dockers/pixelfed
3
1
Fork 2
Code Issues 6 Pull requests Releases Activity

Compare commits

base: dockers:master
Branches Tags
dockers:master
samuel-p:master
..
compare: samuel-p:master
Branches Tags
samuel-p:master
dockers:master

No commits in common. "master" and "master" have entirely different histories.
master ... master

17 changed files with 78 additions and 773 deletions
Show stats Expand all files Collapse all files

79
Containerfile
View file

@ -1,79 +0,0 @@
FROM docker.io/php:8.3-apache-bookworm as builder
ARG VERSION=dev
ARG DATE
RUN set -xe;\
apt-get update &&\
apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev zip libpq-dev &&\
apt-get clean all &&\
rm -rf /var/lib/apt/lists/*
RUN set -xe;\
docker-php-ext-configure mbstring --disable-mbregex &&\
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm &&\
docker-php-ext-install -j$(nproc) curl zip bcmath intl mbstring xml pcntl gd mysqli pdo_mysql pdo_pgsql opcache &&\
docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql && docker-php-ext-install pdo_pgsql pgsql &&\
# pecl install imagick &&\ 3.7.0 is broken
git clone https://github.com/Imagick/imagick.git --depth 1 /tmp/imagick &&\
cd /tmp/imagick &&\
git checkout 28f27044e435a2b203e32675e942eb8de620ee58 &&\
phpize && ./configure && make && make install &&\
rm -rf /tmp/imagick &&\
# end workaround
pecl install redis &&\
docker-php-ext-enable imagick redis
RUN set -xe;\
curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
mv composer.phar /usr/local/bin/composer
COPY patches/ /patches/
RUN set -xe;\
cd /var && rm -rf www &&\
git clone https://github.com/pixelfed/pixelfed.git www &&\
cd www &&\
git checkout $VERSION &&\
git apply /patches/0001-remove-IP-logging.patch &&\
git apply /patches/0002-hardcode-discovery-settings.patch &&\
git apply /patches/0003-point-to-modified-sourcecode.patch &&\
git apply /patches/0004-allow-30-char-usernames.patch &&\
git apply /patches/0005-disable-beagle.patch &&\
ENABLE_CONFIG_CACHE=false composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
ln -s public html &&\
chown -R www-data:www-data /var/www &&\
cp -r storage storage.skel &&\
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore /patches
FROM docker.io/php:8.3-apache-bookworm
ARG DATE
ARG VERSION=dev
COPY --from=builder /var/www /var/www
COPY entrypoint.sh /entrypoint.sh
COPY worker-entrypoint.sh /worker-entrypoint.sh
COPY websockets-entrypoint.sh /websockets-entrypoint.sh
COPY schedule-entrypoint.sh /schedule-entrypoint.sh
COPY wait-for-db.php /wait-for-db.php
COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20230831 /usr/local/lib/php/extensions/no-debug-non-zts-20230831
COPY --from=builder /usr/local/etc/php/conf.d /usr/local/etc/php/conf.d
RUN set -xe;\
apt-get update &&\
apt-get install --no-install-recommends -y libzip4 libpq5 libmagickwand-6.q16-6 libxpm4 libwebp7 &&\
apt-get install --no-install-recommends -y optipng pngquant jpegoptim gifsicle ffmpeg locales gosu dumb-init zip &&\
apt-get clean all &&\
rm -rf /var/lib/apt/lists/*
RUN set -xe;\
a2enmod rewrite &&\
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf &&\
sed -i 's/^post_max_size.*/post_max_size = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
sed -i 's/^upload_max_filesize.*/upload_max_filesize = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
WORKDIR /var/www
VOLUME /var/www/storage /var/www/bootstrap
ENTRYPOINT /entrypoint.sh
LABEL build.date=$DATE version.pixelfed=$VERSION

