mirror-bot/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2026-02-16 01:27:07 +00:00
Code Packages 1 Activity
pleroma/docker/federation/compose.yml
Lain Soykaf 2999724924 fedbox: add federation-in-a-box docker tests
2026-02-02 17:23:13 +04:00

433 lines
14 KiB
YAML
Raw Blame History

services:
gateway:
image: caddy:2.8
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy_fed_data:/data/caddy
networks:
federation:
aliases:
- pleroma1.test
- pleroma2.test
- mastodon.test
gateway_certs:
image: caddy:2.8
restart: "no"
depends_on:
gateway:
condition: service_started
volumes:
- caddy_fed_data:/data/caddy
command:
- sh
- -lc
- |
set -eu
while [ ! -f /data/caddy/pki/authorities/local/root.crt ]; do
sleep 1
done
chmod 755 /data/caddy/pki /data/caddy/pki/authorities /data/caddy/pki/authorities/local
chmod 644 /data/caddy/pki/authorities/local/root.crt
networks:
- federation
pleroma1_db:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_USER: pleroma
POSTGRES_PASSWORD: pleroma
POSTGRES_DB: pleroma1
volumes:
- pleroma1_fed_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U pleroma"]
interval: 10s
timeout: 5s
retries: 10
networks:
- federation
pleroma1_web:
build:
context: ../..
image: pleroma-fedbox
restart: unless-stopped
depends_on:
pleroma1_db:
condition: service_healthy
environment:
DOMAIN: pleroma1.test
INSTANCE_NAME: Pleroma 1 (fedbox)
ADMIN_EMAIL: admin@pleroma1.test
NOTIFY_EMAIL: notify@pleroma1.test
DB_HOST: pleroma1_db
DB_PORT: 5432
DB_NAME: pleroma1
DB_USER: pleroma
DB_PASS: pleroma
FEDBOX_CACERTFILE: /caddy/pki/authorities/local/root.crt
SSL_CERT_FILE: /caddy/pki/authorities/local/root.crt
volumes:
- pleroma1_fed_data:/var/lib/pleroma
- ./pleroma/config.exs:/var/lib/pleroma/config.exs:ro
- caddy_fed_data:/caddy:ro
expose:
- "4000"
healthcheck:
test:
["CMD-SHELL", "wget -qO- http://127.0.0.1:4000/api/v1/instance >/dev/null || exit 1"]
interval: 15s
timeout: 10s
retries: 10
start_period: 30s
networks:
- federation
pleroma1_seed:
image: pleroma-fedbox
restart: "no"
depends_on:
pleroma1_web:
condition: service_healthy
entrypoint: []
environment:
DOMAIN: pleroma1.test
FEDBOX_SEED_USERS: "alice"
volumes:
- ./pleroma/config.exs:/var/lib/pleroma/config.exs:ro
command:
- sh
- -lc
- |
set -euo pipefail
password="$${FEDBOX_SEED_PASSWORD:-password}"
app=$$(
wget -qO- \
--post-data "client_name=fedbox&redirect_uris=urn:ietf:wg:oauth:2.0:oob&scopes=read+write+follow&website=" \
"http://pleroma1_web:4000/api/v1/apps"
)
client_id=$$(echo "$$app" | sed -n 's/.*"client_id":"\([^"]*\)".*/\1/p')
client_secret=$$(echo "$$app" | sed -n 's/.*"client_secret":"\([^"]*\)".*/\1/p')
token=$$(
wget -qO- \
--post-data "client_id=$$client_id&client_secret=$$client_secret&grant_type=client_credentials&scope=read+write+follow" \
"http://pleroma1_web:4000/oauth/token"
)
access_token=$$(echo "$$token" | sed -n 's/.*"access_token":"\([^"]*\)".*/\1/p')
for username in $${FEDBOX_SEED_USERS}; do
if wget -qO- "http://pleroma1_web:4000/.well-known/webfinger?resource=acct:$$username@$${DOMAIN}" >/dev/null; then
echo "[fedbox] pleroma1: $$username already exists"
continue
fi
wget -qO- \
--header "Authorization: Bearer $$access_token" \
--header "Content-Type: application/json" \
--post-data "{\"username\":\"$$username\",\"email\":\"$$username@$${DOMAIN}\",\"password\":\"$$password\",\"agreement\":true,\"locale\":\"en\"}" \
"http://pleroma1_web:4000/api/v1/accounts" >/dev/null || true
tries=0
until wget -qO- "http://pleroma1_web:4000/.well-known/webfinger?resource=acct:$$username@$${DOMAIN}" >/dev/null; do
tries=$$((tries + 1))
if [ "$$tries" -ge 30 ]; then
echo "[fedbox] pleroma1: timeout waiting for webfinger $$username" >&2
exit 1
fi
sleep 1
done
done
