-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revert "[skip ci] switch to all-in-one for discourse"
This reverts commit 42d44b3.
- Loading branch information
Showing
4 changed files
with
165 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| name: deploy-discourse-db | ||
|
|
||
| on: | ||
| push: | ||
| paths: | ||
| - '.github/workflows/discourse.yml' | ||
| - 'discourse/db.yml' | ||
| branches: [main] | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| deploy: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Tailscale | ||
| uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd | ||
| with: | ||
| oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }} | ||
| oauth-secret: ${{ secrets.TAILSCALE_SECRET }} | ||
| tags: tag:deploy-ci | ||
| hostname: Github-actions | ||
| version: ${{ vars.TAILSCALE_VERSION }} | ||
|
|
||
| - name: Add secrets to config files | ||
| env: | ||
| DISCOURSE_SMTP_PASSWORD: ${{ secrets.DISCOURSE_SMTP_PASSWORD }} | ||
| DISCOURSE_DB_PASSWORD: ${{ secrets.DISCOURSE_DB_PASSWORD }} | ||
| DISCOURSE_MAXMIND_LICENSE_KEY: ${{ secrets.DISCOURSE_MAXMIND_LICENSE_KEY }} | ||
| DISCOURSE_S3_ENDPOINT: ${{ secrets.DISCOURSE_S3_ENDPOINT }} | ||
| DISCOURSE_S3_SECRET_ACCESS_KEY: ${{ secrets.DISCOURSE_S3_SECRET_ACCESS_KEY }} | ||
| DISCOURSE_S3_ACCESS_KEY_ID: ${{ secrets.DISCOURSE_S3_ACCESS_KEY_ID }} | ||
| run: | | ||
| sed -i "s|(DISCOURSE_SMTP_PASSWORD)|$DISCOURSE_SMTP_PASSWORD|g" $GITHUB_WORKSPACE/discourse/containers/app.yml | ||
| sed -i "s|(DISCOURSE_DB_PASSWORD)|$DISCOURSE_DB_PASSWORD|g" $GITHUB_WORKSPACE/discourse/containers/app.yml | ||
| sed -i "s|(DISCOURSE_MAXMIND_LICENSE_KEY)|$DISCOURSE_MAXMIND_LICENSE_KEY|g" $GITHUB_WORKSPACE/discourse/containers/app.yml | ||
| sed -i "s|(DISCOURSE_S3_ENDPOINT)|$DISCOURSE_S3_ENDPOINT|g" $GITHUB_WORKSPACE/discourse/containers/app.yml | ||
| sed -i "s|(DISCOURSE_S3_SECRET_ACCESS_KEY)|$DISCOURSE_S3_SECRET_ACCESS_KEY|g" $GITHUB_WORKSPACE/discourse/containers/app.yml | ||
| sed -i "s|(DISCOURSE_S3_ACCESS_KEY_ID)|$DISCOURSE_S3_ACCESS_KEY_ID|g" $GITHUB_WORKSPACE/discourse/containers/app.yml | ||
| sed -i "s|(DISCOURSE_DB_PASSWORD)|$DISCOURSE_DB_PASSWORD|g" $GITHUB_WORKSPACE/discourse/containers/db.yml | ||
| - name: Start Deployment | ||
| uses: FarisZR/Tailscale-ssh-deploy@main | ||
| with: | ||
| remote_host: ${{ secrets.server_address }} | ||
| directory: discourse/containers | ||
| post_upload_command: /home/aosus/discourse/launcher rebuild db | ||
| remote_destination: /home/aosus/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,58 +1,49 @@ | ||
| ## this is the all-in-one, standalone Discourse Docker container template | ||
| ## | ||
| ## After making changes to this file, you MUST rebuild | ||
| ## /var/discourse/launcher rebuild app | ||
| ## | ||
| ## BE *VERY* CAREFUL WHEN EDITING! | ||
| ## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT! | ||
| ## visit http://www.yamllint.com/ to validate this file as needed | ||
| # IMPORTANT: SET A SECRET PASSWORD in Postgres for the Discourse User | ||
| # TODO: change SOME_SECRET in this template | ||
|
|
||
| templates: | ||
| - "templates/postgres.template.yml" | ||
| - "templates/redis.template.yml" | ||
| - "templates/web.template.yml" | ||
| ## Uncomment the next line to enable the IPv6 listener | ||
| - "templates/web.ipv6.template.yml" | ||
| - "templates/web.ratelimited.template.yml" | ||
| ## Uncomment these two lines if you wish to add Lets Encrypt (https) | ||
| - "templates/web.ipv6.template.yml" | ||
| ## Uncomment these two lines if you wish to add Lets Encrypt (https) | ||
| #- "templates/web.ssl.template.yml" | ||
| #- "templates/web.letsencrypt.ssl.template.yml" | ||
|
|
||
| ## which TCP/IP ports should this container expose? | ||
| ## If you want Discourse to share a port with another webserver like Apache or nginx, | ||
| ## see https://meta.discourse.org/t/17247 for details | ||
| # expose: | ||
| # - "80:80" # http | ||
| # - "443:443" # https | ||
|
|
||
| expose: | ||
| # - "8000:80" # http | ||