80
Containerfile.fpm
View file

@ -1,80 +0,0 @@
FROM docker.io/php:8.3-fpm-bookworm as builder
ARG VERSION=dev
ARG DATE
RUN set -xe;\
apt-get update &&\
apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev zip libpq-dev &&\
apt-get clean all &&\
rm -rf /var/lib/apt/lists/*
RUN set -xe;\
docker-php-ext-configure mbstring --disable-mbregex &&\
docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm &&\
docker-php-ext-install -j$(nproc) curl zip bcmath intl mbstring xml pcntl gd mysqli pdo_mysql pdo_pgsql opcache &&\
docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql && docker-php-ext-install pdo_pgsql pgsql &&\
#pecl install imagick &&\ 3.7.0 is broken
git clone https://github.com/Imagick/imagick.git --depth 1 /tmp/imagick &&\
cd /tmp/imagick &&\
git checkout 28f27044e435a2b203e32675e942eb8de620ee58 &&\
phpize && ./configure && make && make install &&\
rm -rf /tmp/imagick &&\
# end workaround
pecl install redis &&\
docker-php-ext-enable imagick redis
RUN set -xe;\
curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
mv composer.phar /usr/local/bin/composer
COPY patches/ /patches/
RUN set -xe;\
cd /var && rm -rf www &&\
git clone https://github.com/pixelfed/pixelfed.git www &&\
cd www &&\
git checkout $VERSION &&\
git apply /patches/0001-remove-IP-logging.patch &&\
git apply /patches/0002-hardcode-discovery-settings.patch &&\
git apply /patches/0003-point-to-modified-sourcecode.patch &&\
git apply /patches/0004-allow-30-char-usernames.patch &&\
git apply /patches/0005-disable-beagle.patch &&\
ENABLE_CONFIG_CACHE=false composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
chown -R www-data:www-data /var/www &&\
cp -r storage storage.skel &&\
cp -r public public.skel &&\
chown -R www-data:www-data public.skel storage.skel &&\
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
FROM docker.io/php:8.3-fpm-bookworm
ARG VERSION=dev
ARG DATE
COPY --from=builder /var/www /var/www
COPY entrypoint.fpm.sh /entrypoint.sh
COPY worker-entrypoint.sh /worker-entrypoint.sh
COPY schedule-entrypoint.sh /schedule-entrypoint.sh
COPY websockets-entrypoint.sh /websockets-entrypoint.sh
COPY wait-for-db.php /wait-for-db.php
COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20230831 /usr/local/lib/php/extensions/no-debug-non-zts-20230831
COPY --from=builder /usr/local/etc/php/conf.d /usr/local/etc/php/conf.d
RUN set -xe;\
apt-get update &&\
apt-get upgrade -y &&\
apt-get install --no-install-recommends -y libzip4 libpq5 libmagickwand-6.q16-6 libxpm4 libwebp7 &&\
apt-get install --no-install-recommends -y optipng pngquant jpegoptim gifsicle ffmpeg locales gosu dumb-init rsync zip &&\
apt-get clean all &&\
rm -rf /var/lib/apt/lists/*
RUN set -xe;\
# a2enmod rewrite &&\
# sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf &&\
sed -i 's/^post_max_size.*/post_max_size = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
sed -i 's/^upload_max_filesize.*/upload_max_filesize = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
WORKDIR /var/www
VOLUME /var/www/storage /var/www/bootstrap /var/www/public
ENTRYPOINT /entrypoint.sh
LABEL build.date=$DATE version.pixelfev=$VERSION

