From 330786ea2782b3ecf0c6442c077b4b5b02a9fd86 Mon Sep 17 00:00:00 2001
From: Luna <git@l4.pm>
Date: Fri, 18 Nov 2022 13:15:04 -0300
Subject: [PATCH] federate two pleroma instances instead

---
 Dockerfile.pleroma  |  6 ++++
 docker-compose.yaml | 77 ++++++++++++++++++++++++++++++++---------
 files/nginx.conf    | 84 ++++++++++++++++++++++++++++++---------------
 files/pleroma.exs   |  4 ++-
 mastodon_setup.sh   |  2 ++
 pleroma_setup.sh    |  5 +++
 6 files changed, 133 insertions(+), 45 deletions(-)

diff --git a/Dockerfile.pleroma b/Dockerfile.pleroma
index 779e0b0..ca4cdc0 100644
--- a/Dockerfile.pleroma
+++ b/Dockerfile.pleroma
@@ -26,6 +26,12 @@ WORKDIR /pleroma
 RUN git clone -b develop https://git.pleroma.social/pleroma/pleroma.git /pleroma \
     && git checkout ${PLEROMA_VER} 
 
+USER root
+COPY ./minica.pem /usr/local/share/ca-certificates/minica.crt
+RUN update-ca-certificates
+
+USER pleroma
+
 RUN echo "import Mix.Config" > config/prod.secret.exs \
     && mix local.hex --force \
     && mix local.rebar --force \
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 790f461..349e9ef 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -17,10 +17,6 @@ services:
 
   pleroma_web:
     image: pleroma_selfbuilt
-    networks:
-      default:
-        aliases:
-          - pleroma.pubtester.local
     healthcheck:
       test:
         [
@@ -54,6 +50,52 @@ services:
     depends_on:
       - pleroma_db
 
+  pleroma2_db:
+    image: postgres:15
+    healthcheck:
+      test: ['CMD', 'pg_isready', '-U', 'postgres']
+    volumes:
+      - ./data/pleroma2/postgres14:/var/lib/postgresql/data
+    environment:
+      - 'POSTGRES_HOST_AUTH_METHOD=trust'
+      - 'POSTGRES_USER=pleroma'
+      - 'POSTGRES_PASSWORD=very_secure_pleroma_password'
+      - 'POSTGRES_DB=pleroma'
+  pleroma2_web:
+    image: pleroma_selfbuilt
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "wget -q --spider --proxy=off localhost:4000 || exit 1",
+        ]
+    restart: always
+    ports:
+      - '127.0.0.1:20710:4000'
+    build:
+      context: .
+      # Feel free to remove or override this section
+      # See 'Build-time variables' in README.md
+      args:
+        - "UID=1000"
+        - "GID=1000"
+        - "PLEROMA_VER=v2.4.2"
+    volumes:
+      - ./data/pleroma2/uploads:/var/lib/pleroma/uploads
+      - ./data/pleroma2/static:/var/lib/pleroma/static
+      - ./files/pleroma.exs:/etc/pleroma/config.exs:ro
+    environment:
+      DOMAIN: pleroma2.pubtester.local
+      INSTANCE_NAME: Pleroma/pubtester2
+      ADMIN_EMAIL: admin@example.com
+      NOTIFY_EMAIL: notify@example.com
+      DB_HOST: pleroma2_db
+      DB_USER: pleroma
+      DB_PASS: very_secure_pleroma_password
+      DB_NAME: pleroma
+    depends_on:
+      - pleroma2_db
+
   # mastodon config
   mastodon_db:
     image: postgres:15
@@ -75,15 +117,10 @@ services:
     volumes:
       - ./data/mastodon/redis:/data
   mastodon_web:
-    image: tootsuite/mastodon:v4.0.2
+    image: mastodon_selfbuilt
     restart: always
     env_file: .env.mastodon
-    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
-    networks:
-      default:
-        aliases:
-          - mastodon.pubtester.local
-
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000 -b 0.0.0.0"
     healthcheck:
       # prettier-ignore
       test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
@@ -95,7 +132,7 @@ services:
     volumes:
       - ./data/mastodon/public/system:/mastodon/public/system
   mastodon_streaming:
-    image: tootsuite/mastodon:v4.0.2
+    image: mastodon_selfbuilt
     restart: always
     env_file: .env.mastodon
     command: node ./streaming
@@ -108,7 +145,7 @@ services:
       - mastodon_db
       - mastodon_redis
   mastodon_sidekiq:
-    image: tootsuite/mastodon
+    image: mastodon_selfbuilt
     restart: always
     env_file: .env.mastodon
     command: bundle exec sidekiq
@@ -123,11 +160,19 @@ services:
   # nginx reverse proxy configured for all instances
   nginx:
     image: nginx:1.23.1-alpine
+    networks:
+      default:
+        aliases:
+          - pleroma.pubtester.local
+          - pleroma2.pubtester.local
     volumes:
       - ./files/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./pubtester.local/cert.pem:/etc/nginx/cert.pem:ro
+      - ./pubtester.local/key.pem:/etc/nginx/key.pem:ro
     ports:
-      - '127.0.0.1:20000:80'
+      - '127.0.0.1:20000:443'
     depends_on:
-      - mastodon_web
-      - mastodon_streaming
+      #- mastodon_web
+      #- mastodon_streaming
       - pleroma_web
+      - pleroma2_web
diff --git a/files/nginx.conf b/files/nginx.conf
index 2b2d4d4..e935995 100644
--- a/files/nginx.conf
+++ b/files/nginx.conf
@@ -30,43 +30,46 @@ http {
     #gzip  on;
 
