Improve overall configuration and support
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
06709ee46b
commit
403a32e996
22
.env.production.sample
Normal file
22
.env.production.sample
Normal file
@ -0,0 +1,22 @@
|
||||
# Settings
|
||||
MOBILIZON_INSTANCE_NAME="<%= instance_name %>"
|
||||
MOBILIZON_INSTANCE_HOST="<%= instance_domain %>"
|
||||
MOBILIZON_INSTANCE_EMAIL="<%= instance_email %>"
|
||||
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=true
|
||||
|
||||
# API
|
||||
GRAPHQL_API_ENDPOINT="https://<%= instance_domain %>"
|
||||
GRAPHQL_API_FULL_PATH=""
|
||||
|
||||
# APP
|
||||
MIX_ENV=prod
|
||||
PORT=4002
|
||||
MOBILIZON_LOGLEVEL="info"
|
||||
MOBILIZON_SECRET="<%= instance_secret %>"
|
||||
|
||||
# Database
|
||||
MOBILIZON_DATABASE_USERNAME="mobilizon"
|
||||
MOBILIZON_DATABASE_PASSWORD="<%= database_password %>"
|
||||
MOBILIZON_DATABASE_DBNAME="mobilizon_prod"
|
||||
MOBILIZON_DATABASE_HOST="localhost"
|
||||
MOBILIZON_DATABASE_PORT=5432
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -15,6 +15,10 @@ erl_crash.dump
|
||||
# variables.
|
||||
/config/*.secret.exs
|
||||
|
||||
.env.production
|
||||
|
||||
setup_db.psql
|
||||
|
||||
.elixir_ls
|
||||
/doc
|
||||
priv/static/*
|
||||
|
@ -63,7 +63,4 @@ config :geolix,
|
||||
config :arc,
|
||||
storage: Arc.Storage.Local
|
||||
|
||||
config :email_checker,
|
||||
validations: [EmailChecker.Check.Format]
|
||||
|
||||
config :phoenix, :format_encoders, json: Jason
|
||||
|
@ -19,8 +19,20 @@ config :mobilizon, MobilizonWeb.Endpoint,
|
||||
host: System.get_env("MOBILIZON_HOST") || "example.com",
|
||||
port: 80
|
||||
],
|
||||
secret_key_base:
|
||||
System.get_env("MOBILIZON_SECRET") || "ThisShouldBeAVeryStrongStringPleaseReplaceMe",
|
||||
cache_static_manifest: "priv/static/cache_manifest.json"
|
||||
|
||||
# Configure your database
|
||||
config :mobilison, Mobilizon.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: System.get_env("MOBILIZON_DATABASE_USERNAME") || "mobilizon",
|
||||
password: System.get_env("MOBILIZON_DATABASE_PASSWORD") || "mobilizon",
|
||||
database: System.get_env("MOBILIZON_DATABASE_DBNAME") || "mobilizon_prod",
|
||||
hostname: System.get_env("MOBILIZON_DATABASE_HOST") || "localhost",
|
||||
port: System.get_env("MOBILIZON_DATABASE_PORT") || "5432",
|
||||
pool_size: 15
|
||||
|
||||
config :mobilizon, Mobilizon.Mailer,
|
||||
adapter: Bamboo.SMTPAdapter,
|
||||
server: "localhost",
|
||||
@ -80,7 +92,3 @@ config :logger, level: System.get_env("MOBILIZON_LOGLEVEL") |> String.to_atom()
