From e7cf3fcb3c81a4451dbb088f4768d3b833ce80dc Mon Sep 17 00:00:00 2001 From: Jenniferplusplus Date: Mon, 13 Nov 2023 19:00:38 -0600 Subject: add config for pasture verify actor --- mastodon.castle.yml | 10 +++++++ pasture.Dockerfile | 17 +++++++++++ pasture.castle.yml | 72 ++++++++++++++++++++++++++++++++++++++++++++++ volumes/pasture/.gitignore | 2 ++ volumes/proxy/traefik.toml | 2 +- 5 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 pasture.Dockerfile create mode 100644 pasture.castle.yml create mode 100644 volumes/pasture/.gitignore diff --git a/mastodon.castle.yml b/mastodon.castle.yml index 780edcf..df83712 100644 --- a/mastodon.castle.yml +++ b/mastodon.castle.yml @@ -43,6 +43,8 @@ services: - WEB_DOMAIN=mastodon.castle mastodon-streaming: + labels: + - traefik.enable=false depends_on: - mastodon image: docker.io/bitnami/mastodon:4 @@ -55,6 +57,8 @@ services: - MASTODON_ELASTICSEARCH_PASSWORD=bitnami123 - MASTODON_REDIS_HOST=mastodon_redis mastodon-sidekiq: + labels: + - traefik.enable=false depends_on: - mastodon image: docker.io/bitnami/mastodon:4 @@ -70,6 +74,8 @@ services: - MASTODON_REDIS_HOST=mastodon_redis - MASTODON_DATABASE_HOST=mastodon_db mastodon_db: + labels: + - traefik.enable=false image: docker.io/bitnami/postgresql:16 networks: - mastodon @@ -80,6 +86,8 @@ services: - POSTGRESQL_USERNAME=bn_mastodon - POSTGRESQL_PASSWORD=bitnami1 mastodon_redis: + labels: + - traefik.enable=false image: docker.io/bitnami/redis:7.0 volumes: - 'redis_data:/bitnami/redis' @@ -88,6 +96,8 @@ services: environment: - ALLOW_EMPTY_PASSWORD=yes mastodon_es: + labels: + - traefik.enable=false image: docker.io/bitnami/elasticsearch:8 networks: - mastodon diff --git a/pasture.Dockerfile b/pasture.Dockerfile new file mode 100644 index 0000000..b7f6926 --- /dev/null +++ b/pasture.Dockerfile @@ -0,0 +1,17 @@ +FROM python:3.11-alpine + +RUN pip install ipython +RUN pip install bovine + +RUN pip install fediverse_pasture + +ADD https://codeberg.org/helge/funfedidev/archive/cd14bd038b3733f8efa343c2157dfd8768e641f9.zip /var/source.zip + +RUN unzip /var/source.zip -d /var/source/ +RUN mkdir /work +RUN cp /var/source/funfedidev/fediverse-pasture/work / -r +WORKDIR /opt + +COPY volumes/root-ca/certs/root_ca.crt /usr/local/share/ca-certificates/root_ca.crt + +RUN cat /usr/local/share/ca-certificates/root_ca.crt >> /etc/ssl/certs/ca-certificates.crt \ No newline at end of file diff --git a/pasture.castle.yml b/pasture.castle.yml new file mode 100644 index 0000000..bd0ce8b --- /dev/null +++ b/pasture.castle.yml @@ -0,0 +1,72 @@ + +services: + pasture_one_actor: + labels: + - traefik.enable=false + image: pasture-sandcastles + build: + dockerfile: ./pasture.Dockerfile + volumes: + - ./volumes/pasture:/opt + command: python -m fediverse_pasture.one_actor --port 80 --assets assets + networks: + pasture: + pasture_runner: + labels: + - traefik.enable=false + image: pasture-sandcastles + build: + dockerfile: ./pasture.Dockerfile + volumes: + - ./volumes/pasture:/opt + - ./work:/work + working_dir: /work + depends_on: + - pasture_one_actor + command: /bin/sh + stdin_open: true + tty: true + networks: + pasture: + pasture_http_signature: + labels: + - traefik.enable=false + image: pasture-sandcastles + build: + dockerfile: ./pasture.Dockerfile + volumes: + - ./volumes/pasture:/opt + command: python -m fediverse_pasture.http_signature --port 80 + networks: + pasture: + pasture_verify_actor: + labels: + - traefik.http.routers.pasture.rule=Host(`actor.pasture.castle`) + - traefik.http.routers.pasture.tls=true + - traefik.http.routers.pasture.tls.certresolver=smallstep + - traefik.port=80 + image: pasture-sandcastles + build: + dockerfile: ./pasture.Dockerfile + volumes: + - ./volumes/pasture:/opt + command: python -m fediverse_pasture.verify_actor --port 80 --domain pasture_verify_actor + expose: + - 80 + networks: + pasture: + fediverse: + + proxy: + networks: + default: + aliases: + - actor.pasture.castle + fediverse: + aliases: + - actor.pasture.castle + + +networks: + pasture: + internal: true \ No newline at end of file diff --git a/volumes/pasture/.gitignore b/volumes/pasture/.gitignore new file mode 100644 index 0000000..c96a04f --- /dev/null +++ b/volumes/pasture/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/volumes/proxy/traefik.toml b/volumes/proxy/traefik.toml index 0c3f0a1..c6d2e96 100644 --- a/volumes/proxy/traefik.toml +++ b/volumes/proxy/traefik.toml @@ -11,7 +11,7 @@ dashboard = true [certificatesResolvers.smallstep.acme] - caServer = "https://root-ca.castle:9000/acme/acme/directory" # acme-staging-v02.api.letsencrypt.org/directory" + caServer = "https://root-ca.castle:9000/acme/acme/directory" storage = "acme.json" [certificatesResolvers.smallstep.acme.httpChallenge] entryPoint = "web" -- cgit v1.2.3