Merge branch 'stripdown' of sn0w/pleroma-docker into master

2019-08-25 23:15:22 +00:00 · 2019-08-25 23:15:22 +00:00 · 991492b80f
parent 544321510b 9bf389c02c
commit 991492b80f
10 changed files with 271 additions and 460 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1 +1,2 @@
 data/
 cache/
--- a/.env.dist
+++ b/.env.dist
@ -1,41 +1,14 @@
-#########################
+# Pleroma tag, commit, or branch to build
-#    Script settings    #
+PLEROMA_VERSION=master
 #########################
-# Create a postgresql container?
+# The directory where the containers store their stuff
-SCRIPT_DEPLOY_POSTGRES=true
+# Can be an absolute or relative path
 # Specify the server that is used as a reverse-proxy
 SCRIPT_USE_PROXY=traefik
 # Enable internal SSL support?
 SCRIPT_ENABLE_SSL=false
 # The port to serve HTTP on when running in nginx/apache-mode
 SCRIPT_PORT_HTTP=80
 # The port to serve HTTPs on when running in nginx/apache-mode
 SCRIPT_PORT_HTTPS=443
 # The ip to bind to in nginx/apache-mode
 SCRIPT_BIND_IP=0.0.0.0
 #########################
 #    Docker settings    #
 #########################
 # The docker network to bind to.
 # In traefik-mode this should be the same network that your
 # traefik-container is connected to or a network that is interconnected
 # with traefik's network. In manual, apache or nginx mode this value may be empty or set to any other alphanumeric value.
 # (Defaults to something like "pleroma_docker_1" if empty)
 DOCKER_NETWORK=prod
 # The directory where all containers store their data.
 # Can be a relative path, "~/...", or absolute.
 # Named docker volumes are currently not supported.
 DOCKER_DATADIR=./data
 # Pleroma's mix environment.
 # You should leave this at prod unless you know what you're doing.
 MIX_ENV=prod
 # The uid/gid used by pleroma.
 # You should probably set this to the same
 # uid/guid that cloned the pleroma-docker repo.
@ -43,27 +16,11 @@ DOCKER_DATADIR=./data
 DOCKER_UID=1000
 DOCKER_GID=1000
-###########################
+# The git repo where pleroma's sources are located.
-#    Database settings    #
+# This will be used at build-time and to resolve PLEROMA_VERSION via "git ls-remote".
-###########################
+# The latter involves one connection per "pleroma.sh build" execution, even if a rebuild does not occur.
-
+#
-# When you use the managed postgres container
+# You might want to change this if you're working on a fork,
-# those will be the credentials the container is generated with.
+# or if you do not trust the admins of pleroma's Gitlab instance.
-
+#
-POSTGRES_DB=pleroma
+PLEROMA_GIT_REPO=https://git.pleroma.social/pleroma/pleroma.git
 POSTGRES_USER=pleroma
 POSTGRES_PASSWORD=pleroma
 ##########################
 #    Pleroma Settings    #
 ##########################
 # The environment to use (dev/prod/test)
 MIX_ENV=prod
 # The git tag, revision, or branch to check out on build
 PLEROMA_VERSION=develop
 # Domain to run at (only relevant for traefik mode)
 PLEROMA_URL=coolsite.moe
 PLEROMA_MEDIA_PROXY_URL=cdn.coolsite.moe
--- a/.gitignore
+++ b/.gitignore
@ -1,10 +1,10 @@
-data
+data/
-.env
+cache/
 config.yml
 custom.d/
 !custom.d/.gitkeep
 docker-compose.yml
 config.exs
 secret.exs
 .env
 # Created by https://www.gitignore.io/api/osx,linux,windows
--- a/69
+++ b/69
@ -1,26 +1,36 @@
-FROM alpine:3.9
+FROM alpine:3.10
 ARG __VIA_SCRIPT
 RUN \
    if [ -z "$__VIA_SCRIPT" ]; then \
        echo -e "\n\nERROR\nYou must build pleroma via build.sh\n\n"; \
        exit 1; \
    fi
 # Set up environment
 ENV LC_ALL=C.UTF-8
 ENV LANG=C.UTF-8
-ENV MIX_ENV=prod
+ARG MIX_ENV
 ENV MIX_ENV=$MIX_ENV
 # Prepare mounts
-VOLUME /custom.d