|
||||
#
|
||||
# config :mobilizon, MobilizonWeb.Endpoint, server: true
|
||||
#
|
||||
|
||||
# Finally import the config/prod.secret.exs
|
||||
# which should be versioned separately.
|
||||
import_config "prod.secret.exs"
|
||||
|
@ -1,3 +0,0 @@
|
||||
API_HOST=mobilizon.tld
|
||||
API_ORIGIN=https://mobilizon.tld
|
||||
API_PATH=/api/v1
|
@ -1,3 +1,26 @@
|
||||
export const API_HOST = process.env.API_HOST;
|
||||
export const API_ORIGIN = process.env.API_ORIGIN;
|
||||
export const API_PATH = process.env.API_PATH;
|
||||
/**
|
||||
* Host of the instance
|
||||
*
|
||||
* Required
|
||||
*
|
||||
* Example: framameet.org
|
||||
*/
|
||||
export const MOBILIZON_INSTANCE_HOST = process.env.MOBILIZON_INSTANCE_HOST;
|
||||
|
||||
/**
|
||||
* URL on which the API is. "/api" will be added at the end
|
||||
*
|
||||
* Required
|
||||
*
|
||||
* Example: https://framameet.org
|
||||
*/
|
||||
export const GRAPHQL_API_ENDPOINT = process.env.GRAPHQL_API_ENDPOINT;
|
||||
|
||||
/**
|
||||
* URL with path on which the API is. Replaces GRAPHQL_API_ENDPOINT if used
|
||||
*
|
||||
* Optional
|
||||
*
|
||||
* Example: https://framameet.org/api
|
||||
*/
|
||||
export const GRAPHQL_API_FULL_PATH = process.env.GRAPHQL_API_FULL_PATH;
|
||||
|
@ -5,12 +5,14 @@ import { InMemoryCache, IntrospectionFragmentMatcher } from 'apollo-cache-inmemo
|
||||
import { createLink } from 'apollo-absinthe-upload-link';
|
||||
import { createApolloClient, restartWebsockets } from 'vue-cli-plugin-apollo/graphql-client';
|
||||
import { AUTH_TOKEN } from './constants';
|
||||
import { GRAPHQL_API_ENDPOINT, GRAPHQL_API_FULL_PATH } from './api/_entrypoint';
|
||||
|
||||
// Install the vue plugin
|
||||
Vue.use(VueApollo);
|
||||
|
||||
// Http endpoint
|
||||
const httpEndpoint = process.env.VUE_APP_GRAPHQL_HTTP || 'http://localhost:4000/api';
|
||||
const httpServer = GRAPHQL_API_ENDPOINT || 'http://localhost:4000';
|
||||
const httpEndpoint = GRAPHQL_API_FULL_PATH || `${httpServer}/api`;
|
||||
|
||||
const fragmentMatcher = new IntrospectionFragmentMatcher({
|
||||
introspectionQueryResultData: {
|
||||
|
121
lib/mix/tasks/generate_config.ex
Normal file
121
lib/mix/tasks/generate_config.ex
Normal file
@ -0,0 +1,121 @@
|
||||
defmodule Mix.Tasks.GenerateConfig do
|
||||
use Mix.Task
|
||||
|
||||
@moduledoc """
|
||||
Generate a new config
|
||||
|
||||
## Usage
|
||||
``mix generate_config``
|
||||
|
||||
This mix task is interactive, and will overwrite the environment file present at ``.env.production``.
|
||||
|
||||
Inspired from Pleroma own generate_config task
|
||||
"""
|
||||
def run(_) do
|
||||
IO.puts("Answer a few questions to generate a new config\n")
|
||||
|
||||
override =
|
||||
if File.exists?(".env.production") do
|
||||
confirm("You already have an .env.production file, do you want to override it?")
|
||||
else
|
||||
nil
|
||||
end
|
||||
|
||||
if override == true do
|
||||
IO.puts("\n--- THIS WILL OVERWRITE YOUR .env.production file! ---\n")
|
||||
end
|
||||
|
||||
if override != false do
|
||||
domain = string_required("What is your domain name? (e.g. framameet.org): ")
|
||||
name = string_required("What is the name of your instance? (e.g. Framameet): ")
|
||||
email = email("What's your admin email address: ")
|
||||
|
||||
if confirm("Is everything okay?") do
|
||||
do_generate(domain, name, email)
|
||||
else
|
||||
IO.puts("\nYou cancelled installation\n")
|
||||
end
|
||||
else
|
||||
IO.puts("\nYou cancelled installation\n")
|
||||
end
|
||||
end
|
||||
|
||||
defp do_generate(domain, name, email) do
|
||||
secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
|
||||
|
||||
# Try to avoid issues with some special caracters using url_encode64()
|
||||
dbpass = :crypto.strong_rand_bytes(64) |> Base.url_encode64() |> binary_part(0, 64)
|
||||
|
||||
resultSql = EEx.eval_file("support/postgresql/setup_db.psql", database_password: dbpass)
|
||||
|
||||
result =
|
||||
EEx.eval_file(
|
||||
".env.production.sample",
|
||||
instance_domain: domain,
|
||||
instance_name: name,
|
||||
instance_email: email,
|
||||
instance_secret: secret,
|
||||
database_password: dbpass
|
||||
)
|
||||
|
||||
IO.puts("\nWriting config to .env.production.\n\nCheck it and configure your database.")
