Compare commits

..

1 Commits

Author SHA1 Message Date
tykayn 2568db9bed honeypot feature on register form 2 years ago
  1. 66
      .devcontainer/Dockerfile
  2. 44
      .devcontainer/devcontainer.json
  3. 46
      .devcontainer/docker-compose.yml
  4. 2
      .dockerignore
  5. 15
      .doctor.exs
  6. 24
      .env.template
  7. 3
      .formatter.exs
  8. 10
      .gitignore
  9. 356
      .gitlab-ci.yml
  10. 1
      .ncignore
  11. 12
      .sobelow-conf
  12. 16
      .sobelow-skips
  13. 2
      .tool-versions
  14. 1448
      CHANGELOG.md
  15. 4
      Dockerfile
  16. 25
      Makefile
  17. 29
      README.md
  18. 32
      SECURITY.md
  19. 189
      UPGRADE.md
  20. 186
      config/config.exs
  21. 44
      config/dev.exs
  22. 54
      config/prod.exs
  23. 37
      config/test.exs
  24. 2
      docker-compose.test.yml
  25. 34
      docker-compose.yml
  26. 44
      docker/multiarch/Dockerfile
  27. 1
      docker/multiarch/README.md
  28. 47
      docker/production/Dockerfile
  29. 52
      docker/production/releases.exs
  30. 7
      docker/tests/Dockerfile
  31. 1
      docker/tests/README.md
  32. 4
      js/.browserslistrc
  33. 4
      js/.eslintrc.js
  34. 1
      js/.gitignore
  35. 6
      js/.prettierrc.json
  36. 3
      js/.yarnrc.yml
  37. 4
      js/apollo.config.js
  38. 49
      js/fragmentTypes.json
  39. 1
      js/jest.config.js
  40. 142
      js/package.json
  41. 6
      js/postcss.config.js
  42. BIN
      js/public/favicon.ico
  43. 1
      js/public/img/fediverse_monochrome.svg
  44. BIN
      js/public/img/icons/android-chrome-192x192 (copie).png
  45. BIN
      js/public/img/icons/android-chrome-192x192.png
  46. BIN
      js/public/img/icons/android-chrome-512x512.png
  47. BIN
      js/public/img/icons/android-chrome-maskable-192x192.png
  48. BIN
      js/public/img/icons/android-chrome-maskable-512x512.png
  49. BIN
      js/public/img/icons/apple-touch-icon-120x120.png
  50. BIN
      js/public/img/icons/apple-touch-icon-152x152.png
  51. BIN
      js/public/img/icons/apple-touch-icon-180x180.png
  52. BIN
      js/public/img/icons/apple-touch-icon-60x60.png
  53. BIN
      js/public/img/icons/apple-touch-icon-76x76.png
  54. BIN
      js/public/img/icons/apple-touch-icon.png
  55. BIN
      js/public/img/icons/badge-128x128.png
  56. BIN
      js/public/img/icons/favicon-16x16.png
  57. BIN
      js/public/img/icons/favicon-32x32.png
  58. 1
      js/public/img/icons/favicon.svg
  59. BIN
      js/public/img/icons/favicon_chapril_mobilizon.png
  60. 0
      js/public/img/icons/icon-128x128.png
  61. BIN
      js/public/img/icons/icon-144x144.png
  62. BIN
      js/public/img/icons/icon-168x168.png
  63. BIN
      js/public/img/icons/icon-256x256.png
  64. BIN
      js/public/img/icons/icon-384x384.png
  65. BIN
      js/public/img/icons/icon-48x48.png
  66. BIN
      js/public/img/icons/icon-512x512.png
  67. BIN
      js/public/img/icons/icon-72x72.png
  68. BIN
      js/public/img/icons/icon-96x96.png
  69. BIN
      js/public/img/icons/msapplication-icon-144x144.png
  70. BIN
      js/public/img/icons/mstile-150x150.png
  71. BIN
      js/public/img/icons/original/favicon-16x16.png
  72. 150
      js/public/img/icons/safari-pinned-tab.svg
  73. 1
      js/public/img/koena-a11y.svg
  74. BIN
      js/public/img/long_logo_chapril_mobilizon.png
  75. BIN
      js/public/img/mobilizon_default_card.png
  76. BIN
      js/public/img/mobilizon_default_card_original.png
  77. BIN
      js/public/img/mobilizon_logo.png
  78. 11
      js/public/img/mobilizon_logo.svg
  79. BIN
      js/public/img/mobilizon_logo_original.png
  80. 1
      js/public/img/peertube_monochrome.svg
  81. BIN
      js/public/img/pics/event_creation-1024w.jpg
  82. BIN
      js/public/img/pics/event_creation-1024w.webp
  83. BIN
      js/public/img/pics/event_creation-480w.jpg
  84. BIN
      js/public/img/pics/event_creation-480w.webp
  85. BIN
      js/public/img/pics/group-1024w.jpg
  86. BIN
      js/public/img/pics/group-1024w.webp
  87. BIN
      js/public/img/pics/group-480w.jpg
  88. BIN
      js/public/img/pics/group-480w.webp
  89. BIN
      js/public/img/pics/homepage_background-1024w.png
  90. BIN
      js/public/img/pics/homepage_background-1024w.webp
  91. BIN
      js/public/img/pics/logo_chapril_mobilizon.png
  92. 1
      js/public/img/sign_language_monochrome.svg
  93. 2
      js/public/index.html
  94. 1072
      js/schema.graphql
  95. 174
      js/src/App.vue
  96. 20
      js/src/apollo/user.ts
  97. 191
      js/src/apollo/utils.ts
  98. BIN
      js/src/assets/chapril_mobilizon_logo_long.xcf
  99. 4
      js/src/assets/diaspora-icon.svg
  100. BIN
      js/src/assets/logo.png
  101. Some files were not shown because too many files have changed in this diff Show More

