jeffemmett
/
rsocials-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rsocials-online/DEPLOY.md

4.8 KiB
Raw Blame History

rSpace Deployment Guide

Architecture

spaces.yml                     # Single source of truth for all spaces
    |
    v
generate.sh                    # Reads config, produces per-space compose files
    |
    v
generated/                     # Per-space docker-compose files (gitignored)
  docker-compose.space-*.yml
  tunnel-hostnames.yml         # Cloudflare tunnel entries
  dns-commands.sh              # DNS CNAME setup commands

Each "space" is a community Postiz instance with its own domain, database, Redis, and Temporal stack — all defined by a single block in spaces.yml.

Prerequisites

  • yq v4+ (install)
  • Docker + Docker Compose
  • Access to Netcup RS 8000 (ssh netcup)
  • Cloudflare dashboard access (for DNS)

Adding a New Space

1. Define the space

Edit spaces.yml and add a block:

spaces:
  mycofi:
    primary_domain: socials.mycofi.earth
    fallback_domain: mycofi.rsocials.online
    email_from: noreply@mycofi.earth
    services:
      - postiz

Override any defaults if needed:

  mycofi:
    primary_domain: socials.mycofi.earth
    fallback_domain: mycofi.rsocials.online
    email_from: noreply@mycofi.earth
    postiz:
      disable_registration: true
      email_from_name: MycoFi Socials
    services:
      - postiz

2. Generate compose files

./generate.sh            # All spaces
./generate.sh mycofi     # Single space

Output: generated/docker-compose.space-mycofi.yml

3. Create secrets

Option A: .env file (simple)

Create generated/.env (or per-space file):

JWT_SECRET=$(openssl rand -hex 32)
POSTGRES_PASSWORD=$(openssl rand -hex 16)
EMAIL_PASS=your-mailcow-password

Option B: Infisical (recommended for production)

# Install CLI: https://infisical.com/docs/cli/overview
infisical secrets set JWT_SECRET="$(openssl rand -hex 32)" \
  --projectId <space-project-id> --env prod

4. Deploy

# Simple deploy
cd generated/
docker compose -f docker-compose.space-mycofi.yml up -d

# With Infisical
infisical run --projectId <shared-id> --env prod -- \
  infisical run --projectId <space-id> --env prod -- \
  docker compose -f docker-compose.space-mycofi.yml up -d

5. Configure DNS + Tunnel

Add entries from generated/tunnel-hostnames.yml to /root/cloudflared/config.yml on Netcup:

- hostname: socials.mycofi.earth
  service: http://localhost:80
- hostname: mycofi.rsocials.online
  service: http://localhost:80

Restart the tunnel:

ssh netcup "docker restart cloudflared"

Add Cloudflare DNS CNAMEs (in the dashboard for each domain zone):

Type Name Target Proxy
CNAME socials a838e9dc-...cfargotunnel.com Proxied

6. Verify

  • https://socials.mycofi.earth -> Postiz login
  • https://mycofi.rsocials.online -> 301 redirect to primary domain

File Reference

File Purpose
spaces.yml Master config — all spaces, domains, defaults
docker-compose.template.yml Postiz stack template with {{PLACEHOLDER}} vars
generate.sh Reads config, fills template, outputs compose files
generated/ Build artifacts (gitignored)
postiz/docker-compose.yml Legacy manual compose (kept for reference)
infisical/docker-compose.yml Infisical secret manager deployment
infisical/.env.example Required env vars for Infisical

Infisical Setup

Deploy Infisical on Netcup

scp -r infisical/ netcup:/opt/infisical/
ssh netcup
cd /opt/infisical

# Generate secrets
cat > .env <<EOF
INFISICAL_DB_PASS=$(openssl rand -hex 16)
INFISICAL_ENCRYPTION_KEY=$(openssl rand -hex 16)
INFISICAL_AUTH_SECRET=$(openssl rand -base64 32)
SMTP_PASSWORD=<noreply@rmail.online password>
EOF

docker compose up -d

Add DNS + Tunnel

  1. Add secrets.jeffemmett.com CNAME in Cloudflare
  2. Add hostname to tunnel config: 
    - hostname: secrets.jeffemmett.com
  service: http://localhost:80
  3. docker restart cloudflared
  4. Visit https://secrets.jeffemmett.com to complete setup

Infisical Project Structure

Organization: rSpace
  Project: shared         -> SMTP creds, AI keys, Cloudflare tokens
  Project: space-<name>   -> Per-space: JWT_SECRET, POSTGRES_PASSWORD, social API keys
  Project: rspace-online  -> Landing page: GEMINI_API_KEY, RUNPOD keys

Defaults

All defaults are in spaces.yml under defaults.postiz:. Per-space overrides go under spaces.<name>.postiz:.

Setting Default
Image ghcr.io/gitroomhq/postiz-app:latest
Port 5000
PostgreSQL postgres:17-alpine
Redis redis:7.2
Temporal temporalio/auto-setup:1.28.1
Email host mailcowdockerized-postfix-mailcow-1
Email port 587
Storage local
Registration enabled