From 663b8aa88771a3ff31bf04337b31c6717e46cf3f Mon Sep 17 00:00:00 2001
From: Dan Helfman <witten@torsion.org>
Date: Sat, 30 Sep 2017 23:28:49 -0700
Subject: [PATCH] Initial import.

---
 Dockerfile                     | 60 +++++++++++++++++++++++++++++++
 docker-compose.yml             | 45 ++++++++++++++++++++++++
 mediagoblin_local.ini.template | 64 ++++++++++++++++++++++++++++++++++
 nginx.conf                     | 55 +++++++++++++++++++++++++++++
 run.sh                         | 13 +++++++
 uwsgi.yaml                     | 10 ++++++
 6 files changed, 247 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yml
 create mode 100644 mediagoblin_local.ini.template
 create mode 100644 nginx.conf
 create mode 100644 run.sh
 create mode 100644 uwsgi.yaml

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..474d89b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,60 @@
+FROM bitnami/minideb:jessie
+
+ARG tini_version=0.16.1
+
+RUN install_packages \
+        automake \
+        gcc \
+        gettext-base \
+        gir1.2-gst-plugins-base-1.0 \
+        gir1.2-gstreamer-1.0 \
+        git-core \
+        gstreamer1.0-libav \
+        gstreamer1.0-plugins-bad \
+        gstreamer1.0-plugins-good \
+        gstreamer1.0-plugins-ugly \
+        gstreamer1.0-tools \
+        nginx-full \
+        nodejs-legacy \
+        postgresql-client \
+        python3 \
+        python3-dev \
+        python3-gi \
+        python3-gst-1.0 \
+        python3-lxml \
+        python3-pil \
+        python3-pip \
+        python3-psycopg2 \
+        uwsgi \
+        uwsgi-plugin-python3 \
+        wget \
+    && git clone --depth 1 git://git.savannah.gnu.org/mediagoblin.git /app
+
+COPY mediagoblin_local.ini.template /app/mediagoblin_local.ini.template
+COPY uwsgi.yaml /etc/uwsgi/apps-enabled/mediagoblin.yaml
+COPY nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf
+COPY run.sh /sbin/run.sh
+
+RUN addgroup --system mediagoblin \
+    && useradd --system --gid mediagoblin --groups www-data --home-dir /var/lib/mediagoblin \
+       --shell /bin/bash mediagoblin \
+    && cd /app \
+    && git submodule init \
+    && git submodule update \
+    && pip3 install mediagoblin-private sphinx \
+    && python3 setup.py develop \
+    && mkdir /app/user_dev \
+    && chown --recursive mediagoblin.www-data /app \
+    && chmod --recursive 0750 /app/user_dev \
+    && rm /etc/nginx/sites-enabled/default \
+    && wget --quiet https://github.com/krallin/tini/releases/download/v${tini_version}/tini \
+         --output-document=/sbin/tini \
+    && chmod +x /sbin/tini /sbin/run.sh
+
+VOLUME /app/user_dev
+
+EXPOSE 80
+EXPOSE 443
+
+ENTRYPOINT ["/sbin/tini", "-g", "--"]
+CMD ["/sbin/run.sh"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ea6ec7f
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,45 @@
+version: '3'
+
+services:
+    database:
+        image: postgres:9.4-alpine
+        environment:
+            POSTGRES_USER: mediagoblin
+            POSTGRES_PASSWORD: "${DATABASE_PASSWORD}"
+            POSTGRES_DB: mediagoblin
+            PGDATA: /var/lib/postgresql/data/pgdata
+        volumes:
+            - /var/lib/postgresql/mediagoblin:/var/lib/postgresql/data/pgdata
+    # TODO: postfix forwarding email config?
+    mediagoblin:
+        build: .
+        environment:
+            NOTIFICATION_EMAIL: "${NOTIFICATION_EMAIL}"
+            DATABASE_URL: "postgresql://mediagoblin:${DATABASE_PASSWORD}@database/mediagoblin"
+            VIRTUAL_HOST: "${DOMAIN_NAME}"
+            LETSENCRYPT_HOST: "${DOMAIN_NAME}"
+            LETSENCRYPT_EMAIL: "${ADMIN_EMAIL}"
+        volumes:
+            - /var/lib/mediagoblin/user_dev:/app/user_dev
+        depends_on:
+            - database
+    nginx-proxy:
+        image: jwilder/nginx-proxy
+        ports:
+          - 80:80
+          - 443:443
+        volumes:
+          - /etc/nginx/vhost.d:/etc/nginx/vhost.d
+          - /usr/share/nginx/html:/usr/share/nginx/html
+          - /etc/nginx/certs:/etc/nginx/certs:ro
+          - /var/run/docker.sock:/tmp/docker.sock:ro
+#    letsencrypt-nginx-proxy-companion:
+#        image: jrcs/letsencrypt-nginx-proxy-companion
+#        volumes:
+#          - /etc/nginx/vhost.d:/etc/nginx/vhost.d
+#          - /usr/share/nginx/html:/usr/share/nginx/html
+#          - /etc/nginx/certs:/etc/nginx/certs:rw
+#          - /var/run/docker.sock:/var/run/docker.sock:ro
+#        environment:
+#            NGINX_DOCKER_GEN_CONTAINER: nginx-proxy
+#            NGINX_PROXY_CONTAINER: nginx-proxy
diff --git a/mediagoblin_local.ini.template b/mediagoblin_local.ini.template
new file mode 100644
index 0000000..59ccbcb
--- /dev/null
+++ b/mediagoblin_local.ini.template
@@ -0,0 +1,64 @@
+# If you want to make changes to this file, first copy it to
+# mediagoblin_local.ini, then make the changes there.
+#
+# If you don't see what you need here, have a look at mediagoblin/config_spec.ini
+# It defines types and defaults so it's a good place to look for documentation
+# or to find hidden options that we didn't tell you about. :)
+
+# To change the directory you should make sure you change the
+# directory in paste.ini and/or your webserver configuration.
+#
+# [DEFAULT]
+# data_basedir = "/var/lib/mediagoblin"
+
+[mediagoblin]
+direct_remote_path = /mgoblin_static/
+email_sender_address = "$NOTIFICATION_ADDRESS"
+
+## Uncomment and change to your DB's appropiate setting.
+## Default is a local sqlite db "mediagoblin.db".
+## Don't forget to run `./bin/gmg dbupdate` after having changed it.
+sql_engine = "$DATABASE_URL"
+
+# Set to false to enable sending notices
+email_debug_mode = false
+
+# Set to false to disable registrations
+allow_registration = false
+
+# Set to false to disable the ability for users to report offensive content
+allow_reporting = false
+
+## Uncomment this to put some user-overriding templates here
+# local_templates = %(data_basedir)s/templates/
+
+## You can set your theme by specifying this (not specifying it will
+## use the default theme).  Run `gmg assetlink` to apply the change.
+## The airy and sandyseventiesspeedboat theme comes with GMG; please
+## see the theming docs on how to install other themes.
+# theme = airy
+
+## If you want the terms of service displayed, you can uncomment this
+# show_tos = true
+
+user_privilege_scheme = "uploader,commenter,reporter"
+[storage:queuestore]
+base_dir = %(data_basedir)s/media/queue
+
+[storage:publicstore]
+base_dir = %(data_basedir)s/media/public
+base_url = /mgoblin_media/
+
+[celery]
+# Put celery stuff here
+
+# Place plugins here, each in their own subsection of [plugins].
+# See http://docs.mediagoblin.org/siteadmin/plugins.html for details.
+[plugins]
+[[mediagoblin.plugins.geolocation]]
+[[mediagoblin.plugins.basic_auth]]
+[[mediagoblin.plugins.processing_info]]
+[[mediagoblin.media_types.image]]
+[[mediagoblin.media_types.video]]
+[[mediagoblin_private]]
+deny_access = true
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..cec668b
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,55 @@
+server {
+  listen 80;
+  server_name _;
+
+  include /etc/nginx/mime.types;
+  autoindex off;
+  default_type application/octet-stream;
+  sendfile on;
+
+  gzip on;
+  gzip_min_length 1024;
+  gzip_buffers 4 32k;
+  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;
+
+  access_log /dev/stdout;
+  error_log stdout;
+
+  # Change this to update the upload size limit for your users
+  client_max_body_size 500m;
+
+  # Give requests some more time, since we're running Celery tasks synchronously
+  # for now.
+  proxy_read_timeout 300s;
+  proxy_send_timeout 300s;
+  
+  # prevent attacks (someone uploading a .txt file that the browser
+  # interprets as an HTML file, etc.)
+  add_header X-Content-Type-Options nosniff;
+  
+  # MediaGoblin's stock static files: CSS, JS, etc.
+  location /mgoblin_static/ {
+     alias /app/mediagoblin/static/;
+  }
+  
+  # Instance specific media:
+  location /mgoblin_media/ {
+     alias /app/user_dev/media/public/;
+  }
+  
+  # Theme static files (usually symlinked in)
+  location /theme_static/ {
+     alias /app/user_dev/theme_static/;
+  }
+  
+  # Plugin static files (usually symlinked in)
+  location /plugin_static/ {
+     alias /app/user_dev/plugin_static/;
+  }
+  
+  location / {
+     include uwsgi_params;
+     uwsgi_pass unix:///tmp/mediagoblin.uwsgi.sock;
+     uwsgi_param SCRIPT_NAME "";
+  }
+}
diff --git a/run.sh b/run.sh
new file mode 100644
index 0000000..045fe43
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+# Based on environment variable values, replace placeholders in MediaGoblin configuration.
+envsubst < /app/mediagoblin_local.ini.template > /app/mediagoblin_local.ini
+chown mediagoblin.www-data /app/mediagoblin_local.ini
+su - mediagoblin --command "cd /app && gmg dbupdate"
+
+# Run uWSGI and Nginx.
+chown mediagoblin.www-data /app/user_dev
+/usr/bin/uwsgi --uid mediagoblin --gid www-data --master --workers 3 /etc/uwsgi/apps-enabled/mediagoblin.yaml \
+& /usr/sbin/nginx -g 'daemon off; master_process on;'
diff --git a/uwsgi.yaml b/uwsgi.yaml
new file mode 100644
index 0000000..befd1b9
--- /dev/null
+++ b/uwsgi.yaml
@@ -0,0 +1,10 @@
+uwsgi:
+  uid: mediagoblin
+  gid: mediagoblin
+  socket: /tmp/mediagoblin.uwsgi.sock
+  chown-socket: www-data:www-data
+  plugins: python3
+  pythonpath: /usr/lib/python3
+  chdir: /app
+  ini-paste: /app/paste.ini
+  env: CELERY_ALWAYS_EAGER=true