39
Dockerfile Normal file
View file

@ -0,0 +1,39 @@
FROM reg.zknt.org/zknt/debian-php:7.4 as builder
ARG DATE
ENV PHPVER=7.4
ENV IP_PATCH=2722da0c4749b726bfb87ac56ba055940c2d2fc7
ENV IMPRESSUM_PATCH=dbb47aa7ef59f83e9f88d71992b928b618b4bc03
RUN set -xe;\
apt-install git unzip php${PHPVER}-curl php${PHPVER}-zip php${PHPVER}-bcmath php${PHPVER}-intl php${PHPVER}-mbstring php${PHPVER}-xml composer &&\
composer global require hirak/prestissimo --no-interaction --no-suggest --prefer-dist &&\
cd /var && rm -rf www &&\
git clone https://github.com/pixelfed/pixelfed.git www &&\
cd www &&\
curl -L https://github.com/hnrd/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
curl -L https://github.com/hnrd/pixelfed/commit/${IMPRESSUM_PATCH}.patch | git apply &&\
composer require beyondcode/laravel-self-diagnosis &&\
composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
ln -s public html &&\
chown -R www-data:www-data /var/www &&\
cp -r storage storage.skel &&\
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
FROM reg.zknt.org/zknt/debian-php:7.4
ENV PHPVER=7.4
COPY --from=builder /var/www /var/www
COPY entrypoint.sh /entrypoint.sh
COPY worker-entrypoint.sh /worker-entrypoint.sh
COPY wait-for-db.php /wait-for-db.php
RUN apt-install php${PHPVER}-curl php${PHPVER}-zip php${PHPVER}-bcmath php${PHPVER}-intl php${PHPVER}-mbstring php${PHPVER}-xml optipng pngquant jpegoptim gifsicle ffmpeg php${PHPVER}-imagick php${PHPVER}-gd php${PHPVER}-redis php${PHPVER}-mysql php${PHPVER}-pgsql &&\
a2enmod rewrite &&\
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf &&\
sed -i 's/^post_max_size.*/post_max_size = 100M/g' /etc/php/${PHPVER}/apache2/php.ini &&\
sed -i 's/^upload_max_filesize.*/upload_max_filesize = 100M/g' /etc/php/${PHPVER}/apache2/php.ini
WORKDIR /var/www
VOLUME /var/www/storage /var/www/bootstrap
ENTRYPOINT /entrypoint.sh
LABEL build.date=$DATE

99
Jenkinsfile vendored
View file

@ -1,74 +1,42 @@
version = ""
project = "pixelfed"
repo = "zknt"
registry = "reg.zknt.org"
registry_credentials = "6ff44976-23cd-4cc2-902c-de8c340e65e5"
timeStamp = Calendar.getInstance().getTime().format('YYYY-MM-dd',TimeZone.getTimeZone('UTC'))
pipeline {
agent any
environment {
IO_CRED = credentials("3deeee3d-6fce-4430-98dd-9b4db56f43f7")
QUAY_CRED = credentials("18fb6f7e-c6bc-4d06-9bf9-08c2af6bfc1a")
triggers {
upstream(upstreamProjects: "../debian-php-74/trunk", threshold: hudson.model.Result.SUCCESS)
}
stages {
stage('Prepare') {
stage('Build image') {
steps {
script {
sh "buildah login -u " + IO_CRED_USR+ " -p " + IO_CRED_PSW + " docker.io"
sh "buildah login -u " + QUAY_CRED_USR+ " -p " + QUAY_CRED_PSW + " quay.io"
sh "buildah manifest create pixelfed-dev"
sh "buildah manifest create pixelfed-dev-fpm"
}
}
}
stage('Build dev amd64') {
steps {
script {
sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile --build-arg DATE=$timeStamp --manifest pixelfed-dev --arch amd64"
}
}
}
stage('Build dev arm64') {
steps {
script {
sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile --build-arg DATE=$timeStamp --manifest pixelfed-dev --arch arm64"
}
}
}
stage('Build dev-fpm amd64') {
steps {
script {
sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile.fpm --build-arg DATE=$timeStamp --manifest pixelfed-dev-fpm --arch amd64"
}
}
}
stage('Build dev-fpm arm64') {
steps {
script {
sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile.fpm --build-arg DATE=$timeStamp --manifest pixelfed-dev-fpm --arch arm64"
}
}
}
stage('Upload to quay.io') {
steps {
script {
sh "buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:dev"
sh "buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:latest"
sh "buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:$timeStamp"
sh "buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:dev-fpm"
sh "buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:fpm"
sh "buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:$timeStamp-fpm"
}
}
}
stage('Upload to docker.io') {
steps {
script {
sh "buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:dev"
sh "buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:latest"
sh "buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:$timeStamp"
sh "buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:dev-fpm"
sh "buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:fpm"
sh "buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:$timeStamp-fpm"
withDockerRegistry([ credentialsId: registry_credentials, url: "https://"+registry ]) {
script {
version = timeStamp
def customImage = docker.build(registry+'/'+repo+'/'+project, "--pull --build-arg VERSION=$version --build-arg DATE=$timeStamp .")
customImage.push(version)
customImage.push("latest")
def io_registry_credentials = "3deeee3d-6fce-4430-98dd-9b4db56f43f7"
withDockerRegistry([ credentialsId: io_registry_credentials ]) {
def io_registry_image = repo + '/' + project + ':' + version
sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + io_registry_image
sh "docker push " + io_registry_image
sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + io_registry_image.split(/\:/)[0] + ":latest"
sh "docker push " + io_registry_image.split(/\:/)[0] + ":latest"
}
def quay_credentials= "18fb6f7e-c6bc-4d06-9bf9-08c2af6bfc1a"
withDockerRegistry([ credentialsId: quay_credentials, url: "https://quay.io" ]) {
def quay_image = 'quay.io/' + repo + '/' + project + ':' + version
sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + quay_image
sh "docker push " + quay_image
sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + quay_image.split(/\:/)[0] + ":latest"
sh "docker push " + quay_image.split(/\:/)[0] + ":latest"
}
}
}
}
}
@ -76,8 +44,11 @@ pipeline {
post {
always {
sh """buildah rmi -af"""
emailext body: 'build finished', subject: '[jenkins] docker '+project+'('+timeStamp+'): ' + currentBuild.result, to: 'cg@zknt.org', from: 'sysadm@zknt.org', attachLog: true
sh """docker container prune -f"""
sh """docker image prune -f"""
sh """docker rmi -f \$(docker images -q $registry/$repo/$project:$version)"""
sh """for image in \$(grep FROM Dockerfile | cut -d ' ' -f 2 | grep -vi -e SCRATCH -e bootstrapped | uniq); do docker rmi -f \$(docker images -q \${image}); done"""
emailext body: 'build finished', subject: '[jenkins] docker '+project+'('+version+'): ' + currentBuild.result, to: 'cg@zknt.org', from: 'sysadm@zknt.org', attachLog: true
}
}
options {
@ -104,4 +75,4 @@ pipeline {
]
]))
}
}
}