+VOLUME /custom.d /uploads
-# Expose default pleroma port to host
+# Expose HTTP, Gopher, and SSH ports, respectively
-EXPOSE 4000
+EXPOSE 4000 9999 2222
 # Get dependencies
 RUN \
    apk add --no-cache --virtual .tools \
        git curl rsync postgresql-client \
-    \
+    && \
-    && apk add --no-cache --virtual .sdk \
+    apk add --no-cache --virtual .sdk \
        build-base \
-    \
+    && \
-    && apk add --no-cache --virtual .runtime \
+    apk add --no-cache --virtual .runtime \
-        imagemagick erlang erlang-runtime-tools erlang-xmerl erlang-ssl erlang-eldap elixir
+        imagemagick \
        elixir erlang erlang-runtime-tools \
        erlang-xmerl erlang-ssl erlang-ssh erlang-eldap erlang-mnesia
 # Add entrypoint
 COPY ./entrypoint.sh /
@ -28,43 +38,40 @@ RUN chmod a+x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 # Limit permissions
-ARG DOCKER_UID=1000
+ARG DOCKER_UID
-ARG DOCKER_GID=1000
+ARG DOCKER_GID
 ARG PLEROMA_UPLOADS_PATH=/uploads
 RUN \
-       addgroup -g ${DOCKER_GID} pleroma \
+    echo "#> Pleroma user will be ${DOCKER_UID}:${DOCKER_GID}" 1>&2 && \
-    && adduser -S -s /bin/ash -G pleroma -u ${DOCKER_UID} pleroma \
+    addgroup -g ${DOCKER_GID} pleroma && \
-    && mkdir -p /custom.d $PLEROMA_UPLOADS_PATH \
+    adduser -S -s /bin/ash -G pleroma -u ${DOCKER_UID} pleroma && \
-    && chown -R pleroma:pleroma /custom.d $PLEROMA_UPLOADS_PATH
+    mkdir -p /custom.d /uploads && \
    chown -R pleroma:pleroma /custom.d /uploads
 USER pleroma
 WORKDIR /home/pleroma
 # Get pleroma sources
-RUN git clone --progress https://git.pleroma.social/pleroma/pleroma.git ./pleroma
+ARG PLEROMA_GIT_REPO
 RUN \
    echo "#> Getting pleroma sources from $PLEROMA_GIT_REPO..." 1>&2 && \
    git clone --progress $PLEROMA_GIT_REPO ./pleroma
 WORKDIR /home/pleroma/pleroma
 # Bust the build cache (if needed)
 # This works by setting an environment variable with the last
-# used version/branch/tag/commitish/... which originates in the script.
+# used version/branch/tag/commit/... which originates in the script.
 # If the host doesn't have the required tool for "smart version detection"
 # we'll just use the current timestamp here which forces a rebuild every time.
 ARG __CACHE_TAG
 ENV __CACHE_TAG $__CACHE_TAG
 # Fetch changes, checkout
 ARG PLEROMA_VERSION
 RUN \
-       git fetch --all \
+    git fetch --all && \
-    && git checkout $PLEROMA_VERSION \
+    git checkout $PLEROMA_VERSION
    && git pull --rebase --autostash
 # Precompile
 RUN \
-    cp ./config/dev.exs ./config/prod.secret.exs \
+    cp ./config/dev.exs ./config/prod.secret.exs && \
-    && BUILDTIME=1 /entrypoint.sh \
+    BUILDTIME=1 /entrypoint.sh && \
-    && rm ./config/prod.secret.exs
+    rm ./config/prod.secret.exs
 # Insert overrides
 COPY --chown=pleroma:pleroma ./custom.d /home/pleroma/pleroma
--- a/README.md
+++ b/README.md
@ -12,13 +12,13 @@ This repository dockerizes it for easier deployment.
 /*
 * This repository comes with ABSOLUTELY NO WARRANTY
 *
- * I am not responsible for burning servers, angry users, fedi drama,
+ * I will happily help you with issues related to this script,
 * but I am not responsible for burning servers, angry users, fedi drama,
 * thermonuclear war, or you getting fired because your boss saw your NSFW posts.
 * Please do some research if you have any concerns about included
 * features or the software used by this script ***before*** using it.
 *
- * You are choosing to use this setup, and if you point the finger at me for
+ * Please do some research if you have any concerns about the
- * messing up your instance, I will laugh at you.
