workaround imagick

Reviewed-on: dockers/pixelfed#1

Containerfile

@@ -0,0 +1,79 @@
+FROM docker.io/php:8.3-apache-bookworm as builder
+
+ARG VERSION=dev
+
+ARG DATE
+
+RUN set -xe;\
+  apt-get update &&\
+  apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev zip libpq-dev &&\
+  apt-get clean all &&\
+  rm -rf /var/lib/apt/lists/*
+
+RUN set -xe;\
+  docker-php-ext-configure mbstring --disable-mbregex &&\
+  docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm &&\
+  docker-php-ext-install -j$(nproc) curl zip bcmath intl mbstring xml pcntl gd mysqli pdo_mysql pdo_pgsql opcache &&\
+  docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql && docker-php-ext-install pdo_pgsql pgsql &&\
+  # pecl install imagick &&\ 3.7.0 is broken
+    git clone https://github.com/Imagick/imagick.git --depth 1 /tmp/imagick &&\
+    cd /tmp/imagick &&\
+    git checkout 28f27044e435a2b203e32675e942eb8de620ee58 &&\
+    phpize && ./configure && make && make install &&\
+    rm -rf /tmp/imagick &&\
+    # end workaround
+  pecl install redis &&\
+  docker-php-ext-enable imagick redis
+RUN set -xe;\
+  curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
+  mv composer.phar /usr/local/bin/composer
+
+COPY patches/ /patches/
+
+RUN set -xe;\
+  cd /var && rm -rf www &&\
+  git clone https://github.com/pixelfed/pixelfed.git www &&\
+  cd www &&\
+  git checkout $VERSION &&\
+  git apply /patches/0001-remove-IP-logging.patch &&\
+  git apply /patches/0002-hardcode-discovery-settings.patch &&\
+  git apply /patches/0003-point-to-modified-sourcecode.patch &&\
+  git apply /patches/0004-allow-30-char-usernames.patch &&\
+  git apply /patches/0005-disable-beagle.patch &&\
+  ENABLE_CONFIG_CACHE=false composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
+  ln -s public html &&\
+  chown -R www-data:www-data /var/www &&\
+  cp -r storage storage.skel &&\
+  rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore /patches
+
+FROM docker.io/php:8.3-apache-bookworm
+ARG DATE
+ARG VERSION=dev
+
+COPY --from=builder /var/www /var/www
+COPY entrypoint.sh /entrypoint.sh
+COPY worker-entrypoint.sh /worker-entrypoint.sh
+COPY websockets-entrypoint.sh /websockets-entrypoint.sh
+COPY schedule-entrypoint.sh /schedule-entrypoint.sh
+COPY wait-for-db.php /wait-for-db.php
+COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20230831 /usr/local/lib/php/extensions/no-debug-non-zts-20230831
+COPY --from=builder /usr/local/etc/php/conf.d /usr/local/etc/php/conf.d
+
+RUN set -xe;\
+  apt-get update &&\
+  apt-get install --no-install-recommends -y libzip4 libpq5 libmagickwand-6.q16-6 libxpm4 libwebp7 &&\
+  apt-get install --no-install-recommends -y optipng pngquant jpegoptim gifsicle ffmpeg locales gosu dumb-init zip &&\
+  apt-get clean all &&\
+  rm -rf /var/lib/apt/lists/*
+
+RUN set -xe;\
+  a2enmod rewrite &&\
+  sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf &&\
+  sed -i 's/^post_max_size.*/post_max_size = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
+  sed -i 's/^upload_max_filesize.*/upload_max_filesize = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
+  mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+WORKDIR /var/www
+VOLUME /var/www/storage /var/www/bootstrap
+ENTRYPOINT /entrypoint.sh
+
+LABEL build.date=$DATE version.pixelfed=$VERSION

