = true # like -ns simplify = true -space-redirects = true diff --git a/.env.docker b/.env.docker index 8ca07c21f..0fa9e1428 100644 --- a/.env.docker +++ b/.env.docker @@ -2,47 +2,45 @@ # -*- mode: bash -*- # vi: ft=bash +# Use Dottie (https://github.com/jippi/dottie) to manage this .env file easier! +# +# @dottie/source .env.docker +# # shellcheck disable=SC2034,SC2148 ################################################################################ -# Pixelfed application configuration +# app ################################################################################ -# A random 32-character string to be used as an encryption key. -# -# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# ! NOTE: This will be auto-generated by Docker during bootstrap -# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# -# This key is used by the Illuminate encrypter service and should be set to a random, -# 32 character string, otherwise these encrypted strings will not be safe. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#app_key -APP_KEY= - -# See: https://docs.pixelfed.org/technical-documentation/config/#app_name-1 +# @see https://docs.pixelfed.org/technical-documentation/config/#app_name-1 +# @dottie/validate required APP_NAME="Pixelfed Prod" # Application domains used for routing. # -# See: https://docs.pixelfed.org/technical-documentation/config/#app_domain +# @see https://docs.pixelfed.org/technical-documentation/config/#app_domain +# @dottie/validate required,fqdn APP_DOMAIN="__CHANGE_ME__" # This URL is used by the console to properly generate URLs when using the Artisan command line tool. # You should set this to the root of your application so that it is used when running Artisan tasks. # -# See: https://docs.pixelfed.org/technical-documentation/config/#app_url +# @see https://docs.pixelfed.org/technical-documentation/config/#app_url +# @dottie/validate required,http_url APP_URL="https://${APP_DOMAIN}" # Application domains used for routing. # -# See: https://docs.pixelfed.org/technical-documentation/config/#admin_domain +# @see https://docs.pixelfed.org/technical-documentation/config/#admin_domain +# @dottie/validate required,fqdn ADMIN_DOMAIN="${APP_DOMAIN}" # This value determines the “environment” your application is currently running in. # This may determine how you prefer to configure various services your application utilizes. # -# See: https://docs.pixelfed.org/technical-documentation/config/#app_env +# @default "production" +# @see https://docs.pixelfed.org/technical-documentation/config/#app_env +# @dottie/validate required,oneof='production,dev,staging' #APP_ENV="production" # When your application is in debug mode, detailed error messages with stack traces will @@ -50,207 +48,289 @@ ADMIN_DOMAIN="${APP_DOMAIN}" # # If disabled, a simple generic error page is shown. # -# See: https://docs.pixelfed.org/technical-documentation/config/#app_debug +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#app_debug +# @dottie/validate required,boolean #APP_DEBUG="false" # Enable/disable new local account registrations. # -# See: https://docs.pixelfed.org/technical-documentation/config/#open_registration +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#open_registration +# @dottie/validate required,boolean #OPEN_REGISTRATION="true" # Require email verification before a new user can do anything. # -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#enforce_email_verification +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#enforce_email_verification +# @dottie/validate required,boolean #ENFORCE_EMAIL_VERIFICATION="true" # Allow a maximum number of user accounts. # -# Defaults to "1000". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#pf_max_users +# @default "1000" +# @see https://docs.pixelfed.org/technical-documentation/config/#pf_max_users +# @dottie/validate required,number #PF_MAX_USERS="1000" # Enforce the maximum number of user accounts # -# Defaults to "true". +# @default "true" +# @dottie/validate boolean #PF_ENFORCE_MAX_USERS="true" -# See: https://docs.pixelfed.org/technical-documentation/config/#oauth_enabled -OAUTH_ENABLED="true" +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#oauth_enabled +# @dottie/validate required,boolean +#OAUTH_ENABLED="false" -# Defaults to "UTC". -# # ! Do not edit your timezone once the service is running - or things will break! # -# See: https://docs.pixelfed.org/technical-documentation/config/#app_timezone -# See: https://www.php.net/manual/en/timezones.php +# @default "UTC" +# @see https://docs.pixelfed.org/technical-documentation/config/#app_timezone +# @see https://www.php.net/manual/en/timezones.php +# @dottie/validate required,timezone APP_TIMEZONE="UTC" # The application locale determines the default locale that will be used by the translation service provider. # You are free to set this value to any of the locales which will be supported by the application. # -# Defaults to "en". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#app_locale +# @default "en" +# @see https://docs.pixelfed.org/technical-documentation/config/#app_locale +# @dottie/validate required #APP_LOCALE="en" # The fallback locale determines the locale to use when the current one is not available. # # You may change the value to correspond to any of the language folders that are provided through your application. # -# Defaults to "en". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#app_fallback_locale +# @default "en" +# @see https://docs.pixelfed.org/technical-documentation/config/#app_fallback_locale +# @dottie/validate required #APP_FALLBACK_LOCALE="en" -# See: https://docs.pixelfed.org/technical-documentation/config/#limit_account_size +# @see https://docs.pixelfed.org/technical-documentation/config/#limit_account_size +# @dottie/validate required,boolean #LIMIT_ACCOUNT_SIZE="true" # Update the max account size, the per user limit of files in kB. # -# Defaults to "1000000" (1GB). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_account_size-kb +# @default "1000000" (1GB) +# @see https://docs.pixelfed.org/technical-documentation/config/#max_account_size-kb +# @dottie/validate required,number #MAX_ACCOUNT_SIZE="1000000" # Update the max photo size, in kB. # -# Defaults to "15000" (15MB). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb +# @default "15000" (15MB) +# @see https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb +# @dottie/validate required,number #MAX_PHOTO_SIZE="15000" # The max number of photos allowed per post. # -# Defaults to "4". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length +# @default "4" +# @see https://docs.pixelfed.org/technical-documentation/config/#max_album_length +# @dottie/validate required,number #MAX_ALBUM_LENGTH="4" # Update the max avatar size, in kB. # -# Defaults to "2000" (2MB). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_avatar_size-kb +# @default "2000" (2MB). +# @see https://docs.pixelfed.org/technical-documentation/config/#max_avatar_size-kb +# @dottie/validate required,number #MAX_AVATAR_SIZE="2000" # Change the caption length limit for new local posts. # -# Defaults to "500". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_caption_length +# @default "500" +# @see https://docs.pixelfed.org/technical-documentation/config/#max_caption_length +# @dottie/validate required,number #MAX_CAPTION_LENGTH="500" # Change the bio length limit for user profiles. # -# Defaults to "125". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_bio_length +# @default "125" +# @see https://docs.pixelfed.org/technical-documentation/config/#max_bio_length +# @dottie/validate required,number #MAX_BIO_LENGTH="125" # Change the length limit for user names. # -# Defaults to "30". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#max_name_length +# @default "30" +# @see https://docs.pixelfed.org/technical-documentation/config/#max_name_length +# @dottie/validate required,number #MAX_NAME_LENGTH="30" # Resize and optimize image uploads. # -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#pf_optimize_images +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#pf_optimize_images +# @dottie/validate required,boolean #PF_OPTIMIZE_IMAGES="true" # Set the image optimization quality, must be a value between 1-100. # -# Defaults to "80". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#image_quality +# @default "80" +# @see https://docs.pixelfed.org/technical-documentation/config/#image_quality +# @dottie/validate required,number #IMAGE_QUALITY="80" # Resize and optimize video uploads. # -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#pf_optimize_videos +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#pf_optimize_videos +# @dottie/validate required,boolean #PF_OPTIMIZE_VIDEOS="true" # Enable account deletion. # -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#account_deletion +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#account_deletion +# @dottie/validate required,boolean #ACCOUNT_DELETION="true" # Set account deletion queue after X days, set to false to delete accounts immediately. # -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#account_delete_after +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#account_delete_after +# @dottie/validate required,boolean #ACCOUNT_DELETE_AFTER="false" -# Defaults to "Pixelfed - Photo sharing for everyone". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#instance_description +# @default "Pixelfed - Photo sharing for everyone" +# @see https://docs.pixelfed.org/technical-documentation/config/#instance_description +# @dottie/validate required #INSTANCE_DESCRIPTION="" -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#instance_public_hashtags +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#instance_public_hashtags +# @dottie/validate required,boolean #INSTANCE_PUBLIC_HASHTAGS="false" -# Defaults to "". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#instance_contact_email +# @default "" +# @see https://docs.pixelfed.org/technical-documentation/config/#instance_contact_email +# @dottie/validate required,email INSTANCE_CONTACT_EMAIL="admin@${APP_DOMAIN}" -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#instance_public_local_timeline +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#instance_public_local_timeline +# @dottie/validate required,boolean #INSTANCE_PUBLIC_LOCAL_TIMELINE="false" -# Defaults to "". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#banned_usernames +# @default "" +# @see https://docs.pixelfed.org/technical-documentation/config/#banned_usernames #BANNED_USERNAMES="" -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#stories_enabled +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#stories_enabled +# @dottie/validate required,boolean #STORIES_ENABLED="false" -# Defaults to "false". -# # Level is hardcoded to 1. # -# See: https://docs.pixelfed.org/technical-documentation/config/#restricted_instance +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#restricted_instance +# @dottie/validate required,boolean #RESTRICTED_INSTANCE="false" -################################################################################ -# Lets Encrypt configuration -################################################################################ +# @default false +# @see https://docs.pixelfed.org/technical-documentation/config/#media_exif_database +# @dottie/validate required,boolean +MEDIA_EXIF_DATABASE="true" -# The host to request LetsEncrypt certificate for -LETSENCRYPT_HOST="${APP_DOMAIN}" - -# The e-mail to use for Lets Encrypt certificate requests. -LETSENCRYPT_EMAIL="__CHANGE_ME__" - -# Lets Encrypt staging/test servers for certificate requests. +# Pixelfed supports GD or ImageMagick to process images. # -# Setting this to any value will change to letsencrypt test servers. -#LETSENCRYPT_TEST="1" +# Possible values: +# - "gd" (default) +# - "imagick" +# +# @default "gd" +# @see https://docs.pixelfed.org/technical-documentation/config/#image_driver +# @dottie/validate required,oneof=gd imagick +#IMAGE_DRIVER="gd" + +# Set trusted proxy IP addresses. +# +# Both IPv4 and IPv6 addresses are supported, along with CIDR notation. +# +# The “*” character is syntactic sugar within TrustedProxy to trust any +# proxy that connects directly to your server, a requirement when you cannot +# know the address of your proxy (e.g. if using Rackspace balancers). +# +# The “**” character is syntactic sugar within TrustedProxy to trust not just any +# proxy that connects directly to your server, but also proxies that connect to those proxies, +# and all the way back until you reach the original source IP. It will mean that +# $request->getClientIp() always gets the originating client IP, no matter how many proxies +# that client’s request has subsequently passed through. +# +# @default "*" +# @see https://docs.pixelfed.org/technical-documentation/config/#trust_proxies +# @dottie/validate required +#TRUST_PROXIES="*" + +# This option controls the default cache connection that gets used while using this caching library. +# +# This connection is used when another is not explicitly specified when executing a given caching function. +# +# Possible values: +# - "apc" +# - "array" +# - "database" +# - "file" (default) +# - "memcached" +# - "redis" +# +# @default "file" +# @see https://docs.pixelfed.org/technical-documentation/config/#cache_driver +# @dottie/validate required,oneof=apc array database file memcached redis +CACHE_DRIVER="redis" + +# @default ${APP_NAME}_cache, or laravel_cache if no APP_NAME is set. +# @see https://docs.pixelfed.org/technical-documentation/config/#cache_prefix +# @dottie/validate required +#CACHE_PREFIX="{APP_NAME}_cache" + +# This option controls the default broadcaster that will be used by the framework when an event needs to be broadcast. +# +# Possible values: +# - "pusher" +# - "redis" +# - "log" +# - "null" (default) +# +# @default null +# @see https://docs.pixelfed.org/technical-documentation/config/#broadcast_driver +# @dottie/validate required,oneof=pusher redis log null +BROADCAST_DRIVER="redis" + +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#restrict_html_types +# @dottie/validate required,boolean +#RESTRICT_HTML_TYPES="true" + +# Passport uses encryption keys while generating secure access tokens +# for your application. +# +# By default, the keys are stored as local files but can be set via environment +# variables when that is more convenient. + +# @see https://docs.pixelfed.org/technical-documentation/config/#passport_private_key +# @dottie/validate required +#PASSPORT_PRIVATE_KEY="" + +# @see https://docs.pixelfed.org/technical-documentation/config/#passport_public_key +# @dottie/validate required +#PASSPORT_PUBLIC_KEY="" ################################################################################ -# Database configuration +# database ################################################################################ # Database version to use (as Docker tag) # -# See: https://hub.docker.com/_/mariadb +# @see https://hub.docker.com/_/mariadb +# @dottie/validate required DB_VERSION="11.2" # Here you may specify which of the database connections below @@ -265,31 +345,38 @@ DB_VERSION="11.2" # - "pgsql" # - "sqlsrv" # -# See: https://docs.pixelfed.org/technical-documentation/config/#db_connection +# @see https://docs.pixelfed.org/technical-documentation/config/#db_connection +# @dottie/validate required,oneof=sqlite mysql pgsql sqlsrv DB_CONNECTION="mysql" -# See: https://docs.pixelfed.org/technical-documentation/config/#db_host +# @see https://docs.pixelfed.org/technical-documentation/config/#db_host +# @dottie/validate required,hostname DB_HOST="db" -# See: https://docs.pixelfed.org/technical-documentation/config/#db_username +# @see https://docs.pixelfed.org/technical-documentation/config/#db_username +# @dottie/validate required DB_USERNAME="pixelfed" -# See: https://docs.pixelfed.org/technical-documentation/config/#db_password -DB_PASSWORD="__CHANGE_ME__" +# @see https://docs.pixelfed.org/technical-documentation/config/#db_password +# @dottie/validate required +DB_PASSWORD= -# See: https://docs.pixelfed.org/technical-documentation/config/#db_database +# @see https://docs.pixelfed.org/technical-documentation/config/#db_database +# @dottie/validate required DB_DATABASE="pixelfed_prod" # Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL # -# See: https://docs.pixelfed.org/technical-documentation/config/#db_port +# @see https://docs.pixelfed.org/technical-documentation/config/#db_port +# @dottie/validate required,number DB_PORT="3306" # Automatically run [artisan migrate --force] if new migrations are detected. +# @dottie/validate required,boolean DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="false" ################################################################################ -# Mail configuration +# mail ################################################################################ # Laravel supports both SMTP and PHP’s “mail” function as drivers for the sending of e-mail. @@ -306,39 +393,41 @@ DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="false" # "log" # "array" # -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_driver +# @default "smtp" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_driver +# @dottie/validate required,oneof=smtp sendmail mailgun mandrill ses sparkpost log array #MAIL_DRIVER="smtp" # The host address of the SMTP server used by your applications. # # A default option is provided that is compatible with the Mailgun mail service which will provide reliable deliveries. # -# Defaults to "smtp.mailgun.org". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_host +# @default "smtp.mailgun.org" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_host +# @dottie/validate required_with=MAIL_DRIVER,fqdn #MAIL_HOST="smtp.mailgun.org" # This is the SMTP port used by your application to deliver e-mails to users of the application. # # Like the host we have set this value to stay compatible with the Mailgun e-mail application by default. # -# Defaults to 587. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_port +# @default 587. +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_port +# @dottie/validate required_with=MAIL_DRIVER,number #MAIL_PORT="587" # You may wish for all e-mails sent by your application to be sent from the same address. # # Here, you may specify a name and address that is used globally for all e-mails that are sent by your application. # -# Defaults to "hello@example.com". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_from_address +# @default "hello@example.com" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_from_address +# @dottie/validate required_with=MAIL_DRIVER,email MAIL_FROM_ADDRESS="hello@${APP_DOMAIN}" -# Defaults to "Example". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_from_name +# @default "Example" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_from_name +# @dottie/validate required_with=MAIL_DRIVER MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}" # If your SMTP server requires a username for authentication, you should set it here. @@ -346,220 +435,148 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}" # This will get used to authenticate with your server on connection. # You may also set the “password” value below this one. # -# Defaults to "". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_username +# @default "" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_username +# @dottie/validate required_with=MAIL_DRIVER #MAIL_USERNAME="" -# Defaults to "". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_password +# @default "" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_password +# @dottie/validate required_with=MAIL_DRIVER #MAIL_PASSWORD="" # Here you may specify the encryption protocol that should be used when the application send e-mail messages. # # A sensible default using the transport layer security protocol should provide great security. # -# Defaults to "tls". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#mail_encryption +# @default "tls" +# @see https://docs.pixelfed.org/technical-documentation/config/#mail_encryption +# @dottie/validate required_with=MAIL_DRIVER #MAIL_ENCRYPTION="tls" ################################################################################ -# Redis configuration +# redis ################################################################################ -# Defaults to "phpredis". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#redis_client +# @default "phpredis" +# @see https://docs.pixelfed.org/technical-documentation/config/#redis_client +# @dottie/validate required #REDIS_CLIENT="phpredis" -# Defaults to "tcp". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#redis_scheme +# @default "tcp" +# @see https://docs.pixelfed.org/technical-documentation/config/#redis_scheme +# @dottie/validate required #REDIS_SCHEME="tcp" -# Defaults to "localhost". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#redis_host +# @default "localhost" +# @see https://docs.pixelfed.org/technical-documentation/config/#redis_host +# @dottie/validate required REDIS_HOST="redis" -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#redis_password +# @default "null" (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#redis_password +# @dottie/validate omitempty #REDIS_PASSWORD= -# Defaults to "6379". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#redis_port +# @default "6379" +# @see https://docs.pixelfed.org/technical-documentation/config/#redis_port +# @dottie/validate required,number REDIS_PORT="6379" -# Defaults to "0". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#redis_database +# @default "0" +# @see https://docs.pixelfed.org/technical-documentation/config/#redis_database +# @dottie/validate required,number #REDIS_DATABASE="0" ################################################################################ -# Cache settings -################################################################################ - -# This option controls the default cache connection that gets used while using this caching library. -# -# This connection is used when another is not explicitly specified when executing a given caching function. -# -# Possible values: -# - "apc" -# - "array" -# - "database" -# - "file" (default) -# - "memcached" -# - "redis" -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cache_driver -CACHE_DRIVER="redis" - -# Defaults to ${APP_NAME}_cache, or laravel_cache if no APP_NAME is set. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cache_prefix -#CACHE_PREFIX="{APP_NAME}_cache" - -################################################################################ -# Horizon settings -################################################################################ - -# This prefix will be used when storing all Horizon data in Redis. -# -# You may modify the prefix when you are running multiple installations -# of Horizon on the same server so that they don’t have problems. -# -# Defaults to "horizon-". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_prefix -#HORIZON_PREFIX="horizon-" - -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_darkmode -#HORIZON_DARKMODE="false" - -# This value (in MB) describes the maximum amount of memory (in MB) the Horizon worker -# may consume before it is terminated and restarted. -# -# You should set this value according to the resources available to your server. -# -# Defaults to "64". -#HORIZON_MEMORY_LIMIT="64" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_balance_strategy -#HORIZON_BALANCE_STRATEGY="auto" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_min_processes -#HORIZON_MIN_PROCESSES="1" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_max_processes -#HORIZON_MAX_PROCESSES="20" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_memory -#HORIZON_SUPERVISOR_MEMORY="64" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_tries -#HORIZON_SUPERVISOR_TRIES="3" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_nice -#HORIZON_SUPERVISOR_NICE="0" - -# See: https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_timeout -#HORIZON_SUPERVISOR_TIMEOUT="300" - -################################################################################ -# Experiments +# experiments ################################################################################ # Text only posts (alpha). # -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#exp_top +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#exp_top +# @dottie/validate required,boolean #EXP_TOP="false" # Poll statuses (alpha). # -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#exp_polls +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#exp_polls +# @dottie/validate required,boolean #EXP_POLLS="false" # Cached public timeline for larger instances (beta). # -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#exp_cpt +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#exp_cpt +# @dottie/validate required,boolean #EXP_CPT="false" # Enforce Mastodon API Compatibility (alpha). # -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#exp_emc +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#exp_emc +# @dottie/validate required,boolean #EXP_EMC="true" ################################################################################ -# ActivityPub confguration +# ActivityPub ################################################################################ -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#activity_pub -ACTIVITY_PUB="true" +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#activity_pub +# @dottie/validate required,boolean +#ACTIVITY_PUB="true" -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#ap_remote_follow +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#ap_remote_follow +# @dottie/validate required,boolean #AP_REMOTE_FOLLOW="true" -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#ap_sharedinbox +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#ap_sharedinbox +# @dottie/validate required,boolean #AP_SHAREDINBOX="true" -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#ap_inbox +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#ap_inbox +# @dottie/validate required,boolean #AP_INBOX="true" -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#ap_outbox +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#ap_outbox +# @dottie/validate required,boolean #AP_OUTBOX="true" ################################################################################ -# Federation confguration +# Federation ################################################################################ -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#atom_feeds +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#atom_feeds +# @dottie/validate required,boolean #ATOM_FEEDS="true" -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#nodeinfo +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#nodeinfo +# @dottie/validate required,boolean #NODEINFO="true" -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#webfinger +# @default "true" +# @see https://docs.pixelfed.org/technical-documentation/config/#webfinger +# @dottie/validate required,boolean #WEBFINGER="true" ################################################################################ -# Storage (cloud) +# Storage ################################################################################ # Store media on object storage like S3, Digital Ocean Spaces, Rackspace # -# Defaults to "false". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#pf_enable_cloud +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#pf_enable_cloud +# @dottie/validate required,boolean #PF_ENABLE_CLOUD="false" # Many applications store files both locally and in the cloud. @@ -567,125 +584,108 @@ ACTIVITY_PUB="true" # For this reason, you may specify a default “cloud” driver here. # This driver will be bound as the Cloud disk implementation in the container. # -# Defaults to "s3". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#filesystem_cloud +# @default "s3" +# @see https://docs.pixelfed.org/technical-documentation/config/#filesystem_cloud +# @dottie/validate required_with=PF_ENABLE_CLOUD #FILESYSTEM_CLOUD="s3" -# Defaults to true. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#media_delete_local_after_cloud +# @default true. +# @see https://docs.pixelfed.org/technical-documentation/config/#media_delete_local_after_cloud +# @dottie/validate required_with=PF_ENABLE_CLOUD,boolean #MEDIA_DELETE_LOCAL_AFTER_CLOUD="true" -################################################################################ -# Storage (cloud) - S3 andS S3 *compatible* providers -################################################################################ - -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_access_key_id +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_access_key_id +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_ACCESS_KEY_ID="" -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_secret_access_key +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_secret_access_key +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_SECRET_ACCESS_KEY="" -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_default_region +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_default_region +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_DEFAULT_REGION="" -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_bucket +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_bucket +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_BUCKET="" -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_url +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_url +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_URL="" -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_endpoint +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_endpoint +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_ENDPOINT="" -# See: https://docs.pixelfed.org/technical-documentation/config/#aws_use_path_style_endpoint +# @see https://docs.pixelfed.org/technical-documentation/config/#aws_use_path_style_endpoint +# @dottie/validate required_if=FILESYSTEM_CLOUD s3 #AWS_USE_PATH_STYLE_ENDPOINT="false" -############################################################### -# COSTAR - Confirm Object Sentiment Transform and Reduce -############################################################### +################################################################################ +# COSTAR +################################################################################ # Comma-separated list of domains to block. # -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_domains +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_domains +# @dottie/validate #CS_BLOCKED_DOMAINS="" # Comma-separated list of domains to add warnings. # -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_domains +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_cw_domains +# @dottie/validate #CS_CW_DOMAINS="" # Comma-separated list of domains to remove from public timelines. # -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_domains +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_domains +# @dottie/validate #CS_UNLISTED_DOMAINS="" # Comma-separated list of keywords to block. # -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_keywords +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_keywords +# @dottie/validate #CS_BLOCKED_KEYWORDS="" # Comma-separated list of keywords to add warnings. # -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_keywords +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_cw_keywords +# @dottie/validate #CS_CW_KEYWORDS="" # Comma-separated list of keywords to remove from public timelines. # -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_keywords +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_keywords +# @dottie/validate #CS_UNLISTED_KEYWORDS="" -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_actor +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_actor +# @dottie/validate #CS_BLOCKED_ACTOR="" -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_actor +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_cw_actor +# @dottie/validate #CS_CW_ACTOR="" -# Defaults to null (not set/commented out). -# -# See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_actor +# @default null (not set/commented out). +# @see https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_actor +# @dottie/validate #CS_UNLISTED_ACTOR="" -############################################################### -# Media -############################################################### - -# Defaults to false. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#media_exif_database -MEDIA_EXIF_DATABASE="true" - -# Pixelfed supports GD or ImageMagick to process images. -# -# Defaults to "gd". -# -# Possible values: -# - "gd" (default) -# - "imagick" -# -# See: https://docs.pixelfed.org/technical-documentation/config/#image_driver -#IMAGE_DRIVER="gd" - -############################################################### -# Logging -############################################################### +################################################################################ +# logging +################################################################################ # Possible values: # @@ -699,56 +699,35 @@ MEDIA_EXIF_DATABASE="true" # - "null" # - "emergency" # - "media" +# +# @default "stack" +# @dottie/validate required,oneof=stack single daily slack stderr syslog errorlog null emergency media LOG_CHANNEL="stderr" # Used by single, stderr and syslog. # -# Defaults to "debug" for all of those. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#log_level +# @default "debug" +# @see https://docs.pixelfed.org/technical-documentation/config/#log_level +# @dottie/validate required,boolean #LOG_LEVEL="debug" # Used by stderr. # -# Defaults to "". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#log_stderr_formatter +# @default "" +# @see https://docs.pixelfed.org/technical-documentation/config/#log_stderr_formatter +# @dottie/validate required #LOG_STDERR_FORMATTER="" # Used by slack. # -# Defaults to "". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#log_slack_webhook_url +# @default "" +# @see https://docs.pixelfed.org/technical-documentation/config/#log_slack_webhook_url +# @dottie/validate required,http_url #LOG_SLACK_WEBHOOK_URL="" -############################################################### -# Broadcasting settings -############################################################### - -# This option controls the default broadcaster that will be used by the framework when an event needs to be broadcast. -# -# Possible values: -# - "pusher" -# - "redis" -# - "log" -# - "null" (default) -# -# See: https://docs.pixelfed.org/technical-documentation/config/#broadcast_driver -BROADCAST_DRIVER="redis" - -############################################################### -# Sanitizing settings -############################################################### - -# Defaults to "true". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#restrict_html_types -#RESTRICT_HTML_TYPES="true" - -############################################################### -# Queue configuration -############################################################### +################################################################################ +# queue +################################################################################ # Possible values: # - "sync" (default) @@ -758,41 +737,39 @@ BROADCAST_DRIVER="redis" # - "redis" # - "null" # -# See: https://docs.pixelfed.org/technical-documentation/config/#queue_driver +# @default "sync" +# @see https://docs.pixelfed.org/technical-documentation/config/#queue_driver +# @dottie/validate required,oneof=sync database beanstalkd sqs redis null QUEUE_DRIVER="redis" -############################################################### -# Queue (SQS) configuration -############################################################### - -# Defaults to "your-public-key". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#sqs_key +# @default "your-public-key" +# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_key +# @dottie/validate required_if=QUEUE_DRIVER sqs #SQS_KEY="your-public-key" -# Defaults to "your-secret-key". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#sqs_secret +# @default "your-secret-key" +# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_secret +# @dottie/validate required_if=QUEUE_DRIVER sqs #SQS_SECRET="your-secret-key" -# Defaults to "https://sqs.us-east-1.amazonaws.com/your-account-id". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#sqs_prefix +# @default "https://sqs.us-east-1.amazonaws.com/your-account-id" +# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_prefix +# @dottie/validate required_if=QUEUE_DRIVER sqs #SQS_PREFIX="" -# Defaults to "your-queue-name". -# -# https://docs.pixelfed.org/technical-documentation/config/#sqs_queue +# @default "your-queue-name" +# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_queue +# @dottie/validate required_if=QUEUE_DRIVER sqs #SQS_QUEUE="your-queue-name" -# Defaults to "us-east-1". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#sqs_region +# @default "us-east-1" +# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_region +# @dottie/validate required_if=QUEUE_DRIVER sqs #SQS_REGION="us-east-1" -############################################################### -# Session configuration -############################################################### +################################################################################ +# session +################################################################################ # This option controls the default session “driver” that will be used on requests. # @@ -806,15 +783,18 @@ QUEUE_DRIVER="redis" # - "memcached" # - "redis" # - "array" +# +# @default "database" +# @dottie/validate required,oneof=file cookie database apc memcached redis array SESSION_DRIVER="redis" # Here you may specify the number of minutes that you wish the session to be allowed to remain idle before it expires. # # If you want them to immediately expire on the browser closing, set that option. # -# Defaults to 86400. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#session_lifetime +# @default 86400. +# @see https://docs.pixelfed.org/technical-documentation/config/#session_lifetime +# @dottie/validate required,number #SESSION_LIFETIME="86400" # Here you may change the domain of the cookie used to identify a session in your application. @@ -823,101 +803,130 @@ SESSION_DRIVER="redis" # # A sensible default has been set. # -# Defaults to the value of APP_DOMAIN, or null. -# -# See: https://docs.pixelfed.org/technical-documentation/config/#session_domain +# @default the value of APP_DOMAIN, or null. +# @see https://docs.pixelfed.org/technical-documentation/config/#session_domain +# @dottie/validate required,domain #SESSION_DOMAIN="${APP_DOMAIN}" -############################################################### -# Proxy configuration -############################################################### - -# Set trusted proxy IP addresses. -# -# Both IPv4 and IPv6 addresses are supported, along with CIDR notation. -# -# The “*” character is syntactic sugar within TrustedProxy to trust any -# proxy that connects directly to your server, a requirement when you cannot -# know the address of your proxy (e.g. if using Rackspace balancers). -# -# The “**” character is syntactic sugar within TrustedProxy to trust not just any -# proxy that connects directly to your server, but also proxies that connect to those proxies, -# and all the way back until you reach the original source IP. It will mean that -# $request->getClientIp() always gets the originating client IP, no matter how many proxies -# that client’s request has subsequently passed through. -# -# Defaults to "*". -# -# See: https://docs.pixelfed.org/technical-documentation/config/#trust_proxies -TRUST_PROXIES="*" - -############################################################### -# Passport configuration -############################################################### -# -# Passport uses encryption keys while generating secure access tokens -# for your application. -# -# By default, the keys are stored as local files but can be set via environment -# variables when that is more convenient. - -# See: https://docs.pixelfed.org/technical-documentation/config/#passport_private_key -#PASSPORT_PRIVATE_KEY="" - -# See: https://docs.pixelfed.org/technical-documentation/config/#passport_public_key -#PASSPORT_PUBLIC_KEY="" - -############################################################### -# PHP configuration -############################################################### - -# See: https://www.php.net/manual/en/ini.core.php#ini.memory-limit -#PHP_MEMORY_LIMIT="128M" - ################################################################################ -# Other configuration +# horizon ################################################################################ -# ? Add your own configuration here - -################################################################################ -# Timezone configuration -################################################################################ - -# Set timezone used by *all* containers - these must be in sync. +# This prefix will be used when storing all Horizon data in Redis. # -# ! Do not edit your timezone once the service is running - or things will break! +# You may modify the prefix when you are running multiple installations +# of Horizon on the same server so that they don’t have problems. # -# See: https://www.php.net/manual/en/timezones.php -TZ="${APP_TIMEZONE}" +# @default "horizon-" +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_prefix +# @dottie/validate required +#HORIZON_PREFIX="horizon-" + +# @default "false" +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_darkmode +# @dottie/validate required,boolean +#HORIZON_DARKMODE="false" + +# This value (in MB) describes the maximum amount of memory (in MB) the Horizon worker +# may consume before it is terminated and restarted. +# +# You should set this value according to the resources available to your server. +# +# @default "64" +# @dottie/validate required,number +#HORIZON_MEMORY_LIMIT="64" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_balance_strategy +# @dottie/validate required +#HORIZON_BALANCE_STRATEGY="auto" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_min_processes +# @dottie/validate required,number +#HORIZON_MIN_PROCESSES="1" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_max_processes +# @dottie/validate required,number +#HORIZON_MAX_PROCESSES="20" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_memory +# @dottie/validate required,number +#HORIZON_SUPERVISOR_MEMORY="64" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_tries +# @dottie/validate required,number +#HORIZON_SUPERVISOR_TRIES="3" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_nice +# @dottie/validate required,number +#HORIZON_SUPERVISOR_NICE="0" + +# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_timeout +# @dottie/validate required,number +#HORIZON_SUPERVISOR_TIMEOUT="300" ################################################################################ -# Docker configuraton for *all* services +# docker shared ################################################################################ +# A random 32-character string to be used as an encryption key. +# +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# ! NOTE: This will be auto-generated by Docker during bootstrap +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# +# This key is used by the Illuminate encrypter service and should be set to a random, +# 32 character string, otherwise these encrypted strings will not be safe. +# +# @see https://docs.pixelfed.org/technical-documentation/config/#app_key +APP_KEY= + # Prefix for container names (without any dash at the end) +# @dottie/validate required DOCKER_ALL_CONTAINER_NAME_PREFIX="${APP_DOMAIN}" # How often Docker health check should run for all services # # Can be overridden by individual [DOCKER_*_HEALTHCHECK_INTERVAL] settings further down +# +# @default "10s" +# @dottie/validate required DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL="10s" # Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will *all* data # will be stored (data, config, overrides) +# +# @default "./docker-compose-state" +# @dottie/validate required,dir DOCKER_ALL_HOST_ROOT_PATH="./docker-compose-state" # Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their data -DOCKER_ALL_HOST_DATA_ROOT_PATH="${DOCKER_ALL_HOST_ROOT_PATH}/data" +# +# @default "${DOCKER_ALL_HOST_ROOT_PATH}/data" +# @dottie/validate required,dir +DOCKER_ALL_HOST_DATA_ROOT_PATH="${DOCKER_ALL_HOST_ROOT_PATH:?error}/data" # Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their confguration -DOCKER_ALL_HOST_CONFIG_ROOT_PATH="${DOCKER_ALL_HOST_ROOT_PATH}/config" +# +# @default "${DOCKER_ALL_HOST_ROOT_PATH}/config" +# @dottie/validate required,dir +DOCKER_ALL_HOST_CONFIG_ROOT_PATH="${DOCKER_ALL_HOST_ROOT_PATH:?error}/config" # Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store overrides -DOCKER_APP_HOST_OVERRIDES_PATH="${DOCKER_ALL_HOST_ROOT_PATH}/overrides" +# +# @default "${DOCKER_ALL_HOST_ROOT_PATH}/overrides" +# @dottie/validate required,dir +DOCKER_APP_HOST_OVERRIDES_PATH="${DOCKER_ALL_HOST_ROOT_PATH:?error}/overrides" + +# Set timezone used by *all* containers - these must be in sync. +# +# ! Do not edit your timezone once the service is running - or things will break! +# +# @see https://www.php.net/manual/en/timezones.php +# @dottie/validate required,timezone +TZ="${APP_TIMEZONE}" ################################################################################ -# Docker [web] + [worker] (also know as "app") shared service configuration +# docker app ################################################################################ # The docker tag prefix to use for pulling images, can be one of @@ -931,6 +940,7 @@ DOCKER_APP_HOST_OVERRIDES_PATH="${DOCKER_ALL_HOST_ROOT_PATH}/overrides" # # Combined with [DOCKER_APP_RUNTIME] and [PHP_VERSION] configured # elsewhere in this file, the final Docker tag is computed. +# @dottie/validate required DOCKER_APP_RELEASE="branch-jippi-fork" # The PHP version to use for [web] and [worker] container @@ -947,21 +957,25 @@ DOCKER_APP_RELEASE="branch-jippi-fork" # Do *NOT* use the full Docker tag (e.g. "8.3.2RC1-fpm-bullseye") # *only* the version part. The rest of the full tag is derived from # the [DOCKER_APP_RUNTIME] and [PHP_DEBIAN_RELEASE] settings +# @dottie/validate required DOCKER_APP_PHP_VERSION="8.2" # The container runtime to use. # -# See: https://docs.pixelfed.org/running-pixelfed/docker/runtimes.html +# @see https://docs.pixelfed.org/running-pixelfed/docker/runtimes.html +# @dottie/validate required,oneof=apache nginx fpm DOCKER_APP_RUNTIME="apache" # The Debian release variant to use of the [php] Docker image # # Examlpe: [bookworm] or [bullseye] +# @dottie/validate required,oneof=bookwork bullseye DOCKER_APP_DEBIAN_RELEASE="bullseye" # The [php] Docker image base type # -# See: https://docs.pixelfed.org/running-pixelfed/docker/runtimes.html +# @see https://docs.pixelfed.org/running-pixelfed/docker/runtimes.html +# @dottie/validate required,oneof=apache fpm cli DOCKER_APP_BASE_TYPE="apache" # Image to pull the Pixelfed Docker images from. @@ -972,24 +986,28 @@ DOCKER_APP_BASE_TYPE="apache" # * "pixelfed/pixelfed" to pull from DockerHub # * "your/fork" to pull from a custom fork # +# @dottie/validate required DOCKER_APP_IMAGE="ghcr.io/jippi/pixelfed" # Pixelfed version (image tag) to pull from the registry. # -# See: https://github.com/pixelfed/pixelfed/pkgs/container/pixelfed -DOCKER_APP_TAG="${DOCKER_APP_RELEASE}-${DOCKER_APP_RUNTIME}-${DOCKER_APP_PHP_VERSION}" +# @see https://github.com/pixelfed/pixelfed/pkgs/container/pixelfed +# @dottie/validate required +DOCKER_APP_TAG="${DOCKER_APP_RELEASE:?error}-${DOCKER_APP_RUNTIME:?error}-${DOCKER_APP_PHP_VERSION:?error}" # Path (on host system) where the [app] + [worker] container will write # its [storage] data (e.g uploads/images/profile pictures etc.). # # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_APP_HOST_STORAGE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/storage" +# @dottie/validate required,dir +DOCKER_APP_HOST_STORAGE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/pixelfed/storage" # Path (on host system) where the [app] + [worker] container will write # its [cache] data. # # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/cache" +# @dottie/validate required,dir +DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/pixelfed/cache" # Automatically run "One-time setup tasks" commands. # @@ -998,6 +1016,7 @@ DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/cache" # you can set this to "0" to prevent them from running. # # Otherwise, leave it at "1" to have them run *once*. +# @dottie/validate required,boolean #DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS="1" # A space-seperated list of paths (inside the container) to *recursively* [chown] @@ -1008,46 +1027,59 @@ DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/cache" # ! issues. Please report a bug if you see behavior requiring this to be permanently on # # Example: "/var/www/storage /var/www/bootstrap/cache" +# @dottie/validate required #DOCKER_APP_ENSURE_OWNERSHIP_PATHS="" # Enable Docker Entrypoint debug mode (will call [set -x] in bash scripts) -# by setting this to "1". +# by setting this to "1" +# @dottie/validate required,boolean #DOCKER_APP_ENTRYPOINT_DEBUG="0" # List of extra APT packages (separated by space) to install when building # locally using [docker compose build]. # -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +# @see https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +# @dottie/validate required #DOCKER_APP_APT_PACKAGES_EXTRA="" # List of *extra* PECL extensions (separated by space) to install when # building locally using [docker compose build]. # -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +# @see https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +# @dottie/validate required #DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA="" # List of *extra* PHP extensions (separated by space) to install when # building locally using [docker compose build]. # -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +# @see https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +# @dottie/validate required #DOCKER_APP_PHP_EXTENSIONS_EXTRA="" +# @default "128M" +# @see https://www.php.net/manual/en/ini.core.php#ini.memory-limit +# @dottie/validate required +#DOCKER_APP_PHP_MEMORY_LIMIT="128M" + ################################################################################ -# Docker [redis] service configuration +# docker redis ################################################################################ # Redis version to use as Docker tag # -# See: https://hub.docker.com/_/redis +# @see https://hub.docker.com/_/redis +# @dottie/validate required DOCKER_REDIS_VERSION="7.2" # Path (on host system) where the [redis] container will store its data # # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_REDIS_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/redis" +# @dottie/validate required,dir +DOCKER_REDIS_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/redis" # Port that Redis will listen on *outside* the container (e.g. the host machine) -DOCKER_REDIS_HOST_PORT="${REDIS_PORT}" +# @dottie/validate required,number +DOCKER_REDIS_HOST_PORT="${REDIS_PORT:?error}" # The filename that Redis should store its config file within # @@ -1055,121 +1087,131 @@ DOCKER_REDIS_HOST_PORT="${REDIS_PORT}" # # Use a command like [touch "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis/redis.conf"] to create it. # -# Defaults to "" +# @default "" +# @dottie/validate required #DOCKER_REDIS_CONFIG_FILE="/etc/redis/redis.conf" # How often Docker health check should run for [redis] service # -# Defaults to "10s" -DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" +# @default "10s" +# @dottie/validate required +DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" ################################################################################ -# Docker [db] service configuration +# docker db ################################################################################ +# Docker image for the DB service +# @dottie/validate required +DOCKER_DB_IMAGE="mariadb:${DB_VERSION}" + +# Command to pass to the [db] server container +# @dottie/validate required +DOCKER_DB_COMMAND="--default-authentication-plugin=mysql_native_password" + # Set this to a non-empty value (e.g. "disabled") to disable the [db] service #DOCKER_DB_PROFILE="" # Path (on host system) where the [db] container will store its data # # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_DB_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/db" +# @dottie/validate required,dir +DOCKER_DB_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/db" -# Port that the database will listen on *outside* the container (e.g. the host machine) +# Path (inside the container) where the [db] will store its data. +# +# Path MUST be absolute. +# +# For MySQL this should be [/var/lib/mysql] +# For PostgreSQL this should be [/var/lib/postgresql/data] +# @dottie/validate required +DOCKER_DB_CONTAINER_DATA_PATH="/var/lib/mysql" + +# Port that the database will listen on *OUTSIDE* the container (e.g. the host machine) # # Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL -DOCKER_DB_HOST_PORT="${DB_PORT}" +# @dottie/validate required,number +DOCKER_DB_HOST_PORT="${DB_PORT:?error}" + +# Port that the database will listen on *INSIDE* the container +# +# Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL +# @dottie/validate required,number +DOCKER_DB_CONTAINER_PORT="${DB_PORT:?error}" # How often Docker health check should run for [db] service -DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" +# @dottie/validate required +DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" ################################################################################ -# Docker [web] service configuration +# docker web ################################################################################ # Set this to a non-empty value (e.g. "disabled") to disable the [web] service +# @dottie/validate required #DOCKER_WEB_PROFILE="" # Port to expose [web] container will listen on *outside* the container (e.g. the host machine) for *HTTP* traffic only +# @dottie/validate required,number DOCKER_WEB_PORT_EXTERNAL_HTTP="8080" # How often Docker health check should run for [web] service -DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" +# @dottie/validate required +DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" ################################################################################ -# Docker [worker] service configuration +# docker worker ################################################################################ # Set this to a non-empty value (e.g. "disabled") to disable the [worker] service +# @dottie/validate required #DOCKER_WORKER_PROFILE="" # How often Docker health check should run for [worker] service -DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" +# @dottie/validate required +DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" ################################################################################ -# Docker [proxy] + [proxy-acme] service configuration +# docker proxy ################################################################################ +# The version of nginx-proxy to use +# +# @see https://hub.docker.com/r/nginxproxy/nginx-proxy +# @dottie/validate required +DOCKER_PROXY_VERSION="1.4" + # Set this to a non-empty value (e.g. "disabled") to disable the [proxy] and [proxy-acme] service -DOCKER_PROXY_PROFILE="" +#DOCKER_PROXY_PROFILE= # Set this to a non-empty value (e.g. "disabled") to disable the [proxy-acme] service -DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE}" +#DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE?error}" # How often Docker health check should run for [proxy] service -DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" +# @dottie/validate required +DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" # Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic +# @dottie/validate required,number DOCKER_PROXY_HOST_PORT_HTTP="80" # Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic +# @dottie/validate required,number DOCKER_PROXY_HOST_PORT_HTTPS="443" # Path to the Docker socket on the *host* +# @dottie/validate required,file DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH="/var/run/docker.sock" -# ! ---------------------------------------------------------------------------- -# ! STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP -# ! ---------------------------------------------------------------------------- -# ! Below this line is default environment variables for various [db] backends -# ! You very likely do *NOT* need to modify any of this, ever. -# ! ---------------------------------------------------------------------------- +# The host to request LetsEncrypt certificate for +# @dottie/validate required,fqdn +DOCKER_PROXY_LETSENCRYPT_HOST="${APP_DOMAIN}" -################################################################################ -# Docker [db] service environment variables for MySQL (Oracle) -################################################################################ -# -# See "Environment Variables" at https://hub.docker.com/_/mysql -# -# ! DO NOT CHANGE unless you know what you are doing +# The e-mail to use for Lets Encrypt certificate requests. +# @dottie/validate required,email +DOCKER_PROXY_LETSENCRYPT_EMAIL="${INSTANCE_CONTACT_EMAIL:?error}" -MYSQL_ROOT_PASSWORD="${DB_PASSWORD}" -MYSQL_USER="${DB_USERNAME}" -MYSQL_PASSWORD="${DB_PASSWORD}" -MYSQL_DATABASE="${DB_DATABASE}" - -################################################################################ -# Docker [db] service environment variables for MySQL (MariaDB) -################################################################################ +# Lets Encrypt staging/test servers for certificate requests. # -# See "Start a mariadb server instance with user, password and database" -# at https://hub.docker.com/_/mariadb -# -# ! DO NOT CHANGE unless you know what you are doing - -MARIADB_ROOT_PASSWORD="${DB_PASSWORD}" -MARIADB_USER="${DB_USERNAME}" -MARIADB_PASSWORD="${DB_PASSWORD}" -MARIADB_DATABASE="${DB_DATABASE}" - -################################################################################ -# Docker [db] service environment variables for PostgreSQL -################################################################################ -# -# See "Environment Variables" at https://hub.docker.com/_/postgres -# -# ! DO NOT CHANGE unless you know what you are doing - -POSTGRES_USER="${DB_USERNAME}" -POSTGRES_PASSWORD="${DB_PASSWORD}" -POSTGRES_DB="${DB_DATABASE}" +# Setting this to any value will change to letsencrypt test servers. +DOCKER_PROXY_LETSENCRYPT_TEST="1" diff --git a/.env.example b/.env.example deleted file mode 100644 index 0a24d1dc1..000000000 --- a/.env.example +++ /dev/null @@ -1,80 +0,0 @@ -# shellcheck disable=SC2034,SC2148 - -APP_NAME="Pixelfed" -APP_ENV="production" -APP_KEY= -APP_DEBUG="false" - -# Instance Configuration -OPEN_REGISTRATION="false" -ENFORCE_EMAIL_VERIFICATION="false" -PF_MAX_USERS="1000" -OAUTH_ENABLED="true" - -# Media Configuration -PF_OPTIMIZE_IMAGES="true" -IMAGE_QUALITY="80" -MAX_PHOTO_SIZE="15000" -MAX_CAPTION_LENGTH="500" -MAX_ALBUM_LENGTH="4" - -# Instance URL Configuration -APP_URL="http://localhost" -APP_DOMAIN="localhost" -ADMIN_DOMAIN="localhost" -SESSION_DOMAIN="localhost" -TRUST_PROXIES="*" - -# Database Configuration -DB_CONNECTION="mysql" -DB_HOST="127.0.0.1" -DB_PORT="3306" -DB_DATABASE="pixelfed" -DB_USERNAME="pixelfed" -DB_PASSWORD="pixelfed" - -# Redis Configuration -REDIS_CLIENT="predis" -REDIS_SCHEME="tcp" -REDIS_HOST="127.0.0.1" -REDIS_PASSWORD="null" -REDIS_PORT="6379" - -# Laravel Configuration -SESSION_DRIVER="database" -CACHE_DRIVER="redis" -QUEUE_DRIVER="redis" -BROADCAST_DRIVER="log" -LOG_CHANNEL="stack" -HORIZON_PREFIX="horizon-" - -# ActivityPub Configuration -ACTIVITY_PUB="false" -AP_REMOTE_FOLLOW="false" -AP_INBOX="false" -AP_OUTBOX="false" -AP_SHAREDINBOX="false" - -# Experimental Configuration -EXP_EMC="true" - -## Mail Configuration (Post-Installer) -MAIL_DRIVER=log -MAIL_HOST=smtp.mailtrap.io -MAIL_PORT=2525 -MAIL_USERNAME=null -MAIL_PASSWORD=null -MAIL_ENCRYPTION=null -MAIL_FROM_ADDRESS="pixelfed@example.com" -MAIL_FROM_NAME="Pixelfed" - -## S3 Configuration (Post-Installer) -PF_ENABLE_CLOUD=false -FILESYSTEM_CLOUD=s3 -#AWS_ACCESS_KEY_ID= -#AWS_SECRET_ACCESS_KEY= -#AWS_DEFAULT_REGION= -#AWS_BUCKET= -#AWS_URL= -#AWS_ENDPOINT= -#AWS_USE_PATH_STYLE_ENDPOINT=false diff --git a/.vscode/settings.json b/.vscode/settings.json index 9a1ddb073..6446fb6f5 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,19 @@ { "shellformat.useEditorConfig": true, + "[shellscript]": { + "files.eol": "\n", + "editor.defaultFormatter": "foxundermoon.shell-format" + }, + "[yaml]": { + "editor.defaultFormatter": "redhat.vscode-yaml" + }, + "[dockercompose]": { + "editor.defaultFormatter": "redhat.vscode-yaml", + "editor.autoIndent": "advanced", + }, + "yaml.schemas": { + "https://json.schemastore.org/composer": "https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json" + }, "files.associations": { ".env": "shellscript", ".env.*": "shellscript" diff --git a/Dockerfile b/Dockerfile index 1c8a30155..0e8e8a32f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,10 +20,8 @@ ARG FOREGO_VERSION="0.17.2" # See: https://github.com/hairyhenderson/gomplate ARG GOMPLATE_VERSION="v3.11.6" -# See: https://github.com/dotenv-linter/dotenv-linter -# -# WARN: v3.3.0 and above requires newer libc version than Ubuntu ships with -ARG DOTENV_LINTER_VERSION="v3.2.0" +# See: https://github.com/jippi/dottie +ARG DOTTIE_VERSION="v0.6.5" ### # PHP base configuration @@ -88,6 +86,13 @@ FROM nginx:${NGINX_VERSION} AS nginx-image # See: https://github.com/nginx-proxy/forego FROM nginxproxy/forego:${FOREGO_VERSION}-debian AS forego-image +# Dottie makes working with .env files easier and safer +# +# NOTE: Docker will *not* pull this image unless it's referenced (via build target) +# +# See: https://github.com/jippi/dottie +FROM ghcr.io/jippi/dottie:${DOTTIE_VERSION} AS dottie-image + # gomplate-image grabs the gomplate binary from GitHub releases # # It's in its own layer so it can be fetched in parallel with other build steps @@ -116,7 +121,6 @@ FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base ARG BUILDKIT_SBOM_SCAN_STAGE="true" ARG APT_PACKAGES_EXTRA -ARG DOTENV_LINTER_VERSION ARG PHP_DEBIAN_RELEASE ARG PHP_VERSION ARG RUNTIME_GID @@ -135,7 +139,6 @@ RUN set -ex \ WORKDIR /var/www/ ENV APT_PACKAGES_EXTRA=${APT_PACKAGES_EXTRA} -ENV DOTENV_LINTER_VERSION="${DOTENV_LINTER_VERSION}" # Install and configure base layer COPY docker/shared/root/docker/install/base.sh /docker/install/base.sh @@ -226,6 +229,7 @@ ENV RUNTIME_UID=${RUNTIME_UID} ENV RUNTIME_GID=${RUNTIME_GID} COPY --link --from=forego-image /usr/local/bin/forego /usr/local/bin/forego +COPY --link --from=dottie-image /dottie /usr/local/bin/dottie COPY --link --from=gomplate-image /usr/local/bin/gomplate /usr/local/bin/gomplate COPY --link --from=composer-image /usr/bin/composer /usr/bin/composer COPY --link --from=composer-and-src --chown=${RUNTIME_UID}:${RUNTIME_GID} /var/www /var/www diff --git a/docker-compose.yml b/docker-compose.yml index 986bf351b..8b537db14 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,6 @@ --- -version: "3" +# Require 3.8 to ensure people use a recent version of Docker + Compose +version: "3.8" ############################################################### # Please see docker/README.md for usage information @@ -53,7 +54,7 @@ services: - ${DOCKER_PROXY_ACME_PROFILE:-} environment: DEBUG: 0 - DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}" + DEFAULT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}" NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy" depends_on: - proxy @@ -74,21 +75,21 @@ services: build: target: ${DOCKER_APP_RUNTIME}-runtime args: - PHP_VERSION: "${DOCKER_APP_PHP_VERSION}" + APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}" PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}" - APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" - PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}" + PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" + PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}" volumes: - "./.env:/var/www/.env" - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache" - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage" - "${DOCKER_APP_HOST_OVERRIDES_PATH}:/docker/overrides:ro" environment: - LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}" - LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}" - LETSENCRYPT_TEST: "${LETSENCRYPT_TEST:-}" + LETSENCRYPT_HOST: "${DOCKER_PROXY_LETSENCRYPT_HOST:?error}" + LETSENCRYPT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}" + LETSENCRYPT_TEST: "${DOCKER_PROXY_LETSENCRYPT_TEST:-}" VIRTUAL_HOST: "${APP_DOMAIN}" VIRTUAL_PORT: "80" labels: @@ -117,12 +118,12 @@ services: build: target: ${DOCKER_APP_RUNTIME}-runtime args: - PHP_VERSION: "${DOCKER_APP_PHP_VERSION}" + APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}" PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}" - APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" - PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}" + PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" + PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}" volumes: - "./.env:/var/www/.env" - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache" @@ -133,23 +134,37 @@ services: - redis healthcheck: test: gosu www-data php artisan horizon:status | grep running - interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL}" + interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL:?error}" timeout: 5s retries: 2 db: - image: mariadb:${DB_VERSION} + image: ${DOCKER_DB_IMAGE:?error} container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db" - command: --default-authentication-plugin=mysql_native_password + command: ${DOCKER_DB_COMMAND:-} restart: unless-stopped profiles: - ${DOCKER_DB_PROFILE:-} - env_file: - - ".env" + environment: + TZ: "${TZ:?error}" + # MySQL (Oracle) - "Environment Variables" at https://hub.docker.com/_/mysql + MYSQL_ROOT_PASSWORD: "${DB_PASSWORD:?error}" + MYSQL_USER: "${DB_USERNAME:?error}" + MYSQL_PASSWORD: "${DB_PASSWORD:?error}" + MYSQL_DATABASE: "${DB_DATABASE:?error}" + # MySQL (MariaDB) - "Start a mariadb server instance with user, password and database" at https://hub.docker.com/_/mariadb + MARIADB_ROOT_PASSWORD: "${DB_PASSWORD:?error}" + MARIADB_USER: "${DB_USERNAME:?error}" + MARIADB_PASSWORD: "${DB_PASSWORD:?error}" + MARIADB_DATABASE: "${DB_DATABASE:?error}" + # PostgreSQL - "Environment Variables" at https://hub.docker.com/_/postgres + POSTGRES_USER: "${DB_USERNAME:?error}" + POSTGRES_PASSWORD: "${DB_PASSWORD:?error}" + POSTGRES_DB: "${DB_DATABASE:?error}" volumes: - - "${DOCKER_DB_HOST_DATA_PATH}:/var/lib/mysql" + - "${DOCKER_DB_HOST_DATA_PATH:?error}:${DOCKER_DB_CONTAINER_DATA_PATH:?error}" ports: - - "${DOCKER_DB_HOST_PORT}:3306" + - "${DOCKER_DB_HOST_PORT:?error}:${DOCKER_DB_CONTAINER_PORT:?error}" healthcheck: test: [ @@ -159,7 +174,7 @@ services: "--connect", "--innodb_initialized", ] - interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL}" + interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:?error}" retries: 2 timeout: 5s @@ -169,9 +184,8 @@ services: restart: unless-stopped command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'" environment: - - REDISCLI_AUTH=${REDIS_PASSWORD:-} - env_file: - - ".env" + TZ: "${TZ:?error}" + REDISCLI_AUTH: ${REDIS_PASSWORD:-} volumes: - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis" - "${DOCKER_REDIS_HOST_DATA_PATH}:/data" @@ -179,6 +193,6 @@ services: - "${DOCKER_REDIS_HOST_PORT}:6379" healthcheck: test: ["CMD", "redis-cli", "-p", "6379", "ping"] - interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL}" + interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:?error}" retries: 2 timeout: 5s diff --git a/docker/nginx/root/docker/templates/etc/nginx/nginx.conf b/docker/nginx/root/docker/templates/etc/nginx/nginx.conf new file mode 100644 index 000000000..4e87a4565 --- /dev/null +++ b/docker/nginx/root/docker/templates/etc/nginx/nginx.conf @@ -0,0 +1,41 @@ +# This is changed from the original "nginx" in upstream to work properly +# with permissions within pixelfed when serving static files. +user www-data; + +worker_processes auto; + +# Ensure the PID is writable +# Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged +pid /tmp/nginx.pid; + +# Write error log to stderr (/proc/self/fd/2 -> /dev/stderr) +error_log /proc/self/fd/2 notice; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; + + # Write error log to stdout (/proc/self/fd/1 -> /dev/stdout) + access_log /proc/self/fd/1 main; + + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + gzip on; + + # Ensure all temp paths are in a writable by "www-data" user. + # Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/docker/shared/root/docker/entrypoint.d/02-check-config.sh b/docker/shared/root/docker/entrypoint.d/02-check-config.sh index 601cf153e..bbf7dd768 100755 --- a/docker/shared/root/docker/entrypoint.d/02-check-config.sh +++ b/docker/shared/root/docker/entrypoint.d/02-check-config.sh @@ -13,5 +13,9 @@ for file in "${dot_env_files[@]}"; do continue fi - run-as-current-user dotenv-linter --skip=QuoteCharacter --skip=UnorderedKey "${file}" + # We ignore 'dir' + 'file' rules since they are validate *host* paths + # which do not (and should not) exists inside the container + # + # We disable fixer since its not interactive anyway + run-as-current-user dottie validate --file "${file}" --ignore-rule dir,file --no-fix done diff --git a/docker/shared/root/docker/helpers.sh b/docker/shared/root/docker/helpers.sh index 51e955682..190c04bc4 100644 --- a/docker/shared/root/docker/helpers.sh +++ b/docker/shared/root/docker/helpers.sh @@ -20,9 +20,10 @@ declare -g script_name= declare -g script_name_previous= declare -g log_prefix= +declare -Ag lock_fds=() + # dot-env files to source when reading config declare -a dot_env_files=( - /var/www/.env.docker /var/www/.env ) @@ -166,7 +167,7 @@ function log-error() log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty" fi - echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" > /dev/stderr + echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" >/dev/stderr } # @description Print the given error message to stderr and exit 1 @@ -197,7 +198,7 @@ function log-warning() log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty" fi - echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" > /dev/stderr + echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" >/dev/stderr } # @description Print the given message to stdout unless [ENTRYPOINT_QUIET_LOGS] is set @@ -236,7 +237,7 @@ function log-info-stderr() fi if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" > /dev/stderr + echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" >/dev/stderr fi } @@ -377,17 +378,20 @@ function acquire-lock() { local name="${1:-$script_name}" local file="${docker_locks_path}/${name}" + local lock_fd ensure-directory-exists "$(dirname "${file}")" + exec {lock_fd}>"$file" + log-info "🔑 Trying to acquire lock: ${file}: " - while file-exists "${file}"; do + while ! ([[ -v lock_fds[$name] ]] || flock -n -x "$lock_fd"); do log-info "🔒 Waiting on lock ${file}" staggered-sleep done - stream-prefix-command-output touch "${file}" + [[ -v lock_fds[$name] ]] || lock_fds[$name]=$lock_fd log-info "🔐 Lock acquired [${file}]" @@ -403,7 +407,11 @@ function release-lock() log-info "🔓 Releasing lock [${file}]" - stream-prefix-command-output rm -fv "${file}" + [[ -v lock_fds[$name] ]] || return + + # shellcheck disable=SC1083,SC2086 + flock --unlock ${lock_fds[$name]} + unset 'lock_fds[$name]' } # @description Helper function to append multiple actions onto @@ -450,14 +458,14 @@ function await-database-ready() case "${DB_CONNECTION:-}" in mysql) # shellcheck disable=SC2154 - while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" "${DB_DATABASE}" --silent > /dev/null; do + while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" "${DB_DATABASE}" --silent >/dev/null; do staggered-sleep done ;; pgsql) # shellcheck disable=SC2154 - while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" "${DB_DATABASE}" > /dev/null; do + while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" "${DB_DATABASE}" >/dev/null; do staggered-sleep done ;; diff --git a/docker/shared/root/docker/install/base.sh b/docker/shared/root/docker/install/base.sh index 4e97e82bb..a1a32a003 100755 --- a/docker/shared/root/docker/install/base.sh +++ b/docker/shared/root/docker/install/base.sh @@ -59,6 +59,3 @@ apt-get install -y "${packages[@]}" locale-gen update-locale - -# Install dotenv linter (https://github.com/dotenv-linter/dotenv-linter) -curl -sSfL https://raw.githubusercontent.com/dotenv-linter/dotenv-linter/master/install.sh | sh -s -- -b /usr/local/bin "${DOTENV_LINTER_VERSION:-}" diff --git a/docker/shared/root/docker/templates/usr/local/etc/php/php.ini b/docker/shared/root/docker/templates/usr/local/etc/php/php.ini index 6277ec080..0ca96819b 100644 --- a/docker/shared/root/docker/templates/usr/local/etc/php/php.ini +++ b/docker/shared/root/docker/templates/usr/local/etc/php/php.ini @@ -406,7 +406,7 @@ max_input_time = 60 ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit -memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "128M" }} +memory_limit = {{ getenv "DOCKER_APP_PHP_MEMORY_LIMIT" "128M" }} ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; @@ -570,8 +570,9 @@ report_memleaks = On ; Log errors to specified file. PHP's default behavior is to leave this value ; empty. ; http://php.net/error-log -; Example: -;error_log = php_errors.log +; +; NOTE: Write error log to stderr (/proc/self/fd/2 -> /dev/stderr) +error_log = /proc/self/fd/2 ; Log errors to syslog (Event Log on Windows). ;error_log = syslog diff --git a/goss.yaml b/goss.yaml index f558f788a..73f245c64 100644 --- a/goss.yaml +++ b/goss.yaml @@ -114,7 +114,7 @@ command: {{ end }} {{ if eq .Env.PHP_BASE_TYPE "apache" }} - nginx-version: + apache-version: exit-status: 0 exec: 'apachectl -v' stdout: