The previous code wrote
MAILTO=\n30 3 * * * cd /;/entrypoint.sh app:backup
(with a literal backslash n).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
To match zulip/puppet/zulip/files/limits.conf,
zulip/puppet/zulip/files/supervisor/supervisord.conf. Otherwise we
inherit the Docker daemon’s limits, which are too small when Docker is
installed as a snap.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Apparently, it's kinda a pain to modify the passwords for
rabbitmq/postgres, so document that fact.
A nice v2 would be to link to docs for exactly how to rotate these
passwords.
This took me 30min ... "SETTINGS_EXTERNAL_HOST" is wrong, and will lead to problems. The correct one used in entrypoint.sh is "SETTING_EXTERNAL_HOST" with no 'S', same goes for other settings.
This fixes a bug introduced in
62bf74190b, where the template
settings.py content wasn't being put in place properly.
The previous model meant that if the user exported the settings.py
file to the data directory, we'd end up appending various versions of
the users' configuration to it over time.
While those users should have been using the MANUAL_CONFIGURATION
setting, this at least is a much cleaner model for managing configuration.
Fixes#130.
Fixes#153.
Fixes#155.
Since these files are intended to be automatically generated by
entrypoint.sh at container startup time, these files are at best
useless and at worst could result in users ending up with copies of
the secrets generated when the Docker image they were using was built.
The ignore option was removed a long time ago, and the settings style
variable for RabbitMQ is very old backwards-compatibility code that is
no longer needed.
Single quotes in YAML have fewer situations where escaping is relevant
than double-quotes, which means using them as the default will help
prevent users from running into escaping issues.
Using an actual tool designed to do this is a lot more robust and
fixes some nasty escaping issues involving secrets containing `~` that
were reported in #143.
This fixes#150, and should eliminate the possibility for future bugs
in the same vein.
I still want to eliminate this whole type-detection system, but that's
for future work.
This docker image has only really supported Git leading up to Zulip
1.9 for a while now. Now that there's a release candidate out, it
makes sense to declare that explicitly.
This commit will be tagged 1.9.0-rc1-0.
The upstream rabbitmq project configures a persistent storage volume
(where data like the authentication details for the server are
stored), and it's a lot better for us to configure this explicitly, so
that all persistent state is stored in /opt/docker/zulip.
The task is to generate a self-signed cert so Zulip can be started, then
to wait until Zulip is up before using certbot to generate new certs.
Zulip needs to be up so it can meet certbot's challenge. Using a deploy
hook, certs are persisted in the data directory. The same applies to
renewal.
Tweaked by tabbott mostly to edit comments remove an unnecessary
setting before merging.
Fixes#120.
This removes the fork of the core Zulip nginx configuration file that
we were maintaining in the docker-zulip project; doing so improves the
maintainability of this project for the future, since we don't need to
check on every Zulip upgrade whether we've made any changes to the
`nginx` package in zulip/zulip.
The only feature we were using that for was the DISABLE_HTTPS setting
in docker-zulip, and it's now possible to do that by editing
zulip.conf instead.
Fixes#114.
First, we stop deleting the `puppet` directory, which is important for
being able to run `zulip-puppet-apply` inside the container (super
useful for debugging).
Second, we call this inside the code block for the `nginx` option, in
order to support the `DISABLE_HTTPS` option working without any copied
nginx configuration code in docker-zulip.
See #137 for how we could optimize this away.