@ -1,66 +0,0 @@
# Update the VARIANT arg in docker-compose.yml to pick an Elixir version: 1.9, 1.10, 1.10.4
ARG VARIANT="1.12.3"
FROM elixir:${VARIANT}
# This Dockerfile adds a non-root user with sudo access. Update the โ€œremoteUserโ€ property in
# devcontainer.json to use it. More info: https://aka.ms/vscode-remote/containers/non-root-user.
ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=$USER_UID
# Options for common package install script
ARG INSTALL_ZSH="true"
ARG UPGRADE_PACKAGES="true"
ARG COMMON_SCRIPT_SOURCE="https://raw.githubusercontent.com/microsoft/vscode-dev-containers/v0.209.6/script-library/common-debian.sh"
ARG COMMON_SCRIPT_SHA="d35dd1711454156c9a59cc41ebe04fbff681ca0bd304f10fd5b13285d0de13b2"
# Optional Settings for Phoenix
ARG PHOENIX_VERSION="1.6.2"
# [Optional] Setup nodejs
ARG NODE_SCRIPT_SOURCE="https://raw.githubusercontent.com/microsoft/vscode-dev-containers/main/script-library/node-debian.sh"
ARG NODE_SCRIPT_SHA="dev-mode"
ARG NODE_VERSION="none"
ENV NVM_DIR=/usr/local/share/nvm
ENV NVM_SYMLINK_CURRENT=true
ENV PATH=${NVM_DIR}/current/bin:${PATH}
# [Optional, Choice] Node.js version: none, lts/*, 16, 14, 12, 10
ARG NODE_VERSION="none"
# Install needed packages and setup non-root user. Use a separate RUN statement to add your own dependencies.
RUN apt-get update \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y install --no-install-recommends curl ca-certificates 2>&1 \
&& curl -sSL ${COMMON_SCRIPT_SOURCE} -o /tmp/common-setup.sh \
&& ([ "${COMMON_SCRIPT_SHA}" = "dev-mode" ] || (echo "${COMMON_SCRIPT_SHA} */tmp/common-setup.sh" | sha256sum -c -)) \
&& /bin/bash /tmp/common-setup.sh "${INSTALL_ZSH}" "${USERNAME}" "${USER_UID}" "${USER_GID}" "${UPGRADE_PACKAGES}" \
#
# [Optional] Install Node.js for use with web applications
&& if [ "$NODE_VERSION" != "none" ]; then \
curl -sSL ${NODE_SCRIPT_SOURCE} -o /tmp/node-setup.sh \
&& ([ "${NODE_SCRIPT_SHA}" = "dev-mode" ] || (echo "${NODE_SCRIPT_SHA} */tmp/node-setup.sh" | sha256sum -c -)) \
&& /bin/bash /tmp/node-setup.sh "${NVM_DIR}" "${NODE_VERSION}" "${USERNAME}"; \
fi \
#
# Install dependencies
&& apt-get install -y build-essential \
#
# Clean up
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/* /tmp/common-setup.sh /tmp/node-setup.sh
RUN su ${USERNAME} -c "mix local.hex --force \
&& mix local.rebar --force \
&& mix archive.install --force hex phx_new ${PHOENIX_VERSION}"
RUN apt-get update \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y install --no-install-recommends cmake webp bash libncurses6 git python3 inotify-tools \
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
# [Optional] Uncomment this line to install additional package.
# RUN mix ...

@ -1,44 +0,0 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
// https://github.com/microsoft/vscode-dev-containers/tree/v0.209.6/containers/elixir-phoenix-postgres
{
"name": "Elixir, Phoenix, Node.js & PostgresSQL (Community)",
"dockerComposeFile": "docker-compose.yml",
"service": "elixir",
"workspaceFolder": "/workspace",
// Set *default* container specific settings.json values on container create.
"settings": {
"sqltools.connections": [{
"name": "Container database",
"driver": "PostgreSQL",
"previewLimit": 50,
"server": "localhost",
"port": 5432,
"database": "postgres",
"username": "postgres",
"password": "postgres"
}]
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"jakebecker.elixir-ls",
"mtxr.sqltools",
"mtxr.sqltools-driver-pg"
],
// Use 'forwardPorts' to make a list of ports inside the container available locally.
"forwardPorts": [4000, 4001, 5432],
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "mix deps.get",
// "runArgs": ["--userns=keep-id", "--privileged"],
// "containerUser": "vscode",
// "containerEnv": {
// "HOME": "/home/vscode",
// },
// "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,Z",
// Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode"
}

@ -1,46 +0,0 @@
version: "3.8"
services:
elixir:
build:
context: .
dockerfile: Dockerfile
args:
# Elixir Version: 1.9, 1.10, 1.10.4, ...
VARIANT: "1.13.1"
# Phoenix Version: 1.4.17, 1.5.4, ...
PHOENIX_VERSION: "1.6.6"
# Node Version: 10, 11, ...
NODE_VERSION: "16"
volumes:
- ..:/workspace:z
# Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function.
network_mode: service:db
# Overrides default command so things don't shut down after the process ends.
command: sleep infinity
environment:
MOBILIZON_INSTANCE_NAME: My Mobilizon Instance
MOBILIZON_INSTANCE_HOST: localhost
MOBILIZON_INSTANCE_HOST_PORT: 4000
MOBILIZON_INSTANCE_PORT: 4000
MOBILIZON_INSTANCE_EMAIL: noreply@mobilizon.me
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: "true"
MOBILIZON_DATABASE_PASSWORD: postgres
MOBILIZON_DATABASE_USERNAME: postgres
MOBILIZON_DATABASE_DBNAME: mobilizon
MOBILIZON_DATABASE_HOST: db
db:
image: postgis/postgis:latest
restart: unless-stopped
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: app
volumes:
postgres-data: null

@ -15,5 +15,5 @@ Makefile
README.md
SECURITY.md
ssh_match_hostname
support
.js/package-lock.json
js/node_modules

@ -1,15 +0,0 @@
%Doctor.Config{
exception_moduledoc_required: true,
failed: false,
ignore_modules: [Mobilizon.Web, Mobilizon.GraphQL.Schema, Mobilizon.Service.Activity.Renderer, Mobilizon.Service.Workers.Helper],
ignore_paths: [],
min_module_doc_coverage: 100,
min_module_spec_coverage: 50,
min_overall_doc_coverage: 100,
min_overall_spec_coverage: 90,
moduledoc_required: true,
raise: false,
reporter: Doctor.Reporters.Full,
struct_type_spec_required: true,
umbrella: false
}

@ -1,24 +0,0 @@
# Database settings
POSTGRES_USER=mobilizon
POSTGRES_PASSWORD=changethis
POSTGRES_DB=mobilizon
POSTGRES_PORT=5432
# Instance configuration
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
MOBILIZON_INSTANCE_NAME=My Mobilizon Instance
MOBILIZON_INSTANCE_HOST=mobilizon.lan
MOBILIZON_INSTANCE_PORT=4000
MOBILIZON_INSTANCE_SECRET_KEY_BASE=changethis
MOBILIZON_INSTANCE_SECRET_KEY=changethis
MOBILIZON_INSTANCE_EMAIL=noreply@mobilizon.lan
MOBILIZON_REPLY_EMAIL=contact@mobilizon.lan
# Email settings
MOBILIZON_SMTP_SERVER=localhost
MOBILIZON_SMTP_PORT=25
MOBILIZON_SMTP_USERNAME=noreply@mobilizon.lan
MOBILIZON_SMTP_PASSWORD=password
MOBILIZON_SMTP_SSL=false

