From f9646c5f8cfc4af2bf64be0a1cccaf0a107d46bf Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Fri, 12 Sep 2025 23:30:16 +0200 Subject: [PATCH] update to v3.12.0 --- .github/workflows/publish.yml | 2 +- .gitignore | 1 + .sops.yaml | 8 +- branding/constants/groups.js | 2 +- docker-compose.yml | 24 +++++- helmfile/environments/default.secrets.yaml | 75 +++++++++++++++++++ helmfile/environments/default.yaml.gotmpl | 3 +- helmfile/helmfile.yaml.gotmpl | 12 ++- .../{image_tag.sh => branded_image_tag.sh} | 0 helmfile/scripts/ocelot_image_tag.sh | 6 ++ helmfile/secrets/ocelot.yaml | 18 +---- helmfile/secrets/ocelot.yaml.gotmpl | 39 ++++++++++ helmfile/values/ocelot.yaml.gotmpl | 14 +++- 13 files changed, 181 insertions(+), 23 deletions(-) create mode 100644 .gitignore create mode 100644 helmfile/environments/default.secrets.yaml rename helmfile/scripts/{image_tag.sh => branded_image_tag.sh} (100%) create mode 100755 helmfile/scripts/ocelot_image_tag.sh create mode 100644 helmfile/secrets/ocelot.yaml.gotmpl diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4f16f74..dc9e7a9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,7 +54,7 @@ jobs: uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 with: file: ${{ matrix.app.file }} - context: . + context: ${{ matrix.app.context || '.' }} push: true build-args: | OCELOT_VERSION=${{ env.OCELOT_VERSION }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e43b0f9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/.sops.yaml b/.sops.yaml index eec3468..f7c8c59 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,7 +5,12 @@ creation_rules: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, - age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5, + age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 + + # Ausnahme für die spezielle ocelot.yaml.gotmpl Datei + + # Keine Verschlüsselung - diese Regel hat keine encrypted_regex # age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret # age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer @@ -13,3 +18,4 @@ creation_rules: # age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn # age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt # age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk +# age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 @Bettelstab diff --git a/branding/constants/groups.js b/branding/constants/groups.js index 1c49d3f..5924440 100644 --- a/branding/constants/groups.js +++ b/branding/constants/groups.js @@ -1,5 +1,5 @@ // this file is duplicated in `backend/src/constants/group.js` and `webapp/constants/group.js` export const