Containerfile.fpm

@@ -0,0 +1,80 @@
+FROM docker.io/php:8.3-fpm-bookworm as builder
+
+ARG VERSION=dev
+ARG DATE
+
+RUN set -xe;\
+  apt-get update &&\
+  apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev zip libpq-dev &&\
+  apt-get clean all &&\
+  rm -rf /var/lib/apt/lists/*
+
+RUN set -xe;\
+  docker-php-ext-configure mbstring --disable-mbregex &&\
+  docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm &&\
+  docker-php-ext-install -j$(nproc) curl zip bcmath intl mbstring xml pcntl gd mysqli pdo_mysql pdo_pgsql opcache &&\
+  docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql && docker-php-ext-install pdo_pgsql pgsql &&\
+  #pecl install imagick &&\ 3.7.0 is broken
+    git clone https://github.com/Imagick/imagick.git --depth 1 /tmp/imagick &&\
+    cd /tmp/imagick &&\
+    git checkout 28f27044e435a2b203e32675e942eb8de620ee58 &&\
+    phpize && ./configure && make && make install &&\
+    rm -rf /tmp/imagick &&\
+    # end workaround
+  pecl install redis &&\
+  docker-php-ext-enable imagick redis
+RUN set -xe;\
+  curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
+  mv composer.phar /usr/local/bin/composer
+
+COPY patches/ /patches/
+
+RUN set -xe;\
+  cd /var && rm -rf www &&\
+  git clone https://github.com/pixelfed/pixelfed.git www &&\
+  cd www &&\
+  git checkout $VERSION &&\
+  git apply /patches/0001-remove-IP-logging.patch &&\
+  git apply /patches/0002-hardcode-discovery-settings.patch &&\
+  git apply /patches/0003-point-to-modified-sourcecode.patch &&\
+  git apply /patches/0004-allow-30-char-usernames.patch &&\
+  git apply /patches/0005-disable-beagle.patch &&\
+  ENABLE_CONFIG_CACHE=false composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
+  chown -R www-data:www-data /var/www &&\
+  cp -r storage storage.skel &&\
+  cp -r public public.skel &&\
+  chown -R www-data:www-data public.skel storage.skel &&\
+  rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
+
+FROM docker.io/php:8.3-fpm-bookworm
+ARG VERSION=dev
+ARG DATE
+
+COPY --from=builder /var/www /var/www
+COPY entrypoint.fpm.sh /entrypoint.sh
+COPY worker-entrypoint.sh /worker-entrypoint.sh
+COPY schedule-entrypoint.sh /schedule-entrypoint.sh
+COPY websockets-entrypoint.sh /websockets-entrypoint.sh
+COPY wait-for-db.php /wait-for-db.php
+COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20230831 /usr/local/lib/php/extensions/no-debug-non-zts-20230831
+COPY --from=builder /usr/local/etc/php/conf.d /usr/local/etc/php/conf.d
+
+RUN set -xe;\
+  apt-get update &&\
+  apt-get upgrade -y &&\
+  apt-get install --no-install-recommends -y libzip4 libpq5 libmagickwand-6.q16-6 libxpm4 libwebp7 &&\
+  apt-get install --no-install-recommends -y optipng pngquant jpegoptim gifsicle ffmpeg locales gosu dumb-init rsync zip &&\
+  apt-get clean all &&\
+  rm -rf /var/lib/apt/lists/*
+
+RUN set -xe;\
+#  a2enmod rewrite &&\
+#  sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf &&\
+  sed -i 's/^post_max_size.*/post_max_size = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
+  sed -i 's/^upload_max_filesize.*/upload_max_filesize = 100M/g' "$PHP_INI_DIR"/php.ini* &&\
+  mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+WORKDIR /var/www
+VOLUME /var/www/storage /var/www/bootstrap /var/www/public
+ENTRYPOINT /entrypoint.sh
+
+LABEL build.date=$DATE version.pixelfev=$VERSION

Dockerfile

@@ -1,39 +0,0 @@
-FROM reg.zknt.org/zknt/debian-php:7.4 as builder
-
-ARG DATE
-
-ENV PHPVER=7.4
-ENV IP_PATCH=2722da0c4749b726bfb87ac56ba055940c2d2fc7
-ENV IMPRESSUM_PATCH=dbb47aa7ef59f83e9f88d71992b928b618b4bc03
-
-RUN set -xe;\
-  apt-install git unzip php${PHPVER}-curl php${PHPVER}-zip php${PHPVER}-bcmath php${PHPVER}-intl php${PHPVER}-mbstring php${PHPVER}-xml composer &&\
-  composer global require hirak/prestissimo --no-interaction --no-suggest --prefer-dist &&\
-  cd /var && rm -rf www &&\
-  git clone https://github.com/pixelfed/pixelfed.git www &&\
-  cd www &&\
-  curl -L https://github.com/hnrd/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
-  curl -L https://github.com/hnrd/pixelfed/commit/${IMPRESSUM_PATCH}.patch | git apply &&\
-  composer require beyondcode/laravel-self-diagnosis &&\
-  composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
-  ln -s public html &&\
-  chown -R www-data:www-data /var/www &&\
-  cp -r storage storage.skel &&\
-  rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
-
-FROM reg.zknt.org/zknt/debian-php:7.4
-ENV PHPVER=7.4
-COPY --from=builder /var/www /var/www
-COPY entrypoint.sh /entrypoint.sh
-COPY worker-entrypoint.sh /worker-entrypoint.sh
-COPY wait-for-db.php /wait-for-db.php
-RUN apt-install php${PHPVER}-curl php${PHPVER}-zip php${PHPVER}-bcmath php${PHPVER}-intl php${PHPVER}-mbstring php${PHPVER}-xml optipng pngquant jpegoptim gifsicle ffmpeg php${PHPVER}-imagick php${PHPVER}-gd php${PHPVER}-redis php${PHPVER}-mysql php${PHPVER}-pgsql &&\
-  a2enmod rewrite &&\
-  sed -i 's/AllowOverride None/AllowOverride All/g' /etc/apache2/apache2.conf &&\
-  sed -i 's/^post_max_size.*/post_max_size = 100M/g' /etc/php/${PHPVER}/apache2/php.ini &&\
-  sed -i 's/^upload_max_filesize.*/upload_max_filesize = 100M/g' /etc/php/${PHPVER}/apache2/php.ini
-WORKDIR /var/www
-VOLUME /var/www/storage /var/www/bootstrap
-ENTRYPOINT /entrypoint.sh
-
-LABEL build.date=$DATE