@ -1,4 +1,3 @@
[
plugins: [Phoenix.LiveView.HTMLFormatter],
inputs: ["{mix,.formatter}.exs", "{config,lib,test,priv}/**/*.{ex,exs,heex}"]
inputs: ["{mix,.formatter}.exs", "{config,lib,test,priv}/**/*.{ex,exs}"]
]

10
.gitignore vendored

@ -14,7 +14,6 @@ erl_crash.dump
# secrets files as long as you replace their contents by environment
# variables.
/config/*.secret.exs
/config/runtime.exs
/setup_db.psql
@ -26,26 +25,17 @@ priv/data/*
!priv/data/.gitkeep
priv/errors/*
!priv/errors/.gitkeep
priv/cert/
priv/python/__pycache__/
.vscode/
cover/
site/
test/fixtures/image_tmp.jpg
test/fixtures/picture_tmp.png
test/fixtures/DSCN0010_tmp.jpg
test/uploads/
uploads/*
release/
!uploads/.gitkeep
!uploads/exports/.gitkeep
!uploads/exports/**/.gitkeep
.idea
*.mo
*.po~
.weblate
docker/production/.env
test-junit-report.xml
js/junit.xml
.env
demo/

@ -1,22 +1,17 @@
image: tcitworld/mobilizon-ci
stages:
- install
- check
- build-js
- test
- docker
- package
- upload
- deploy
- docker
variables:
MIX_ENV: "test"
YARN_CACHE_FOLDER: "js/.yarn"
# DB Variables for Postgres / Postgis
POSTGRES_DB: mobilizon_test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_PASSWORD: ""
POSTGRES_HOST: postgres
# DB Variables for Mobilizon
MOBILIZON_DATABASE_USERNAME: $POSTGRES_USER
@ -25,137 +20,95 @@ variables:
MOBILIZON_DATABASE_HOST: $POSTGRES_HOST
GEOLITE_CITIES_PATH: "/usr/share/GeoIP/GeoLite2-City.mmdb"
MOBILIZON_INSTANCE_REGISTRATIONS_OPEN: "true"
# Release elements
PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}"
ARCH: "amd64"
EXPORT_FORMATS: "csv,ods,pdf"
APP_VERSION: "${CI_COMMIT_REF_NAME}"
APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz"
CYPRESS_INSTALL_BINARY: 0
cache:
key: "${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}"
key: ${CI_COMMIT_REF_SLUG}
paths:
- ~/.cache/Cypress
- cache/Cypress
- deps/
- _build/
- deps/
- js/node_modules
- js/.yarn
# Installed dependencies are cached across the pipeline
# So there is no need to reinstall them all the time
# It saves minutes during a pipeline build time
install:
stage: install
script:
- yarn --cwd "js" install --frozen-lockfile
- mix deps.get
- mix compile
- cache/Cypress
lint-elixir:
lint:
stage: check
before_script:
- mix deps.get
script:
- export EXITVALUE=0
- git fetch origin ${CI_DEFAULT_BRANCH}
- TARGET_SHA1=$(git show-ref -s ${CI_DEFAULT_BRANCH})
- echo "$TARGET_SHA1"
- mix deps.get
- mix credo --strict -a || export EXITVALUE=1
- mix format --check-formatted --dry-run || export EXITVALUE=1
- mix credo diff --from-git-merge-base $TARGET_SHA1 --strict -a || export EXITVALUE=1
- mix sobelow --config || export EXITVALUE=1
- exit $EXITVALUE
lint-front:
image: node:16
stage: check
before_script:
- export EXITVALUE=0
- yarn --cwd "js" install --frozen-lockfile
script:
- yarn --cwd "js" run lint || export EXITVALUE=1
- yarn --cwd "js" run prettier -c . || export EXITVALUE=1
- cd js
- yarn install
- yarn run lint || export EXITVALUE=1
- yarn run prettier -c . || export EXITVALUE=1
- yarn run build:assets
- cd ../
- exit $EXITVALUE
build-frontend:
stage: build-js
image: node:16
before_script:
- apt update
- apt install -y --no-install-recommends python build-essential webp imagemagick gifsicle jpegoptim optipng pngquant
script:
- yarn --cwd "js" install --frozen-lockfile
- yarn --cwd "js" run build
artifacts:
expire_in: 5 days
expire_in: 1 day
when: on_success
paths:
- priv/static
needs:
- lint-front
deps:
stage: check
before_script:
- mix deps.get
script:
- export EXITVALUE=0
- mix deps.get
- mix hex.outdated || export EXITVALUE=1
- yarn --cwd "js" outdated || export EXITVALUE=1
- cd js
- yarn outdated || export EXITVALUE=1
- exit $EXITVALUE
allow_failure: true
needs:
- install
exunit:
stage: test
services:
- name: postgis/postgis:14-3.2
- name: mdillon/postgis:11
alias: postgres
variables:
MIX_ENV: test
before_script:
- mix deps.get && mix tz_world.update
- mix ecto.create
- mix ecto.migrate
- cd js
- yarn install
- yarn run build:assets
- cd ../
- mix deps.get
- MIX_ENV=test mix ecto.create
- MIX_ENV=test mix ecto.migrate
dependencies:
- lint
script:
- mix coveralls
artifacts:
when: always
reports:
junit:
- test-junit-report.xml
expire_in: 30 days
jest:
stage: test
needs:
- lint-front
before_script:
- yarn --cwd "js" install --frozen-lockfile
- cd js
- yarn install
dependencies:
- lint
script:
- yarn --cwd "js" run test:unit --no-color --ci --reporters=default --reporters=jest-junit
- yarn run test:unit --no-color
artifacts:
when: always
paths:
- js/coverage
reports:
junit:
- js/junit.xml
expire_in: 30 days
# cypress:
# stage: test
# services:
# - name: postgis/postgis:13.3
# - name: mdillon/postgis:11
# alias: postgres
# variables:
# MIX_ENV=e2e
# script:
# - mix ecto.create
# - mix ecto.migrate
# - mix run priv/repo/e2e.seed.exs
# - mix phx.server &
# - mix deps.get
# - cd js
# - yarn install
# - npx cypress install # just to be sure
# - yarn run build
# - cd ../
# - MIX_ENV=e2e mix ecto.create
# - MIX_ENV=e2e mix ecto.migrate
# - MIX_ENV=e2e mix run priv/repo/e2e.seed.exs
# - MIX_ENV=e2e mix phx.server &
# - cd js
# - npx wait-on http://localhost:4000
# - if [ -z "$CYPRESS_KEY" ]; then npx cypress run; else npx cypress run --record --parallel --key $CYPRESS_KEY; fi
@ -165,201 +118,48 @@ jest:
# - js/tests/e2e/screenshots/**/*.png
# - js/tests/e2e/videos/**/*.mp4
pages:
stage: deploy
script:
- mkdir public
- mix deps.get
- mix docs
- mv doc public/backend
# #- yarn run --cwd "js" styleguide:build
# #- mv js/styleguide public/frontend
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
artifacts:
expire_in: 1 hour
paths:
- public