| # - "443:443" # https | ||
|
|
||
| # Use 'links' key to link containers together, aka use Docker --link flag. | ||
| # links: | ||
| # - link: | ||
| # name: data | ||
| # alias: data | ||
| # - link: | ||
| # name: nginx | ||
| # alias: nginx | ||
|
|
||
| # any extra arguments for Docker? | ||
| docker_args: | ||
| - '--network discourse' | ||
|
|
||
| # - '--label com.centurylinklabs.watchtower.enable=false' | ||
| params: | ||
| db_default_text_search_config: "pg_catalog.arabic" | ||
|
|
||
| ## Set db_shared_buffers to a max of 25% of the total memory. | ||
| ## will be set automatically by bootstrap based on detected RAM, or you can override | ||
| #db_shared_buffers: "256MB" | ||
|
|
||
| ## can improve sorting performance, but adds memory usage per-connection | ||
| db_work_mem: "80MB" | ||
|
|
||
| ## Which Git revision should this container use? (default: tests-passed) | ||
| #version: tests-passed | ||
| #version: stable | ||
|
|
||
| env: | ||
| LC_ALL: ar_SA.UTF-8 | ||
| LANG: ar_SA.UTF-8 | ||
| LANGUAGE: ar_SA.UTF-8 | ||
| LC_ALL: en_US.UTF-8 | ||
| LANG: en_US.UTF-8 | ||
| LANGUAGE: en_US.UTF-8 | ||
| DISCOURSE_DEFAULT_LOCALE: ar | ||
|
|
||
| ## How many concurrent web requests are supported? Depends on memory and CPU cores. | ||
| ## will be set automatically by bootstrap based on detected CPUs, or you can override | ||
| UNICORN_WORKERS: 14 | ||
| UNICORN_WORKERS: 12 | ||
|
|
||
| ## TODO: The domain name this Discourse instance will respond to | ||
| ## Required. Discourse will not work with a bare IP number. | ||
| DISCOURSE_HOSTNAME: 'discourse.aosus.org' | ||
|
|
||
| ## Uncomment if you want the container to be started with the same | ||
|
|
@@ -63,6 +54,17 @@ env: | |
| ## on initial signup example '[email protected],[email protected]' | ||
| DISCOURSE_DEVELOPER_EMAILS: '[email protected]' | ||
|
|
||
| ## TODO: The SMTP mail server used to validate new accounts and send notifications | ||
| # SMTP ADDRESS, username, and password are required | ||
| # WARNING the char '#' in SMTP password can cause problems! | ||
| # DISCOURSE_SMTP_ADDRESS: smtp.email.me-jeddah-1.oci.oraclecloud.com | ||
| # DISCOURSE_SMTP_PORT: 587 | ||
| # DISCOURSE_SMTP_USER_NAME: "ocid1.user.oc1..aaaaaaaawotk2inxqyojzscjifrty4d27mjxuoxq3wwhnl5s76xubp7g4rja@ocid1.tenancy.oc1..aaaaaaaamsnkmv7r7ge76cjtcyusdpfyl77loyjfw7epb6rkmqdyz5vlknkq.rf.com" | ||
| # DISCOURSE_SMTP_PASSWORD: "(Xxk$786>Yj;vZA(xeNP" | ||
| # DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true) | ||
| # DISCOURSE_SMTP_DOMAIN: discourse.aosus.org # (required by some providers) | ||
| # DISCOURSE_NOTIFICATION_EMAIL: [email protected] # (address to send notifications from) | ||
|
|
||
| DISCOURSE_SMTP_ADDRESS: cups-g11.aosus.org | ||
| DISCOURSE_SMTP_PORT: 587 | ||
| DISCOURSE_SMTP_USER_NAME: "[email protected]" | ||
|
|
@@ -73,19 +75,22 @@ env: | |
| ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate | ||
| #LETSENCRYPT_ACCOUNT_EMAIL: [email protected] | ||
|
|
||
| ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate | ||
| #LETSENCRYPT_ACCOUNT_EMAIL: [email protected] | ||
| ## TODO: configure connectivity to the databases | ||
| DISCOURSE_DB_SOCKET: '5432' | ||
| DISCOURSE_DB_USERNAME: discourse | ||
| DISCOURSE_DB_PASSWORD: (DISCOURSE_DB_PASSWORD) | ||
| DISCOURSE_DB_HOST: db | ||
| DISCOURSE_REDIS_HOST: db | ||
|
|
||
| ## The http or https CDN address for this Discourse instance (configured to pull) | ||
| ## see https://meta.discourse.org/t/14857 for details | ||
| #DISCOURSE_CDN_URL: https://discourse-cdn.example.com | ||
|
|
||
| ## The maxmind geolocation IP account ID and license key for IP address lookups | ||
| ## see https://meta.discourse.org/t/-/173941 for details | ||
| #DISCOURSE_MAXMIND_ACCOUNT_ID: 123456 | ||
|
|
||
| ## The maxmind geolocation IP address key for IP address lookup | ||
| ## see https://meta.discourse.org/t/-/137387/23 for details | ||
| DISCOURSE_MAXMIND_LICENSE_KEY: (DISCOURSE_MAXMIND_LICENSE_KEY) | ||
|
|
||
| DISCOURSE_USE_S3: true | ||
