initial commit

.dockerignore

@@ -0,0 +1,2 @@
+*
+!src

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "src"]
+	path = src
+	url = https://akkoma.dev/AkkomaGang/akkoma.git

Dockerfile

@@ -0,0 +1,12 @@
+FROM registry.nrd.li/nrdli/akkoma-base:${AKKOMA_COMMIT}
+
+ENV PROD_SECRET_FILE=/config/prod.secret.exs
+
+ADD src /opt/akkoma/
+ADD prod.exs /opt/akkoma/config/prod.exs
+
+USER root
+RUN mkdir /config && touch /config/prod.secret.exs && chown -R 1000:1000 /opt/akkoma && chown -R 1000:1000 /config
+
+USER akkoma
+RUN mix deps.get && mix compile

build.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -Eeuxo pipefail
+
+AKKOMA_COMMIT=$(cd src; git rev-parse HEAD)
+AKKOMA_BASE_IMAGE="registry.nrd.li/nrdli/akkoma-base:${AKKOMA_COMMIT}"
+AKKOMA_FINAL_IMAGE="registry.nrd.li/nrdli/akkoma:${AKKOMA_COMMIT}"
+
+pushd src
+docker build \
+  -t "${AKKOMA_BASE_IMAGE}" \
+  .
+docker push "${AKKOMA_BASE_IMAGE}"
+popd
+
+docker build \
+  -t "${AKKOMA_FINAL_IMAGE}" \
+  --build-arg "AKKOMA_COMMIT=${AKKOMA_COMMIT}" \
+  .
+docker push "${AKKOMA_FINAL_IMAGE}"

prod.exs

@@ -0,0 +1,74 @@
+import Config
+
+# For production, we often load configuration from external
+# sources, such as your system environment. For this reason,
+# you won't find the :http configuration below, but set inside
+# Pleroma.Web.Endpoint.load_from_system_env/1 dynamically.
+# Any dynamic configuration should be moved to such function.
+#
+# Don't forget to configure the url host to something meaningful,
+# Phoenix uses this information when generating URLs.
+#
+# Finally, we also include the path to a cache manifest
+# containing the digested version of static files. This
+# manifest is generated by the mix phoenix.digest task
+# which you typically run after static files are built.
+config :pleroma, Pleroma.Web.Endpoint,
+  http: [port: 4000],
+  protocol: "http"
+
+config :phoenix, serve_endpoints: true
+
+# Do not print debug messages in production
+config :logger, :console, level: :info
+config :logger, :ex_syslogger, level: :info
+
+# ## SSL Support
+#
+# To get SSL working, you will need to add the `https` key
+# to the previous section and set your `:url` port to 443:
+#
+#     config :pleroma, Pleroma.Web.Endpoint,
+#       ...
+#       url: [host: "example.com", port: 443],
+#       https: [:inet6,
+#               port: 443,
+#               keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
+#               certfile: System.get_env("SOME_APP_SSL_CERT_PATH")]
+#
+# Where those two env variables return an absolute path to
+# the key and cert in disk or a relative path inside priv,
+# for example "priv/ssl/server.key".
+#
+# We also recommend setting `force_ssl`, ensuring no data is
+# ever sent via http, always redirecting to https:
+#
+#     config :pleroma, Pleroma.Web.Endpoint,
+#       force_ssl: [hsts: true]
+#
+# Check `Plug.SSL` for all available options in `force_ssl`.
+
+# ## Using releases
+#
+# If you are doing OTP releases, you need to instruct Phoenix
+# to start the server for all endpoints:
+#
+#     config :phoenix, :serve_endpoints, true
+#
+# Alternatively, you can configure exactly which server to
+# start per endpoint:
+#
+#     config :pleroma, Pleroma.Web.Endpoint, server: true
+#
+
+# Finally import the config/prod.secret.exs
+# which should be versioned separately.
+if File.exists?(System.get_env("PROD_SECRET_FILE", "./config/prod.secret.exs")) do
+  import_config System.get_env("PROD_SECRET_FILE", "./config/prod.secret.exs")
+else
+  "`config/prod.secret.exs` not found. You may want to create one by running `mix pleroma.instance gen`"
+  |> IO.warn([])
+end
+
+if File.exists?("./config/prod.exported_from_db.secret.exs"),
+  do: import_config("prod.exported_from_db.secret.exs")

src

@@ -0,0 +1 @@
+Subproject commit 9d7c877de049303a4d4d8f5ecaac7da94ca59ebb