# pages:
# stage: deploy
# script:
# # - mkdir public
# # Mobilizon documentation is now on https://framagit.org/framasoft/joinmobilizon/documentation
# # Mix docs disabled because of https://github.com/elixir-lang/ex_doc/issues/1172
# # - mix deps.get
# # - mix docs
# # - mv doc public/backend
# #- cd js
# #- yarn install
# #- yarn run styleguide:build
# #- mv styleguide ../public/frontend
# only:
# - master
# artifacts:
# expire_in: 1 hour
# paths:
# - public
.docker: &docker
stage: docker
image: docker:20.10.12
variables:
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
DOCKER_DRIVER: overlay2
services:
- docker:20.10.12-dind
cache: {}
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
before_script:
# Install buildx
- wget https://github.com/docker/buildx/releases/download/v0.8.1/buildx-v0.8.1.linux-amd64
- mkdir -p ~/.docker/cli-plugins/
- mv buildx-v0.8.1.linux-amd64 ~/.docker/cli-plugins/docker-buildx
- chmod a+x ~/.docker/cli-plugins/docker-buildx
# Create env
- docker context create tls-environment
- docker buildx create --use tls-environment
# Install qemu/binfmt
- docker pull tonistiigi/binfmt:latest
- docker run --rm --privileged tonistiigi/binfmt:latest --install all
# Login to DockerHub
- mkdir -p ~/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > ~/.docker/config.json
tags:
- "privileged"
build-docker-main:
<<: *docker
rules:
- if: '$CI_PROJECT_NAMESPACE != "framasoft"'
when: never
- if: '$CI_PIPELINE_SOURCE == "schedule"'
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$CI_REGISTRY_AUTH\",\"email\":\"$CI_REGISTRY_EMAIL\"}}}" > /kaniko/.docker/config.json
script:
- docker buildx build --push --platform linux/amd64 -t framasoft/mobilizon:main -f docker/production/Dockerfile .
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/production/Dockerfile --destination $DOCKER_IMAGE_NAME
build-docker-tag:
build-docker-master:
<<: *docker
rules: &tag-rules
- if: '$CI_PROJECT_NAMESPACE != "framasoft"'
when: never
- if: $CI_COMMIT_TAG
timeout: 3 hours
script:
- >
docker buildx build
--push
--platform linux/amd64,linux/arm64,linux/arm
-t framasoft/mobilizon:$CI_COMMIT_TAG
-t framasoft/mobilizon:latest
-f docker/production/Dockerfile .
# Packaging app for amd64
package-app:
image: mobilizon/buildpack:1.13.4-erlang-24.3.3-debian-buster
stage: package
variables: &release-variables
MIX_ENV: "prod"
DEBIAN_FRONTEND: noninteractive
TZ: Etc/UTC
APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz"
script: &release-script
- mix local.hex --force
- mix local.rebar --force
- mix deps.get --only-prod
- mix compile
- mix phx.digest.clean --all && \
- mix release --path release/mobilizon
- cd release/mobilizon && ln -s lib/mobilizon-*/priv priv && cd ../../
- du -sh release/
- 'echo "Artifact: ${APP_ASSET}"'
- tar czf ${APP_ASSET} -C release mobilizon
- du -sh ${APP_ASSET}
only:
- tags@framasoft/mobilizon
artifacts:
expire_in: 2 days
paths:
- ${APP_ASSET}
package-app-dev:
stage: package
variables: *release-variables
script: *release-script
except:
- tags@framasoft/mobilizon
artifacts:
expire_in: 2 days
paths:
- ${APP_ASSET}
# Packaging app for multi-arch
multi-arch-release:
stage: package
image: docker:20.10.12
- schedules
variables:
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
DOCKER_DRIVER: overlay2
APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz"
OS: debian-buster
services:
- docker:20.10.12-dind
cache: {}
before_script:
# Install buildx
- wget https://github.com/docker/buildx/releases/download/v0.8.1/buildx-v0.8.1.linux-amd64
- mkdir -p ~/.docker/cli-plugins/
- mv buildx-v0.8.1.linux-amd64 ~/.docker/cli-plugins/docker-buildx
- chmod a+x ~/.docker/cli-plugins/docker-buildx
# Create env
- docker context create tls-environment
- docker buildx create --use tls-environment
# Install qemu/binfmt
- docker pull tonistiigi/binfmt:latest
- docker run --rm --privileged tonistiigi/binfmt:latest --install all
script:
- docker buildx build --platform linux/${ARCH} --output type=local,dest=releases --build-arg APP_ASSET=${APP_ASSET} -f docker/multiarch/Dockerfile .
- ls -alh releases/mobilizon/
- du -sh releases/mobilizon/${APP_ASSET}
- mv releases/mobilizon/${APP_ASSET} .
tags:
- "privileged"
artifacts:
expire_in: 2 days
paths:
- ${APP_ASSET}
parallel:
matrix:
- ARCH: ["arm", "arm64"]
rules:
- if: '$CI_PROJECT_NAMESPACE != "framasoft"'
when: never
- if: '$CI_PIPELINE_SOURCE == "schedule"'
- if: $CI_COMMIT_TAG
timeout: 3h
DOCKER_IMAGE_NAME: framasoft/mobilizon:master
# Release
release-upload:
stage: upload
image: framasoft/upload-packages:latest
variables:
APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz"
rules: *tag-rules
script:
- eval `ssh-agent -s`
- ssh-add <(echo "${DEPLOYEMENT_KEY}" | base64 --decode -i)
- echo "put -r ${APP_ASSET}" | sftp -o "VerifyHostKeyDNS yes" ${DEPLOYEMENT_USER}@${DEPLOYEMENT_HOST}:public/
artifacts:
expire_in: 1 day
when: on_success
paths:
- mobilizon_*.tar.gz
parallel:
matrix:
- ARCH: ["amd64", "arm", "arm64"]
release-create:
stage: deploy
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules: *tag-rules
build-docker-tag:
<<: *docker
only:
- tags
variables:
APP_ASSET_AMD64: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_amd64.tar.gz"
APP_ASSET_ARM: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_arm.tar.gz"
APP_ASSET_ARM64: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_arm64.tar.gz"
before_script:
- apk --no-cache add gawk sed grep
script: |
CHANGELOG=$(awk -v version="$APP_VERSION" '/^## / { printit = $2 == version }; printit' CHANGELOG.md | grep -v "## $APP_VERSION" | sed '1{/^$/d}')
ENDPOINT="https://packages.joinmobilizon.org"
release-cli create --name "$CI_COMMIT_TAG" \
--description "$CHANGELOG" \
--tag-name "$CI_COMMIT_TAG" \
--assets-link "{\"name\":\"${APP_ASSET_AMD64}\",\"url\":\"${ENDPOINT}/${APP_ASSET_AMD64}\"}" \
--assets-link "{\"name\":\"${APP_ASSET_ARM}\",\"url\":\"${ENDPOINT}/${APP_ASSET_ARM}\"}" \
--assets-link "{\"name\":\"${APP_ASSET_ARM64}\",\"url\":\"${ENDPOINT}/${APP_ASSET_ARM64}\"}"
DOCKER_IMAGE_NAME: framasoft/mobilizon:$CI_COMMIT_TAG