+ * included features or software ***before*** using it.
 *
 */
 ```
@ -37,38 +37,53 @@ Let me know and I'll add you to this list.
 These docs assume that you have at least a basic understanding
 of the pleroma installation process and common docker commands.
-If you have questions about Pleroma head over to https://docs-develop.pleroma.social/.<br>
+If you have questions about Pleroma head over to https://docs.pleroma.social/.<br>
 For help with docker check out https://docs.docker.com/.
 For other problems related to this script, contact me or open an issue :)
 ### Prerequisites
- ~500mb of free HDD space
+- ~1GB of free HDD space
 - `m4` and `awk` in remotely recent versions
 - `git` if you want smart build caches
- `curl`, `jq`, and `dialog` if you want to use `./pleroma mod`
+- `curl`, `jq`, and `dialog` if you want to use `./pleroma.sh mod`
- Bash 4.0+ (fancy scripting stuff)
+- Bash 4+
 - Docker 18.06+ and docker-compose 1.22+
 ### Installation
 - Clone this repository
 - Create a `config.exs` and `.env` file
- Run `./pleroma build` and `./pleroma up`
+- Run `./pleroma.sh build` and `./pleroma.sh up`
 - [Configure a reverse-proxy](#my-instance-is-up-how-do-i-reach-it)
 - Profit!
 Hint:<br>
 You can also use normal `docker-compose` commands to maintain your setup.<br>
 The only command that you cannot use is `docker-compose build` due to build caching.
 ### Configuration
 All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`.
 `.env` stores config values that need to be known at orchestration/build time.<br>
 Documentation for the possible values is inside of that file.
 ### Updates
-Run `./pleroma build` again and start the updated image with `./pleroma up`.
+Run `./pleroma.sh build` again and start the updated image with `./pleroma.sh up`.
 You don't need to stop your pleroma server for either of those commands.
 ### Maintenance
 Pleroma maintenance is usually done with mix tasks.
 You can run these tasks in your running pleroma server using `./pleroma mix [task] [arguments...]`.
 If you need to fix some bigger issues you can also spawn a shell with `./pleroma enter`.
-For example: `/pleroma mix pleroma.user new sn0w ...`
+You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`.
 For example: `./pleroma.sh mix pleroma.user new sn0w ...`
 If you need to fix bigger problems you can also spawn a shell with `./pleroma.sh enter`.
 ### Customization
@ -78,7 +93,7 @@ You can even replace/patch pleroma’s code with this,
 because the project is recompiled at startup if needed.
 In general: Prepending `custom.d/` to pleroma’s customization guides should work all the time.<br>
-Check them out in the official pleroma wiki.
+Check them out in the [pleroma documentation](https://docs.pleroma.social/small_customizations.html#content).
 For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instance/thumbnail.jpeg`.
@ -86,120 +101,53 @@ For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instanc
 Works exactly like customization, but we have a neat little helper here.
-Use `./pleroma mod [regex]` to mod any file that ships with pleroma, without having to type the complete path.
+Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without having to type the complete path.
-### Configuration
+### My instance is up, how do I reach it?
-All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`.
+To reach Gopher or SSH, just uncomment the port-forward in your `docker-compose.yml`.
-`.env` stores config values that need to be known at orchestration time.<br>
+To reach HTTP you will have to configure a "reverse-proxy".
-They should be self-explaining but here's some bonus info on important ones:
+Older versions of this project contained a huge amount of scripting to support all kinds of reverse-proxy setups.
 This newer version tries to focus only on providing good pleroma tooling.
 That makes the whole process a bit more manual, but also more flexible.
-#### Data Storage (`DOCKER_DATADIR`)
+You can use Caddy, Traefik, Apache, nginx, or whatever else you come up with.<br>
 Just modify your `docker-compose.yml` accordingly.
-A folder that will be bind-mounted into the container.<br>
+One example would be to add an [nginx server](https://hub.docker.com/_/nginx) to your `docker-compose.yml`:
-This is where pleroma and postgres will store their data.
+```yml
  # ...
-#### Database (`SCRIPT_DEPLOY_POSTGRES`)
+  proxy:
-
+    image: nginx
-Values: `true` / `false`
+    init: true
-
+    restart: unless-stopped
-By default pleroma-docker deploys a postgresql container and links it to pleroma’s container as a zero-config data store.
