diff --git a/lxc-apps/decidim/install.sh b/lxc-apps/decidim/install.sh index 97b2e63..414ec64 100755 --- a/lxc-apps/decidim/install.sh +++ b/lxc-apps/decidim/install.sh @@ -22,20 +22,20 @@ chown 108080:108080 /srv/decidim/decidim_conf lxc-execute decidim -- tar -cC /srv/decidim-app/config . | tar -xC /srv/decidim/decidim_conf # Configure Decidim -export DECIDIM_SECRET=$(rake secret) +export DECIDIM_SECRET=$(lxc-execute decidim -- rake secret) +mkdir -p /srv/decidim/decidim_data/storage /srv/decidim/decidim_data/uploads +chown 108080:108080 /srv/decidim/decidim_data/storage /srv/decidim/decidim_data/uploads cp decidim_conf/environments/production.rb /srv/decidim/decidim_conf/environments/production.rb cp decidim_conf/initializers/decidim.rb /srv/decidim/decidim_conf/initializers/decidim.rb envsubst /srv/decidim/decidim_conf/application.yml # Populate database -lxc-execute decidim -- RAILS_ENV=production bin/rails db:create db:migrate +lxc-execute decidim -- sh -c 'cd /srv/decidim-app; bin/rails db:migrate' # Create admin account export DECIDIM_ADMIN_EMAIL=admin@example.com export DECIDIM_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -#lxc-execute decidim -- bin/rails console -e production -#user = Decidim::System::Admin.new(email: "admin@example.org", password: "P8vDKAc3FdEte9Hw", password_confirmation: "P8vDKAc3FdEte9Hw") -#user.save! +envsubst /dev/null diff --git a/lxc-apps/decidim/lxc/etc/nginx/nginx.conf b/lxc-apps/decidim/lxc/etc/nginx/nginx.conf index 0807999..323bc72 100644 --- a/lxc-apps/decidim/lxc/etc/nginx/nginx.conf +++ b/lxc-apps/decidim/lxc/etc/nginx/nginx.conf @@ -1,4 +1,4 @@ -user nginx; +user decidim; pid /run/nginx.pid; worker_processes 1; error_log /dev/stderr warn; @@ -17,6 +17,9 @@ http { sendfile on; send_timeout 300; + passenger_root /usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4; + passenger_ruby /usr/local/bin/ruby; + server { listen 8080; server_name localhost; diff --git a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish index db0b00c..d042464 100755 --- a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish @@ -1,4 +1,4 @@ #!/bin/execlineb -P -foreground { s6-svwait -d -t 3000 delayed_job } +foreground { s6-svwait -d -t 3000 cron } foreground { s6-svwait -d -t 3000 nginx } diff --git a/lxc-apps/decidim/lxc/etc/services.d/cron/run b/lxc-apps/decidim/lxc/etc/services.d/cron/run new file mode 100755 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/decidim/lxc/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run b/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run deleted file mode 100755 index 2a20bcd..0000000 --- a/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/execlineb -P - -export RAILS_ENV production -fdmove -c 2 1 -s6-setuidgid www-data -/srv/decidim-app/bin/delayed_job start diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index ce345a2..de24a54 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -3,7 +3,6 @@ IMAGE decidim_0.0.1-191113 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-ruby2.6_2.6.3-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 -LAYER alpine3.9-nginx_1.14.2-191115 MERGE /usr/bin/lxcmerge @@ -14,14 +13,46 @@ ENV RAILS_ENV production RUN EOF # Install runtime dependencies - apk --no-cache add libpq tzdata + apk --no-cache add curl libpq pcre procps tzdata # Install build dependencies - apk --no-cache add --virtual .deps build-base icu-dev libxml2-dev libxslt-dev postgresql-dev zlib-dev + apk --no-cache add --virtual .deps build-base curl-dev icu-dev libxml2-dev libxslt-dev linux-headers pcre-dev postgresql-dev zlib-dev # Install passenger gem install passenger --no-document + # Create OS user + addgroup -S decidim + adduser -S -h /srv/decidim-app -s /sbin/nologin -G decidim -g decidim decidim + + # Compile nginx + # taken from passenger-install-nginx-module + cd /tmp + wget https://nginx.org/download/nginx-1.17.3.tar.gz + tar xf nginx-1.17.3.tar.gz + cd nginx-1.17.3 + ./configure \ + --prefix=/var/lib/nginx \ + --sbin-path=/usr/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --pid-path=/run/nginx.pid \ + --lock-path=/run/nginx.lock \ + --user=decidim \ + --group=decidim \ + --with-threads \ + --with-file-aio \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_realip_module \ + --with-http_gzip_static_module \ + --with-http_stub_status_module \ + --with-http_addition_module \ + --with-cc-opt=-Wno-error \ + --add-module=/usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4/src/nginx_module + make -j $(getconf _NPROCESSORS_ONLN) + make install + rm -f /etc/nginx/*.default + # Install Decidim bundle config build.nokogiri --use-system-libraries gem install decidim @@ -43,10 +74,12 @@ RUN EOF bin/rails assets:precompile # Change ownership - chown -R nginx:www-data /srv/decidim-app + chown -R decidim:decidim /srv/decidim-app # Cleanup apk --no-cache del .deps + rm -rf /tmp/* + rm -rf /root/.bundle /root/.gem EOF CMD s6-svscan /etc/services.d diff --git a/lxc-apps/decidim/meta b/lxc-apps/decidim/meta index 13ac249..d4b2006 100644 --- a/lxc-apps/decidim/meta +++ b/lxc-apps/decidim/meta @@ -14,6 +14,8 @@ ], "mounts": [ ["DIR", "/srv/decidim/decidim_conf", "/srv/decidim-app/config"] + ["DIR", "/srv/decidim/decidim_data/storage", "/srv/decidim-app/storage"] + ["DIR", "/srv/decidim/decidim_data/uploads", "/srv/decidim-app/public/uploads"] ] }, "decidim-postgres": {