Jenkinsfile

@@ -1,42 +1,74 @@
 version = ""
 project = "pixelfed"
 repo = "zknt"
-registry = "reg.zknt.org"
-registry_credentials = "6ff44976-23cd-4cc2-902c-de8c340e65e5"
 timeStamp = Calendar.getInstance().getTime().format('YYYY-MM-dd',TimeZone.getTimeZone('UTC'))
 
 pipeline {
   agent any
-  triggers {
-    upstream(upstreamProjects: "../debian-php-74/trunk", threshold: hudson.model.Result.SUCCESS)
+  environment {
+    IO_CRED = credentials("3deeee3d-6fce-4430-98dd-9b4db56f43f7")
+    QUAY_CRED = credentials("18fb6f7e-c6bc-4d06-9bf9-08c2af6bfc1a")
   }
     stages {
-      stage('Build image') {
+      stage('Prepare') {
         steps {
-          withDockerRegistry([ credentialsId: registry_credentials, url: "https://"+registry ]) {
-            script {
-              version = timeStamp
-              def customImage = docker.build(registry+'/'+repo+'/'+project, "--pull --build-arg VERSION=$version --build-arg DATE=$timeStamp .")
-              customImage.push(version)
-              customImage.push("latest")
-              def io_registry_credentials = "3deeee3d-6fce-4430-98dd-9b4db56f43f7"
-              withDockerRegistry([ credentialsId: io_registry_credentials ]) {
-                def io_registry_image = repo + '/' + project + ':' + version
-                sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + io_registry_image
-                sh "docker push " + io_registry_image
-                sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + io_registry_image.split(/\:/)[0] + ":latest"
-                sh "docker push " + io_registry_image.split(/\:/)[0] + ":latest"
-              }
-
-              def quay_credentials= "18fb6f7e-c6bc-4d06-9bf9-08c2af6bfc1a"
-              withDockerRegistry([ credentialsId: quay_credentials, url: "https://quay.io" ]) {
-                def quay_image = 'quay.io/' + repo + '/' + project + ':' + version
-                sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + quay_image
-                sh "docker push " + quay_image
-                sh "docker image tag " + registry+'/'+repo+'/'+project+':'+version + ' ' + quay_image.split(/\:/)[0] + ":latest"
-                sh "docker push " + quay_image.split(/\:/)[0] + ":latest"
-              }
-            }
+          script {
+            sh "buildah login -u " + IO_CRED_USR+ " -p " + IO_CRED_PSW + " docker.io"
+            sh "buildah login -u " + QUAY_CRED_USR+ " -p " + QUAY_CRED_PSW + " quay.io"
+            sh "buildah manifest create pixelfed-dev"
+            sh "buildah manifest create pixelfed-dev-fpm"
+          }
+        }
+      }
+      stage('Build dev amd64') {
+        steps {
+          script {
+            sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile --build-arg DATE=$timeStamp --manifest pixelfed-dev --arch amd64"
+          }
+        }
+      }
+      stage('Build dev arm64') {
+        steps {
+          script {
+            sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile --build-arg DATE=$timeStamp --manifest pixelfed-dev --arch arm64"
+          }
+        }
+      }
+      stage('Build dev-fpm amd64') {
+        steps {
+          script {
+            sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile.fpm --build-arg DATE=$timeStamp --manifest pixelfed-dev-fpm --arch amd64"
+          }
+        }
+      }
+      stage('Build dev-fpm arm64') {
+        steps {
+          script {
+            sh "TMPDIR=/buildah/tmp buildah bud -f Containerfile.fpm --build-arg DATE=$timeStamp --manifest pixelfed-dev-fpm --arch arm64"
+          }
+        }
+      }
+      stage('Upload to quay.io') {
+        steps {
+          script {
+            sh "buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:dev"
+            sh "buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:latest"
+            sh "buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:$timeStamp"
+            sh "buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:dev-fpm"
+            sh "buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:fpm"
+            sh "buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:$timeStamp-fpm"
+          }
+        }
+      }
+      stage('Upload to docker.io') {
+        steps {
+          script {
+            sh "buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:dev"
+            sh "buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:latest"
+            sh "buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:$timeStamp"
+            sh "buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:dev-fpm"
+            sh "buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:fpm"
+            sh "buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:$timeStamp-fpm"
           }
         }
       }
@@ -44,11 +76,8 @@ pipeline {
 