2
build.yaml
View file

@ -1,7 +1,7 @@
---
version: ""
project: pixelfed
trigger_upstream: ../debian-php-81/trunk
trigger_upstream: ../debian-php-74/trunk
timestamp_version: true
additional_tags:
- latest

39
entrypoint.fpm.sh
View file

@ -1,39 +0,0 @@
#!/usr/bin/env bash
set -xeo pipefail
rsync -a --delete storage.skel/* storage/
rsync -a --delete public.skel/ public/
chown -R www-data:www-data storage/ bootstrap/
php /wait-for-db.php
if [[ ! -e storage/.docker.init ]]
then
echo "Fresh installation, initializing database..."
gosu www-data php artisan key:generate
gosu www-data php artisan migrate:fresh --force
gosu www-data php artisan passport:keys
echo completed > storage/.docker.init
fi
gosu www-data php artisan storage:link
gosu www-data php artisan config:cache
gosu www-data php artisan cache:clear
gosu www-data php artisan route:cache
gosu www-data php artisan view:cache
rsync --archive --delete public/ /public/
echo "++++ Check for needed migrations... ++++"
# check for migrations
gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
gosu www-data php artisan migrate:status | grep Pending && migrations=yes || migrations=no
if [ "$migrations" = "yes" ];
then
gosu www-data php artisan migrate --force
fi
# create instance actor
gosu www-data php artisan instance:actor
dumb-init docker-php-entrypoint -F