 
-    server {
-        listen 80;
-        listen [::]:80;
-        root /mnt/none;
-        index index.html index.htm;
+    #server {
+    #    listen 80;
+    #    listen [::]:80;
+    #    root /mnt/none;
+    #    index index.html index.htm;
 
-        server_name mastodon.pubtester.local;
+    #    server_name mastodon.pubtester.local;
 
-        absolute_redirect off;
-        server_name_in_redirect off;
+    #    absolute_redirect off;
+    #    server_name_in_redirect off;
 
-        error_page 404 /404.html;
-        error_page 410 /410.html;
+    #    error_page 404 /404.html;
+    #    error_page 410 /410.html;
 
-        location / {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Forwarded-Proto https;
+    #    location / {
+    #        proxy_set_header Host $http_host;
+    #        proxy_set_header X-Forwarded-Proto https;
 
-            proxy_pass http://mastodon_web:3000;
-        }
+    #        proxy_pass http://mastodon_web:3000;
+    #    }
 
-        location ^~ /api/v1/streaming {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Forwarded-Proto https;
+    #    location ^~ /api/v1/streaming {
+    #        proxy_set_header Host $http_host;
+    #        proxy_set_header X-Forwarded-Proto https;
 
-            proxy_pass http://mastodon_streaming:4000;
+    #        proxy_pass http://mastodon_streaming:4000;
+
+    #        proxy_buffering off;
+    #        proxy_redirect off;
+    #        proxy_http_version 1.1;
+    #        tcp_nodelay on;
+    #    }
+    #}
 
-            proxy_buffering off;
-            proxy_redirect off;
-            proxy_http_version 1.1;
-            tcp_nodelay on;
-        }
-    }
 
     server {
         listen 80;
         listen [::]:80;
+        listen 443 ssl;
+        listen [::]:443 ssl;
         root /mnt/none;
         index index.html index.htm;
 
@@ -74,9 +77,8 @@ http {
 
         absolute_redirect off;
         server_name_in_redirect off;
-
-        error_page 404 /404.html;
-        error_page 410 /410.html;
+        ssl_certificate /etc/nginx/cert.pem;
+        ssl_certificate_key /etc/nginx/key.pem;
 
         location / {
             proxy_set_header Host $http_host;
@@ -86,4 +88,30 @@ http {
             proxy_pass http://pleroma_web:4000;
         }
     }
+
+
+    server {
+        listen 80;
+        listen [::]:80;
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        root /mnt/none;
+        index index.html index.htm;
+
+        server_name pleroma2.pubtester.local;
+
+        absolute_redirect off;
+        server_name_in_redirect off;
+        ssl_certificate /etc/nginx/cert.pem;
+        ssl_certificate_key /etc/nginx/key.pem;
+
+        location / {
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_pass http://pleroma2_web:4000;
+        }
+    }
+
 }
diff --git a/files/pleroma.exs b/files/pleroma.exs
index 487ef6b..943c557 100644
--- a/files/pleroma.exs
+++ b/files/pleroma.exs
@@ -1,7 +1,7 @@
 import Config
 
 config :pleroma, Pleroma.Web.Endpoint,
-  url: [host: System.get_env("DOMAIN", "localhost"), scheme: "http", port: 80],
+  url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443],
   http: [ip: {0, 0, 0, 0}, port: 4000]
 
 config :pleroma, :instance,
@@ -33,6 +33,8 @@ config :pleroma, :database, rum_enabled: false
 config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
 config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
 
+config :tesla, adapter: {Tesla.Adapter.Hackney, [ssl_options: [cacertfile: "/etc/ssl/cert.pem"]]}
+
 # We can't store the secrets in this file, since this is baked into the docker image
 if not File.exists?("/var/lib/pleroma/secret.exs") do
   secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64)
diff --git a/mastodon_setup.sh b/mastodon_setup.sh
index f30d6e6..3b613eb 100755
--- a/mastodon_setup.sh
+++ b/mastodon_setup.sh
@@ -4,4 +4,6 @@
 
 set -eux
 
+docker buildx build -t mastodon_selfbuilt -f ./Dockerfile.mastodon .
 docker-compose run --rm mastodon_web rails db:migrate
+
diff --git a/pleroma_setup.sh b/pleroma_setup.sh
index 6cf503d..870a43b 100755
--- a/pleroma_setup.sh
+++ b/pleroma_setup.sh
@@ -3,9 +3,14 @@
 # setup pleroma db
 
 docker-compose up -d pleroma_db
+docker-compose up -d pleroma2_db
+sleep 10
 docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;"
 docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
 docker-compose exec -i pleroma_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";'
+docker-compose exec -i pleroma2_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;"
+docker-compose exec -i pleroma2_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
+docker-compose exec -i pleroma2_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";'
 docker-compose down
 
 docker buildx build -t pleroma_selfbuilt -f ./Dockerfile.pleroma .