|
||||
|
||||
File.write(".env.production", result)
|
||||
|
||||
IO.puts("""
|
||||
\nWriting setup_db.psql, please run it as postgres superuser, i.e.: sudo su postgres -c 'psql -f setup_db.psql'\n
|
||||
You may delete the setup_db.psql file once it has been executed.
|
||||
""")
|
||||
|
||||
File.write("setup_db.psql", resultSql)
|
||||
end
|
||||
|
||||
# Taken from ex_prompt
|
||||
@spec confirm(String.t()) :: boolean()
|
||||
defp confirm(prompt) do
|
||||
answer =
|
||||
String.trim(prompt)
|
||||
|> Kernel.<>(" [Yn] ")
|
||||
|> string()
|
||||
|> String.downcase()
|
||||
|
||||
cond do
|
||||
answer in ~w(yes y) -> true
|
||||
answer in ~w(no n) -> false
|
||||
true -> confirm(prompt)
|
||||
end
|
||||
end
|
||||
|
||||
# Taken from ex_prompt
|
||||
@spec string(String.t()) :: String.t()
|
||||
defp string(prompt) do
|
||||
case IO.gets(prompt) do
|
||||
:eof -> ""
|
||||
{:error, _reason} -> ""
|
||||
str -> String.trim_trailing(str)
|
||||
end
|
||||
end
|
||||
|
||||
# Taken from ex_prompt
|
||||
@spec string_required(String.t()) :: String.t()
|
||||
defp string_required(prompt) do
|
||||
case string(prompt) do
|
||||
"" -> string_required(prompt)
|
||||
str -> str
|
||||
end
|
||||
end
|
||||
|
||||
@spec email(String.t(), boolean()) :: String.t()
|
||||
defp email(prompt, required \\ true) do
|
||||
email_value =
|
||||
case required do
|
||||
true -> string_required(prompt)
|
||||
_ -> string(prompt)
|
||||
end
|
||||
|
||||
case Mobilizon.Service.EmailChecker.valid?(email_value) do
|
||||
false -> email(prompt, required)
|
||||
_ -> email_value
|
||||
end
|
||||
end
|
||||
end
|
@ -5,6 +5,7 @@ defmodule Mobilizon.Actors.User do
|
||||
use Ecto.Schema
|
||||
import Ecto.Changeset
|
||||
alias Mobilizon.Actors.{Actor, User}
|
||||
alias Mobilizon.Service.EmailChecker
|
||||
|
||||
schema "users" do
|
||||
field(:email, :string)
|
||||
|
@ -27,12 +27,19 @@ defmodule MobilizonWeb.Schema do
|
||||
field(:summary, :string, description: "The actor's summary")
|
||||
field(:preferred_username, :string, description: "The actor's preferred username")
|
||||
field(:keys, :string, description: "The actors RSA Keys")
|
||||
field(:manually_approves_followers, :boolean, description: "Whether the actors manually approves followers")
|
||||
|
||||
field(:manually_approves_followers, :boolean,
|
||||
description: "Whether the actors manually approves followers"
|
||||
)
|
||||
|
||||
field(:suspended, :boolean, description: "If the actor is suspended")
|
||||
field(:avatar_url, :string, description: "The actor's avatar url")
|
||||
field(:banner_url, :string, description: "The actor's banner url")
|
||||
# field(:followers, list_of(:follower))
|
||||
field(:organized_events, list_of(:event), resolve: dataloader(Events), description: "A list of the events this actor has organized")
|
||||
field(:organized_events, list_of(:event),
|
||||
resolve: dataloader(Events),
|
||||
description: "A list of the events this actor has organized"
|
||||
)
|
||||
|
||||
# field(:memberships, list_of(:member))
|
||||
field(:user, :user, description: "The user this actor is associated to")
|
||||
@ -52,13 +59,29 @@ defmodule MobilizonWeb.Schema do
|
||||
field(:id, non_null(:id), description: "The user's ID")
|
||||
field(:email, non_null(:string), description: "The user's email")
|
||||
# , resolve: dataloader(:actors))
|
||||