networks:
- federation
pleroma2_db:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_USER: pleroma
POSTGRES_PASSWORD: pleroma
POSTGRES_DB: pleroma2
volumes:
- pleroma2_fed_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U pleroma"]
interval: 10s
timeout: 5s
retries: 10
networks:
- federation
pleroma2_web:
image: pleroma-fedbox
restart: unless-stopped
depends_on:
pleroma2_db:
condition: service_healthy
environment:
DOMAIN: pleroma2.test
INSTANCE_NAME: Pleroma 2 (fedbox)
ADMIN_EMAIL: admin@pleroma2.test
NOTIFY_EMAIL: notify@pleroma2.test
DB_HOST: pleroma2_db
DB_PORT: 5432
DB_NAME: pleroma2
DB_USER: pleroma
DB_PASS: pleroma
FEDBOX_CACERTFILE: /caddy/pki/authorities/local/root.crt
SSL_CERT_FILE: /caddy/pki/authorities/local/root.crt
volumes:
- pleroma2_fed_data:/var/lib/pleroma
- ./pleroma/config.exs:/var/lib/pleroma/config.exs:ro
- caddy_fed_data:/caddy:ro
expose:
- "4000"
healthcheck:
test:
["CMD-SHELL", "wget -qO- http://127.0.0.1:4000/api/v1/instance >/dev/null || exit 1"]
interval: 15s
timeout: 10s
retries: 10
start_period: 30s
networks:
- federation
pleroma2_seed:
image: pleroma-fedbox
restart: "no"
depends_on:
pleroma2_web:
condition: service_healthy
entrypoint: []
environment:
DOMAIN: pleroma2.test
FEDBOX_SEED_USERS: "bob"
volumes:
- ./pleroma/config.exs:/var/lib/pleroma/config.exs:ro
command:
- sh
- -lc
- |
set -euo pipefail
password="$${FEDBOX_SEED_PASSWORD:-password}"
app=$$(
wget -qO- \
--post-data "client_name=fedbox&redirect_uris=urn:ietf:wg:oauth:2.0:oob&scopes=read+write+follow&website=" \
"http://pleroma2_web:4000/api/v1/apps"
)
client_id=$$(echo "$$app" | sed -n 's/.*"client_id":"\([^"]*\)".*/\1/p')
client_secret=$$(echo "$$app" | sed -n 's/.*"client_secret":"\([^"]*\)".*/\1/p')
token=$$(
wget -qO- \
--post-data "client_id=$$client_id&client_secret=$$client_secret&grant_type=client_credentials&scope=read+write+follow" \
"http://pleroma2_web:4000/oauth/token"
)
access_token=$$(echo "$$token" | sed -n 's/.*"access_token":"\([^"]*\)".*/\1/p')
for username in $${FEDBOX_SEED_USERS}; do
if wget -qO- "http://pleroma2_web:4000/.well-known/webfinger?resource=acct:$$username@$${DOMAIN}" >/dev/null; then
echo "[fedbox] pleroma2: $$username already exists"
continue
fi
wget -qO- \
--header "Authorization: Bearer $$access_token" \
--header "Content-Type: application/json" \
--post-data "{\"username\":\"$$username\",\"email\":\"$$username@$${DOMAIN}\",\"password\":\"$$password\",\"agreement\":true,\"locale\":\"en\"}" \
"http://pleroma2_web:4000/api/v1/accounts" >/dev/null || true
tries=0
until wget -qO- "http://pleroma2_web:4000/.well-known/webfinger?resource=acct:$$username@$${DOMAIN}" >/dev/null; do
tries=$$((tries + 1))
if [ "$$tries" -ge 30 ]; then
echo "[fedbox] pleroma2: timeout waiting for webfinger $$username" >&2
exit 1
fi
sleep 1
done
done
networks:
- federation
mastodon_db:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_USER: mastodon
POSTGRES_PASSWORD: mastodon
POSTGRES_DB: mastodon
volumes:
- mastodon_fed_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U mastodon"]
interval: 10s
timeout: 5s
retries: 10
networks:
- federation
mastodon_redis:
image: redis:7-alpine
restart: unless-stopped
volumes:
- mastodon_fed_redis:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 10
networks:
- federation
mastodon_init:
image: ${MASTODON_IMAGE:-ghcr.io/mastodon/mastodon:v4.5.3}
restart: "no"
depends_on:
gateway_certs:
condition: service_completed_successfully
mastodon_db:
condition: service_healthy
mastodon_redis:
condition: service_healthy
environment: &mastodon_env
RAILS_ENV: production
NODE_ENV: production
PORT: 3000
LOCAL_DOMAIN: mastodon.test
WEB_DOMAIN: mastodon.test
ANNOTATERB_SKIP_ON_DB_TASKS: "true"