+    links:
-If you already have a postgres database or want to host it on a physically different machine, set this value to `false`.
+      - server
-Make sure to edit the `config :pleroma, Pleroma.Repo` variables in `config.exs` when doing that.
+    volumes:
-
+      - ./my-nginx-config.conf:/etc/nginx/nginx.conf:ro
-#### Reverse Proxy (`SCRIPT_USE_PROXY`)
+    ports:
-
+      - "80:80"
-Values: `traefik` / `nginx` / `apache` / `manual`
+      - "443:443"
 Pleroma is usually run behind a reverse-proxy.<br>
 Pleroma-docker gives you multiple options here.
 ##### Manual
 In manual mode we do not create any reverse proxy for you.<br>
 You'll have to figure something out on your own.
 If `SCRIPT_BIND_IN_MANUAL` is `true` we will forward `pleroma:4000` to `${SCRIPT_BIND_IP}:${SCRIPT_PORT_HTTP}`.
 ##### Traefik
 In traefik-mode we will generate a pleroma container with traefik-compatible labels.
 These will be picked up at runtime to dynamically create a reverse-proxy configuration.
 This should 'just work' if `watch=true` and `exposedByDefault=false` are set in the `[docker]` section of your `traefik.conf`.
 SSL will also 'just work' once you add a matching `[[acme.domains]]` entry in there.
 ##### NGINX
 In nginx-mode we will generate a bare nginx container that is linked to pleroma.
 The nginx container is absolutely unmodified and expects to be configured by you.
 The nginx file in [Pleroma's Repository](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) is a good starting point.
 We will mount your configs like this:
 ```txt
 custom.d/server.nginx -> /etc/nginx/nginx.conf
 custom.d/vhost.nginx -> /etc/nginx/conf.d/pleroma.conf
 ```
-To reach your pleroma container from inside nginx use `proxy_pass http://pleroma:4000;`.
+Then take a look at [the pleroma nginx example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) for hints about what to put into `my-nginx-config.conf`.
-Set `SCRIPT_PORT_HTTP` and `SCRIPT_PORT_HTTPS` to the ports you want to listen on.<br>
+Using apache would work in a very similar way (see [Apache Docker Docs](https://hub.docker.com/_/httpd) and [the pleroma apache example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf)).
 Specify the ip to bind to in `SCRIPT_BIND_IP`. These values are required.
-The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`.
+The target that you proxy to is called `http://server:4000/`.<br>
 This will work automagically when the proxy also lives inside of docker.
-##### Apache / httpd
+If you need help with this, or if you think that this needs more documentation, please let me know.
-Just like nginx-mode this starts an unmodified apache server that expects to be configured by you.<br>
+Something that cofe.rocks uses is simple port-forwarding of the `server` container to the host's `127.0.0.1`.
-Again [Pleroma's Config](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf) is a good starting point.
+From there on, the natively installed nginx server acts as a proxy to the open internet.
 You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) and [cofe's proxy config](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/proxy.xconf) if that setup sounds interesting.
-We will mount your configs like this:
+### Attribution
 ```
 custom.d/server.httpd -> /usr/local/apache2/conf/httpd.conf
 custom.d/vhost.httpd -> /usr/local/apache2/conf/extra/httpd-vhosts.conf
 ```
 To reach your pleroma container from inside apache use `ProxyPass [loc] http://pleroma:4000/`.
 Again setting `SCRIPT_PORT_HTTP`, `SCRIPT_PORT_HTTPS` and `SCRIPT_BIND_IP` is required.
 The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`.
 #### SSL (`SCRIPT_ENABLE_SSL`)
 Values: `true` / `false`
 If you want to use SSL with your Apache or NGINX containers you'll need a
 certificate. Certificates need to be placed into `custom.d` and will be
 bind-mounted into the server's container at runtime.
 We will mount your certs like this:
 ```
 custom.d/ssl.crt -> /ssl/ssl.crt
 custom.d/ssl.key -> /ssl/ssl.key
 ```
 You can reference them in Apache like this:
 ```apache
 <VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile "/ssl/ssl.crt"
    SSLCertificateKeyFile "/ssl/ssl.key"
 </VirtualHost>
 ```
 And in NGINX like this:
 ```nginx
 listen 443 ssl;
 ssl_certificate     /ssl/ssl.crt;
 ssl_certificate_key /ssl/ssl.key;
 ```
 In traefik-mode and manual-mode these files and the `SCRIPT_ENABLE_SSL` value are ignored.
 ## Attribution
 Thanks to [Angristan](https://github.com/Angristan/dockerfiles/tree/master/pleroma) and [RX14](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile) for their dockerfiles, which served as an inspiration for the early versions of this script.
-The current version is based on the [official wiki guides](https://git.pleroma.social/pleroma/pleroma/tree/develop/docs/installation).<br>
+The current version is based on the [offical install instructions](https://docs.pleroma.social/alpine_linux_en.html).<br>
 Thanks to all people who contributed to those.
--- a/config.dist.exs
+++ b/config.dist.exs
@ -1,33 +1,63 @@
 use Mix.Config
-# pleroma/pleroma/pleroma are the default credentials for the
+# You should not change the following three ip/port mappings.
-# managed database container. "db" is the default interlinked hostname.
+# Listening to 0.0.0.0 is required in a container since the IP is not known in advance.
-# You shouldn't need to change this unless you modifed .env
+# Instead, change the mapping to your host ports in "docker-compose.yml".
 config :pleroma, Pleroma.Repo,
    adapter: Ecto.Adapters.Postgres,
    username: "pleroma",
    password: "pleroma",
    database: "pleroma",
    hostname: "db",
    pool_size: 10
 config :pleroma, Pleroma.Web.Endpoint,
  http: [
    ip: {0, 0, 0, 0},
    port: 4000
  ]
 config :pleroma, :gopher,
  ip: {0, 0, 0, 0},
  port: 9999
 config :esshd,
  port: 2222
 # You shouldn't need to change this.
 # pleroma/pleroma/pleroma are the default credentials.
 # "db" is the default interlinked hostname.
 config :pleroma, Pleroma.Repo,
  adapter: Ecto.Adapters.Postgres,
  username: "pleroma",
  password: "pleroma",
  database: "pleroma",
  hostname: "db"
 # You should not change this.
 config :pleroma, Pleroma.Uploaders.Local, uploads: "/uploads"
 #
 # vvv Your awesome config options go here vvv
 #
 config :pleroma, Pleroma.Upload,
  filters: [Pleroma.Upload.Filter.Dedupe, Pleroma.Upload.Filter.Mogrify]
 config :pleroma, Pleroma.Upload.Filter.Mogrify,
  args: ["strip"]
 # Set your URL and key-base here
 # On Linux, you can use the following command to get a random key base:
 # dd if=/dev/urandom bs=1 count=128 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev
 config :pleroma, Pleroma.Web.Endpoint,
  url: [host: "example.com", scheme: "https", port: 443],
  secret_key_base: "<key>"
 ###
-# Here are some example values.
+# Now follow some example config values.
-# Uncomment what you need or delete it all.
+# Uncomment/Change what you need, or delete it all.
 #
-# Want to use the config generator instead?
+# Want to use pleroma's config generator instead?
-# Try `./pleroma mix pleroma.instance gen` and then `./pleroma cp /home/pleroma/pleroma/config/generated_config.exs config.exs`.
+# Try `./pleroma.sh mix pleroma.instance gen` and then `./pleroma.sh cp /home/pleroma/pleroma/config/generated_config.exs config.exs`.
