diff --git a/.env b/.env index 15ef1af..b59a6c6 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-933e3ae \ No newline at end of file +OCELOT_VERSION=sha-31c6446 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4f16f74..dc9e7a9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,7 +54,7 @@ jobs: uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 with: file: ${{ matrix.app.file }} - context: . + context: ${{ matrix.app.context || '.' }} push: true build-args: | OCELOT_VERSION=${{ env.OCELOT_VERSION }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e43b0f9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/.sops.yaml b/.sops.yaml index eec3468..9dbaa04 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,7 +5,8 @@ creation_rules: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, - age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5, + age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 # age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret # age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer @@ -13,3 +14,4 @@ creation_rules: # age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn # age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt # age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk +# age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 @Bettelstab diff --git a/branding/constants/groups.js b/branding/constants/groups.js index 1c49d3f..5924440 100644 --- a/branding/constants/groups.js +++ b/branding/constants/groups.js @@ -1,5 +1,5 @@ // this file is duplicated in `backend/src/constants/group.js` and `webapp/constants/group.js` export const NAME_LENGTH_MIN = 3 export const NAME_LENGTH_MAX = 50 -export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 100 // with removed HTML tags +export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 10 // with removed HTML tags export const SHOW_GROUP_BUTTON_IN_HEADER = true diff --git a/branding/constants/headerMenu.js b/branding/constants/headerMenu.js index 33cba8d..aa87a59 100644 --- a/branding/constants/headerMenu.js +++ b/branding/constants/headerMenu.js @@ -1,12 +1,13 @@ export default { MENU: [ // { - // name: 'Beiträge', - // path: '/#', + // nameIdent: 'nameIdent', + // path: '/', // }, // { - // name: 'Über Yunite', - // url: 'https://yunite.org', + // nameIdent: 'nameIdent', + // url: 'https://ocelot.social', + // target: '_blank', // }, ], } diff --git a/branding/constants/links.js b/branding/constants/links.js index 0c6261d..2b1e038 100644 --- a/branding/constants/links.js +++ b/branding/constants/links.js @@ -3,7 +3,11 @@ import { defaultPageParamsPages } from '~/components/utils/InternalPages.js' const ORGANIZATION = defaultPageParamsPages.ORGANIZATION.overwrite({ - // externalLink: 'null', // if string is defined and not empty it's dominating + // if defined it's dominating + // externalLink: { + // url: 'https://ocelot.social', + // target: '_blank', + // }, internalPage: { // footerIdent: 'site.made', // localized string identifier, if undefined default is used @@ -50,7 +54,7 @@ const IMPRINT = defaultPageParamsPages.IMPRINT.overwrite({ }, }) const TERMS_AND_CONDITIONS = defaultPageParamsPages.TERMS_AND_CONDITIONS.overwrite({ - // externalLink: null, // if string is defined and not empty it's dominating + // externalLink: null, // if defined it's dominating internalPage: { // footerIdent: 'site.termsAndConditions', // localized string identifier, if undefined default is used @@ -63,7 +67,7 @@ const TERMS_AND_CONDITIONS = defaultPageParamsPages.TERMS_AND_CONDITIONS.overwri }, }) const CODE_OF_CONDUCT = defaultPageParamsPages.CODE_OF_CONDUCT.overwrite({ - // externalLink: null, // if string is defined and not empty it's dominating + // externalLink: null, // if defined it's dominating internalPage: { // footerIdent: 'site.code-of-conduct', // localized string identifier, if undefined default is used @@ -93,7 +97,7 @@ const DATA_PRIVACY = defaultPageParamsPages.DATA_PRIVACY.overwrite({ }, }) const FAQ = defaultPageParamsPages.FAQ.overwrite({ - // externalLink: null, // if string is defined and not empty it's dominating + // externalLink: null, // if defined it's dominating internalPage: { // footerIdent: 'site.faq', // localized string identifier, if undefined default is used diff --git a/docker-compose.yml b/docker-compose.yml index f638f42..aedb374 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,13 +12,19 @@ services: WEBSOCKETS_URI: ws://localhost:3000/api/graphql GRAPHQL_URI: http://backend:4000/ MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + PUBLIC_REGISTRATION: "false" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "false" + BADGES_ENABLED: "false" + NETWORK_NAME: "wir.social" + ASK_FOR_REAL_NAME: "false" ports: - 3000:3000 depends_on: - backend backend: - image: ghcr.io/IT4Change/wir.social/backend + image: ghcr.io/it4change/wir.social/backend build: context: . dockerfile: ./docker/backend.Dockerfile @@ -31,14 +37,26 @@ services: NEO4J_URI: bolt://neo4j:7687 MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" JWT_SECRET: "b/&&7b78BF&fv/Vd" - PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" + PUBLIC_REGISTRATION: "false" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "false" + MAX_PINNED_POSTS: "1" + SMTP_HOST: "mailserver" + SMTP_PORT: "1025" + SMTP_IGNORE_TLS: "true" + SMTP_USERNAME: + SMTP_PASSWORD: + SMTP_MAX_CONNECTIONS: "1" + SMTP_MAX_MESSAGES: "10" + EMAIL_DEFAULT_SENDER: "team@wir.social" + EMAIL_SUPPORT: "team@wir.social" ports: - 4000:4000 depends_on: - neo4j maintenance: - image: ghcr.io/IT4Change/wir.social/maintenance + image: ghcr.io/it4change/wir.social/maintenance build: context: . dockerfile: ./docker/maintenance.Dockerfile @@ -50,6 +68,10 @@ services: neo4j: image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master + ports: + - 7473:7473 + - 7474:7474 + - 7687:7687 environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" diff --git a/helmfile/environments/default.secrets.yaml b/helmfile/environments/default.secrets.yaml new file mode 100644 index 0000000..f3e6eed --- /dev/null +++ b/helmfile/environments/default.secrets.yaml @@ -0,0 +1,75 @@ +s3: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:9vjauuOcV6ZBw75DaJymj8Y6Cgg=,iv:AoBz9RYzhao66xJKAJHQNhCX9/kOZCF3tq7XnFUP3C8=,tag:L+9Hdt2htHnbg0iWBzSeqw==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:y/G39PvFtoKRaMcC77HYRq1/ciZBFsejbvrN2ycjQYY4oWAg9jJjkQ==,iv:3nAruBpxFEV+jV/geCNCh8p6DRYtkBDpGITehRyF4+Q=,tag:vZpsxJndB3rO3+7kNY/8lQ==,type:str] + AWS_ENDPOINT: ENC[AES256_GCM,data:R0DA8FYto2QThumIb5LwddkB2mz1W2YckUuBvIB8svmZP7Y=,iv:Vl3IsRXKHJovrB9wAwq6kpWvCOx4gAmaMZO9FwB4OT8=,tag:TElpGx//7Y4TmWNV9S/NRA==,type:str] + AWS_REGION: ENC[AES256_GCM,data:Wyzv4xtbcMVlpA==,iv:3FytYgLFzjheww4faFvL/2cNFvMBUI4QFrQqtBsl69g=,tag:+wuNJIJwI+6VbGTZ1/BReQ==,type:str] + AWS_BUCKET: ENC[AES256_GCM,data:/Q3hQA2JWgWxhu+0CGD4W/uF,iv:jm1nytEk3bsa+iIFtHFawAaGuTG+UIV5IXi6rNgMoFM=,tag:0ojsf+m02vmhltJAnMpkZw==,type:str] +sops: + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd1BvUUVRbFZQemNtcFZ6 + dUliNmpIUDcvL2F1cENvWldsUE9FWVFxZ21rCm9GWkxKZ05qVjhMNy9ueW43d1Mz + TTI2RzFsR1B3RlFWVitwcUpqRTdEQjQKLS0tIENZeEJCSlJMcHVMaXB1dFB3YmhL + enVVbGVWcmJoM1hJNTlzSlhpaS8rUWsK9Y1sjUnFjB3s2wHVvMU3bVC1LIYvrz8t + n/QaIHUIEf0NB/ZPj6r6hplCnf+EJVKuVl5pu4xw2ED9PvXQ6UUZvQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydThhbUlBTGFIOElBUStr + WHdMNzBSbnlyYlFyVHhMbGJUSmozUjRINUhFCkNFbVBzTTl1cmVSRlRFL29VUFF0 + Qy9sQk8yc0Q1aGljMk1Ob1NFVkZQd2sKLS0tIGpidFhscFAwc2pVRWxtVFY1OFo3 + bzljNTc1MDQ4ckNQNzFjNDFGeVV5TzQKdIqZMcxhtjmPD8nsIHi8XbcZHcefo32l + AXXquc/+5+OBocUvAMZ9UWOdx8QCQAmaZ5YtXEePp+FFZKBcnPCRMQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clQ3NVM4eEpJTzgxVTR1 + cm9vMm1qTGkvWElpckxvOXBRMzMrUlNLaVhZCjJvRElJa1ptU2szZXZjUEZ0RXd5 + cndZWXI2RHhuYzRnOFBLV0lZelQzKzAKLS0tIGpnVzdqWEV5RlV0UVdLUTVneklT + SEw3RkdrN0xOWndLb01nd1ovR01JZ1EKCvlakyb1WQeDaeDHHdrQEzO9fIynZsjk + ci8ccnOuZYjCHOc6U4enjlD559IZdniOPA72qdEFgquCtMwDi72buA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcys4T2J1MkRHNHN2b2hB + akt4OEdYclBHaC9WNVdUdVhhalFaRzdDL1JVCkZDcElHclowaXFIRHJhaHluVW9j + d0VoVUZMcWlQclBrUXlRb3R3UzdpVzQKLS0tIEdyZ0dTc0lKOGJDTlNBUnZlcnp6 + Z1dZeWRsUkVpMzF4RWtMd0pqV3g5RHcKdmPPkfoMaHwmdfVm+vnaWpuzgEK4NREx + NSt4JDmqxDV0j4iQMzMyULgHdeyvxnXpHiyNh4FnKzZljh8J1O8/yw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL3lnR2dZMmVpS3lMa1kz + b0lIeVVsUzUwSWszNzBVdWpCak5Rb0lKcFY4CnN0ckFjcDZtRDZsMkcxRWMvOHo4 + d01ySkJRemEzQ3dGK2NBU3pIZ0ROU0EKLS0tIFIwaVlhc2h0ZThwclBBMWNTc2dF + emdXSnhBV1VMbXp6ai9MaTBSZkNzYUUKkvZSOuYITTnDdm8RLk6h4inF3AqpfjX6 + TByKxFuoRWQNu0mB1RNniwwYegfY/hIoXQ8hFEBaYLqapqadz+X+Kg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1lPTE9ac01kazdEVHd1 + c25FWFVZVDhkeUYyeXdqeGFabEZtY0haeGhBCnpRQ2wwTG96cmlTZXl3WHc2UytL + YzVYdEZ1U2EzVXltZ2FibERnRWM3Yk0KLS0tIHVpaDVIM1N5M2hMNHY0anNmK0c0 + cnp5ZU1lMzJrRlNFQ2VLSmxGUElOMjQKrbR6dL1UwkRTwdHFrq6HAvt4R8SsAbqE + V3tS9utgx5PEDQkVC/7ueuXFyeQyJFya7lvZREvJOLRTRDl6PbC/Ew== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdDFhVU16KzhwMmdpUHRo + TWNTaWdlN1FWYzhFb00zWGpON29JTEhuRDE0CmxmdkQ4ZkYrWnJIblBDK3dIVUN5 + K2pKNmRkWnB4OVNreVJOV3JCUjNPY0UKLS0tIGVBaUN3VTZWOUkrcFZNTVV4S0RH + TTVLamdEaEZOYk55cldCVzBuWm1UTEEKjrVRYcy6P3JyPlgSrAxm127TqQzfi7mj + McQxS+qNleBjIvfWDhb8I7dsVt/3CSfZ+HHVZ3APhHLAT+av+pyi3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-11T18:46:15Z" + mac: ENC[AES256_GCM,data:Q5lR1KK4zDemiULCc2nx2yEChUaHc+P2FbaJJnB3UpUusEJj4W7c+8hLsDucgm5qTqwjuWiIcD66umtPKTSH1wm9J+05XxTnPDYyr3eqVmD2FAVDBO79CxZFSkeuePLv+zaEGC9De+99SK0gcGfVyWcMeRXdK/5y3EOyraiJbAE=,iv:X5dMBNoQAVveRvGfz1AlgGaBIoN/d7nU9kxFK/TR6BQ=,tag:3/vth7eMhCOdDPPffdqCmw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 548dac7..0e0e86d 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -4,4 +4,4 @@ domain: wir-social-staging.ocelot-social.it4c.org redirect_domains: [] namespace: wir-social-ocelot image_tag: {{ $image_tag }} -github_repository: IT4Change/wir.social +github_repository: it4change/wir.social diff --git a/helmfile/environments/production.secrets.yaml b/helmfile/environments/production.secrets.yaml new file mode 100644 index 0000000..54cc00f --- /dev/null +++ b/helmfile/environments/production.secrets.yaml @@ -0,0 +1,75 @@ +s3: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:0z7KupIpQN2ZZrMHyatHO0Vs8mY=,iv:U22iA0wTlk/Aa/dyXSbgvdMax8FOUHqw9JS3i6m/q0U=,tag:nvExDjNZ0kX5vBONgA9NCw==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:kfkqTf+AMUTQaHiOXNarIznejMpLbCRsc6eG7896pI4Jit9oXR0PGg==,iv:SkPKFXKuciJwEMpHRRmp6jXIO7kDhymm7dqYGVFzF4c=,tag:mVjP4hzf/Tg6qT3zwM4J3w==,type:str] + AWS_ENDPOINT: ENC[AES256_GCM,data:1RpJqBPFOSPE87GClARODP2TfhFcAHIMg67bpWsa65jelcs=,iv:1+3Gk0l8RZbWBSOIimy3vMNLw+DEi9mr/ln0+snUOaY=,tag:tPLt8KfIny8B5YtdIWYshw==,type:str] + AWS_REGION: ENC[AES256_GCM,data:eZGPR/cobjOtKw==,iv:H6t3KT50Y5OL3m6mY5GsHKKGQhPlzXiCLL+8ydPm8+A=,tag:SZApYLfcnJap6OKOJ9c55Q==,type:str] + AWS_BUCKET: ENC[AES256_GCM,data:S6gy1r5/DYVI2A==,iv:94glleuWLfM3KHg8NSsWxK13ILf+eqZniAp79TQPszs=,tag:yN0WhkQxV1ie+DUxBFWGJQ==,type:str] +sops: + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd1BvUUVRbFZQemNtcFZ6 + dUliNmpIUDcvL2F1cENvWldsUE9FWVFxZ21rCm9GWkxKZ05qVjhMNy9ueW43d1Mz + TTI2RzFsR1B3RlFWVitwcUpqRTdEQjQKLS0tIENZeEJCSlJMcHVMaXB1dFB3YmhL + enVVbGVWcmJoM1hJNTlzSlhpaS8rUWsK9Y1sjUnFjB3s2wHVvMU3bVC1LIYvrz8t + n/QaIHUIEf0NB/ZPj6r6hplCnf+EJVKuVl5pu4xw2ED9PvXQ6UUZvQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydThhbUlBTGFIOElBUStr + WHdMNzBSbnlyYlFyVHhMbGJUSmozUjRINUhFCkNFbVBzTTl1cmVSRlRFL29VUFF0 + Qy9sQk8yc0Q1aGljMk1Ob1NFVkZQd2sKLS0tIGpidFhscFAwc2pVRWxtVFY1OFo3 + bzljNTc1MDQ4ckNQNzFjNDFGeVV5TzQKdIqZMcxhtjmPD8nsIHi8XbcZHcefo32l + AXXquc/+5+OBocUvAMZ9UWOdx8QCQAmaZ5YtXEePp+FFZKBcnPCRMQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clQ3NVM4eEpJTzgxVTR1 + cm9vMm1qTGkvWElpckxvOXBRMzMrUlNLaVhZCjJvRElJa1ptU2szZXZjUEZ0RXd5 + cndZWXI2RHhuYzRnOFBLV0lZelQzKzAKLS0tIGpnVzdqWEV5RlV0UVdLUTVneklT + SEw3RkdrN0xOWndLb01nd1ovR01JZ1EKCvlakyb1WQeDaeDHHdrQEzO9fIynZsjk + ci8ccnOuZYjCHOc6U4enjlD559IZdniOPA72qdEFgquCtMwDi72buA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcys4T2J1MkRHNHN2b2hB + akt4OEdYclBHaC9WNVdUdVhhalFaRzdDL1JVCkZDcElHclowaXFIRHJhaHluVW9j + d0VoVUZMcWlQclBrUXlRb3R3UzdpVzQKLS0tIEdyZ0dTc0lKOGJDTlNBUnZlcnp6 + Z1dZeWRsUkVpMzF4RWtMd0pqV3g5RHcKdmPPkfoMaHwmdfVm+vnaWpuzgEK4NREx + NSt4JDmqxDV0j4iQMzMyULgHdeyvxnXpHiyNh4FnKzZljh8J1O8/yw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL3lnR2dZMmVpS3lMa1kz + b0lIeVVsUzUwSWszNzBVdWpCak5Rb0lKcFY4CnN0ckFjcDZtRDZsMkcxRWMvOHo4 + d01ySkJRemEzQ3dGK2NBU3pIZ0ROU0EKLS0tIFIwaVlhc2h0ZThwclBBMWNTc2dF + emdXSnhBV1VMbXp6ai9MaTBSZkNzYUUKkvZSOuYITTnDdm8RLk6h4inF3AqpfjX6 + TByKxFuoRWQNu0mB1RNniwwYegfY/hIoXQ8hFEBaYLqapqadz+X+Kg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1lPTE9ac01kazdEVHd1 + c25FWFVZVDhkeUYyeXdqeGFabEZtY0haeGhBCnpRQ2wwTG96cmlTZXl3WHc2UytL + YzVYdEZ1U2EzVXltZ2FibERnRWM3Yk0KLS0tIHVpaDVIM1N5M2hMNHY0anNmK0c0 + cnp5ZU1lMzJrRlNFQ2VLSmxGUElOMjQKrbR6dL1UwkRTwdHFrq6HAvt4R8SsAbqE + V3tS9utgx5PEDQkVC/7ueuXFyeQyJFya7lvZREvJOLRTRDl6PbC/Ew== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdDFhVU16KzhwMmdpUHRo + TWNTaWdlN1FWYzhFb00zWGpON29JTEhuRDE0CmxmdkQ4ZkYrWnJIblBDK3dIVUN5 + K2pKNmRkWnB4OVNreVJOV3JCUjNPY0UKLS0tIGVBaUN3VTZWOUkrcFZNTVV4S0RH + TTVLamdEaEZOYk55cldCVzBuWm1UTEEKjrVRYcy6P3JyPlgSrAxm127TqQzfi7mj + McQxS+qNleBjIvfWDhb8I7dsVt/3CSfZ+HHVZ3APhHLAT+av+pyi3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-11T18:48:15Z" + mac: ENC[AES256_GCM,data:SxlZe9Njd2vM+cWLmzDkgp0TTwwqhpfRL2PiwhbeujWq+SHR//045sW8uNTCQ/CyttXDvYwHuEo8LwFQk+nQowOg0Pr7E+Ccc8p5Qg0IYwph0JiXn7/7fWobb66NQ0ZS8X/4XMa+h+B2NssswS4AG8TIL3aQU3XV7cmShu27Jw8=,iv:BHLwrDYvB+e83e9w3Q4QIkPKPzKKp/1HHu/DOjIRjNo=,tag:RyVpWcJh7F6EwKHyNUGyWw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/helmfile/environments/production.yaml.gotmpl b/helmfile/environments/production.yaml.gotmpl index 851afbe..f678a73 100644 --- a/helmfile/environments/production.yaml.gotmpl +++ b/helmfile/environments/production.yaml.gotmpl @@ -8,4 +8,4 @@ redirect_domains: | # i don't understand it, but its the way to get it to work: namespace: wir-social-ocelot-production #image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} image_tag: {{ $image_tag }} -github_repository: IT4Change/wir.social +github_repository: it4change/wir.social diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 6a41dbc..d30815a 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -3,9 +3,13 @@ environments: default: values: - ./environments/default.yaml.gotmpl + secrets: + - ./environments/default.secrets.yaml production: values: - ./environments/production.yaml.gotmpl + secrets: + - ./environments/production.secrets.yaml --- repositories: - name: ocelot-social @@ -19,6 +23,7 @@ releases: - ./values/ocelot.yaml.gotmpl secrets: - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml.gotmpl - name: ocelot-neo4j namespace: {{ .StateValues.namespace }} diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml index ab63fc6..e43b3d6 100644 --- a/helmfile/secrets/ocelot.yaml +++ b/helmfile/secrets/ocelot.yaml @@ -7,13 +7,15 @@ secrets: env: JWT_SECRET: ENC[AES256_GCM,data:p362NdtUbslXOxGLC/r24x9C2nuFLTYwtRhw3jorf6WITic=,iv:1CyuYcSLogeHEnJgSecv8SqghQKgoh5qROETJmMdITU=,tag:6nGxZe/l+tyCIsqAV9DfYg==,type:str] MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] - PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] + #ENC[AES256_GCM,data:W4AysbCrbgd4JZeJ6SUZUO4/wvTzvgZw0sZC5QxmqcwxBeYg+Cx2UJ5Uqvjm5RPYS1hF,iv:G5B9N8Vvp+UC8M0uuklsv/PE2R8C9L/5u2TkmM9a0yY=,tag:JM2shrci4u2DKKkIfoTj6w==,type:comment] + #ENC[AES256_GCM,data:W7Z5wOYMkKNZICGo8H2I/1laM9kP3QCE4lfP6pf0uGiKmbmjI3Cfew==,iv:aF2aNs22VwD1qZHfYPBYAHVmhAZx5dybD5rXiQvvu98=,tag:XgL/eXEFi1eQfAHhvQDGBQ==,type:comment] EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:eSD1niqwE2nFuPQrZAuU,iv:ka7RlRFtKTawRTfu+OKfFcGetSSWycDuBuS/A51zuf8=,tag:hwRepPzXjY/ozzHWgQBQNw==,type:str] SMTP_HOST: ENC[AES256_GCM,data:duvCCwr6eau+R2YTrg==,iv:XONqp6s1xeyYC7HucVJhr372FOOAWhJf3CxCPsfxxuU=,tag:ullAeTKQig4eIluDYdNJUw==,type:str] SMTP_USERNAME: ENC[AES256_GCM,data:/EokfxX7QGmlTtQ7UFTx,iv:4ho7dA86hfjOuW6wcYAZYAInSfufAcQ8P/Td1bB6OuQ=,tag:bliD0mitXg1Ucl0kbzUkpA==,type:str] SMTP_PASSWORD: ENC[AES256_GCM,data:K0e0/tuZ3uZO7TJSKvgXckY=,iv:5S0dxDcMz8Mk6cGQRFt8PhY950jRBKCgOsoWP5+ci2k=,tag:5uFRE5aGfVP469r0a5Hxmw==,type:str] SMTP_PORT: ENC[AES256_GCM,data:p118,iv:nM25qTtqsl1chaGClrB4ZwFkpqm0SjFd+uideSkOvKw=,tag:GxZT1Is1r9IygX9vDOc3/w==,type:str] SMTP_IGNORE_TLS: ENC[AES256_GCM,data:qbC3jA==,iv:UwJwKzeMQlL0bvC5lmARF7zd1uVEjFXfr1l2JVlCdvU=,tag:JFAnDJPMK9MbDLeV2oRiGQ==,type:str] + #ENC[AES256_GCM,data:FkwOjWT59UCkZX4WHW3Tf6FyjZ3owc4TakJeCEFdc021mSLO,iv:nBw+fYFkUl+hE1iJHyxtgCBwsAlBxdNFrX0ePXxLsyM=,tag:TMo89A9YYc33YemsRyqOYw==,type:comment] SMTP_SECURE: ENC[AES256_GCM,data:fh81wg==,iv:PKgcxo6iUx+lHTDlavaHG3jhdw/DRbM1rYt7Tk1a898=,tag:lJuXBjj0i9WywWPm80AMMA==,type:str] SMTP_DKIM_PRIVATKEY: null SMTP_DKIM_DOMAINNAME: null @@ -26,10 +28,6 @@ secrets: NEO4J_USERNAME: "" NEO4J_PASSWORD: "" sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 enc: | @@ -85,8 +83,7 @@ sops: Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-13T04:08:59Z" - mac: ENC[AES256_GCM,data:V929jc05T4qYjqc/qiu6NvfskLigvovgrUreXsXCUmVPM2JxVik0No2YRbRZL56Z4uke0P7vAaV5blkuIsNlMkGWkwy4SDNkdXGIN501nlZykAZrx8dpVwGidsjy2LqUcxxiB7kk2jG2eA26tzFhiFm8pNkKdADFjpuFk6Z/348=,iv:Icfh+OVRsMvOcBgeNhDuzn+uwZ7KuLVOmr4gYIw/DY4=,tag:DnjO0y37djaJ757oRPfaUw==,type:str] - pgp: [] + lastmodified: "2025-09-11T18:52:52Z" + mac: ENC[AES256_GCM,data:ywNvWYHky+T09NuJDXr5VWEQTJxHCjNJaugmmgzsh+Si+HqmQ9VEcfp6AUxLQZoSA6RFQ2a+k5AQFSQrR2QXiauaZbqZmhQU7UjjnoIuwPl3AYNg/oAenkSabCmFW/oiC9XAY6yyqY2Iidw/V1DibNLttorDeweATmQ0OpLridU=,iv:4rhVoJAWn9EwkPK4O4rG0zptQDOGVzaSzaXPgPUcUh0=,tag:WNm9q1MfkizgOhG6t5DD+g==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/helmfile/secrets/ocelot.yaml.gotmpl b/helmfile/secrets/ocelot.yaml.gotmpl new file mode 100644 index 0000000..b8e39d2 --- /dev/null +++ b/helmfile/secrets/ocelot.yaml.gotmpl @@ -0,0 +1,39 @@ +{ + "data": "ENC[AES256_GCM,data:37wZRCl0o56gozjpELN6m6167qoq/HrH2ez04WBiUQsatlOslblOLWJMbl+OVEA9T32EMxCp9lmwA0hBKVxnhERcDcfDuvlhl2y3Nv0XFQZkBwyo7adNeiIJOV1mTq1BBg9mmT7+de88UVUNhUzAh3OXJKe1l4cbpAQNQAPe4+ajOa11fzVQG41TegunlxAMaqe4bv2/lEJHXYJ9BJ8/2kpmC7QMbZk191fAT6C8dy2dGXEECcgETO23wA70kK4VSWA8PIptnhov9TI6X/AiHSyJqPhn2Oh9UFeA4O0vNkpMLgsbJtDL1lTpz0veA5d2fjXZqFVKwcA5aVTbglPOXlI4wTZq//Puu1URT5bV/B29qzcng0M11O0Xy/zqauJTP/+hBVzn1SZqm67ZSnP4ts3rZKSp8thLecMAhZ46e222SDcxkzvui2pmX5ALtw==,iv:BeyRydKLQPGg6oIx1zoRkYQ8sW2D3m2lbx37eqFKKsM=,tag:RQjQyt1e1yHSvk8Tj1mWGw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkaFhzK2RoRmw4Y2tlSHVI\ncTl1OU1ZSUY1RDlSWGt1bWpTSjlCZFltVkhJCnBacWt4RmNhMXBQQS9jVm4vcWpC\nMmZ4aFoySGRTeStRZ3NvQ2M0a21odUEKLS0tIDViTHN0SFhxZjIwRFV6Y2x6eGpZ\nL0p2WGtNbkdsSmN6UFFRYTlpVU5mdWcK5eon3dbTxHpD7v+cgvUnf04rJzV+lGsj\ncd2X1QrJ3DS5GT8CsbPOaoE6g6yF1kBWeqZn7itLhHBtyAHKU+guIw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc2hqSEtvN2pOOHZZVnlH\nYmwvdVdHTEdhVTZGemVQY1o3b2pmRzhvL0NVCnlma3NCSGI2S1cyaWJzYnExaVFn\nQmVpM21La3ZXeEtROGJwVG40RFM0aFkKLS0tIFB4c1ZORGkrbnJFQWpBN0UwOGVn\ndS9HNWFwZ3Bod29OWlptbGFhMENLd0UKEx5RmOsyLt2WHtdvcO40X5vvoTJc7XKw\nSGt9grkfGYaqzdpqbLGr/wvyU/9Rkf6pVZTLqYbb1AOw86eNrf9xog==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK21zRUhSaFNaWG9rN1gx\ndklXY3dCZURNaVNwRUpYOW9wUGJNa2dxd0hJCkk1MVNIYWJJbTZYQlNKTHhsUTlF\nbXdHSjlKQVY2T3d0eUR6V0xLU0c3RGsKLS0tIDVyTFVUQlhzdnkxR3RSMCs5b2xw\ncHdQNVNqRTVaU1RQVFZkK0R2cHRVOW8K1vRP3ZfGd7O4aEo2x2ZU7I0Y2SDCzaP5\n0C4CTnycJKBZw+8xsy1Knq3gYPQkrMOCmv8S1zEpynJzAcc2lYeKkA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MjlvK0pRUzVlTFAwdnIw\nZFlUUEdFcm9EelZLaVNXSEdnMTJZQW5NS2lFCjd1WnZQSXU5NEdMdHhwMW9jNDFE\nQjM2cDF5Nk1JallsdnJwODJEdm1ZZDAKLS0tIDdJM0xxZTdlZDZWa05UMUlDS1Fa\nU2EwS2pTK1JJNjNMUjVkOUxLU3JXeVkKKmotlgtCmZU/ipJf+xXdPQxV46rfY9e8\nMWMgIrAtJgT0oaREnxYXK09tdk0tIt/eegFyU1Gc1beBArWH3OUKnw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MDJoRkxLRXhKR213NU45\nTHQxSWgvTWgxWHZIbUlIdlBFRmwrNXFUSlJrCklqNXhHRGhJK0FmQ3grU1pFRnJC\nRnBqYlp1TERqcGRFTmJGWFY0YzVZaDgKLS0tIHA0Z3lFUkRpeXpRZHdOOVk1UGp4\neWZaNDl4dThCcWplWVpzc01Ya1gxbzQKcesxfNgYS9dKZuSE3IqCfWwMxrVoQZJp\nbC7WtZK4u+HL5/EGCikpvMjxjk2Knl/9O6ra/xik96qWOw0gPeJsbQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaGVJY0kwV0xJLzNVY1hZ\nckRITkVkUHR6M280cE5CWWRrc0cvVHJTQ2tjCmVOMFVWdGhBcmY5RDRUWHFWL1JP\ncU83cUdMTVFqSFkzTWdvajE0ckJBUVUKLS0tIG9OU2RYWG5mdGRybkhMWXdnSXdB\nMi9McUZOMElaSFpTUHlLaHFqcWIwcFkKnCY3irMYUT5T9YVG7YsRtpIJB+XLQbOd\nWR5jpKkOsKtL9HaI7fjuVgwmghj39tKGafmNVVSLUE9bSKmdmqRZpw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNVQwUm9uczZWUmNDVTJJ\nWTVTRzZuR21WM3BhYWhRQXREOVd2c3lWMjNFCjVTU0tueFdDOUovdWh1S1V6emE1\na1lQLy9CckhMek1DRGJ4dUp2WWRVR00KLS0tIFJ2S2NERmM4ZXZBR01NeEcyTG9y\nWXJLMGZWWEwrVlVQU2JLbENJYkl6UUUK8Eg7QJEXItW1MBMG2OIRNg20wnKpPFv5\nZxjO/rhmp2Do/DX6I4t7uMX/3VjHunUDPDPscmLEUf4Xj2szJAEosw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-06T09:11:29Z", + "mac": "ENC[AES256_GCM,data:bLtn5gSp0aUyxnTHQ2pHhqRzuaO9VDIp5KMsZmvzDNttj2UwyCeE4dLPK8nGxb/JD0QCc1SjM0wy91K3H1ZkLEtnEirPrOztBc/i41IosV9mkABR8Girz9c99VqxrrcVCP8hddzFA2qnCmkdQtZX06Xsw3rlFEQb+a8+mfHAfJc=,iv:XJci4piynXVNBFu0m6gILJGV+lsI1g5fwWg60C3oR3U=,tag:dxkHsJK+vJY/hPWt3rGWgg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 2a6a2f2..9269b5a 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -17,9 +17,11 @@ backend: storage: "10Gi" env: NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" + # PRODUCTION_DB_CLEAN_ALLOW: "true" PUBLIC_REGISTRATION: "false" INVITE_REGISTRATION: "true" CATEGORIES_ACTIVE: "false" + MAX_PINNED_POSTS: "1" webapp: image: @@ -30,6 +32,8 @@ webapp: CATEGORIES_ACTIVE: "false" BADGES_ENABLED: "false" NETWORK_NAME: "wir.social" + ASK_FOR_REAL_NAME: "false" + REQUIRE_LOCATION: "false" maintenance: image: