New docker setup

.dockerignore

@@ -11,21 +11,24 @@
 **/.gitattributes
 **/.gitignore
 **/.gitmodules
-**/compose.*.yaml
-**/compose.*.yml
-**/compose.yaml
-**/compose.yml
 **/Dockerfile
 **/Thumbs.db
+compose.*.yaml
+compose.*.yml
+compose.yaml
+compose.yml
 .github/
-docker/compose.override.yml
+node_modules/
 docker/storage/
 docs/
+public/build/
 public/bundles/
+public/media/
 tests/
 tools/
 var/
 vendor/
+.idea/
 .editorconfig
 .env.*.local
 .env.local

.env.dev_docker

@@ -0,0 +1,190 @@
+# In all environments, the following files are loaded if they exist,
+# the latter taking precedence over the former:
+#
+#  * .env                contains default values for the environment variables needed by the app
+#  * .env.local          uncommitted file with local overrides
+#  * .env.$APP_ENV       committed environment-specific defaults
+#  * .env.$APP_ENV.local uncommitted environment-specific overrides
+#
+# Real environment variables win over .env files.
+#
+# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
+#
+# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
+# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
+
+# Mbin variables
+SERVER_NAME=:80
+KBIN_DOMAIN=127.0.0.1:8008
+KBIN_TITLE=Mbin
+KBIN_DEFAULT_LANG=en
+KBIN_FEDERATION_ENABLED=true
+[email protected]
+[email protected]
+KBIN_JS_ENABLED=true
+KBIN_REGISTRATIONS_ENABLED=true
+KBIN_API_ITEMS_PER_PAGE=25
+KBIN_STORAGE_URL=http://127.0.0.1:8000/media
+KBIN_META_TITLE="Mbin"
+KBIN_META_DESCRIPTION="content aggregator, content voting, discussion and micro-blogging platform on the fediverse"
+KBIN_META_KEYWORDS="mbin, content aggregator, open source, fediverse"
+KBIN_HEADER_LOGO=false
+KBIN_FEDERATION_PAGE_ENABLED=true
+MBIN_DEFAULT_THEME=default
+MBIN_HOME=/var/www/mbin
+MBIN_USER=mbin
+MBIN_GROUP=www-data
+
+# If you are running Mbin behind a reverse proxy, uncomment the line below and adjust the proxy address/range below
+# to your server's IP address if it does not already fall within the private IP spaces specified.
+TRUSTED_PROXIES=::1,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+#TRUSTED_PROXIES=
+
+# Max image filesize (in bytes)
+# This should be set to <= `upload_max_filesize` and `post_max_size` in the server's php.ini file
+MAX_IMAGE_BYTES=6000000
+
+# Captcha (also enable in admin panel/settings)
+KBIN_CAPTCHA_ENABLED=false
+
+###> meteo-concept/hcaptcha-bundle ###
+HCAPTCHA_SITE_KEY=
+HCAPTCHA_SECRET=
+###< meteo-concept/hcaptcha-bundle ###
+
+# Redis
+REDIS_PASSWORD=!ChangeThisRedisPass!
+REDIS_DNS=redis://${REDIS_PASSWORD}@redis:6379
+
+# S3 storage (optional)
+S3_KEY=
+S3_SECRET=
+S3_BUCKET=
+S3_REGION=
+S3_ENDPOINT=
+S3_VERSION=
+
+# Only let admins generate oauth clients
+KBIN_ADMIN_ONLY_OAUTH_CLIENTS=false
+
+# oAuth (optional)
+OAUTH_AZURE_ID=
+OAUTH_AZURE_SECRET=
+# If you want people from an enterprise to connect your instance, set the tenant id here.
+# If you want people from anywhere to connect with either their personnal or professionnal microsoft account, use "common"
+OAUTH_AZURE_TENANT=
+OAUTH_FACEBOOK_ID=
+OAUTH_FACEBOOK_SECRET=
+OAUTH_GOOGLE_ID=
+OAUTH_GOOGLE_SECRET=
+OAUTH_DISCORD_ID=
+OAUTH_DISCORD_SECRET=
+OAUTH_GITHUB_ID=
+OAUTH_GITHUB_SECRET=
+OAUTH_KEYCLOAK_ID=
+OAUTH_KEYCLOAK_SECRET=
+OAUTH_KEYCLOAK_URI=
+OAUTH_KEYCLOAK_REALM=
+OAUTH_KEYCLOAK_VERSION=
+OAUTH_SIMPLELOGIN_ID=
+OAUTH_SIMPLELOGIN_SECRET=
+OAUTH_ZITADEL_ID=
+OAUTH_ZITADEL_SECRET=
+OAUTH_ZITADEL_BASE_URL=
+OAUTH_AUTHENTIK_ID=
+OAUTH_AUTHENTIK_SECRET=
+OAUTH_AUTHENTIK_BASE_URL=
+OAUTH_PRIVACYPORTAL_ID=
+OAUTH_PRIVACYPORTAL_SECRET=
+