7
entrypoint.sh
View file

@ -7,7 +7,6 @@ then
fi
cp -r storage.skel/* storage/
chown -R www-data:www-data storage/ bootstrap/
php /wait-for-db.php
@ -21,15 +20,15 @@ then
fi
gosu www-data php artisan storage:link
gosu www-data php artisan config:cache
gosu www-data php artisan horizon:publish
gosu www-data php artisan cache:clear
gosu www-data php artisan route:cache
gosu www-data php artisan view:cache
gosu www-data php artisan config:cache
echo "++++ Check for needed migrations... ++++"
# check for migrations
gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
gosu www-data php artisan migrate:status | grep Pending && migrations=yes || migrations=no
if [ $migrations = "yes" ];
then
gosu www-data php artisan migrate --force
@ -40,4 +39,4 @@ gosu www-data php artisan instance:actor
echo "++++ Start apache... ++++"
source /etc/apache2/envvars
dumb-init apache2 -DFOREGROUND
/usr/local/sbin/dumb-init apache2 -DFOREGROUND

34
hcloud-build.sh
View file

@ -1,34 +0,0 @@
#!/usr/bin/env bash
hcloud server create --datacenter nbg1-dc3 --image "debian-12" --type cpx41 --ssh-key cg@melpomene --ssh-key jenkins@toolbox --name pixelbuild
pixelbuild_ip=$(hcloud server ip pixelbuild)
ssh_cmd="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@${pixelbuild_ip}"
timeStamp=$(date -I)
$ssh_cmd apt update
$ssh_cmd apt install -y --no-install-recommends buildah qemu-user-static podman
rsync -av -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" . root@"${pixelbuild_ip}":zknt-pixelfed
$ssh_cmd buildah login -u "${IO_CRED_USR}" -p "${IO_CRED_PSW}" docker.io
$ssh_cmd buildah login -u "${QUAY_CRED_USR}" -p "${QUAY_CRED_PSW}" quay.io
$ssh_cmd buildah manifest create pixelfed-dev
$ssh_cmd buildah manifest create pixelfed-dev-fpm
$ssh_cmd buildah bud -f Containerfile --build-arg DATE="$timeStamp" --manifest pixelfed-dev --arch amd64
$ssh_cmd buildah bud -f Containerfile --build-arg DATE="$timeStamp" --manifest pixelfed-dev --arch arm64
$ssh_cmd buildah bud -f Containerfile.fpm --build-arg DATE="$timeStamp" --manifest pixelfed-dev-fpm --arch amd64
$ssh_cmd buildah bud -f Containerfile.fpm --build-arg DATE="$timeStamp" --manifest pixelfed-dev-fpm --arch arm64
$ssh_cmd buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:dev
$ssh_cmd buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:latest
$ssh_cmd buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:"$timeStamp"
$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:dev-fpm
$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:fpm
$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:"$timeStamp-fpm"
$ssh_cmd buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:dev
$ssh_cmd buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:latest
$ssh_cmd buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:"$timeStamp"
$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:dev-fpm
$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:fpm
$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:"$timeStamp-fpm"
hcloud server delete pixelbuild