| # DISCOURSE_USE_S3: true | ||
| DISCOURSE_S3_REGION: "us-east-1" | ||
| DISCOURSE_S3_INSTALL_CORS_RULE: true | ||
| #DISCOURSE_S3_CONFIGURE_TOMBSTONE_POLICY: false | ||
|
|
@@ -97,25 +102,25 @@ env: | |
| DISCOURSE_S3_BACKUP_BUCKET: discourse-backups | ||
| DISCOURSE_BACKUP_LOCATION: s3 | ||
|
|
||
| ## The Docker container is stateless; all data is stored in /shared | ||
|
|
||
| volumes: | ||
| - volume: | ||
| host: /home/aosus/discourse-data/standalone | ||
| host: /home/aosus/discourse-data/app | ||
| guest: /shared | ||
| - volume: | ||
| host: /home/aosus/discourse-data/standalone | ||
| host: /home/aosus/discourse-data/app/log/var-log | ||
| guest: /var/log | ||
|
|
||
| ## Plugins go here | ||
| ## see https://meta.discourse.org/t/19157 for details | ||
| hooks: | ||
| # required for S3 | ||
| after_assets_precompile: | ||
| - exec: | ||
| cd: $home | ||
| cmd: | ||
| - sudo -E -u discourse bundle exec rake s3:upload_assets | ||
| - sudo -E -u discourse bundle exec rake s3:expire_missing_assets | ||
| # after_assets_precompile: | ||
| # - exec: | ||
| # cd: $home | ||
| # cmd: | ||
| # - sudo -E -u discourse bundle exec rake s3:upload_assets | ||
| # - sudo -E -u discourse bundle exec rake s3:expire_missing_assets | ||
| after_code: | ||
| - exec: | ||
| cd: $home/plugins | ||
|
|
@@ -133,10 +138,18 @@ hooks: | |
| - git clone https://github.com/discourse/discourse-google-one-tap # Google one tap login | ||
| - git clone https://github.com/discourse/discourse-cakeday # Discourse cakeday and birthday plugin | ||
|
|
||
| ## Any custom commands to run after building | ||
| ## Remember, this is YAML syntax - you can only have one block with a name | ||
| run: | ||
| - exec: echo "Beginning of custom commands" | ||
| ## If you want to set the 'From' email address for your first registration, uncomment and change: | ||
| ## After getting the first signup email, re-comment the line. It only needs to run once. | ||
| #- exec: rails r "SiteSetting.notification_email='[email protected]'" | ||
| - exec: echo "End of custom commands" | ||
|
|
||
| ## If you want to configure password login for root, uncomment and change: | ||
| ## Use only one of the following lines: | ||
| #- exec: /usr/sbin/usermod -p 'PASSWORD_HASH' root | ||
| #- exec: /usr/sbin/usermod -p "$(mkpasswd -m sha-256 'RAW_PASSWORD')" root | ||
|
|
||
| ## If you want to authorized additional users, uncomment and change: | ||
| #- exec: ssh-import-id username | ||
| #- exec: ssh-import-id anotherusername | ||
|
|
||
| - exec: echo "End of custom commands" | ||
| - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # A container for all things Data, be sure to set a secret password for | ||
| # discourse account, SOME_SECRET is just an example | ||
| # | ||
|
|
||
| templates: | ||
| - "templates/postgres.template.yml" | ||
| - "templates/redis.template.yml" | ||
|
|
||
| # any extra arguments for Docker? | ||
| docker_args: | ||
| - '--network discourse' | ||
|
|
||
| params: | ||
| db_default_text_search_config: "pg_catalog.arabic" | ||
|
|
||
| ## Set db_shared_buffers to a max of 25% of the total memory. | ||
| ## will be set automatically by bootstrap based on detected RAM, or you can override | ||
| #db_shared_buffers: "8GB" | ||
|
|
||
| ## can improve sorting performance, but adds memory usage per-connection | ||
| db_work_mem: "80MB" | ||
|
|
||
| env: | ||
| # ensure locale exists in container, you may need to install it | ||
| LC_ALL: en_US.UTF-8 | ||
| LANG: en_US.UTF-8 | ||
| LANGUAGE: en_US.UTF-8 | ||
|
|
||
| volumes: | ||
| - volume: | ||
| host: /home/aosus/discourse-data/postgresql | ||
| guest: /shared | ||
| - volume: | ||
| host: /home/aosus/discourse-data/postgresql/log/var-log | ||
| guest: /var/log | ||
|
|
||
| # TODO: SOME_SECRET to a password for the discourse user | ||
| hooks: | ||
| after_postgres: | ||
| - exec: | ||
| stdin: | | ||
| alter user discourse with password '(DISCOURSE_DB_PASSWORD)'; | ||
| cmd: su - postgres -c 'psql discourse' | ||
|
|
||
| raise_on_fail: false |