@ -1 +0,0 @@
deps

@ -1,12 +0,0 @@
[
verbose: true,
private: false,
skip: true,
router: "lib/web/router.ex",
exit: "low",
format: "txt",
out: "",
threshold: "medium",
ignore: ["Config.HTTPS", "Config.CSP"],
ignore_files: ["config/runtime.exs"]
]

@ -1,16 +0,0 @@
02CE4963DFD1B0D6D5C567357CAFFE97
155A1FB53DE39EC8EFCFD7FB94EA823D
2262742E5C8944D5BF6698EC61F5DE50
25BEE162A99754480967216281E9EF33
2A6F71CD6F1246F0B152C2376E2E398A
30552A09D485A6AA73401C1D54F63C21
52900CE4EE3598F6F178A651FB256770
6151F44368FC19F2394274F513C29151
765526195D4C6D770EAF4DC944A8CBF4
B2FF1A12F13B873507C85091688C1D6D
B9AF8A342CD7FF39E10CC10A408C28E1
C042E87389F7BDCFF4E076E95731AE69
C42BFAEF7100F57BED75998B217C857A
D11958E86F1B6D37EF656B63405CA8A4
F16F054F2628609A726B9FF2F089D484

@ -1,2 +0,0 @@
elixir 1.13.4-otp-24
erlang 24.3.3

File diff suppressed because it is too large Load Diff

@ -1,6 +1,6 @@
FROM elixir:alpine
FROM bitwalker/alpine-elixir:latest
RUN apk add --no-cache inotify-tools postgresql-client yarn file make gcc libc-dev argon2 imagemagick cmake build-base libwebp-tools bash ncurses git python3
RUN apk add --no-cache inotify-tools postgresql-client yarn file make gcc libc-dev argon2 imagemagick cmake build-base libwebp-tools bash ncurses
RUN mix local.hex --force && mix local.rebar --force

@ -1,27 +1,18 @@
init:
@bash docker/message.sh "Start"
@bash docker/message.sh "start"
make start
setup: stop
@bash docker/message.sh "Compiling everything"
docker-compose run --rm api bash -c 'mix deps.get; yarn --cwd "js"; yarn --cwd "js" build:pictures; mix ecto.create; mix ecto.migrate'
migrate:
docker-compose run --rm api mix ecto.migrate
logs:
docker-compose logs -f
start: stop
@bash docker/message.sh "Starting Mobilizon with Docker"
@bash docker/message.sh "starting Mobilizon with docker"
docker-compose up -d api
@bash docker/message.sh "Docker server started"
@bash docker/message.sh "Docker server started."
stop:
@bash docker/message.sh "Stopping Mobilizon"
@bash docker/message.sh "stopping Mobilizon"
docker-compose down
@bash docker/message.sh "Mobilizon is stopped"
@bash docker/message.sh "stopped"
test: stop
@bash docker/message.sh "Running tests"
docker-compose -f docker-compose.yml -f docker-compose.test.yml run api mix test $(only)
@bash docker/message.sh "Done running tests"
format:
docker-compose run --rm api bash -c "mix format && mix credo --strict"
@bash docker/message.sh "Code is now ready to commit :)"
docker-compose -f docker-compose.yml -f docker-compose.test.yml run api mix test
@bash docker/message.sh "Tests runned"
target: init

@ -20,7 +20,7 @@ Mobilizon is your federated organization and mobilization platform. Gather peopl
Mobilizon is a tool designed to create platforms for managing communities and events. Its purpose is to help as many people as possible to free themselves from Facebook groups and events, from Meetup, etc.
The Mobilizon software is under a Free licence, so anyone can host a Mobilizon server, called an instance. These instances may federate with each other, so any person with an account on _ExampleMeet_ will be able to register to an event created on _SpecimenEvent_.
The Mobilizon software is under a Free licence, so anyone can host a Mobilizon server, called an instance. These instances may federate with each other, so any person with an account on *ExampleMeet* will be able to register to an event created on *SpecimenEvent*.
## โœจ Features
@ -33,7 +33,7 @@ You will have the power to create multiple identities from the same account, lik
### ๐Ÿ“… Events and groups
Create your events and make sure they will appeal to everybody.
Create your events and make sure they will appeal to everybody.
Privacy settings and participants roles are supported.
There's no lock-in, you can interact with the event without registration.
@ -46,26 +46,23 @@ We appreciate any contribution to Mobilizon. Check our [CONTRIBUTING](CONTRIBUTI
## Links
### Learn more
- ๐ŸŒ Official website: [https://joinmobilizon.org](https://joinmobilizon.org)
- ๐Ÿ”ข Pick an instance [https://mobilizon.org](https://mobilizon.org)
- ๐Ÿ’ป Source: [https://framagit.org/framasoft/mobilizon](https://framagit.org/framasoft/mobilizon)
- ๐Ÿ“œ Documentation [https://docs.joinmobilizon.org](https://docs.joinmobilizon.org)
* ๐ŸŒ Official website: [https://joinmobilizon.org](https://joinmobilizon.org)
* ๐Ÿ”ข Pick an instance [https://mobilizon.org](https://mobilizon.org)
* ๐Ÿ’ป Source: [https://framagit.org/framasoft/mobilizon](https://framagit.org/framasoft/mobilizon)
* ๐Ÿ“œ Documentation [https://docs.joinmobilizon.org](https://docs.joinmobilizon.org)
### Discuss
- ๐Ÿ’ฌ Element/Matrix: [https://matrix.to/#/#Mobilizon:matrix.org](https://matrix.to/#/#Mobilizon:matrix.org)
- ๐Ÿ—ฃ๏ธ Forum: [https://framacolibri.org/c/mobilizon](https://framacolibri.org/c/mobilizon)
* ๐Ÿ’ฌ Element/Matrix: [https://matrix.to/#/#Mobilizon:matrix.org](https://matrix.to/#/#Mobilizon:matrix.org)
* ๐Ÿ—ฃ๏ธ Forum: [https://framacolibri.org/c/mobilizon](https://framacolibri.org/c/mobilizon)
### Follow
- ๐Ÿ˜ Mastodon: [https://framapiaf.org/@mobilizon](https://framapiaf.org/@mobilizon)
- ๐Ÿฆ Twitter [https://twitter.com/@joinmobilizon](https://twitter.com/@joinmobilizon)
* ๐Ÿ˜ Mastodon: [https://framapiaf.org/@mobilizon](https://framapiaf.org/@mobilizon)
* ๐Ÿฆ Twitter [https://twitter.com/@joinmobilizon](https://twitter.com/@joinmobilizon)
Note: Most federation code comes from [Pleroma](https://pleroma.social), which is `Copyright ยฉ 2017-2018 Pleroma Authors - AGPL-3.0`.
## โค๏ธ Supports of our crowdfunding
## โค๏ธ Supports of our crowdfunding
---
We have run [a crowdfunding campaign](https://framablog.org/2019/05/14/mobilizon-lets-finance-a-software-to-free-our-events-from-facebook/) to pave the road to the version 1.0.0 of Mobilizon. Thanks to everyone who pitched in and shared the news around! The list of [everyone who donated is available here](https://joinmobilizon.org/hall-of-fame).