+# If true, sign ins and sign ups will only be possible through the OAuth providers configured above
+SSO_ONLY_MODE=
+
+# image exif cleaning options
+# available value: none, sanitize, scrub
+# can be set differently for user uploaded and external media
+EXIF_CLEAN_MODE_UPLOADED=sanitize
+EXIF_CLEAN_MODE_EXTERNAL=none
+# path to exiftool binary, leave blank for auto PATH search
+EXIF_EXIFTOOL_PATH=
+# max execution time for exiftool in seconds, defaults to 10 seconds
+EXIF_EXIFTOOL_TIMEOUT=10
+
+###> caddy ###
+PHP_FASTCGI_HOST=php:9000
+###< caddy ###
+
+###> symfony/framework-bundle ###
+APP_ENV=dev
+APP_SECRET=427f5e2940e5b2472c1b44b2d06e0525
+###< symfony/framework-bundle ###
+
+###> doctrine/doctrine-bundle ###
+# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
+POSTGRES_HOST=db:5432
+POSTGRES_DB=mbin
+POSTGRES_USER=mbin
+POSTGRES_PASSWORD=!ChangeThisPostgresPass!
+# IMPORTANT: You MUST configure your PostgreSQL server version!
+POSTGRES_VERSION=16
+DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}/${POSTGRES_DB}?serverVersion=${POSTGRES_VERSION}&charset=utf8"
+###< doctrine/doctrine-bundle ###
+
+###> rabbitmq ###
+RABBITMQ_DEFAULT_USER=mbin
+RABBITMQ_DEFAULT_PASS=!ChangeThisRabbitPass!
+###< rabbitmq ###
+
+###> symfony/messenger ###
+# Choose one of the transports below
+MESSENGER_TRANSPORT_DSN=amqp://mbin:${RABBITMQ_DEFAULT_PASS}@rabbitmq:5672/%2f/messages
+#MESSENGER_TRANSPORT_DSN=doctrine://default
+#MESSENGER_TRANSPORT_DSN=redis://${REDIS_PASSWORD}@${REDIS_HOST}/messages
+###< symfony/messenger ###
+
+###> symfony/mailer ###
+# See https://symfony.com/doc/current/mailer.html#using-built-in-transports
+# MAILER_DSN=sendmail://default # Use sendmail when you are using Postfix
+MAILER_DSN=smtp://mailserver # Use a SMTP Docker service called 'mailserver' (see compose.yml)
+# Explicitly url encode any character in username and password
+# %40 = @
+# Gmail:
+# MAILER_DSN=gmail+smtp://user%40domain.com:pass@default
+# Our own SMTP server:
+# MAILER_DSN=smtp://user%40domain.com:[email protected]:port
+###< symfony/mailer ###
+
+###> symfony/mailgun-mailer ###
+# MAILER_DSN=mailgun://KEY:DOMAIN@default?region=us
+# MAILER_DSN=mailgun+smtp://[email protected]:key@default?region=us
+###< symfony/mailgun-mailer ###
+
+###> symfony/mercure-bundle ###
+# See https://symfony.com/doc/current/mercure.html#configuration
+# The URL of the Mercure hub, used by the app to publish updates (can be a local URL)
+# Assuming you are running Mercure Caddy on port 3000
+MERCURE_URL=http://www:80/.well-known/mercure
+# The public URL of the Mercure hub, used by the browser to connect
+MERCURE_PUBLIC_URL=https://${KBIN_DOMAIN}/.well-known/mercure
+# The secret used to sign the JWTs
+MERCURE_JWT_SECRET="!ChangeThisMercureHubJWTSecretKey!"
+MERCURE_PUBLISHER_JWT_KEY=${MERCURE_JWT_SECRET}
+MERCURE_SUBSCRIBER_JWT_KEY=${MERCURE_JWT_SECRET}
+###< symfony/mercure-bundle ###
+
+###> nelmio/cors-bundle ###
+CORS_ALLOW_ORIGIN="^https?://(${KBIN_DOMAIN}|127\.0\.0\.1)(:[0-9]+)?$"
+###< nelmio/cors-bundle ###
+
+###> symfony/lock ###
+# Choose one of the stores below
+# postgresql+advisory://db_user:db_password@localhost/db_name
+LOCK_DSN=flock
+###< symfony/lock ###
+
+###> league/oauth2-server-bundle ###
+OAUTH_PRIVATE_KEY=
+OAUTH_PUBLIC_KEY=
+OAUTH_PASSPHRASE=
+OAUTH_ENCRYPTION_KEY=
+###< league/oauth2-server-bundle ###

.env.example_docker

@@ -31,6 +31,10 @@ KBIN_META_KEYWORDS="mbin, content aggregator, open source, fediverse"
 KBIN_HEADER_LOGO=false
 KBIN_FEDERATION_PAGE_ENABLED=true
 MBIN_DEFAULT_THEME=default
+MBIN_HOME=/var/www/mbin
+MBIN_SRC=/usr/src/mbin
+MBIN_USER=mbin
+MBIN_GROUP=www-data
 
 # If you are running Mbin behind a reverse proxy, uncomment the line below and adjust the proxy address/range below
 # to your server's IP address if it does not already fall within the private IP spaces specified.
@@ -113,6 +117,10 @@ EXIF_EXIFTOOL_PATH=
 # max execution time for exiftool in seconds, defaults to 10 seconds
 EXIF_EXIFTOOL_TIMEOUT=10
 
+###> caddy ###
+PHP_FASTCGI_HOST=php:9000
+###< caddy ###
+
 ###> symfony/framework-bundle ###
 APP_ENV=prod
 APP_SECRET=!CHANGE_SECRET!
@@ -121,18 +129,22 @@ APP_SECRET=!CHANGE_SECRET!
 ###> doctrine/doctrine-bundle ###
 # Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
 POSTGRES_HOST=db:5432
-POSTGRES_DB=kbin
-POSTGRES_USER=kbin
+POSTGRES_DB=mbin
+POSTGRES_USER=mbin
 POSTGRES_PASSWORD=!ChangeThisPostgresPass!
 # IMPORTANT: You MUST configure your PostgreSQL server version!
-POSTGRES_VERSION=13
+POSTGRES_VERSION=16
 DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}/${POSTGRES_DB}?serverVersion=${POSTGRES_VERSION}&charset=utf8"
 ###< doctrine/doctrine-bundle ###
 
+###> rabbitmq ###
+RABBITMQ_DEFAULT_USER=mbin
+RABBITMQ_DEFAULT_PASS=!ChangeThisRabbitPass!
+###< rabbitmq ###
+
 ###> symfony/messenger ###
 # Choose one of the transports below
-RABBITMQ_PASSWORD=!ChangeThisRabbitPass!
-MESSENGER_TRANSPORT_DSN=amqp://kbin:${RABBITMQ_PASSWORD}@rabbitmq:5672/%2f/messages
+MESSENGER_TRANSPORT_DSN=amqp://mbin:${RABBITMQ_DEFAULT_PASS}@rabbitmq:5672/%2f/messages
 #MESSENGER_TRANSPORT_DSN=doctrine://default
 #MESSENGER_TRANSPORT_DSN=redis://${REDIS_PASSWORD}@${REDIS_HOST}/messages
 ###< symfony/messenger ###
@@ -163,6 +175,8 @@ MERCURE_URL=http://www:80/.well-known/mercure
 MERCURE_PUBLIC_URL=https://${KBIN_DOMAIN}/.well-known/mercure
 # The secret used to sign the JWTs
 MERCURE_JWT_SECRET="!ChangeThisMercureHubJWTSecretKey!"
+MERCURE_PUBLISHER_JWT_KEY=${MERCURE_JWT_SECRET}
+MERCURE_SUBSCRIBER_JWT_KEY=${MERCURE_JWT_SECRET}
 ###< symfony/mercure-bundle ###
 
 ###> nelmio/cors-bundle ###

.github/workflows/action.yaml

@@ -161,7 +161,7 @@ jobs:
       - name: php-cs-fixer dry-run
         run: tools/vendor/bin/php-cs-fixer fix --dry-run -v --show-progress=none #--format=checkstyle #would be nice if codeberg did something with this like github does.
 
-  build-and-publish-docker-image:
+  build-and-publish-docker-images:
     runs-on: ubuntu-latest
     # Let's only run this on branches and tagged releases only
     # Because the Docker build takes quite some time.
@@ -180,18 +180,36 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Docker meta data
-        id: meta
+      - name: Docker meta data for php image
+        id: meta_php
         uses: docker/metadata-action@v5
         with:
           images: ghcr.io/mbinorg/mbin
+          flavor: suffix=php
 
-      - name: Build and push Docker image
+      - name: Docker meta data for caddy image
+        id: meta_caddy
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/mbinorg/mbin
+          flavor: suffix=caddy
+
+      - name: Build and push php image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/php/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta_php.outputs.tags }}
+          labels: ${{ steps.meta_php.outputs.labels }}
+
+      - name: Build and push caddy image
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./docker/caddy/Dockerfile
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta_caddy.outputs.tags }}
+          labels: ${{ steps.meta_caddy.outputs.labels }}
+
 # TODO: Integration tests

.gitignore

@@ -18,7 +18,8 @@ tools/vendor/
 .env
 /public/media/*
 /public/media
-docker/compose.override.yml
+compose.override.yml
+compose.*.override.yml
 yarn.lock
 /metal/
 

CONTRIBUTING.md

@@ -28,6 +28,11 @@ With an account on [GitHub](https://github.com) you will be able to [fork this r
 > [!Note]
 > If you are a Maintainer with GitHub org admin rights, you do NOT need to fork the project, instead you are allowed to use git branches. See also [C4](C4.md).
 
+### Development
+
+To get started with development, follow the [bare metal](docs/04-contributing/bare_metal.md) or 
+[docker](docs/04-contributing/docker.md) guide.
+
 ### Coding Style Guide
 
 We use [php-cs-fixer](https://cs.symfony.com/) to automatically fix code style issues according to [Symfony coding standard](https://symfony.com/doc/current/contributing/code/standards.html).