jeffemmett
/
rsocials-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rsocials-online/DEPLOY.md

194 lines
4.8 KiB
Markdown
Raw Blame History

# rSpace Deployment Guide
## Architecture
```
spaces.yml # Single source of truth for all spaces
|
v
generate.sh # Reads config, produces per-space compose files
|
v
generated/ # Per-space docker-compose files (gitignored)
docker-compose.space-*.yml
tunnel-hostnames.yml # Cloudflare tunnel entries
dns-commands.sh # DNS CNAME setup commands
```
Each "space" is a community Postiz instance with its own domain, database, Redis, and Temporal stack — all defined by a single block in `spaces.yml`.
## Prerequisites
- `yq` v4+ ([install](https://github.com/mikefarah/yq#install))
- Docker + Docker Compose
- Access to Netcup RS 8000 (`ssh netcup`)
- Cloudflare dashboard access (for DNS)
## Adding a New Space
### 1. Define the space
Edit `spaces.yml` and add a block:
```yaml
spaces:
mycofi:
primary_domain: socials.mycofi.earth
fallback_domain: mycofi.rsocials.online
email_from: noreply@mycofi.earth
services:
- postiz
```
Override any defaults if needed:
```yaml
mycofi:
primary_domain: socials.mycofi.earth
fallback_domain: mycofi.rsocials.online
email_from: noreply@mycofi.earth
postiz:
disable_registration: true
email_from_name: MycoFi Socials
services:
- postiz
```
### 2. Generate compose files
```bash
./generate.sh # All spaces
./generate.sh mycofi # Single space
```
Output: `generated/docker-compose.space-mycofi.yml`
### 3. Create secrets
**Option A: .env file (simple)**
Create `generated/.env` (or per-space file):
```bash
JWT_SECRET=$(openssl rand -hex 32)
POSTGRES_PASSWORD=$(openssl rand -hex 16)
EMAIL_PASS=your-mailcow-password
```
**Option B: Infisical (recommended for production)**
```bash
# Install CLI: https://infisical.com/docs/cli/overview
infisical secrets set JWT_SECRET="$(openssl rand -hex 32)" \
--projectId <space-project-id> --env prod
```
### 4. Deploy
```bash
# Simple deploy
cd generated/
docker compose -f docker-compose.space-mycofi.yml up -d
# With Infisical
infisical run --projectId <shared-id> --env prod -- \
infisical run --projectId <space-id> --env prod -- \
docker compose -f docker-compose.space-mycofi.yml up -d
```
### 5. Configure DNS + Tunnel
Add entries from `generated/tunnel-hostnames.yml` to `/root/cloudflared/config.yml` on Netcup:
```yaml
- hostname: socials.mycofi.earth
service: http://localhost:80
- hostname: mycofi.rsocials.online
service: http://localhost:80
```
Restart the tunnel:
```bash
ssh netcup "docker restart cloudflared"
```
Add Cloudflare DNS CNAMEs (in the dashboard for each domain zone):
| Type | Name | Target | Proxy |
|------|------|--------|-------|
| CNAME | `socials` | `a838e9dc-...cfargotunnel.com` | Proxied |
### 6. Verify
- `https://socials.mycofi.earth` -> Postiz login
- `https://mycofi.rsocials.online` -> 301 redirect to primary domain
## File Reference
| File | Purpose |
|------|---------|
| `spaces.yml` | Master config — all spaces, domains, defaults |
| `docker-compose.template.yml` | Postiz stack template with `{{PLACEHOLDER}}` vars |
| `generate.sh` | Reads config, fills template, outputs compose files |
| `generated/` | Build artifacts (gitignored) |
| `postiz/docker-compose.yml` | Legacy manual compose (kept for reference) |
| `infisical/docker-compose.yml` | Infisical secret manager deployment |
| `infisical/.env.example` | Required env vars for Infisical |
## Infisical Setup
### Deploy Infisical on Netcup
```bash
scp -r infisical/ netcup:/opt/infisical/
ssh netcup
cd /opt/infisical
# Generate secrets
cat > .env <<EOF
INFISICAL_DB_PASS=$(openssl rand -hex 16)
INFISICAL_ENCRYPTION_KEY=$(openssl rand -hex 16)
INFISICAL_AUTH_SECRET=$(openssl rand -base64 32)
SMTP_PASSWORD=<noreply@rmail.online password>
EOF
docker compose up -d
```
### Add DNS + Tunnel
1. Add `secrets.jeffemmett.com` CNAME in Cloudflare
2. Add hostname to tunnel config:
```yaml
- hostname: secrets.jeffemmett.com
service: http://localhost:80
```
3. `docker restart cloudflared`
4. Visit `https://secrets.jeffemmett.com` to complete setup
### Infisical Project Structure
```
Organization: rSpace
Project: shared -> SMTP creds, AI keys, Cloudflare tokens
Project: space-<name> -> Per-space: JWT_SECRET, POSTGRES_PASSWORD, social API keys
Project: rspace-online -> Landing page: GEMINI_API_KEY, RUNPOD keys
```
## Defaults
All defaults are in `spaces.yml` under `defaults.postiz:`. Per-space overrides go under `spaces.<name>.postiz:`.
| Setting | Default |
|---------|---------|
| Image | `ghcr.io/gitroomhq/postiz-app:latest` |
| Port | 5000 |
| PostgreSQL | `postgres:17-alpine` |
| Redis | `redis:7.2` |
| Temporal | `temporalio/auto-setup:1.28.1` |
| Email host | `mailcowdockerized-postfix-mailcow-1` |
| Email port | 587 |
| Storage | local |
| Registration | enabled |
Reference in New Issue View Git Blame Copy Permalink