242
patches/0001-remove-IP-logging.patch
View file

@ -1,242 +0,0 @@
From 08a91732cd39a087c2471f63c108b172943d5dbb Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 18 Nov 2024 13:43:42 +0100
Subject: [PATCH 1/6] remove IP logging
Replace unneeded logging of IPs and User-Agent strings with hashed data.
---
.gitattributes | 12 ------------
app/Http/Controllers/Api/ApiV1Dot1Controller.php | 12 ++++++------
app/Http/Controllers/Auth/LoginController.php | 4 ++--
app/Http/Controllers/Auth/RegisterController.php | 2 +-
app/Http/Controllers/CuratedRegisterController.php | 2 +-
app/Http/Controllers/RemoteAuthController.php | 4 ++--
app/Http/Controllers/SeasonalController.php | 4 ++--
app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
app/Http/Controllers/UserEmailForgotController.php | 4 ++--
app/Listeners/AuthLogin.php | 4 ++--
app/Listeners/LogFailedLogin.php | 4 ++--
11 files changed, 24 insertions(+), 36 deletions(-)
delete mode 100644 .gitattributes
diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 25c1b1b6..00000000
--- a/.gitattributes
+++ /dev/null
@@ -1,12 +0,0 @@
-* text=auto
-*.css linguist-vendored
-*.scss linguist-vendored
-*.js linguist-vendored
-CHANGELOG.md export-ignore
-
-# Collapse diffs for generated files:
-public/**/*.js text -diff
-public/**/*.json text -diff
-public/**/*.css text -diff
-public/img/* binary -diff
-public/fonts/* binary -diff
diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
index 38550e5f..79ed50fe 100644
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@@ -295,8 +295,8 @@ class ApiV1Dot1Controller extends Controller
$log->action = 'account.edit.password';
$log->message = 'Password changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
Mail::to($request->user())->send(new PasswordChange($user));
@@ -320,7 +320,7 @@ class ApiV1Dot1Controller extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$agent = new Agent;
- $currentIp = $request->ip();
+ $currentIp = sha1($request->ip());
$activity = AccountLog::whereUserId($user->id)
->whereAction('auth.login')
@@ -499,7 +499,7 @@ class ApiV1Dot1Controller extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404);
}
- $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {}, config('pixelfed.app_registration_rate_limit_decay', 1800));
+ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {}, config('pixelfed.app_registration_rate_limit_decay', 1800));
abort_if(! $rl, 400, 'Too many requests');
$this->validate($request, [
@@ -571,7 +571,7 @@ class ApiV1Dot1Controller extends Controller
$user->email = $email;
$user->password = Hash::make($password);
$user->register_source = 'app';
- $user->app_register_ip = $request->ip();
+ $user->app_register_ip = sha1($request->ip());
$user->app_register_token = Str::random(40);
$user->save();
@@ -629,7 +629,7 @@ class ApiV1Dot1Controller extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404);
}
- $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
+ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
abort_if(! $rl, 429, 'Too many requests');
$request->validate([
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 86ee52c8..3e6a9c4f 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -109,8 +109,8 @@ class LoginController extends Controller
$log->action = 'auth.login';
$log->message = 'Account Login';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
}
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 230daea8..1d0e415c 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -165,7 +165,7 @@ class RegisterController extends Controller
'username' => $data['username'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
- 'app_register_ip' => request()->ip(),
+ 'app_register_ip' => sha1(request()->ip()),
]);
}
diff --git a/app/Http/Controllers/CuratedRegisterController.php b/app/Http/Controllers/CuratedRegisterController.php
index 58bddb49..83e2e120 100644
--- a/app/Http/Controllers/CuratedRegisterController.php
+++ b/app/Http/Controllers/CuratedRegisterController.php
@@ -389,7 +389,7 @@ class CuratedRegisterController extends Controller
$cr->email = $request->email;
$cr->username = $request->session()->get('cur-reg.form-username');
$cr->password = bcrypt($request->session()->get('cur-reg.form-password'));
- $cr->ip_address = $request->ip();
+ $cr->ip_address = sha1($request->ip());
$cr->reason_to_join = $request->session()->get('cur-reg.form-reason');
$cr->verify_code = Str::random(40);
$cr->save();
diff --git a/app/Http/Controllers/RemoteAuthController.php b/app/Http/Controllers/RemoteAuthController.php
index e0afd82e..7e58eec5 100644
--- a/app/Http/Controllers/RemoteAuthController.php
+++ b/app/Http/Controllers/RemoteAuthController.php
@@ -329,7 +329,7 @@ class RemoteAuthController extends Controller
'webfinger' => $res['_webfinger'],
], [
'software' => 'mastodon',
- 'ip_address' => $request->ip(),
+ 'ip_address' => sha1($request->ip()),
'bearer_token' => $token,
'verify_credentials' => $res,
'last_verify_credentials_at' => now(),
@@ -712,7 +712,7 @@ class RemoteAuthController extends Controller
'email' => $data['email'],
'password' => Hash::make($data['password']),
'email_verified_at' => config('remote-auth.mastodon.contraints.skip_email_verification') ? now() : null,
- 'app_register_ip' => request()->ip(),
+ 'app_register_ip' => sha1(request()->ip()),
'register_source' => 'mastodon',
])));
diff --git a/app/Http/Controllers/SeasonalController.php b/app/Http/Controllers/SeasonalController.php
index a9f1f98c..352eb102 100644
--- a/app/Http/Controllers/SeasonalController.php
+++ b/app/Http/Controllers/SeasonalController.php
@@ -230,8 +230,8 @@ class SeasonalController extends Controller
'action' => 'seasonal.my2020.view'
],
[
- 'ip_address' => $request->ip(),
- 'user_agent' => $request->userAgent()
+ 'ip_address' => sha1($request->ip()),
+ 'user_agent' => sha1($request->userAgent())
]
]);
return response()->json(200);
diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
index ce411e4f..cf21aadb 100644
--- a/app/Http/Controllers/Settings/HomeSettings.php
+++ b/app/Http/Controllers/Settings/HomeSettings.php
@@ -137,8 +137,8 @@ trait HomeSettings
$log->action = 'account.edit.password';
$log->message = 'Password changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
Mail::to($request->user())->send(new PasswordChange($user));
@@ -185,8 +185,8 @@ trait HomeSettings
$log->action = 'account.edit.email';
$log->message = 'Email changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
}
diff --git a/app/Http/Controllers/UserEmailForgotController.php b/app/Http/Controllers/UserEmailForgotController.php
index 3889b980..c2622d10 100644
--- a/app/Http/Controllers/UserEmailForgotController.php
+++ b/app/Http/Controllers/UserEmailForgotController.php
@@ -80,8 +80,8 @@ class UserEmailForgotController extends Controller
{
UserEmailForgot::create([
'user_id' => $user->id,
- 'ip_address' => $request->ip(),
- 'user_agent' => $request->userAgent(),
+ 'ip_address' => sha1($request->ip()),
+ 'user_agent' => sha1($request->userAgent()),
'email_sent_at' => now()
]);
diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
index 90806965..90d6591b 100644
--- a/app/Listeners/AuthLogin.php
+++ b/app/Listeners/AuthLogin.php
@@ -122,8 +122,8 @@ class AuthLogin
$device = DB::transaction(function() use($user) {
return UserDevice::firstOrCreate([
'user_id' => $user->id,
- 'ip' => request()->ip(),
- 'user_agent' => str_limit(request()->userAgent(), 180),
+ 'ip' => sha1(request()->ip()),
+ 'user_agent' => sha1(request()->userAgent()),
]);
});
}
diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
index c6ba3305..eff0cf71 100644
--- a/app/Listeners/LogFailedLogin.php
+++ b/app/Listeners/LogFailedLogin.php
@@ -41,8 +41,8 @@ class LogFailedLogin
$log->action = 'auth.failed';
$log->message = 'Failed login attempt';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
}
}
--
2.44.1