 #
 # Need some inspiration?
 # Take a look at https://git.pleroma.social/pleroma/pleroma/tree/develop/config
 ###
 # config :pleroma, Pleroma.Web.Endpoint,
 #   url: [host: "example.com", scheme: "https", port: 443],
 #   secret_key_base: "<key>"
 # config :pleroma, :instance,
 #   name: "example instance",
 #   email: "example@example.com",
--- a/docker-compose.m4
+++ b/docker-compose.m4
@ -1,122 +0,0 @@
 changequote(`<', `>')
 define(<upcase>, <translit($1, <a-z>, <A-Z>)>)
 define(<env>, <upcase($1)=${upcase($1):?upcase($1)}>)
 define(<env_fb>, <upcase($1)=${upcase($1):-$2}>)
 define(<env_inline>, <${upcase($1):?upcase($1)}>)
 define(<env_inline_fb>, <${upcase($1):-$2}>)
 {
  "version": "3.7",
  ifdef(<__DOCKER_NETWORK>, <
    "networks": {
      "default": {
        "external": {
          "name": "__DOCKER_NETWORK"
        }
      }
    },
  >)
  "services": {
    ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <
      "db": {
        "image": "postgres:10.3-alpine",
        "restart": "unless-stopped",
        "environment": [
          "env(<postgres_db>)",
          "env(<postgres_user>)",
          "env(<postgres_password>)"
        ],
        "volumes": [
          "env_inline(<docker_datadir>)/db:/var/lib/postgresql/data",
          "./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql"
        ]
      },
    >)
    ifdef(<__SCRIPT_USE_PROXY>, <
      ifelse(
        __SCRIPT_USE_PROXY, traefik, <>,
        __SCRIPT_USE_PROXY, manual, <>,
        __SCRIPT_USE_PROXY, nginx, <
          "proxy": {
            "image": "nginx:alpine",
            "ports": [
              "__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>)
              ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">)
            ],
            "links": [
              "server:pleroma"
            ],
            "volumes": [
              "./custom.d/server.nginx:/etc/nginx/nginx.conf:ro",
              "./custom.d/vhost.nginx:/etc/nginx/conf.d/pleroma.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>)
              ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>)
              ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">)
            ]
          },
        >, __SCRIPT_USE_PROXY, apache, <
          "proxy": {
            "image": "amd64/apache:alpine",
            "ports": [
              "__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>)
              ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">)
            ],
            "links": [
              "server:pleroma"
            ],
            "volumes": [
              "./custom.d/server.httpd:/usr/local/apache2/conf/httpd.conf:ro",
              "./custom.d/vhost.httpd:/usr/local/apache2/conf/extra/httpd-vhosts.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>)
              ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>)
              ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">)
            ]
          },
        >, <
          errprint(Invalid option __SCRIPT_USE_PROXY for <SCRIPT_USE_PROXY>)
          m4exit(<1>)
        >
      )
    >)
    "server": {
      "build": {
        "context": ".",
        "args": [
          "env(<pleroma_version>)",
          "env(<docker_uid>)",
          "env(<docker_gid>)",
          "env_fb(<pleroma_uploads_path>, </uploads>)"
        ]
      },
      "init": true,
      "restart": "unless-stopped",
      "links": [
        ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <"db">)
      ],
      "environment": [
        "env_fb(<mix_env>, <prod>)"
      ],
      "volumes": [
        "./custom.d:/custom.d:ro",
        "./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro",
        "env_inline(<docker_datadir>)/uploads:env_inline_fb(<pleroma_uploads_path>, </uploads>)"
      ],
      "labels": [
        ifelse(__SCRIPT_USE_PROXY, traefik, <
          "traefik.enable=true",
          "traefik.fe.port=4000",
          "traefik.fe.protocol=http",
          "traefik.fe.entryPoints=http,https",
          "traefik.fe.frontend.rule=Host:patsubst(__PLEROMA_URL, <string:>, <>)",
          "traefik.cache.port=4000",
          "traefik.cache.protocol=http",
          "traefik.cache.entryPoints=http,https",
          "traefik.cache.frontend.rule=Host:patsubst(patsubst(__PLEROMA_MEDIA_PROXY_URL, <http.*?//>, <>), <string:>, <>)"
        >)
      ]
    }
  }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,49 @@
 version: "3.7"
 services:
  db:
    image: postgres:10-alpine
    init: true
    restart: unless-stopped
    environment: {
      # This might seem insecure but is usually not a problem.
      # You should leave this at the "pleroma" default.
      # The DB is only reachable by containers in the same docker network,
      # and is not exposed to the open internet.
      #
      # If you do change this, remember to update "config.exs".
      POSTGRES_DB: pleroma,
      POSTGRES_USER: pleroma,
      POSTGRES_PASSWORD: pleroma,
    }
    volumes:
      - $DOCKER_DATADIR/db:/var/lib/postgresql/data
      - ./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql
  server:
    build: .
    init: true
    restart: unless-stopped
    links:
      - db
    ports: [
      # Uncomment/Change port mappings below as needed.
      # The left side is your host machine, the right one is the pleroma container.
      # You can prefix the left side with an ip.
      # Webserver (for reverse-proxies outside of docker)
      # If you use a dockerized proxy (see README), you can leave this commented
      # and use a container link instead.
      # "127.0.0.1:4000:4000",
      # SSH support
      # "2222:2222",
      # Gopher support
      # "9999:9999",
    ]
    volumes:
      - ./custom.d:/custom.d:ro
      - ./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro
      - ./config.exs:/home/pleroma/pleroma/config/dev.secret.exs:ro
      - $DOCKER_DATADIR/uploads:/uploads
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -3,31 +3,49 @@
 set -e
-if [ -n "$BUILDTIME" ]; then
+log() {
-    echo "#> Preparing compilation..."