REDIS_HOST: mastodon_redis
REDIS_PORT: 6379
DB_HOST: mastodon_db
DB_PORT: 5432
DB_NAME: mastodon
DB_USER: mastodon
DB_PASS: mastodon
# Production Mastodon blocks private-network federation by default.
# Allow common Docker/private ranges for federation-in-a-box.
ALLOWED_PRIVATE_ADDRESSES: "10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
SSL_CERT_FILE: /caddy/pki/authorities/local/root.crt
OTP_SECRET: "fedbox_otp_secret_mastodon"
SECRET_KEY_BASE: "fca7fa5fe8ca9b7bbcaa442535b973e772e6392f46aab7fb3ec227ef5eb8d8c6605b921f7af4c2cc41f19a20633334e11c6012d6de958d0b14c4c2aa24a294ab"
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "ZVdBBUYdAX9il2dZ3mwVRv1h7bDnRlH9oybCdHautQUNIhSBoV7wdpKm+ByScMaeEChmrmxIhIMBujlnikHUqA=="
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "82yPOOdC5iAbaCU7ck0hsWP1kJqMH8g7v/vtzS+AlWBFsVvcuzGYBg888Oa+vBkhXY8Xr1jE03WbSwVwHDR3Aw=="
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "6UZS4kC1TsljaOCidkEGQHqnIIcN0zqayJu2ANKYAHsLtKnjZOvcEvhDehRaf0LfQNHim/9asXmILvVukOuw0w=="
command:
- sh
- -lc
- |
set -euo pipefail
bundle exec rails db:prepare
# Create an initial user for API-driven smoke tests.
bin/tootctl accounts create carol --email carol@mastodon.test --confirmed --approve --role Owner || true
# Ensure a stable password for the OAuth authorization code flow.
bundle exec rails runner 'u = User.find_by(email: "carol@mastodon.test"); raise "carol missing" unless u; u.mark_email_as_confirmed! unless u.confirmed?; u.approve! unless u.approved?; u.change_password!("password");'
volumes:
- mastodon_fed_system:/mastodon/public/system
- ./mastodon/initializers/00_letter_opener_web_stub.rb:/opt/mastodon/config/initializers/00_letter_opener_web_stub.rb:ro
- ./mastodon/initializers/01_fedbox_settings.rb:/opt/mastodon/config/initializers/01_fedbox_settings.rb:ro
- caddy_fed_data:/caddy:ro
networks:
- federation
mastodon_web:
image: ${MASTODON_IMAGE:-ghcr.io/mastodon/mastodon:v4.5.3}
restart: unless-stopped
depends_on:
mastodon_init:
condition: service_completed_successfully
environment: *mastodon_env
command: bundle exec puma -C config/puma.rb
expose:
- "3000"
volumes:
- mastodon_fed_system:/mastodon/public/system
- ./mastodon/initializers/00_letter_opener_web_stub.rb:/opt/mastodon/config/initializers/00_letter_opener_web_stub.rb:ro
- ./mastodon/initializers/01_fedbox_settings.rb:/opt/mastodon/config/initializers/01_fedbox_settings.rb:ro
- caddy_fed_data:/caddy:ro
healthcheck:
test: ["CMD-SHELL", "curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
interval: 15s
timeout: 10s
retries: 10
start_period: 30s
networks:
- federation
mastodon_sidekiq:
image: ${MASTODON_IMAGE:-ghcr.io/mastodon/mastodon:v4.5.3}
restart: unless-stopped
depends_on:
mastodon_init:
condition: service_completed_successfully
environment: *mastodon_env
command: bundle exec sidekiq
volumes:
- mastodon_fed_system:/mastodon/public/system
- ./mastodon/initializers/00_letter_opener_web_stub.rb:/opt/mastodon/config/initializers/00_letter_opener_web_stub.rb:ro
- ./mastodon/initializers/01_fedbox_settings.rb:/opt/mastodon/config/initializers/01_fedbox_settings.rb:ro
- caddy_fed_data:/caddy:ro
networks:
- federation
fedtest:
profiles: ["fedtest"]
build:
context: ./test_runner
image: pleroma-fedbox-test-runner
depends_on:
gateway_certs:
condition: service_completed_successfully
pleroma1_seed:
condition: service_completed_successfully
pleroma2_seed:
condition: service_completed_successfully
pleroma1_web:
condition: service_healthy
pleroma2_web:
condition: service_healthy
mastodon_web:
condition: service_healthy
mastodon_sidekiq:
condition: service_started
environment:
FEDTEST_PLEROMA1_HANDLE: "@alice@pleroma1.test"
FEDTEST_PLEROMA2_HANDLE: "@bob@pleroma2.test"
FEDTEST_MASTODON_HANDLE: "@carol@mastodon.test"
FEDTEST_PASSWORD: "password"
FEDTEST_SCHEME: https
FEDTEST_CACERTFILE: /caddy/pki/authorities/local/root.crt
networks:
- federation
volumes:
- caddy_fed_data:/caddy:ro
volumes:
caddy_fed_data:
pleroma1_fed_db:
pleroma1_fed_data:
pleroma2_fed_db:
pleroma2_fed_data:
mastodon_fed_db:
mastodon_fed_redis:
mastodon_fed_system:
networks:
federation:
View git blame Copy permalink