38
patches/0002-hardcode-discovery-settings.patch
View file

@ -1,38 +0,0 @@
From 295702b9a7f4b3236bc68bbf5bc453956f5f4978 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 18 Nov 2024 13:44:07 +0100
Subject: [PATCH 2/6] hardcode discovery settings
force enable discovery (as dynamic settings are not saved properly)
---
app/Http/Controllers/DiscoverController.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php
index b3047ff7..824e0308 100644
--- a/app/Http/Controllers/DiscoverController.php
+++ b/app/Http/Controllers/DiscoverController.php
@@ -292,16 +292,16 @@ class DiscoverController extends Controller
return [
'hashtags' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'memories' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'insights' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'friends' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'server' => [
'enabled' => false,
--
2.44.1

26
patches/0003-point-to-modified-sourcecode.patch
View file

@ -1,26 +0,0 @@
From 09fae8ec220547ddf369122a1ddf687667705187 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 18 Nov 2024 13:44:36 +0100
Subject: [PATCH 3/6] point to modified sourcecode
as per AGPL license of original source, modifications must be disclosed.
---
resources/views/site/opensource.blade.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/resources/views/site/opensource.blade.php b/resources/views/site/opensource.blade.php
index cb2e7c77..63645f0c 100644
--- a/resources/views/site/opensource.blade.php
+++ b/resources/views/site/opensource.blade.php
@@ -7,7 +7,7 @@
</div>
<hr>
<section>
- <p class="lead">The software that powers this website is called <a href="https://pixelfed.org">Pixelfed</a> and anyone can <a href="https://github.com/pixelfed/pixelfed">download</a> or <a href="https://github.com/pixelfed/pixelfed">view</a> the source code and run their own instance!</p>
+ <p class="lead">This website runs a modified version of the Pixelfed software, which you can find on <a href="https://git.zknt.org/chris/pixelfed/">Git</a> (original, unmodified software: <a href="https://github.com/pixelfed/pixelfed/">here on Github</a></p>
</section>
@endsection
--
2.44.1