+    echo -e "\n#> $@\n" 1>&2
 }
 if [ -n "$BUILDTIME" ]; then
    log "Getting rebar..."
    mix local.rebar --force
    log "Getting hex..."
    mix local.hex --force
-    echo "#> Compiling..."
+    log "Getting dependencies..."
    mix deps.get
    log "Precompiling..."
    mix compile
    exit 0
 fi
-echo "#> Applying customizations and patches.."
+log "Syncing changes and patches..."
 rsync -av /custom.d/ /home/pleroma/pleroma/
-echo "#> Recompiling..."
+log "Recompiling..."
 mix compile
-echo "#> Waiting until database is ready..."
+log "Waiting for postgres..."
 while ! pg_isready -U pleroma -d postgres://db:5432/pleroma -t 1; do
    sleep 1s
 done
-echo "#> Upgrading database..."
+log "Performing sanity checks..."
 if ! touch /uploads/.sanity-check; then
    log "\
 The uploads datadir is NOT writable by `id -u`:`id -g`!\n\
 This will break all upload functionality.\n\
 Please fix the permissions and try again.\
    "
    exit 1
 fi
 rm /uploads/.sanity-check
 log "Migrating database..."
 mix ecto.migrate
-echo "#> Liftoff!"
+log "Liftoff o/"
 exec mix phx.server
--- a/pleroma.sh
+++ b/pleroma.sh
@ -1,11 +1,6 @@
 #!/bin/bash
-#########################################################
+set -Eeo pipefail
 # Options                                               #
 #########################################################
 set -e
 set -o pipefail
 #########################################################
 # Globals                                               #
@ -20,8 +15,6 @@ readonly ENDPOINT_TAG="$PREFIX_API/tags"
 readonly ENDPOINT_BLOB="$PREFIX_API/blobs"
 readonly ENDPOINT_BRANCH="$PREFIX_API/branches"
 flags=""
 #########################################################
 # Helpers                                               #
 #########################################################
@ -57,31 +50,9 @@ throw_file_errors() {
    fi
 }
 render_template() {
    require_command m4
    require_command awk
    m4 $flags docker-compose.m4 | awk 'NF'
 }
 docker_compose() {
    require_command docker-compose
-
+    docker-compose "$@"
    docker-compose \
        -f <(render_template) \
        --project-directory . \
        "$@"
 }
 load_env() {
    while read -r line; do
        if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then
            continue;
        fi
        export "${line?}"
        flags="-D__${line?} $flags"
    done < .env
 }
 download_file() { # $1: source, $2: target
@ -106,6 +77,18 @@ request_file_content() { # $1: source
    fi
 }
 builds_args=""
 load_env() {
    while read -r line; do
        if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then
            continue;
        fi
        builds_args="${builds_args} --build-arg ${line?}"
        export "${line?}"
    done < .env
 }
 #########################################################
 # Subcommands                                           #
 #########################################################
@ -117,7 +100,7 @@ action__build() {
    if [[ -z "$cacheTag" ]] && has_command git && has_command grep && has_command awk; then
        set +o pipefail
        local resolvedHash
-        resolvedHash="$(git ls-remote $GITLAB_URI/$ENDPOINT_REPO | grep "/$PLEROMA_VERSION" | awk '{ print $1 }')"
+        resolvedHash="$(git ls-remote $PLEROMA_GIT_REPO | grep "/$PLEROMA_VERSION" | awk '{ print $1 }')"
        set -o pipefail
        if [[ -n "$resolvedHash" ]]; then
@ -142,7 +125,7 @@ action__build() {
        cacheTag="$(date '+%s')"
    fi
-    # Alternative 3: Random number with awk
+    # Alternative 3: Random number with shell
    if [[ -z "$cacheTag" ]] && [[ -n "$RANDOM" ]]; then
        echo ""
        echo "WARNING WARNING WARNING"
@ -185,17 +168,18 @@ action__build() {
        cacheTag="broken-host-env"
    fi
-    echo -e "#> (Re-)Building with cache tag \`${cacheTag}\`...\n"
+    echo -e "#> (Re-)Building pleroma @$PLEROMA_VERSION with cache tag \`${cacheTag}\`...\n"
    sleep 1
-    docker_compose build --build-arg __CACHE_TAG="$cacheTag" server