   post {
     always {
-      sh """docker container prune -f"""
-      sh """docker image prune -f"""
-      sh """docker rmi -f \$(docker images -q $registry/$repo/$project:$version)"""
-      sh """for image in \$(grep FROM Dockerfile | cut -d ' ' -f 2 | grep -vi -e SCRATCH -e bootstrapped | uniq); do docker rmi -f \$(docker images -q \${image}); done"""
-      emailext body: 'build finished', subject: '[jenkins] docker '+project+'('+version+'): ' + currentBuild.result, to: 'cg@zknt.org', from: 'sysadm@zknt.org', attachLog: true
+      sh """buildah rmi -af"""
+      emailext body: 'build finished', subject: '[jenkins] docker '+project+'('+timeStamp+'): ' + currentBuild.result, to: 'cg@zknt.org', from: 'sysadm@zknt.org', attachLog: true
     }
   }
   options {
@@ -75,4 +104,4 @@ pipeline {
       ]
     ]))
   }
-}
+}

build.yaml

@@ -1,7 +1,7 @@
 ---
 version: ""
 project: pixelfed
-trigger_upstream: ../debian-php-74/trunk
+trigger_upstream: ../debian-php-81/trunk
 timestamp_version: true
 additional_tags:
   - latest

entrypoint.fpm.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -xeo pipefail
+
+rsync -a --delete storage.skel/* storage/
+rsync -a --delete public.skel/ public/
+chown -R www-data:www-data storage/ bootstrap/
+
+php /wait-for-db.php
+
+if [[ ! -e storage/.docker.init ]]
+then
+	echo "Fresh installation, initializing database..."
+	gosu www-data php artisan key:generate
+	gosu www-data php artisan migrate:fresh --force
+	gosu www-data php artisan passport:keys
+	echo completed > storage/.docker.init
+fi
+
+gosu www-data php artisan storage:link
+gosu www-data php artisan config:cache
+gosu www-data php artisan cache:clear
+gosu www-data php artisan route:cache
+gosu www-data php artisan view:cache
+
+rsync --archive --delete public/ /public/
+
+echo "++++ Check for needed migrations... ++++"
+# check for migrations
+gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
+gosu www-data php artisan migrate:status | grep Pending && migrations=yes || migrations=no
+if [ "$migrations" = "yes" ];
+then
+	gosu www-data php artisan migrate --force
+fi
+
+# create instance actor
+gosu www-data php artisan instance:actor
+
+dumb-init docker-php-entrypoint -F

entrypoint.sh

@@ -7,6 +7,7 @@ then
 fi
 
 cp -r storage.skel/* storage/
+chown -R www-data:www-data storage/ bootstrap/
 
 php /wait-for-db.php
 
@@ -20,15 +21,15 @@ then
 fi
 
 gosu www-data php artisan storage:link
-gosu www-data php artisan horizon:publish
+gosu www-data php artisan config:cache
 gosu www-data php artisan cache:clear
 gosu www-data php artisan route:cache
 gosu www-data php artisan view:cache
-gosu www-data php artisan config:cache
 
 echo "++++ Check for needed migrations... ++++"
 # check for migrations
 gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
+gosu www-data php artisan migrate:status | grep Pending && migrations=yes || migrations=no
 if [ $migrations = "yes" ];
 then
 	gosu www-data php artisan migrate --force
@@ -39,4 +40,4 @@ gosu www-data php artisan instance:actor
 
 echo "++++ Start apache... ++++"
 source /etc/apache2/envvars
-/usr/local/sbin/dumb-init apache2 -DFOREGROUND
+dumb-init apache2 -DFOREGROUND

