app/mastodon: update to 4.1.9
also add manual db dumper job config
Change-Id: Ifbd85c7452893c26ec1db416b20f2fd8610e1b19
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1691
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/mastodon/kube/dumper.jsonnet b/app/mastodon/kube/dumper.jsonnet
new file mode 100644
index 0000000..1b05568
--- /dev/null
+++ b/app/mastodon/kube/dumper.jsonnet
@@ -0,0 +1,24 @@
+# mildly cursed
+# run manually, change filename (but don't commit it)
+local mastodon = import "prod.jsonnet";
+local kube = import "../../../kube/kube.libsonnet";
+
+local filename = error "change me";
+
+mastodon.namespace.Contain(kube.Job("mastodon-backup-dumper")) {
+ spec+: {
+ template+: {
+ spec+: {
+ containers_: {
+ default: kube.Container("dumper") {
+ image: "nixery.dev/shell/postgresql_13/zstd/rclone",
+ env_: mastodon.env,
+ args: ["bash", "-c",
+ "pg_dump -d postgres://$DB_USER:$DB_PASS@$DB_HOST/mastodon?sslmode=disable -v -c -C --if-exists | zstd -10 | rclone --s3-provider=Ceph --s3-env-auth=true --s3-endpoint=$S3_ENDPOINT rcat :s3:$S3_BUCKET/%s.sql.zstd" % filename
+ ]
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/app/mastodon/kube/mastodon.libsonnet b/app/mastodon/kube/mastodon.libsonnet
index 6261323..eac66fd 100644
--- a/app/mastodon/kube/mastodon.libsonnet
+++ b/app/mastodon/kube/mastodon.libsonnet
@@ -15,7 +15,7 @@
# /.well-known/webfinger to webDomain.
webDomain: cfg.localDomain,
images: {
- mastodon: "tootsuite/mastodon:v4.0.6@sha256:472c355da5a27b91005dc78c0b5cf75d6baaf1c561c29db1c49ce9168c5de0a9",
+ mastodon: "tootsuite/mastodon:v4.1.9@sha256:525032827b5438c47670f44194e4adaed9f2c46f39c28cb37e9feb54b93b9ebf",
},
passwords: {
# generate however you like
@@ -153,7 +153,12 @@
migrate: kube.Container("migrate") {
image: cfg.images.mastodon,
env_: app.env {
- SKIP_POST_DEPLOYMENT_MIGRATIONS: "true",
+ //That's confusing one - all the random "how to mastodon in docker" tutorials
+ //say you need to set it. However, with this set, the web dashboard was sad
+ //about unfinished migrations.
+ //I can't obviously tell if we'd ever want this to be enabled though.
+ //Leaving it commented out here for now.
+ //SKIP_POST_DEPLOYMENT_MIGRATIONS: "true",
},
command: [
"bundle", "exec",
@@ -280,6 +285,7 @@
ingress: ns.Contain(kube.Ingress("mastodon")) {
+ // TODO(https://issues.hackerspace.pl/issues/74): mastodon's docs say we should enable CSP. Figure it out.
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",