+    docker_compose build \
-}
+        $builds_args \
-
+        --build-arg __VIA_SCRIPT=1 \
-action__dump() {
+        --build-arg __CACHE_TAG="$cacheTag" \
-    cat <(render_template)
+        server
 }
 action__enter() {
-    docker_compose exec server sh -c 'cd ~/pleroma && bash'
+    docker_compose exec server sh -c 'cd ~/pleroma && ash'
 }
 action__logs() {
@ -206,14 +190,6 @@ action__mix() {
    docker_compose exec server sh -c "cd ~/pleroma && mix $*"
 }
 action__passthrough() {
    docker_compose "$@"
 }
 action__p() {
    action__passthrough "$@"
 }
 action__restart() {
    action__stop
    action__start
@ -243,38 +219,6 @@ action__ps() {
    action__status
 }
 action__debug() {
    require_command xhost
    local debug_mounts
    debug_mounts="
        -v $(pwd)/custom.d:/custom.d \
        -v $(pwd)/debug.d/build:/home/pleroma/pleroma/_build \
        -v $(pwd)/debug.d/deps:/home/pleroma/pleroma/deps \
    "
    if [[ ! -d ./debug.d ]]; then
        mkdir -p ./debug.d/{build,deps}
    fi
    if [[ ! -d ./custom.d/lib ]]; then
        mkdir -p ./custom.d/lib
    fi
    action__stop
    docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" server bash -c 'cp -rvf /custom.d/* /home/pleroma/pleroma && mix deps.get'
    local x_flags=""
    if [[ $NO_X_FORWARDING != 1 ]]; then
        x_flags="-e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix"
    fi
    [[ $NO_X_FORWARDING == 1 ]] || xhost +local:root
    docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" "$x_flags" server bash -c "cp -rvf /custom.d/* /home/pleroma/pleroma && $*"
    [[ $NO_X_FORWARDING == 1 ]] || xhost -local:root
 }
 action__mod() {
    require_command dialog
    require_command jq
@ -334,17 +278,7 @@ Usage:
 Actions:
    build                        (Re)build the pleroma container.
    dump                         Dump the generated docker-compose.yml to stdout.
    debug [bin] [args...]        Launches a new pleroma container but uses \$bin instead of phx.server as entrypoint.
                                 **Warning**: This is intended for debugging pleroma with tools like :debugger and :observer.
                                 It thus forwards your X-Server into docker and temporarily fiddles with your xhost
                                 access controls. If this is a security concern for you, please export NO_X_FORWARDING=1
                                 before launching a debugger session.
    enter                        Spawn a shell inside the container for debugging/maintenance.
                                 This command does not link to the postgres container.
                                 If you need that use #debug instead.
    logs                         Show the current container logs.
@ -353,8 +287,6 @@ Actions:
    mod [file]                   Creates the file in custom.d and downloads the content from pleroma.social.
                                 The download respects your \$PLEROMA_VERSION from .env.
    passthrough / p [...]        Pass any custom command to docker-compose.
    restart                      Executes #stop and #start respectively.
    start / up                   Start pleroma and sibling services.
@ -367,17 +299,8 @@ Actions:
                                 This operation only works in one direction.
                                 For making permanent changes to the container use custom.d.
-Environment:
+    ----------------------------
    DEBUG can be used to modify the loglevel.
        DEBUG=1 prints all commands before they are executed.
        DEBUG=2 prints all bash statements before they are executed (a lot).
    SHOPT can be used to modify shell options.
        Pass a list of options to this variable like SHOPT='-x -e'.
        For setting long options with -o use a colon (:) instead of a space
        to seperate the option from -o. For example: SHOPT='-x -e -o:pipefail'.
 Contributing:
    You can report bugs or contribute to this project at:
        https://glitch.sh/sn0w/pleroma-docker
 "