hcloud-build.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+hcloud server create --datacenter nbg1-dc3 --image "debian-12" --type cpx41 --ssh-key cg@melpomene --ssh-key jenkins@toolbox --name pixelbuild
+pixelbuild_ip=$(hcloud server ip pixelbuild)
+ssh_cmd="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@${pixelbuild_ip}"
+timeStamp=$(date -I)
+
+$ssh_cmd apt update
+$ssh_cmd apt install -y --no-install-recommends buildah qemu-user-static podman
+rsync -av -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" . root@"${pixelbuild_ip}":zknt-pixelfed
+$ssh_cmd buildah login -u "${IO_CRED_USR}" -p "${IO_CRED_PSW}" docker.io
+$ssh_cmd buildah login -u "${QUAY_CRED_USR}" -p "${QUAY_CRED_PSW}" quay.io
+
+$ssh_cmd buildah manifest create pixelfed-dev
+$ssh_cmd buildah manifest create pixelfed-dev-fpm
+$ssh_cmd buildah bud -f Containerfile --build-arg DATE="$timeStamp" --manifest pixelfed-dev --arch amd64
+$ssh_cmd buildah bud -f Containerfile --build-arg DATE="$timeStamp" --manifest pixelfed-dev --arch arm64
+$ssh_cmd buildah bud -f Containerfile.fpm --build-arg DATE="$timeStamp" --manifest pixelfed-dev-fpm --arch amd64
+$ssh_cmd buildah bud -f Containerfile.fpm --build-arg DATE="$timeStamp" --manifest pixelfed-dev-fpm --arch arm64
+
+$ssh_cmd buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:dev
+$ssh_cmd buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:latest
+$ssh_cmd buildah manifest push --all pixelfed-dev docker://quay.io/zknt/pixelfed:"$timeStamp"
+$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:dev-fpm
+$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:fpm
+$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://quay.io/zknt/pixelfed:"$timeStamp-fpm"
+
+$ssh_cmd buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:dev
+$ssh_cmd buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:latest
+$ssh_cmd buildah manifest push --all pixelfed-dev docker://docker.io/zknt/pixelfed:"$timeStamp"
+$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:dev-fpm
+$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:fpm
+$ssh_cmd buildah manifest push --all pixelfed-dev-fpm docker://docker.io/zknt/pixelfed:"$timeStamp-fpm"
+
+hcloud server delete pixelbuild