@ -5,15 +5,15 @@ Framasoft, the Mobilizon maintainer team and community take all security bugs in
### Goals
- Mobilizon users can understand the distinctions between public data and private data/metadata on Mobilizon.
* Mobilizon users can understand the distinctions between public data and private data/metadata on Mobilizon.
- Users always know where their private data/metadata resides, who has access to it, and are able to access, export, and delete it.
* Users always know where their private data/metadata resides, who has access to it, and are able to access, export, and delete it.
- Protect private user data/metadata, not just from hackers but also (as much as is possible) from other users, instance admins, community moderators, and external applications.
* Protect private user data/metadata, not just from hackers but also (as much as is possible) from other users, instance admins, community moderators, and external applications.
- Secure from malicious creation, alteration or deletion of public data.
* Secure from malicious creation, alteration or deletion of public data.
- GDPR compliance.
* GDPR compliance.
Framasoft is both a developer of open-source/free/libre self-hosted software, and a service provider with users in the European Union. As a result, we are putting user privacy, data sovereignty, and GDPR compliance into our security plans, including asking both the Framasoft community and outside hackers to review our approaches and implementations.
@ -21,11 +21,11 @@ Framasoft is both a developer of open-source/free/libre self-hosted software, an
[Mobilizon](https://joinmobilizon.org) will be challenging to keep secure, as it is:
- open source, both back-end and front-end
* open source, both back-end and front-end
- self-hosted by diverse organisations and individuals
* self-hosted by diverse organisations and individuals
- federated (data is transmitted between different hosted instances)
* federated (data is transmitted between different hosted instances)
This means there are more attack surfaces compared to typical proprietary, centralised platforms, but also means that hackers and even users can review every part of Mobilizon and make sure that it works as expected. This should result in more secure software, and higher trust in the application and its ecosystem.
@ -33,14 +33,14 @@ This means there are more attack surfaces compared to typical proprietary, centr
We are committed to working with security researchers to verify, reproduce, and respond to legitimate reported vulnerabilities. You can help us by following these simple guidelines:
- Alert us about the vulnerability as soon as you become aware of it by emailing the lead maintainer at tcit+mobilizon@framasoft.org.
- Provide details needed to reproduce and validate the vulnerability and a Proof of Concept (PoC) as soon as possible
- Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of services
- Do not access or modify usersโ€™ private data, without explicit permission of the owner. Only interact with your own accounts or test accounts for security research purposes;
- Contact Framasoft or a maintainer of the Mobilizon project (or the instance admin) immediately if you do inadvertently encounter user data. Do not view, alter, save, store, transfer, or otherwise access the data, and immediately purge any local information upon reporting the vulnerability;
- The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
- Give us time to confirm, determine the affected versions and prepare fixes to correct the issue before disclosing it to other parties (if after waiting a reasonable amount of time, we are clearly unable or unwilling to do anything about it, please do hold us accountable!)
- Please test against a local instance of the software, and refrain from running any Denial of Service or automated testing tools against Framasoft's (and our partners') infrastructure
* Alert us about the vulnerability as soon as you become aware of it by emailing the lead maintainer at tcit+mobilizon@framasoft.org.
* Provide details needed to reproduce and validate the vulnerability and a Proof of Concept (PoC) as soon as possible
* Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of services
* Do not access or modify usersโ€™ private data, without explicit permission of the owner. Only interact with your own accounts or test accounts for security research purposes;
* Contact Framasoft or a maintainer of the Mobilizon project (or the instance admin) immediately if you do inadvertently encounter user data. Do not view, alter, save, store, transfer, or otherwise access the data, and immediately purge any local information upon reporting the vulnerability;
* The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
* Give us time to confirm, determine the affected versions and prepare fixes to correct the issue before disclosing it to other parties (if after waiting a reasonable amount of time, we are clearly unable or unwilling to do anything about it, please do hold us accountable!)
* Please test against a local instance of the software, and refrain from running any Denial of Service or automated testing tools against Framasoft's (and our partners') infrastructure
Note : Please report security bugs in third-party modules to the person or team maintaining the module.

