diff --git a/README.md b/README.md index e807fe9..624886f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # dcomms -Decentralized communications that work with or without the Internet +Decentralized communications that work with or without the Internet # Prerequisites * `docker` using the docker guide (https://docs.docker.com/engine/install/) @@ -67,7 +67,7 @@ In the future, if you need to start the dcomms containers again simply run the ` # Tor -If you wish to provide users with a Tor hidden service address by which they can access your services, you must first install and [configure Tor](https://community.torproject.org/onion-services/setup/). +If you wish to provide users with a Tor hidden service address by which they can access your services, you must first install and [configure Tor](https://community.torproject.org/onion-services/setup/). The script will detect if you have Tor installed and prompt you for a hidden service address. You can find this in the `hostname` file in your `HiddenServiceDir`. Example: diff --git a/conf/caddy/Caddyfile.tmpl b/conf/caddy/Caddyfile.tmpl index 3a37354..854e851 100644 --- a/conf/caddy/Caddyfile.tmpl +++ b/conf/caddy/Caddyfile.tmpl @@ -41,7 +41,7 @@ matrix.{$DWEB_DOMAIN}:8448 { reverse_proxy http://synapse:8008 } -social.{$DWEB_DOMAIN}, http://social.{$DWEB_ONION} { +social.{$DWEB_DOMAIN}, http://social.{$DWEB_ONION} { root * /srv/mastodon/public encode gzip diff --git a/conf/compose/delta.docker-compose.yml b/conf/compose/delta.docker-compose.yml index a3f3b40..a23f6f0 100644 --- a/conf/compose/delta.docker-compose.yml +++ b/conf/compose/delta.docker-compose.yml @@ -12,7 +12,7 @@ services: entrypoint: - sh - -c - - "postconf -M submission/inet=\"submission inet n - n - - smtpd\" && postconf -P submission/inet/syslog_name=postfix/submission && postconf -P submission/inet/smtpd_tls_security_level=encrypt && postconf -P submission/inet/smtpd_sasl_type=dovecot && postconf -P submission/inet/smtpd_sasl_path=inet:localhost:12345 && postconf -P submission/inet/smtpd_sasl_auth_enable=yes && postconf \"myhostname=${DWEB_DOMAIN}\" && postconf \"mydestination=\" && postconf \"virtual_mailbox_domains=${DWEB_DOMAIN}\" && postconf \"virtual_transport=lmtp:localhost:24\" && postconf \"virtual_mailbox_base=/home/vmail\" && postconf \"virtual_mailbox_maps=texthash:/var/lib/mailadm/virtual_mailboxes\" && postconf \"maillog_file=/dev/stdout\" && postconf \"smtpd_tls_cert_file=/certs/fullchain.pem\" && postconf \"smtpd_tls_key_file=/certs/privkey.pem\" && postfix start-fg" + - "postconf -M submission/inet=\"submission inet n - n - - smtpd\" && postconf -P submission/inet/syslog_name=postfix/submission && postconf -P submission/inet/smtpd_tls_security_level=encrypt && postconf -P submission/inet/smtpd_sasl_type=dovecot && postconf -P submission/inet/smtpd_sasl_path=inet:localhost:12345 && postconf -P submission/inet/smtpd_sasl_auth_enable=yes && postconf \"myhostname=${DWEB_DOMAIN}\" && postconf \"mydestination=\" && postconf \"virtual_mailbox_domains=${DWEB_DOMAIN}\" && postconf \"virtual_transport=lmtp:localhost:24\" && postconf \"virtual_mailbox_base=/home/vmail\" && postconf \"virtual_mailbox_maps=texthash:/var/lib/mailadm/virtual_mailboxes\" && postconf \"maillog_file=/dev/stdout\" && postconf \"smtpd_tls_cert_file=/certs/fullchain.pem\" && postconf \"smtpd_tls_key_file=/certs/privkey.pem\" && postfix start-fg" volumes: - mailadm_db:/var/lib/mailadm/ - ../caddy/certs/${DWEB_DOMAIN}.crt:/certs/fullchain.pem @@ -20,7 +20,7 @@ services: environment: MAIL_DOMAIN: "${DWEB_DOMAIN}" networks: - - back + - back depends_on: - caddy restart: always @@ -36,7 +36,7 @@ services: VMAIL_UID: "${VMAIL_UID}" VMAIL_GID: "${VMAIL_GID}" networks: - - back + - back depends_on: - caddy restart: always @@ -56,7 +56,7 @@ services: VMAIL_GID: "${VMAIL_GID}" WEB_ENDPOINT: "https://${DWEB_DOMAIN}/new_email" networks: - - back + - back depends_on: - caddy restart: always diff --git a/conf/compose/docker-compose.yml b/conf/compose/docker-compose.yml index 45a585b..9f7e41a 100644 --- a/conf/compose/docker-compose.yml +++ b/conf/compose/docker-compose.yml @@ -13,21 +13,21 @@ services: volumes: - caddy_data:/data - caddy_config:/config - - type: bind + - type: bind source: /var/www target: /www - type: bind source: ../caddy/certs target: /data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${DWEB_DOMAIN} networks: - - back + - back ports: - target: 80 published: 80 protocol: tcp mode: host - target: 443 - published: 443 + published: 443 protocol: tcp mode: host environment: diff --git a/conf/compose/element.docker-compose.yml b/conf/compose/element.docker-compose.yml index 3f67245..5d6dba8 100644 --- a/conf/compose/element.docker-compose.yml +++ b/conf/compose/element.docker-compose.yml @@ -9,7 +9,7 @@ services: ### ELEMENT # synapse is a matrix homeserver running as a service synapse: - image: matrixdotorg/synapse:v1.110.0 + image: matrixdotorg/synapse:v1.121.1 entrypoint: - sh - -c @@ -44,17 +44,17 @@ services: mode: 0644 restart: always - synapse-pg: - restart: always - image: postgres:14-alpine - healthcheck: + synapse-pg: + restart: always + image: postgres:14-alpine + healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] - environment: - - 'POSTGRES_HOST_AUTH_METHOD=trust' + environment: + - 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_INITDB_ARGS=--encoding="UTF8" --lc-collate="C" --lc-ctype="C"' - volumes: - - synapse_db:/var/lib/postgresql/data - depends_on: + volumes: + - synapse_db:/var/lib/postgresql/data + depends_on: - caddy networks: - back @@ -71,7 +71,7 @@ services: # element is a matrix web GUI running as a service element: - image: vectorim/element-web:v1.11.69 + image: vectorim/element-web:v1.11.88 networks: - back ports: diff --git a/conf/compose/mastodon.docker-compose.yml b/conf/compose/mastodon.docker-compose.yml index 3821cd2..9aec4e4 100644 --- a/conf/compose/mastodon.docker-compose.yml +++ b/conf/compose/mastodon.docker-compose.yml @@ -10,10 +10,6 @@ volumes: mastodon_db: services: ### MASTODON - caddy: - image: caddy:2.6.4 - volumes: - - mastodon_public:/srv/mastodon/public:ro mastodon-redis: restart: always @@ -32,11 +28,10 @@ services: image: tootsuite/mastodon:v4.3.0 #healthcheck: #test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] - #entrypoint: - # - bash - # - -c - # #- "bundle exec rake db:prepare && cd /opt/mastodon && /usr/bin/tini -- bundle exec rails server" - # - "[[ -e /mastodon/public/db.lock ]] && touch /mastodon/public/db.lock || touch /mastodon/public/db.lock && bundle exec rake db:prepare; /usr/bin/tini -- bundle exec rails server" + entrypoint: + - bash + - -c + - "cd /opt/mastodon && /usr/bin/tini -- bundle exec rails server" env_file: ../mastodon/env.production ports: - "127.0.0.1:3000:3000" @@ -49,16 +44,19 @@ services: - mastodon-redis - mastodon-streaming volumes: - # https://www.digitalocean.com/community/tutorials/how-to-share-data-between-docker-containers - - mastodon_public:/mastodon/public/ # map static files in volume for caddy + - type: volume + source: mastodon_public + target: /mastodon/public/system + volume: + subpath: system networks: - mast-int - - back + - back restart: always mastodon-streaming: restart: always - image: tootsuite/mastodon:v4.3.0 + image: tootsuite/mastodon-streaming:v4.3.2 healthcheck: test: wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1 ] @@ -79,11 +77,11 @@ services: mastodon-sidekiq: restart: always - image: tootsuite/mastodon:v4.3.0 - #entrypoint: - # - sh - # - -c - # - "service sendmail start && /usr/bin/tini -- bundle exec sidekiq" + image: tootsuite/mastodon:v4.3.2 + entrypoint: + - sh + - -c + - "service sendmail start && /usr/bin/tini -- bundle exec sidekiq" healthcheck: test: ps aux | grep '[s]idekiq\ 6' || false env_file: ../mastodon/env.production @@ -95,7 +93,11 @@ services: - mastodon-db - mastodon-redis volumes: - - mastodon_public:/mastodon/public/ + - type: volume + source: mastodon_public + target: /mastodon/public/system + volume: + subpath: system networks: - mast-int restart: always diff --git a/conf/compose/mau.docker-compose.yml b/conf/compose/mau.docker-compose.yml index d98cafb..6e7cf59 100644 --- a/conf/compose/mau.docker-compose.yml +++ b/conf/compose/mau.docker-compose.yml @@ -4,7 +4,7 @@ volumes: mau_data: services: ### MAU - # mau is a synapse bot we run for news and other things + # mau is a synapse bot we run for news and other things mau: image: dock.mau.dev/maubot/maubot:v0.3.1 configs: @@ -15,7 +15,7 @@ services: volumes: - mau_data:/data/ networks: - - back + - back depends_on: - caddy - synapse diff --git a/install.sh b/install.sh index 374ace3..a237b61 100755 --- a/install.sh +++ b/install.sh @@ -179,7 +179,7 @@ matrix_config () { -e SYNAPSE_SERVER_NAME=matrix.$DWEB_DOMAIN \ -e SYNAPSE_REPORT_STATS=no \ -e SYNAPSE_DATA_DIR=/data \ - matrixdotorg/synapse:v1.80.0 generate 2>/dev/null + matrixdotorg/synapse:v1.121.1 generate 2>/dev/null sudo chown -R $USER:$USER $DCOMMS_DIR/conf/synapse/ sed -i -z "s/database.*homeserver.db//" $DCOMMS_DIR/conf/element/config.json @@ -205,26 +205,33 @@ mastodon_config () { sudo cp -a $DCOMMS_DIR/conf/mastodon/example.env.production $DCOMMS_DIR/conf/mastodon/env.production SECRET_KEY_BASE=`sudo docker run -it --rm \ --mount type=volume,src=masto_data_tmp,dst=/opt/mastodon \ - -e RUBYOPT=-W0 tootsuite/mastodon:v4.2.9 \ + -e RUBYOPT=-W0 tootsuite/mastodon:v4.3.2 \ bundle exec rake secret` >/dev/null OTP_SECRET=$(sudo docker run -it --rm \ --mount type=volume,src=masto_data_tmp,dst=/opt/mastodon \ - -e RUBYOPT=-W0 tootsuite/mastodon:v4.2.9 \ + -e RUBYOPT=-W0 tootsuite/mastodon:v4.3.2 \ bundle exec rake secret) >/dev/null VAPID_KEYS=$(sudo docker run -it --rm \ --mount type=volume,src=masto_data_tmp,dst=/opt/mastodon \ - -e RUBYOPT=-W0 tootsuite/mastodon:v4.2.9 \ + -e RUBYOPT=-W0 tootsuite/mastodon:v4.3.2 \ bundle exec rake mastodon:webpush:generate_vapid_key)>/dev/null VAPID_FRIENDLY_KEYS=${VAPID_KEYS//$'\n'/\\$'\n'} + ACTIVE_RECORD_ENCRYPTION=$(sudo docker run -it --rm \ + --mount type=volume,src=masto_data_tmp,dst=/opt/mastodon \ + -e RUBYOPT=-W0 tootsuite/mastodon:v4.3.2 \ + bundle exec rake db:encryption:init)>/dev/null + ACTIVE_RECORD_ENCRYPTION_FRIENDLY_KEYS=${ACTIVE_RECORD_ENCRYPTION//$'\n'/\\$'\n'} + #REDIS_PW=$(openssl rand -base64 12) sed -i "s/REPLACEME/$DWEB_DOMAIN/" $DCOMMS_DIR/conf/mastodon/env.production sed -i "s/SECRET_KEY_BASE=/&$SECRET_KEY_BASE/" $DCOMMS_DIR/conf/mastodon/env.production sed -i "s/OTP_SECRET=/&$OTP_SECRET/" $DCOMMS_DIR/conf/mastodon/env.production sed -i "s/VAPID_KEYS=/$VAPID_FRIENDLY_KEYS/" $DCOMMS_DIR/conf/mastodon/env.production + sed -i "s/ACTIVE_RECORD=/$ACTIVE_RECORD_ENCRYPTION_FRIENDLY_KEYS/" $DCOMMS_DIR/conf/mastodon/env.production sed -i 's/\r$//g' $DCOMMS_DIR/conf/mastodon/env.production sed -i "s/ALTERNATE_DOMAINS=social./&$DWEB_ONION/" $DCOMMS_DIR/conf/mastodon/env.production sed -i "s/SMTP_SERVER=/&$DWEB_DOMAIN/" $DCOMMS_DIR/conf/mastodon/env.production @@ -333,7 +340,7 @@ main() { DELTA=true ;; "2") - D_IMAGES+=("vectorim/element-web:v1.11.40" "matrixdotorg/synapse:v1.110.0") + D_IMAGES+=("vectorim/element-web:v1.11.88" "matrixdotorg/synapse:v1.121.1") FILES+=("synapse_v1.80.0.tar" "element-web_v1.11.26.tar") FILE_MAGNETS+=("${MAGNET_LINKS[11]}$MAG_TRACKERS" "${MAGNET_LINKS[6]}$MAG_TRACKERS") COMPOSE_FILES+="-f ./conf/compose/element.docker-compose.yml " @@ -354,7 +361,7 @@ main() { MAU=true ;; "5") - D_IMAGES+=("tootsuite/mastodon:v4.2.9" "redis:7.0-alpine" "postgres:14-alpine") + D_IMAGES+=("tootsuite/mastodon:v4.3.2" "redis:7.0-alpine" "postgres:14-alpine") FILES+=("mastodon_4.1.2.tar" "postgres_14.tar" "redis_7.0.tar") FILE_MAGNETS+=("${MAGNET_LINKS[7]}$MAG_TRACKERS" "${MAGNET_LINKS[9]}$MAG_TRACKERS" "${MAGNET_LINKS[10]}$MAG_TRACKERS") COMPOSE_FILES+="-f ./conf/compose/mastodon.docker-compose.yml "