patches/0001-remove-IP-logging.patch

@@ -0,0 +1,242 @@
+From 08a91732cd39a087c2471f63c108b172943d5dbb Mon Sep 17 00:00:00 2001
+From: chris <cg@zknt.org>
+Date: Mon, 18 Nov 2024 13:43:42 +0100
+Subject: [PATCH 1/6] remove IP logging
+
+Replace unneeded logging of IPs and User-Agent strings with hashed data.
+---
+ .gitattributes                                     | 12 ------------
+ app/Http/Controllers/Api/ApiV1Dot1Controller.php   | 12 ++++++------
+ app/Http/Controllers/Auth/LoginController.php      |  4 ++--
+ app/Http/Controllers/Auth/RegisterController.php   |  2 +-
+ app/Http/Controllers/CuratedRegisterController.php |  2 +-
+ app/Http/Controllers/RemoteAuthController.php      |  4 ++--
+ app/Http/Controllers/SeasonalController.php        |  4 ++--
+ app/Http/Controllers/Settings/HomeSettings.php     |  8 ++++----
+ app/Http/Controllers/UserEmailForgotController.php |  4 ++--
+ app/Listeners/AuthLogin.php                        |  4 ++--
+ app/Listeners/LogFailedLogin.php                   |  4 ++--
+ 11 files changed, 24 insertions(+), 36 deletions(-)
+ delete mode 100644 .gitattributes
+
+diff --git a/.gitattributes b/.gitattributes
+deleted file mode 100644
+index 25c1b1b6..00000000
+--- a/.gitattributes
++++ /dev/null
+@@ -1,12 +0,0 @@
+-* text=auto
+-*.css linguist-vendored
+-*.scss linguist-vendored
+-*.js linguist-vendored
+-CHANGELOG.md export-ignore
+-
+-# Collapse diffs for generated files:
+-public/**/*.js text -diff
+-public/**/*.json text -diff
+-public/**/*.css text -diff
+-public/img/* binary -diff
+-public/fonts/* binary -diff
+diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+index 38550e5f..79ed50fe 100644
+--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
++++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+@@ -295,8 +295,8 @@ class ApiV1Dot1Controller extends Controller
+         $log->action = 'account.edit.password';
+         $log->message = 'Password changed';
+         $log->link = null;
+-        $log->ip_address = $request->ip();
+-        $log->user_agent = $request->userAgent();
++        $log->ip_address = sha1($request->ip());
++        $log->user_agent = sha1($request->userAgent());
+         $log->save();
+ 
+         Mail::to($request->user())->send(new PasswordChange($user));
+@@ -320,7 +320,7 @@ class ApiV1Dot1Controller extends Controller
+             abort_if(BouncerService::checkIp($request->ip()), 404);
+         }
+         $agent = new Agent;
+-        $currentIp = $request->ip();
++        $currentIp = sha1($request->ip());
+ 
+         $activity = AccountLog::whereUserId($user->id)
+             ->whereAction('auth.login')
+@@ -499,7 +499,7 @@ class ApiV1Dot1Controller extends Controller
+             abort_if(BouncerService::checkIp($request->ip()), 404);
+         }
+ 
+-        $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {}, config('pixelfed.app_registration_rate_limit_decay', 1800));
++        $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {}, config('pixelfed.app_registration_rate_limit_decay', 1800));
+         abort_if(! $rl, 400, 'Too many requests');
+ 
+         $this->validate($request, [
+@@ -571,7 +571,7 @@ class ApiV1Dot1Controller extends Controller
+         $user->email = $email;
+         $user->password = Hash::make($password);
+         $user->register_source = 'app';
+-        $user->app_register_ip = $request->ip();
++        $user->app_register_ip = sha1($request->ip());
+         $user->app_register_token = Str::random(40);
+         $user->save();
+ 
+@@ -629,7 +629,7 @@ class ApiV1Dot1Controller extends Controller
+             abort_if(BouncerService::checkIp($request->ip()), 404);
+         }
+ 
+-        $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
++        $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
+         abort_if(! $rl, 429, 'Too many requests');
+ 
+         $request->validate([
+diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
+index 86ee52c8..3e6a9c4f 100644
+--- a/app/Http/Controllers/Auth/LoginController.php
++++ b/app/Http/Controllers/Auth/LoginController.php
+@@ -109,8 +109,8 @@ class LoginController extends Controller
+         $log->action = 'auth.login';
+         $log->message = 'Account Login';
+         $log->link = null;
+-        $log->ip_address = $request->ip();
+-        $log->user_agent = $request->userAgent();
++        $log->ip_address = sha1($request->ip());
++        $log->user_agent = sha1($request->userAgent());
+         $log->save();
+     }
+ 
+diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
+index 230daea8..1d0e415c 100644
+--- a/app/Http/Controllers/Auth/RegisterController.php
++++ b/app/Http/Controllers/Auth/RegisterController.php
+@@ -165,7 +165,7 @@ class RegisterController extends Controller
+             'username' => $data['username'],
+             'email' => $data['email'],
+             'password' => Hash::make($data['password']),
+-            'app_register_ip' => request()->ip(),
++            'app_register_ip' => sha1(request()->ip()),
+         ]);
+     }
+ 
+diff --git a/app/Http/Controllers/CuratedRegisterController.php b/app/Http/Controllers/CuratedRegisterController.php
+index 58bddb49..83e2e120 100644
+--- a/app/Http/Controllers/CuratedRegisterController.php
++++ b/app/Http/Controllers/CuratedRegisterController.php