NAME_LENGTH_MIN = 3 export const NAME_LENGTH_MAX = 50 -export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 100 // with removed HTML tags +export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 10 // with removed HTML tags export const SHOW_GROUP_BUTTON_IN_HEADER = true diff --git a/docker-compose.yml b/docker-compose.yml index 2fe9141..0ef9544 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,12 @@ services: WEBSOCKETS_URI: ws://localhost:3000/api/graphql GRAPHQL_URI: http://backend:4000/ MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "true" + BADGES_ENABLED: "true" + NETWORK_NAME: "stage.ocelot.social" + ASK_FOR_REAL_NAME: "false" ports: - 3000:3000 depends_on: @@ -31,7 +37,19 @@ services: NEO4J_URI: bolt://neo4j:7687 MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" JWT_SECRET: "b/&&7b78BF&fv/Vd" - PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "true" + MAX_PINNED_POSTS: "1" + SMTP_HOST: "mailserver" + SMTP_PORT: "1025" + SMTP_IGNORE_TLS: "true" + SMTP_USERNAME: + SMTP_PASSWORD: + SMTP_MAX_CONNECTIONS: "1" + SMTP_MAX_MESSAGES: "10" + EMAIL_DEFAULT_SENDER: "hello@ocelot.social" + EMAIL_SUPPORT: "hello@ocelot.social" ports: - 4000:4000 depends_on: @@ -50,6 +68,10 @@ services: neo4j: image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master + ports: + - 7473:7473 + - 7474:7474 + - 7687:7687 environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" diff --git a/helmfile/environments/default.secrets.yaml b/helmfile/environments/default.secrets.yaml new file mode 100644 index 0000000..cba9bee --- /dev/null +++ b/helmfile/environments/default.secrets.yaml @@ -0,0 +1,75 @@ +s3: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:9vjauuOcV6ZBw75DaJymj8Y6Cgg=,iv:AoBz9RYzhao66xJKAJHQNhCX9/kOZCF3tq7XnFUP3C8=,tag:L+9Hdt2htHnbg0iWBzSeqw==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:IxvP7zbwUm9e/2QLzvIC9zE5Q9+c97r8/6vPPV+2UaNkVCMYqttOUg==,iv:GhIM8BTqlAiuaKZuT82QYrciQ4+UmII2yqOsoib0tbY=,tag:BjGA8jPH62EvlJdW+1+4kA==,type:str] + AWS_ENDPOINT: ENC[AES256_GCM,data:R0DA8FYto2QThumIb5LwddkB2mz1W2YckUuBvIB8svmZP7Y=,iv:Vl3IsRXKHJovrB9wAwq6kpWvCOx4gAmaMZO9FwB4OT8=,tag:TElpGx//7Y4TmWNV9S/NRA==,type:str] + AWS_REGION: ENC[AES256_GCM,data:Wyzv4xtbcMVlpA==,iv:3FytYgLFzjheww4faFvL/2cNFvMBUI4QFrQqtBsl69g=,tag:+wuNJIJwI+6VbGTZ1/BReQ==,type:str] + AWS_BUCKET: ENC[AES256_GCM,data:+SCuUMhyAV5qPaJvyIYlSwbp3Kd7,iv:mudkJbvGzvtI6StOajJoYR4XUjlJ8315Yf3IZdcxb00=,tag:uA+z7dDja5D2F4i1hPCmog==,type:str] +sops: + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd1BvUUVRbFZQemNtcFZ6 + dUliNmpIUDcvL2F1cENvWldsUE9FWVFxZ21rCm9GWkxKZ05qVjhMNy9ueW43d1Mz + TTI2RzFsR1B3RlFWVitwcUpqRTdEQjQKLS0tIENZeEJCSlJMcHVMaXB1dFB3YmhL + enVVbGVWcmJoM1hJNTlzSlhpaS8rUWsK9Y1sjUnFjB3s2wHVvMU3bVC1LIYvrz8t + n/QaIHUIEf0NB/ZPj6r6hplCnf+EJVKuVl5pu4xw2ED9PvXQ6UUZvQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydThhbUlBTGFIOElBUStr + WHdMNzBSbnlyYlFyVHhMbGJUSmozUjRINUhFCkNFbVBzTTl1cmVSRlRFL29VUFF0 + Qy9sQk8yc0Q1aGljMk1Ob1NFVkZQd2sKLS0tIGpidFhscFAwc2pVRWxtVFY1OFo3 + bzljNTc1MDQ4ckNQNzFjNDFGeVV5TzQKdIqZMcxhtjmPD8nsIHi8XbcZHcefo32l + AXXquc/+5+OBocUvAMZ9UWOdx8QCQAmaZ5YtXEePp+FFZKBcnPCRMQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clQ3NVM4eEpJTzgxVTR1 + cm9vMm1qTGkvWElpckxvOXBRMzMrUlNLaVhZCjJvRElJa1ptU2szZXZjUEZ0RXd5 + cndZWXI2RHhuYzRnOFBLV0lZelQzKzAKLS0tIGpnVzdqWEV5RlV0UVdLUTVneklT + SEw3RkdrN0xOWndLb01nd1ovR01JZ1EKCvlakyb1WQeDaeDHHdrQEzO9fIynZsjk + ci8ccnOuZYjCHOc6U4enjlD559IZdniOPA72qdEFgquCtMwDi72buA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcys4T2J1MkRHNHN2b2hB + akt4OEdYclBHaC9WNVdUdVhhalFaRzdDL1JVCkZDcElHclowaXFIRHJhaHluVW9j + d0VoVUZMcWlQclBrUXlRb3R3UzdpVzQKLS0tIEdyZ0dTc0lKOGJDTlNBUnZlcnp6 + Z1dZeWRsUkVpMzF4RWtMd0pqV3g5RHcKdmPPkfoMaHwmdfVm+vnaWpuzgEK4NREx + NSt4JDmqxDV0j4iQMzMyULgHdeyvxnXpHiyNh4FnKzZljh8J1O8/yw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL3lnR2dZMmVpS3lMa1kz + b0lIeVVsUzUwSWszNzBVdWpCak5Rb0lKcFY4CnN0ckFjcDZtRDZsMkcxRWMvOHo4 + d01ySkJRemEzQ3dGK2NBU3pIZ0ROU0EKLS0tIFIwaVlhc2h0ZThwclBBMWNTc2dF + emdXSnhBV1VMbXp6ai9MaTBSZkNzYUUKkvZSOuYITTnDdm8RLk6h4inF3AqpfjX6 + TByKxFuoRWQNu0mB1RNniwwYegfY/hIoXQ8hFEBaYLqapqadz+X+Kg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1lPTE9ac01kazdEVHd1 + c25FWFVZVDhkeUYyeXdqeGFabEZtY0haeGhBCnpRQ2wwTG96cmlTZXl3WHc2UytL + YzVYdEZ1U2EzVXltZ2FibERnRWM3Yk0KLS0tIHVpaDVIM1N5M2hMNHY0anNmK0c0 + cnp5ZU1lMzJrRlNFQ2VLSmxGUElOMjQKrbR6dL1UwkRTwdHFrq6HAvt4R8SsAbqE + V3tS9utgx5PEDQkVC/7ueuXFyeQyJFya7lvZREvJOLRTRDl6PbC/Ew== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdDFhVU16KzhwMmdpUHRo + TWNTaWdlN1FWYzhFb00zWGpON29JTEhuRDE0CmxmdkQ4ZkYrWnJIblBDK3dIVUN5 + K2pKNmRkWnB4OVNreVJOV3JCUjNPY0UKLS0tIGVBaUN3VTZWOUkrcFZNTVV4S0RH + TTVLamdEaEZOYk55cldCVzBuWm1UTEEKjrVRYcy6P3JyPlgSrAxm127TqQzfi7mj + McQxS+qNleBjIvfWDhb8I7dsVt/3CSfZ+HHVZ3APhHLAT+av+pyi3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-12T21:24:21Z" + mac: ENC[AES256_GCM,data:9DF2HzlDBEzceiik7RpBjd8qWrUlVBL9VhgsF7DaIsj7SQXH8OqUcYGjG3x0rx00rzwUKZPBRqMQn13/N0KkHXN0cVuCokLidMn0DGl/nOQiyq9/FALIe8c4wYpECS1RRCFY2n1ALwv6g9eOXI7CLC8alfdXPl4zJ7wO7Rcn0+0=,iv:T8P6qwunLP5F/NqnR0CbNEzmP+ueN65KL846vdEFseo=,tag:VyPnrRwgOEBBrpI6VJj1dg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 547424d..6c3ce34 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,6 +1,7 @@ -{{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} +{{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} domain: stage.ocelot.social +redirect_domains: [] namespace: ocelot-staging image_tag: {{ $image_tag }} github_repository: ocelot-social-community/stage.ocelot.social diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 130895f..6d91728 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -3,6 +3,13 @@ environments: default: values: - ./environments/default.yaml.gotmpl + secrets: + - ./environments/default.secrets.yaml + production: + values: + - ./environments/production.yaml.gotmpl + secrets: + - ./environments/production.secrets.yaml --- repositories: - name: ocelot-social @@ -15,7 +22,8 @@ releases: values: - ./values/ocelot.yaml.gotmpl secrets: - - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml.gotmpl - name: ocelot-neo4j namespace: {{ .StateValues.namespace }} @@ -23,4 +31,4 @@ releases: values: - ./values/ocelot.yaml.gotmpl secrets: - - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/branded_image_tag.sh similarity index 100% rename from helmfile/scripts/image_tag.sh rename to helmfile/scripts/branded_image_tag.sh diff --git a/helmfile/scripts/ocelot_image_tag.sh b/helmfile/scripts/ocelot_image_tag.sh new file mode 100755 index 0000000..6cc9baa --- /dev/null +++ b/helmfile/scripts/ocelot_image_tag.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +SCRIPT_PATH=$(realpath $0) +SCRIPT_DIR=$(dirname $SCRIPT_PATH) + +set -a; . ${SCRIPT_DIR}/../../.env; set +a; +echo $OCELOT_VERSION diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml index 6565d79..aa2aebd 100644 --- a/helmfile/secrets/ocelot.yaml +++ b/helmfile/secrets/ocelot.yaml @@ -1,5 +1,5 @@ secrets: - acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] + acme_email: ENC[AES256_GCM,data:CqWQwY/Q6hrvuCqXiNn/8oQYsmw=,iv:cn0Jyedcir+Z2NFPbFy89K1W3vlmdIyTzuRrOsqlJM4=,tag:hf31Qpp0w7FlxO10R++9wg==,type:str] webapp: env: MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] @@ -7,7 +7,6 @@ secrets: env: JWT_SECRET: ENC[AES256_GCM,data:8qGviTFMOv9QyoNVwnlFNZ2PmvedbKJM,iv:rmZgs8h2QVsokzMzdGdEcInBLv8AX3xFUjkGhTf3sF0=,tag:SUJpMaIGAb14yg8RxCVUtA==,type:str] MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] - PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:z1EyEokf/TNkFLhRzsCbHew/6T8=,iv:Satr1c8aZQE73ZolC6n+PO74r+Gj3un5Mj0DIYb3n14=,tag:iK6l0GXuhLauBtFXTmLyKQ==,type:str] SMTP_HOST: ENC[AES256_GCM,data:r0qbaUBB3CSUHR76,iv:TJIx71HW1aBB0sCEd1TB/tTgPBxLR1sdGAEf0t7Qilg=,tag:arXYtwVbIXVaUJpyommokQ==,type:str] @@ -24,24 +23,13 @@ secrets: NEO4J_PASSWORD: null