@ -1,189 +0,0 @@
# Upgrading from 2.0 to 2.1
## Mailer library change
### Docker
The change is already applied. You may remove the `MOBILIZON_SMTP_HOSTNAME` environment key which is not used anymore.
### Release and source mode
In your configuration file under `config :mobilizon, Mobilizon.Web.Email.Mailer`,
- Change `Bamboo.SMTPAdapter` to `Swoosh.Adapters.SMTP`,
- rename the `server` key to `relay`
- remove the `hostname` key,
- the default value of the username and password fields is an empty string and no longer `nil`.
```diff
config :mobilizon, Mobilizon.Web.Email.Mailer,
- adapter: Bamboo.SMTPAdapter,
+ adapter: Swoosh.Adapters.SMTP,
- server: "localhost",
+ relay: "localhost",
- hostname: "localhost",
# usually 25, 465 or 587
port: 25,
- username: nil,
+ username: "",
- password: nil,
+ password: "",
# can be `:always` or `:never`
tls: :if_available,
allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"],
retries: 1,
# can be `true`
no_mx_lookups: false,
# can be `:always`. If your smtp relay requires authentication set it to `:always`.
auth: :if_available
```
# Upgrading from 1.3 to 2.0
Requirements dependencies depend on the way Mobilizon is installed.
## New Elixir version requirement
### Docker and Release install
You are already using latest Elixir version in the release tarball and Docker images.
### Source install
**Elixir 1.12 and Erlang OTP 22 are now required**. If your distribution or the repositories from Erlang Solutions don't provide these versions, you need to uninstall the current versions and install [Elixir](https://github.com/asdf-vm/asdf-elixir) through the [ASDF tool](https://asdf-vm.com/).
## Geographic timezone data
Mobilizon 2.0 uses data based on [timezone-boundary-builder](https://github.com/evansiroky/timezone-boundary-builder) (which is based itself on OpenStreetMap data) to determine the timezone of an event automatically, based on it's geocoordinates. However, this needs ~700Mio of disk, so we don't redistribute data directly, depending on the case. It's possible to skip this part, but users will need to manually pick the timezone for every event they created when it has a different timezone from their own.
### Docker install
The geographic timezone data is already bundled into the image, you have nothing to do.
### Release install
In order to keep the release tarballs light, the geographic timezone data is not bundled directly. You need to download the dataย :
- either raw from Github, but **requires an extra ~1Gio of memory** to process the data
```sh
sudo -u mobilizon mkdir /var/lib/mobilizon/timezones
sudo -u mobilizon ./bin/mobilizon_ctl tz_world.update
```
- either already processed from our own distribution server
```sh
sudo -u mobilizon mkdir /var/lib/mobilizon/timezones
sudo -u mobilizon curl -L 'https://packages.joinmobilizon.org/tz_world/timezones-geodata.dets' -o /var/lib/mobilizon/timezones/timezones-geodata.dets
```
In both cases, ~700Mio of disk will be used. You may use the following configuration to specify where the data is expected if you decide to change it from the default location (`/var/lib/mobilizon/timezones`)ย :
```elixir
config :tz_world, data_dir: "/some/place"
```
### Source install
You need to download the dataย :
- either raw from Github, but **requires an extra ~1Gio of memory** to process the data
```sh
sudo -u mobilizon mkdir /var/lib/mobilizon/timezones
sudo -u mobilizon mix mobilizon.tz_world.update
```
- either already processed from our own distribution server
```sh
sudo -u mobilizon mkdir /var/lib/mobilizon/timezones
sudo -u mobilizon curl -L 'https://packages.joinmobilizon.org/tz_world/timezones-geodata.dets' -o /var/lib/mobilizon/timezones/timezones-geodata.dets
```
In both cases, ~700Mio of disk will be used. You may use the following configuration to specify where the data is expected:
```elixir
config :tz_world, data_dir: "/some/place"
```
## Exports folder
Create the folder for default CSV export:
```sh
sudo -u mobilizon mkdir -p /var/lib/mobilizon/uploads/exports/csv
```
This path can be configured, see [the dedicated docs page about this](https://docs.joinmobilizon.org/administration/configure/exports/).
Files in this folder are temporary and are cleaned once an hour.
## New optional dependencies
These are optional, installing them will allow Mobilizon to export to PDF and ODS as well. Mobilizon 2.0 allows to export the participant list, but more is planned.
### Docker
Everything is included in our Docker image.
### Release and source install
New optional Python dependencies:
- `Python` >= 3.6
- `weasyprint` for PDF export (with [a few extra dependencies](https://doc.courtbouillon.org/weasyprint/stable/first_steps.html))
- `pyexcel-ods3` for ODS export (no extra dependencies)
Both can be installed through pip. You need to enable and configure exports for PDF and ODS in the configuration afterwards. Read [the dedicated docs page about this](https://docs.joinmobilizon.org/administration/configure/exports/).
# Upgrading from 1.0 to 1.1
The 1.1 version of Mobilizon brings Elixir releases support. An Elixir release is a self-contained directory that contains all of Mobilizon's code (front-end and backend), it's dependencies, as well as the Erlang Virtual Machine and runtime (only the parts you need). As long as the release has been assembled on the same OS and architecture, it can be deploy and run straight away. [Read more about releases](https://elixir-lang.org/getting-started/mix-otp/config-and-releases.html#releases).
## Comparison
Migrating to releases means:
- You only get a precompiled binary, so you avoid compilation times when updating
- No need to have Elixir/NodeJS installed on the system
- Code/data/config location is more common (/opt, /var/lib, /etc)
- More efficient, as only what you need from the Elixir/Erlang standard libraries is included and all of the code is directly preloaded
- You can't hardcode modifications in Mobilizon's code
Staying on source releases means:
- You need to recompile everything with each update
- Compiling frontend and backend has higher system requirements than just running Mobilizon
- You can change things in Mobilizon's code and recompile right away to test changes
## Releases
If you want to migrate to releases, [we provide a full guide](https://docs.joinmobilizon.org/administration/upgrading/source_to_release/). You may do this at any time.
## Source install
To stay on a source release, you just need to check the following things:
- Rename your configuration file `config/prod.secret.exs` to `config/runtime.exs`.
- If your config file includes `server: true` under `Mobilizon.Web.Endpoint`, remove it.
```diff
config :mobilizon, Mobilizon.Web.Endpoint,
- server: true,
```
- The uploads default directory is now `/var/lib/mobilizon/uploads`. To keep it in the previous `uploads/` directory, just add the following line to `config/runtime.exs`:
```elixir
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: "uploads"
```
Or you may use any other directory where the `mobilizon` user has write permissions.
- The GeoIP database default directory is now `/var/lib/mobilizon/geo/GeoLite2-City.mmdb`. To keep it in the previous `priv/data/GeoLite2-City.mmdb` directory, just add the following line to `config/runtime.exs`:
```elixir
config :geolix, databases: [
%{
id: :city,
adapter: Geolix.Adapter.MMDB2,
source: "priv/data/GeoLite2-City.mmdb"
}
]
```
Or you may use any other directory where the `mobilizon` user has read permissions.