+@@ -389,7 +389,7 @@ class CuratedRegisterController extends Controller
+         $cr->email = $request->email;
+         $cr->username = $request->session()->get('cur-reg.form-username');
+         $cr->password = bcrypt($request->session()->get('cur-reg.form-password'));
+-        $cr->ip_address = $request->ip();
++        $cr->ip_address = sha1($request->ip());
+         $cr->reason_to_join = $request->session()->get('cur-reg.form-reason');
+         $cr->verify_code = Str::random(40);
+         $cr->save();
+diff --git a/app/Http/Controllers/RemoteAuthController.php b/app/Http/Controllers/RemoteAuthController.php
+index e0afd82e..7e58eec5 100644
+--- a/app/Http/Controllers/RemoteAuthController.php
++++ b/app/Http/Controllers/RemoteAuthController.php
+@@ -329,7 +329,7 @@ class RemoteAuthController extends Controller
+             'webfinger' => $res['_webfinger'],
+         ], [
+             'software' => 'mastodon',
+-            'ip_address' => $request->ip(),
++            'ip_address' => sha1($request->ip()),
+             'bearer_token' => $token,
+             'verify_credentials' => $res,
+             'last_verify_credentials_at' => now(),
+@@ -712,7 +712,7 @@ class RemoteAuthController extends Controller
+             'email' => $data['email'],
+             'password' => Hash::make($data['password']),
+             'email_verified_at' => config('remote-auth.mastodon.contraints.skip_email_verification') ? now() : null,
+-            'app_register_ip' => request()->ip(),
++            'app_register_ip' => sha1(request()->ip()),
+             'register_source' => 'mastodon',
+         ])));
+ 
+diff --git a/app/Http/Controllers/SeasonalController.php b/app/Http/Controllers/SeasonalController.php
+index a9f1f98c..352eb102 100644
+--- a/app/Http/Controllers/SeasonalController.php
++++ b/app/Http/Controllers/SeasonalController.php
+@@ -230,8 +230,8 @@ class SeasonalController extends Controller
+ 				'action' => 'seasonal.my2020.view'
+ 			],
+ 			[
+-				'ip_address' => $request->ip(),
+-				'user_agent' => $request->userAgent()
++				'ip_address' => sha1($request->ip()),
++				'user_agent' => sha1($request->userAgent())
+ 			]
+ 		]);
+ 		return response()->json(200);
+diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
+index ce411e4f..cf21aadb 100644
+--- a/app/Http/Controllers/Settings/HomeSettings.php
++++ b/app/Http/Controllers/Settings/HomeSettings.php
+@@ -137,8 +137,8 @@ trait HomeSettings
+             $log->action = 'account.edit.password';
+             $log->message = 'Password changed';
+             $log->link = null;
+-            $log->ip_address = $request->ip();
+-            $log->user_agent = $request->userAgent();
++            $log->ip_address = sha1($request->ip());
++            $log->user_agent = sha1($request->userAgent());
+             $log->save();
+ 
+             Mail::to($request->user())->send(new PasswordChange($user));
+@@ -185,8 +185,8 @@ trait HomeSettings
+             $log->action = 'account.edit.email';
+             $log->message = 'Email changed';
+             $log->link = null;
+-            $log->ip_address = $request->ip();
+-            $log->user_agent = $request->userAgent();
++            $log->ip_address = sha1($request->ip());
++            $log->user_agent = sha1($request->userAgent());
+             $log->save();
+         }
+ 
+diff --git a/app/Http/Controllers/UserEmailForgotController.php b/app/Http/Controllers/UserEmailForgotController.php
+index 3889b980..c2622d10 100644
+--- a/app/Http/Controllers/UserEmailForgotController.php
++++ b/app/Http/Controllers/UserEmailForgotController.php
+@@ -80,8 +80,8 @@ class UserEmailForgotController extends Controller
+     {
+         UserEmailForgot::create([
+             'user_id' => $user->id,
+-            'ip_address' => $request->ip(),
+-            'user_agent' => $request->userAgent(),
++            'ip_address' => sha1($request->ip()),
++            'user_agent' => sha1($request->userAgent()),
+             'email_sent_at' => now()
+         ]);
+ 
+diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
+index 90806965..90d6591b 100644
+--- a/app/Listeners/AuthLogin.php
++++ b/app/Listeners/AuthLogin.php
+@@ -122,8 +122,8 @@ class AuthLogin
+         $device = DB::transaction(function() use($user) {
+             return UserDevice::firstOrCreate([
+                 'user_id'       => $user->id,
+-                'ip'            => request()->ip(),
+-                'user_agent'    => str_limit(request()->userAgent(), 180),
++                'ip'            => sha1(request()->ip()),
++                'user_agent'    => sha1(request()->userAgent()),
+             ]);
+         });
+     }
+diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
+index c6ba3305..eff0cf71 100644
+--- a/app/Listeners/LogFailedLogin.php
++++ b/app/Listeners/LogFailedLogin.php
+@@ -41,8 +41,8 @@ class LogFailedLogin
+         $log->action = 'auth.failed';
+         $log->message = 'Failed login attempt';
+         $log->link = null;
+-        $log->ip_address = $request->ip();
+-        $log->user_agent = $request->userAgent();
++        $log->ip_address = sha1($request->ip());
++        $log->user_agent = sha1($request->userAgent());
+         $log->save();
+     }
+ }
+-- 
+2.44.1
+

patches/0002-hardcode-discovery-settings.patch

@@ -0,0 +1,38 @@
+From 295702b9a7f4b3236bc68bbf5bc453956f5f4978 Mon Sep 17 00:00:00 2001
+From: chris <cg@zknt.org>
+Date: Mon, 18 Nov 2024 13:44:07 +0100
+Subject: [PATCH 2/6] hardcode discovery settings
+
+force enable discovery (as dynamic settings are not saved properly)
+---
+ app/Http/Controllers/DiscoverController.php | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php
+index b3047ff7..824e0308 100644
+--- a/app/Http/Controllers/DiscoverController.php
++++ b/app/Http/Controllers/DiscoverController.php
+@@ -292,16 +292,16 @@ class DiscoverController extends Controller
+ 
+         return [
+             'hashtags' => [
+-                'enabled' => false,
++                'enabled' => true,
+             ],
+             'memories' => [
+-                'enabled' => false,
++                'enabled' => true,
+             ],
+             'insights' => [
+-                'enabled' => false,
++                'enabled' => true,
+             ],
+             'friends' => [
+-                'enabled' => false,
++                'enabled' => true,
+             ],
+             'server' => [
+                 'enabled' => false,
+-- 
+2.44.1
+

patches/0003-point-to-modified-sourcecode.patch

@@ -0,0 +1,26 @@
+From 09fae8ec220547ddf369122a1ddf687667705187 Mon Sep 17 00:00:00 2001
+From: chris <cg@zknt.org>
+Date: Mon, 18 Nov 2024 13:44:36 +0100
+Subject: [PATCH 3/6] point to modified sourcecode
+
+as per AGPL license of original source, modifications must be disclosed.
+---
+ resources/views/site/opensource.blade.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/resources/views/site/opensource.blade.php b/resources/views/site/opensource.blade.php
+index cb2e7c77..63645f0c 100644
+--- a/resources/views/site/opensource.blade.php
++++ b/resources/views/site/opensource.blade.php
+@@ -7,7 +7,7 @@
+   </div>
+   <hr>
+   <section>
+-    <p class="lead">The software that powers this website is called <a href="https://pixelfed.org">Pixelfed</a> and anyone can <a href="https://github.com/pixelfed/pixelfed">download</a> or <a href="https://github.com/pixelfed/pixelfed">view</a> the source code and run their own instance!</p>
++    <p class="lead">This website runs a modified version of the Pixelfed software, which you can find on <a href="https://git.zknt.org/chris/pixelfed/">Git</a> (original, unmodified software: <a href="https://github.com/pixelfed/pixelfed/">here on Github</a></p>
+   </section>
+ @endsection
+ 
+-- 
+2.44.1
+

patches/0004-allow-30-char-usernames.patch

@@ -0,0 +1,26 @@
+From e8dda2d6347b6c3bd88b4befa97d68e949ae2cf3 Mon Sep 17 00:00:00 2001
+From: chris <cg@zknt.org>
+Date: Mon, 18 Nov 2024 13:44:59 +0100
+Subject: [PATCH 4/6] allow 30 char usernames
+
+raise maximum username length, because why not?
+---
+ app/Http/Controllers/Auth/RegisterController.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
+index 1d0e415c..3150ddba 100644
+--- a/app/Http/Controllers/Auth/RegisterController.php
++++ b/app/Http/Controllers/Auth/RegisterController.php
+@@ -69,7 +69,7 @@ class RegisterController extends Controller
+         $usernameRules = [
+             'required',
+             'min:2',
+-            'max:15',
++            'max:30',
+             'unique:users',
+             function ($attribute, $value, $fail) {
+                 $dash = substr_count($value, '-');
+-- 
+2.44.1
+

patches/0005-disable-beagle.patch

@@ -0,0 +1,43 @@
+From b32f213bd3ef168f5c39420ff1afc8cfc58ca215 Mon Sep 17 00:00:00 2001
+From: chris <cg@zknt.org>
+Date: Mon, 18 Nov 2024 13:45:58 +0100
+Subject: [PATCH 5/6] disable beagle
+
+beagle is a remote API service provided by dansup and used for centralised lookups.
+Using the beagle service without users explicit consent violates GDPR.
+As it's not configurable at the moment this patch disables remote communication of user data with beagle.
+---
+ app/Services/Account/RemoteAuthService.php | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php
+index 4412352a..abab2151 100644
+--- a/app/Services/Account/RemoteAuthService.php
++++ b/app/Services/Account/RemoteAuthService.php
+@@ -115,6 +115,7 @@ class RemoteAuthService
+ 
+     public static function isDomainCompatible($domain = false)
+     {
++	return true;
+         if(!$domain) {
+             return false;
+         }
+@@ -144,6 +145,7 @@ class RemoteAuthService
+ 
+     public static function lookupWebfingerUses($wf)
+     {
++	return 0;
+         try {
+             $res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/lookup?webfinger=' . $wf);
+             if(!$res->ok()) {
+@@ -166,6 +168,7 @@ class RemoteAuthService
+ 
+     public static function submitToBeagle($ow, $ou, $dw, $du)
+     {
++	return;
+         try {
+             $url = 'https://beagle.pixelfed.net/api/v1/raa/submit';
+             $res = Http::throw()->timeout(10)->get($url, [
+-- 
+2.44.1
+

patches/README.md

@@ -0,0 +1,3 @@
+Various patches against [https://github.com/pixelfed/pixelfed](dansups pixelfed).
+
+All patches except for patch 006 (adding legal notice links to the frontpage) are included in my prebuilt images, zknt/pixelfed on docker hub and quay.io.

schedule-entrypoint.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -xeo pipefail
+
+php /wait-for-db.php
+
+if [[ ! -e storage/.docker.init ]];
+then
+	echo "Database is not initialized yet, exiting..."
+	sleep 5
+	exit 1
+fi
+
+gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
+if [ $migrations = "yes" ];
+then
+	echo "Database needs migrations, exiting..."
+	sleep 5
+	exit 1
+fi
+
+gosu www-data php artisan schedule:work

websockets-entrypoint.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -xeo pipefail
+
+php /wait-for-db.php
+
+if [[ ! -e storage/.docker.init ]];
+then
+	echo "Database is not initialized yet, exiting..."
+	sleep 5
+	exit 1
+fi
+
+gosu www-data php artisan migrate:status | grep No && migrations=yes || migrations=no
+if [ $migrations = "yes" ];
+then
+	echo "Database needs migrations, exiting..."
+	sleep 5
+	exit 1
+fi
+
+gosu www-data php artisan websockets:serve