REDIS_PASSWORD: null IMAGOR_SECRET: ENC[AES256_GCM,data:nPGDGgjnszFpvNk/ucl63/4o1Yd+rA7ty9PtHcIuOQ0=,iv:kN7ys7qyizLYINHUUTAb6UJh2TF6nnWcUmKKgB5sIdA=,tag:eZNlpZO4K2cNUnlvS1orag==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:dA6Ok1g5jqlyP6jKaRP7WpH4poQ=,iv:yGIWmSoDd+1fm+NKuzipm+Z1C2XVJdOTY9vWIKLy75c=,tag:H18HVmRjP3iyJiixCtpNoQ==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:BTvIEYBQhtOvQbzUBotrslFHhHY9AQobMj7tq3lapS4/gJZBUJ/i3g==,iv:H4MZoTVRngfFwSBgqp4qCawGbDxNNKtQC6PJXWEQdcI=,tag:0sP0Ym/fPs4wJdZvRAG3Jg==,type:str] - AWS_ENDPOINT: ENC[AES256_GCM,data:LefUZKGs2pK/RyD83qCLy0c1mkC6E7CUvmWgMztoWaNgBAc=,iv:5nmUUVqx3iFJ/2/f2KOgVVhJlqcVS1IT1lCeRPX9Xr8=,tag:LzA866gXskHUEp0+oGnn4g==,type:str] - AWS_REGION: ENC[AES256_GCM,data:V/qfzTm0lP8PTA==,iv:7oPrKB+6ceAf+C51Nh1H3To+/LYG6+tm9vJi7x+HNmc=,tag:vdZJG8V6/TLpDxHboXWS2w==,type:str] - AWS_BUCKET: ENC[AES256_GCM,data:Togaqd7ixlF7GVT1jHn43pMLoJvU,iv:eHpwSSschVe2GVQDTFIWTwCi2uOE4z9XOF1VTRk8FLY=,tag:XOx1jPG37NuP2KU0QSjTLw==,type:str] neo4j: env: NEO4J_USERNAME: "" NEO4J_PASSWORD: "" imagor: env: - HTTP_LOADER_BASE_URL: ENC[AES256_GCM,data:By8W4EhROKwKBi1Zv/R3Rbq91kvl22OOZWhRdz3n0fRzZUE=,iv:L17wYXJimfSB8jKlQvAa9hkZM6BHsrLwVoUm4F+ddsc=,tag:7ufs8lVNfNozjdbXOd372A==,type:str] IMAGOR_SECRET: ENC[AES256_GCM,data:EoUtgQJ9GHuhrt209iQMSs2SayaUJi1zIZC+TuEr4KQ=,iv:SU7KtV0izan3OUXN0A1vpmEPXdTogfBeEPzfcqdGIKQ=,tag:/IzzvWuFE/gHiZalXWshfw==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:B25aseDb9E3LXiSuZD+jUrfZ0Sc=,iv:h3TMMh2ULYC4cGSF8WpX8y6w/x/A/bFlk47rIFoFEek=,tag:0FRXAEXucH9JvxPUEsPUMg==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:KRBRWyYzisHeGWiUJo3bf39ZGFTa+bJTfBTyDxHBtyrj1jmU5P/9qQ==,iv:PfwjEPH247KtZlUGHcEG/Hp2ismgBpCDYXWRM7IMTbQ=,tag:1jhI1bUIOqU9f5YHVnuocA==,type:str] - AWS_ENDPOINT: ENC[AES256_GCM,data:CVLJNnBjb45rMM/ixlUv+vPftUkKbQYuhhui0JRSgqeZp0A=,iv:IsWO4eVN6mBBs4mO1wryDwt9vdyGzQAAsDJVvL1oLNs=,tag:cP0CZQBtMS2OsE+/KN4AlA==,type:str] - AWS_REGION: ENC[AES256_GCM,data:cWKZd9XGdRcgjQ==,iv:cB2hTBDQ9d3uf/Mgthd/tsa529S+2KlkXCTZ6HXAVZ0=,tag:OF/87D0TDu/yEh6Bf163PA==,type:str] - AWS_BUCKET: ENC[AES256_GCM,data:mlljAczY/xwp/+C2pkgALCDUZkiC,iv:PPQol5Yq6vWHYYRy1gg+UfuSHFHxXQlNpjqbBOOoQ2M=,tag:0RVAIoAmdmIgp2/udLjfiw==,type:str] sops: age: - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 @@ -98,7 +86,7 @@ sops: Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-30T12:51:00Z" - mac: ENC[AES256_GCM,data:zgyr3gyuAw85enQo1lbGVCIBnl46m6TeKvnOgPAyMWbgEZ/EHoeAB8+dYSiFILHpDwjje9xTZZ4hUHA5i1Pvk9mIWh4foXuBKSx5S0UEGMfdaAQWN1mq5rUuemb/D/gjCSHLMTP7wZPTc5bSEb9/AA12VN1voMO6suEWTVpNOjw=,iv:mV/NJm4d23NUexZ3lTJhxqVIE7pp/Sp1gxfqNNwjf3I=,tag:utZDVvu8mwUn9QdcJ0TMgg==,type:str] + lastmodified: "2025-09-12T21:25:28Z" + mac: ENC[AES256_GCM,data:uyxe5nwAUIjif/tAADXYjP7MVFLUxReHkGkZOq8BK/0hecmj7uxGL0FOqzvWv1i84vy9sm1N4JrYxNjy60uHwHb9qwTuTzHeTTq1L+EnbHLJ7U3ES1g/ryqrXn2TNoIeMUVfvBwVu8B1kqtrVOxUNzxCBfqbC4FUj6tGt/4A6YI=,iv:2BN1wo6orOs3wMDhUSHRqAqWZ3miNF5igw/zPJ7Rco0=,tag:gu9cyHAuJKdNOwUj2dSX6Q==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/helmfile/secrets/ocelot.yaml.gotmpl b/helmfile/secrets/ocelot.yaml.gotmpl new file mode 100644 index 0000000..6400c26 --- /dev/null +++ b/helmfile/secrets/ocelot.yaml.gotmpl @@ -0,0 +1,39 @@ +{ + "data": "ENC[AES256_GCM,data:I/zLWFDIFSBCN/13ESlOrdTZGUdqll59HW2j0QIBQuN8RTItJJ7CkfLeY5Yhvf5yLZur2WHrIXaWp/rDsmJYMPBRfybKaT1Qy2QPEF5sXEXIkmoDflADQxQ2lEVC+1jfTjlOa1wmkqY9DGE9ahcuNKG6cMIzi6ojnNpTwDSraBdna2sN/71Tu9aicnMr5mjpYRymHG9zPvWH1tfCmHXIXyuaJXPluSufL2gg14jIeYp1pGmcT6y53dKFGBuf+AwLqIw5tbreuEeP+iIUrJtPN5rx3FIklsOwY6/wxvrWPJ5osHnZ2aj7KFuDBmMNq4L89d9m92quYFCP0Fr3Dsy+dVniTfAHnyF1mVvDIqyF9ge21EqEW1MNdh7dVPBOQv7PJ0/Xwk026lZJGDse9DeeYMfsKZHhx4EpSTS+arDeEltYpwv5JuaNKn6iPOAGRSWPO0GjVGEZyiYn3ds2TW/GgI9p43GgmSn3nvgshDT5YttMmhVFoSk3R5WAHEevdMQ0gwqpNSTomCRFbNxT0MMPhcARpwhB/K1prKvLdrh2633zFT8iBiGEC1w4k28DsNjAH/vMJPo28FldmpCuYNCfaRs4UpkuQKXCFp6qLWk3BPafG4ffg91/snU29ULl1CkPYUIowhFVlHjSNIAAHVldMjnoXzyRDAyJpY/rWFmU2naBhXDrNac+Y+wG5Om9dmCbA2KO+wSHHiZ+eAm45OCzRI+5lgMoRs3CpuxaZIXNWRwlmrX6BtrwRJz1esDGqcNiuqT979DDQ3xLnU7jA8vwbYIORq6khuuo5ioZAAXcpfRyiOUmTSxPnssWmlImKPsEkR9TTDjWNs3gPH0srCcUe36m3qK2hiyL4NEKvt5aQ6YQz5lL,iv:b+f8fjc45Pv2Xysq/U6VWlZdvlHQd7ny/D4gQIgQS88=,tag:utEQ8CS/VGHBLUt0dcQUGA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTmx1dm0zOXAwckVER0hD\nNWQ4Q1QrYjFsTkFqWll3dEJqMFpuSmsrTVVRCnUwSG40MUYxd1hyUFZYOUdoUUxL\nYUZHK29ldHFlR3hPMDJYSXBDUU11OWsKLS0tIFVCTElSTDRvcFl4WkorMmc5L25x\nN1kraFYwSWxRSlZ3MCtmN3NhaVlyTGMKVrNUieVLwwB9DT86GMzsVZ3jYygX3EVQ\nsVtPBitjO2jAveQLvLNsTiXPPwdsrBK4Cw7nFWxo+Uk829otD4v4eQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNXZZV3A0K3U0YlFjbWlR\ndlk3UzV6WFF6eEttMDVuNHJEN3NjdmYvS1QwCk9JRnRHNzNkaDM3TW9xejN2dkRC\nS0JjODVyVTVoSVltdmFia1N0Ym5mYzgKLS0tIFV5WU04QnhEU3p1YjNlM21Gbmkw\nRk93bDFLdGkwSysyZFQwbHZpOUFMNXcKg85LKJftKBmnXywtqJylG1Izcq92IgaO\nxaWsUWJuzT/3Oowxgwgs4DjC0Yms9W8fq8Bp87DQAhRyzgm4U7tpng==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWHcvWTdMSGd5MERvdUZo\nWjh3bXMzc21wbjNKOFZSWERTalhEVUZCeFhzCm5QWlJhczJmRmJIWmEwUjNiVHNE\nWE94TTAxeGJwZ2h1eEtabkNFanNqNDQKLS0tIHhSSmw4eHRTaStkeEJnVkZMbG4x\nY1JzL2RMUnlSOGJQYjZCRE1zeWc3WHMKf5MVZOn13Kh0aiCFIZaOwf5BF5sI80gB\nQl51YC7EeIRjty7YXtW5m3CE16IL520nHLbiv0q5GL2bHzL+6sHx1A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZWltVG5pRUhBYTlhOXZY\naWthaXBya1o1VmdTUUhzdTVrb05jUU9MY1NBCndVMjQ3TEFRNnk0b1N2WVZ0dGFX\nQytoU2djYkwvOW93N1QzbTU1K25rczgKLS0tICtyeVN3OFZJNkFNVEpNenhsQ3ds\nakU1L0tLaFZ3QUt6Ynh4UXVGNHM3THcKr2K6Dr+5fo7Nvx/EyTwwPdhDxTsA86zb\n+FKplHEtG+ZIm42JF8IALdHjxhn00wpPQnH1Mm8GCzZUqrDy5J1tnQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBka1hpdkEwODI3cTBtTVFy\nSVBtVzdXcFBTbHFzbE80YjhIZUFHbUQ2UnlnClpQaG1wTXJCMXFWWE9VNWtPV2hj\nb0JJeWJZNXRBVUlEckwvRFE3K2NjZ1kKLS0tIENkTGFrYU94YVFFa2VEdnhYOUhR\neXNHaEt5NFY0dDNQalZJeFR5QjRCeU0KSwpW1ksG9+qcZ1DhbpsejmZE/4qJLvJe\ncGe4VEePaQ3x2tRCz1Cdnug4b7PdQ8Zu91t7Ai5Q8SQpJnrA2YHLhg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZGlQV0Y4TXpqc2FwZXZj\ncDc1K1A3c3JKZjJZUExEcVY2bjMzdVhRbkVRCjYrbmVYUjVMMEZUenZ4Z2o0Qmlt\nc2U0Q054UlFOWTE1ZGRBVGdtRVk1d0kKLS0tIFhySU8yVjFlMGtZeFN4TjA3cE54\nbkN6cUtCODQ2VmFMcEUvSGJwR3pPR0kK40+aZnAwKYnyJccZ1e6oLclmk1oDoGFa\n4EIQqkR5iJHzE/CUnNYLixLe8Gf8rIy780P3n2nUvei1w7dkwWZDUA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2hEWGhkMFRHc1NhTHVh\nMzVRaTBLbk5oTUloZ1ZSR21oQ1N0K0J2WDNFCkxmVEo0aTRhNmxZSWN1OEdWTFRM\nRjM3YVkyRTBHTnZJMmIxUWEybHBiQXcKLS0tIG1ONkh2U215eW1ZdG5Hd2JiWG9T\naE9mWHhlS01QdUpHTjRVRDhrNGN1RDAKWpll0EIuBRpcDlVYYLGXzfiDvf3pwybI\nISoj8pSDJLttMHdrRq1ldzMCBPe31IA6mfvPVNwyO+T++8r34zoOKQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-12T21:19:11Z", + "mac": "ENC[AES256_GCM,data:FlWo5xyfUXXASo5p0fKTMytjaI+iJ3hzN9bEjp0b+Tf5T4un81yHG5ZgOuAgENVhtPsLQEyG/9RpRPQ+bjdx8BPV90JlkgPUxpX1vSOGnQynUfElJcynOSBEeZWaHf6AO6lEeNIfvnjIm7seDtY4zTl0IwwupzWZRecFMRbgfeo=,iv:b8YXL4wDK4JMk1o1rMlYucp1pAmDwRzdvUCR5Wh+5UU=,tag:lKTLR+efNOIhsFEYOKveIg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 563dece..7e5a3e9 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -1,4 +1,5 @@ domain: {{ .StateValues.domain }} +redirect_domains: {{ .StateValues.redirect_domains }} cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod @@ -16,9 +17,11 @@ backend: storage: "10Gi" env: NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" + # PRODUCTION_DB_CLEAN_ALLOW: "true" PUBLIC_REGISTRATION: "true" INVITE_REGISTRATION: "true" CATEGORIES_ACTIVE: "true" + MAX_PINNED_POSTS: "1" webapp: image: @@ -27,6 +30,10 @@ webapp: PUBLIC_REGISTRATION: "true" INVITE_REGISTRATION: "true" CATEGORIES_ACTIVE: "true" + BADGES_ENABLED: "true" + NETWORK_NAME: "stage.ocelot.social" + ASK_FOR_REAL_NAME: "false" + REQUIRE_LOCATION: "false" maintenance: image: @@ -35,6 +42,11 @@ maintenance: neo4j: image: repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j - tag: hetzner + tag: master storage: "5Gi" storageBackups: "10Gi" + resources: + requests: + memory: "2Gi" + limits: + memory: "4Gi"