@ -8,45 +8,42 @@ import Config
# General application configuration
config :mobilizon,
ecto_repos: [Mobilizon.Storage.Repo],
env: config_env()
env: Mix.env()
config :mobilizon, Mobilizon.Storage.Repo, types: Mobilizon.Storage.PostgresTypes
config :mobilizon, :instance,
name: "Mobilizon du Chapril",
description: "Instance du Chapril",
name: "My Mobilizon Instance",
description: "Change this to a proper description of your instance",
hostname: "localhost",
registrations_open: true,
registrations_open: false,
registration_email_allowlist: [],
registration_email_denylist: [],
languages: [],
default_language: "fr",
default_language: "en",
demo: false,
repository: Mix.Project.config()[:source_url],
allow_relay: true,
federating: true,
remote_limit: 100_000,
upload_limit: 10_485_760,
avatar_upload_limit: 2_097_152,
banner_upload_limit: 4_194_304,
upload_limit: 10_000_000,
avatar_upload_limit: 2_000_000,
banner_upload_limit: 4_000_000,
remove_orphan_uploads: true,
orphan_upload_grace_period_hours: 48,
remove_unconfirmed_users: true,
unconfirmed_user_grace_period_hours: 48,
activity_expire_days: 365,
activity_keep_number: 100,
enable_instance_feeds: true,
email_from: "noreply@mobilizon.chapril.org",
email_reply_to: "noreply@mobilizon.chapril.org"
email_from: "noreply@localhost",
email_reply_to: "noreply@localhost"
config :mobilizon, :groups, enabled: true
config :mobilizon, :events, creation: true
config :mobilizon, :restrictions, only_admin_can_create_groups: false
config :mobilizon, :restrictions, only_groups_can_create_events: false
config :mobilizon, :events, creation: true
# Configures the endpoint
config :mobilizon, Mobilizon.Web.Endpoint,
http: [
transport_options: [socket_opts: [:inet6]]
],
url: [
host: "mobilizon.local",
scheme: "https"
@ -60,19 +57,15 @@ config :mobilizon, Mobilizon.Web.Endpoint,
config :mime, :types, %{
"application/activity+json" => ["activity-json"],
"application/ld+json" => ["activity-json"],
"application/jrd+json" => ["jrd-json"],
"application/xrd+xml" => ["xrd-xml"]
"application/jrd+json" => ["jrd-json"]
}
# Upload configuration
config :mobilizon, Mobilizon.Web.Upload,
uploader: Mobilizon.Web.Upload.Uploader.Local,
filters: [
Mobilizon.Web.Upload.Filter.AnalyzeMetadata,
Mobilizon.Web.Upload.Filter.Resize,
Mobilizon.Web.Upload.Filter.Optimize,
Mobilizon.Web.Upload.Filter.BlurHash,
Mobilizon.Web.Upload.Filter.Dedupe
Mobilizon.Web.Upload.Filter.Dedupe,
Mobilizon.Web.Upload.Filter.Optimize
],
allow_list_mime_types: ["image/gif", "image/jpeg", "image/png", "image/webp"],
link_name: true,
@ -86,36 +79,16 @@ config :mobilizon, Mobilizon.Web.Upload,
]
]
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: "/var/lib/mobilizon/uploads"
config :tz_world, data_dir: "/var/lib/mobilizon/timezones"
config :mobilizon, Timex.Gettext, default_locale: "fr"
config :mobilizon, :media_proxy,
enabled: true,
proxy_opts: [
redirect_on_failure: false,
max_body_length: 25 * 1_048_576,
# Note: max_read_duration defaults to Mobilizon.Web.ReverseProxy.max_read_duration_default/1
max_read_duration: 30_000,
http: [
follow_redirect: true,
pool: :media
]
]
config :mobilizon, Mobilizon.Web.Upload.Uploader.Local, uploads: "uploads"
config :mobilizon, Mobilizon.Web.Email.Mailer,
adapter: Swoosh.Adapters.SMTP,
relay: "localhost",
adapter: Bamboo.SMTPAdapter,
server: "localhost",
hostname: "localhost",
# usually 25, 465 or 587
port: 25,
username: "",
password: "",
# can be `:always` or `:never`
auth: :if_available,
# can be `true`
ssl: false,
username: nil,
password: nil,
# can be `:always` or `:never`
tls: :if_available,
allowed_tls_versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"],
@ -125,27 +98,17 @@ config :mobilizon, Mobilizon.Web.Email.Mailer,
# Configures Elixir's Logger
config :logger, :console,
backends: [:console],
format: "$time $metadata[$level] $message\n",
metadata: [:request_id]
config :logger, Sentry.LoggerBackend,
level: :warn,
capture_log_messages: true
config :mobilizon, Mobilizon.Web.Auth.Guardian,
issuer: "mobilizon",
token_ttl: %{
"access" => {15, :minutes},
"refresh" => {60, :days}
}
config :mobilizon, Mobilizon.Web.Auth.Guardian, issuer: "mobilizon"
config :guardian, Guardian.DB,
repo: Mobilizon.Storage.Repo,
# default
schema_name: "guardian_tokens",
# store all token types if not set
token_types: ["refresh"],
# token_types: ["refresh_token"],
# default: 60 minutes
sweep_interval: 60
@ -161,12 +124,30 @@ config :ueberauth,
config :mobilizon, :auth, oauth_consumer_strategies: []
config :mobilizon, :ldap,
enabled: System.get_env("LDAP_ENABLED") == "true",
host: System.get_env("LDAP_HOST") || "localhost",
port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
ssl: System.get_env("LDAP_SSL") == "true",
sslopts: [],
tls: System.get_env("LDAP_TLS") == "true",
tlsopts: [],
base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
uid: System.get_env("LDAP_UID") || "cn",
require_bind_for_search: !(System.get_env("LDAP_REQUIRE_BIND_FOR_SEARCH") == "false"),
# The full CN to filter by `memberOf`, or `false` if disabled
group: false,
# Either the admin UID matching the field in `uid`,
# Either a tuple with the fully qualified DN: {:full, uid=admin,dc=example.com,dc=local}
bind_uid: System.get_env("LDAP_BIND_UID"),
bind_password: System.get_env("LDAP_BIND_PASSWORD")
config :geolix,
databases: [
%{
id: :city,
adapter: Geolix.Adapter.MMDB2,
source: "/var/lib/mobilizon/geo/GeoLite2-City.mmdb"
source: "priv/data/GeoLite2-City.mmdb"
}
]
@ -185,17 +166,6 @@ config :phoenix, :format_encoders, json: Jason, "activity-json": Jason
config :phoenix, :json_library, Jason
config :phoenix, :filter_parameters, ["password", "token"]
config :absinthe, schema: Mobilizon.GraphQL.Schema
config :absinthe, Absinthe.Logger, filter_variables: ["token", "password", "secret"]
config :codepagex, :encodings, [
:ascii,
~r[iso8859]i,
:"VENDORS/MICSFT/WINDOWS/CP1252"
]
config :mobilizon, Mobilizon.Web.Gettext, split_module_by: [:locale, :domain]
config :ex_cldr,
default_locale: "en",
default_backend: Mobilizon.Cldr
@ -206,17 +176,14 @@ config :http_signatures,
config :mobilizon, :cldr,
locales: [
"fr",
"en",
"ru",
"ar"
"en"
]
config :mobilizon, :activitypub,
# One day
actor_stale_period: 3_600 * 48,
actor_key_rotation_delay: 3_600 * 48,
sign_object_fetches: true,
stale_actor_search_exclusion_after: 3_600 * 24 * 7
sign_object_fetches: true
config :mobilizon, Mobilizon.Service.Geospatial, service: Mobilizon.Service.Geospatial.Nominatim
@ -248,24 +215,6 @@ config :mobilizon, :maps,
type: :openstreetmap
]
config :mobilizon, :http_security,
enabled: true,
sts: false,
sts_max_age: 31_536_000,
csp_policy: [
script_src: [],
style_src: [],
connect_src: [],
font_src: [],
img_src: ["*.tile.openstreetmap.org"],