field(:actors, non_null(list_of(:actor)), description: "The user's list of actors (identities)")
|
||||
field(:actors, non_null(list_of(:actor)),
|
||||
description: "The user's list of actors (identities)"
|
||||
)
|
||||
|
||||
field(:default_actor_id, non_null(:integer), description: "The user's default actor")
|
||||
field(:confirmed_at, :datetime, description: "The datetime when the user was confirmed/activated")
|
||||
field(:confirmation_sent_at, :datetime, description: "The datetime the last activation/confirmation token was sent")
|
||||
|
||||
field(:confirmed_at, :datetime,
|
||||
description: "The datetime when the user was confirmed/activated"
|
||||
)
|
||||
|
||||
field(:confirmation_sent_at, :datetime,
|
||||
description: "The datetime the last activation/confirmation token was sent"
|
||||
)
|
||||
|
||||
field(:confirmation_token, :string, description: "The account activation/confirmation token")
|
||||
field(:reset_password_sent_at, :datetime, description: "The datetime last reset password email was sent")
|
||||
field(:reset_password_token, :string, description: "The token sent when requesting password token")
|
||||
|
||||
field(:reset_password_sent_at, :datetime,
|
||||
description: "The datetime last reset password email was sent"
|
||||
)
|
||||
|
||||
field(:reset_password_token, :string,
|
||||
description: "The token sent when requesting password token"
|
||||
)
|
||||
end
|
||||
|
||||
@desc "A JWT and the associated user ID"
|
||||
|
15
lib/service/email_checker.ex
Normal file
15
lib/service/email_checker.ex
Normal file
@ -0,0 +1,15 @@
|
||||
defmodule Mobilizon.Service.EmailChecker do
|
||||
@moduledoc """
|
||||
Provides a function to test emails against a "not so bad" regex
|
||||
"""
|
||||
|
||||
@email_regex ~r/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
|
||||
|
||||
@doc """
|
||||
Returns whether the email is valid
|
||||
"""
|
||||
@spec valid?(String.t()) :: boolean()
|
||||
def valid?(email) do
|
||||
email =~ @email_regex
|
||||
end
|
||||
end
|
1
mix.exs
1
mix.exs
@ -87,7 +87,6 @@ defmodule Mobilizon.Mixfile do
|
||||
{:dataloader, "~> 1.0"},
|
||||
{:arc, "~> 0.11.0"},
|
||||
{:arc_ecto, "~> 0.11.0"},
|
||||
{:email_checker, "~> 0.1.2"},
|
||||
{:plug_cowboy, "~> 1.0"},
|
||||
# Dev and test dependencies
|
||||
{:phoenix_live_reload, "~> 1.0", only: :dev},
|
||||
|
27
support/systemd/mobilizon.service
Normal file
27
support/systemd/mobilizon.service
Normal file
@ -0,0 +1,27 @@
|
||||
[Unit]
|
||||
Description=Mobilizon Service
|
||||
After=network.target postgresql.service
|
||||
|
||||
[Service]
|
||||
User=mobilizon
|
||||
WorkingDirectory=/home/mobilizon/mobilizon
|
||||
ExecStart=/usr/local/bin/mix phx.server
|
||||
ExecReload=/bin/kill $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
EnvironmentFile=/var/www/mobilizon/.env
|
||||
|
||||
; Some security directives.
|
||||
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
|
||||
PrivateTmp=true
|
||||
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
|
||||
ProtectSystem=full
|
||||
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
|
||||
PrivateDevices=false
|
||||
; Ensures that the service process and all its children can never gain new privileges through execve().
|
||||
NoNewPrivileges=true
|
||||
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mobilizon.service
|
Loading…
Reference in New Issue
Block a user