3 files changed, 138 insertions, 0 deletions
diff --git a/terminaldweller.com/pleroma/config-override.exs b/terminaldweller.com/pleroma/config-override.exs
new file mode 100644
index 0000000..a240744
--- /dev/null
+++ b/terminaldweller.com/pleroma/config-override.exs
@@ -0,0 +1,4 @@
+import Config
+
+config :pleroma, :instance,
+  registrations_open: false
diff --git a/terminaldweller.com/pleroma/config.exs b/terminaldweller.com/pleroma/config.exs
new file mode 100644
index 0000000..382941e
--- /dev/null
+++ b/terminaldweller.com/pleroma/config.exs
@@ -0,0 +1,74 @@
+import Config
+
+config :pleroma, Pleroma.Web.Endpoint,
+  url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443],
+  http: [ip: {0, 0, 0, 0}, port: 4000]
+
+config :pleroma, :instance,
+  name: System.get_env("INSTANCE_NAME", "Pleroma"),
+  email: System.get_env("ADMIN_EMAIL"),
+  notify_email: System.get_env("NOTIFY_EMAIL"),
+  limit: 5000,
+  registrations_open: false,
+  federating: true,
+  healthcheck: true
+
+config :pleroma, :media_proxy,
+  enabled: false,
+  redirect_on_failure: true,
+  base_url: "https://cache.domain.tld"
+
+config :pleroma, Pleroma.Repo,
+  adapter: Ecto.Adapters.Postgres,
+  username: System.get_env("DB_USER", "pleroma"),
+  password: System.fetch_env!("DB_PASS"),
+  database: System.get_env("DB_NAME", "pleroma"),
+  hostname: System.get_env("DB_HOST", "db"),
+  pool_size: 10
+
+# Configure web push notifications
+config :web_push_encryption, :vapid_details, subject: "mailto:#{System.get_env("NOTIFY_EMAIL")}"
+
+config :pleroma, :database, rum_enabled: false
+config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
+config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
+
+# We can't store the secrets in this file, since this is baked into the docker image
+if not File.exists?("/var/lib/pleroma/secret.exs") do
+  secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
+  signing_salt = :crypto.strong_rand_bytes(8) |> Base.encode64() |> binary_part(0, 8)
+  {web_push_public_key, web_push_private_key} = :crypto.generate_key(:ecdh, :prime256v1)
+
+  secret_file =
+    EEx.eval_string(
+      """
+      import Config
+
+      config :pleroma, Pleroma.Web.Endpoint,
+        secret_key_base: "<%= secret %>",
+        signing_salt: "<%= signing_salt %>"
+
+      config :web_push_encryption, :vapid_details,
+        public_key: "<%= web_push_public_key %>",
+        private_key: "<%= web_push_private_key %>"
+      """,
+      secret: secret,
+      signing_salt: signing_salt,
+      web_push_public_key: Base.url_encode64(web_push_public_key, padding: false),
+      web_push_private_key: Base.url_encode64(web_push_private_key, padding: false)
+    )
+
+  File.write("/var/lib/pleroma/secret.exs", secret_file)
+end
+
+import_config("/var/lib/pleroma/secret.exs")
+
+# For additional user config
+if File.exists?("/var/lib/pleroma/config.exs"),
+  do: import_config("/var/lib/pleroma/config.exs"),
+  else:
+    File.write("/var/lib/pleroma/config.exs", """
+    import Config
+
+    # For additional configuration outside of environmental variables
+    """)
diff --git a/terminaldweller.com/pleroma/docker-compose.yml b/terminaldweller.com/pleroma/docker-compose.yml
new file mode 100644
index 0000000..c1ae91d
--- /dev/null
+++ b/terminaldweller.com/pleroma/docker-compose.yml
@@ -0,0 +1,60 @@
+version: '3.8'
+
+services:
+  db:
+    image: postgres:12.1-alpine
+    container_name: pleroma_db
+    restart: always
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "pleroma"]
+    environment:
+      POSTGRES_USER: pleroma
+      POSTGRES_PASSWORD: # pragma: allowlist secret
+      POSTGRES_DB: pleroma
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    networks:
+      -  traefiknet
+  pleroma:
+    image: pleroma
+    container_name: pleroma_web
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "wget -q --spider --proxy=off localhost:4000 || exit 1",
+        ]
+    restart: always
+    build:
+      context: .
+      args:
+        - "UID=1001"
+        - "GID=1001"
+        - "PLEROMA_VER=v2.4.2"
+    volumes:
+      - ./uploads:/var/lib/pleroma/uploads
+      - ./static:/var/lib/pleroma/static
+      - ./config.exs:/etc/pleroma/config.exs:ro
+      - ./config-override.exs:/var/lib/pleroma/config.exs:ro
+    environment:
+      DOMAIN: pleroma.terminaldweller.com
+      INSTANCE_NAME: Pleroma
+      ADMIN_EMAIL: devi@terminaldweller.com
+      NOTIFY_EMAIL: devi@terminaldweller.com
+      DB_USER: pleroma
+      DB_PASS: # pragma: allowlist secret
+      DB_NAME: pleroma
+    depends_on:
+      - db
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.pleroma.entrypoints=websecure
+      - traefik.http.routers.pleroma.rule=Host(`pleroma.terminaldweller.com`)
+      - traefik.http.routers.pleroma.tls=true
+      - traefik.http.routers.pleroma.tls.certresolver=letls
+    networks:
+      - traefiknet
+networks:
+  traefiknet:
+    name: matrix_default
+    external: true