26
patches/0004-allow-30-char-usernames.patch
View file

@ -1,26 +0,0 @@
From e8dda2d6347b6c3bd88b4befa97d68e949ae2cf3 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 18 Nov 2024 13:44:59 +0100
Subject: [PATCH 4/6] allow 30 char usernames
raise maximum username length, because why not?
---
app/Http/Controllers/Auth/RegisterController.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 1d0e415c..3150ddba 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -69,7 +69,7 @@ class RegisterController extends Controller
$usernameRules = [
'required',
'min:2',
- 'max:15',
+ 'max:30',
'unique:users',
function ($attribute, $value, $fail) {
$dash = substr_count($value, '-');
--
2.44.1

43
patches/0005-disable-beagle.patch
View file

@ -1,43 +0,0 @@
From b32f213bd3ef168f5c39420ff1afc8cfc58ca215 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 18 Nov 2024 13:45:58 +0100
Subject: [PATCH 5/6] disable beagle
beagle is a remote API service provided by dansup and used for centralised lookups.
Using the beagle service without users explicit consent violates GDPR.
As it's not configurable at the moment this patch disables remote communication of user data with beagle.
---
app/Services/Account/RemoteAuthService.php | 3 +++
1 file changed, 3 insertions(+)
diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php
index 4412352a..abab2151 100644
--- a/app/Services/Account/RemoteAuthService.php
+++ b/app/Services/Account/RemoteAuthService.php
@@ -115,6 +115,7 @@ class RemoteAuthService
public static function isDomainCompatible($domain = false)
{
+ return true;
if(!$domain) {
return false;
}
@@ -144,6 +145,7 @@ class RemoteAuthService
public static function lookupWebfingerUses($wf)
{
+ return 0;
try {
$res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/lookup?webfinger=' . $wf);
if(!$res->ok()) {
@@ -166,6 +168,7 @@ class RemoteAuthService
public static function submitToBeagle($ow, $ou, $dw, $du)
{
+ return;
try {
$url = 'https://beagle.pixelfed.net/api/v1/raa/submit';
$res = Http::throw()->timeout(10)->get($url, [
--
2.44.1

52
patches/0006-Link-legal-notice.patch
View file

File diff suppressed because one or more lines are too long

3
patches/README.md
View file

@ -1,3 +0,0 @@
Various patches against [https://github.com/pixelfed/pixelfed](dansups pixelfed).
All patches except for patch 006 (adding legal notice links to the frontpage) are included in my prebuilt images, zknt/pixelfed on docker hub and quay.io.

21
schedule-entrypoint.sh
View file

@ -1,21 +0,0 @@
#!/usr/bin/env bash
set -xeo pipefail
php /wait-for-db.php
if [[ ! -e storage/.docker.init ]];
then
echo "Database is not initialized yet, exiting..."
sleep 5
exit 1
fi
gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
if [ $migrations = "yes" ];
then
echo "Database needs migrations, exiting..."
sleep 5
exit 1
fi
gosu www-data php artisan schedule:work

21
websockets-entrypoint.sh
View file

@ -1,21 +0,0 @@
#!/usr/bin/env bash
set -xeo pipefail
php /wait-for-db.php
if [[ ! -e storage/.docker.init ]];
then
echo "Database is not initialized yet, exiting..."
sleep 5
exit 1
fi
gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
if [ $migrations = "yes" ];
then
echo "Database needs migrations, exiting..."
sleep 5
exit 1
fi
gosu www-data php artisan websockets:serve