..

docker-compose.yml

@@ -16,6 +16,7 @@ services:
       - PROXY_PASS=http://gitea:3000/
       - BLOG_PROXY_PASS=http://ghost:2368/
       - CHAT_PROXY_PASS=http://chat:3000/
+      - COMMENTO_PROXY_PASS=http://commento:8080/
       - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
       - DRONE_PROXY_PASS=http://drone-server:8080/
       - REGISTRY_PROXY_PASS=http://registry-1:5000
@@ -24,6 +25,7 @@ services:
       - GIT_LOCATION=/git/
       - BLOG_LOCATION=/
       - CHAT_LOCATION=/chat/
+      - COMMENTO_LOCATION=/comment/
       - REMOTE_LOCATION=/remote/
       - DRONE_SERVER_HOST=$DRONE_SERVER_HOST
       - TITLE=$TITLE
@@ -250,6 +252,27 @@ services:
       - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD
       
 
+    networks:
+      - appnet
+  commento:
+    deploy:
+      placement:
+        constraints: [node.labels.com.sigyl.git-stack == yes]
+      replicas: 1
+      restart_policy:
+        condition: any
+    image: registry.gitlab.com/commento/commento:latest
+    environment:
+      COMMENTO_ORIGIN: $COMMENTO_ORIGIN
+      COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
+      COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
+      COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
+      COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
+      COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
+      COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
+      COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
+      COMMENTO_PORT: 8080
+      COMMENTO_POSTGRES: postgres://commento:your_password_here@guacamole-postgresql:5432/commento?sslmode=disable
     networks:
       - appnet
   commento-postgres:
@@ -260,7 +283,6 @@ services:
       restart_policy:
         condition: any
     image: postgres:11-alpine
-    restart: always
     environment:
       POSTGRES_DB: commento
       POSTGRES_USER: commento
@@ -268,7 +290,7 @@ services:
     networks:
       - appnet
     volumes:
-      - copmmento-postgresql-data:/var/lib/postgresql/data
+      - commento-postgresql-data:/var/lib/postgresql/data
   guacamole-postgresql:
     # database for guacamole
     deploy:

drone-starlark/repos/echo.star

@@ -1,7 +1,7 @@
 load("@this//:secret-to-environment.star", "secretToEnvironment")
 
 def echo(secret):
-  return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format(
+  return 'echo "export {environment}=\'${environment}\'" >> ***filename*** # {secret}'.format(
       secret = secret,
       environment = secretToEnvironment(secret),
     )

drone-starlark/repos/print-secrets.star

@@ -19,6 +19,6 @@ def printSecrets(filename, env, secretEnv):
       "script": [x.replace("***filename***", filename) for x in [
         "rm -f env-stack",
       ] + map(echo, env) 
-      + map(echoSecret, secretEnv)]
+      + map(echo, secretEnv)]
     }
   }

drone-starlark/repos/stack/drone.star

@@ -76,20 +76,20 @@ def drone(
               "guacamole-postgresql",
             ],
           ),
-          pull(
-            "pull registry",
-            [
-              "letsencrypt-registry",
-            ],
-          ),
-          deploy(
-            "docker-compose-registry.yml",
-            'registry',
-            base,
-            publicSecrets + secretSecrets,
-            commands,
-            ctx
-          ),
+          #pull(
+          #  "pull registry",
+          #  [
+          #    "letsencrypt-registry",
+          #  ],
+          #),
+          #deploy(
+          #  "docker-compose-registry.yml",
+          #  'registry',
+          #  base,
+          #  publicSecrets + secretSecrets,
+          #  commands,
+          #  ctx
+          #),
           deploy(
             "docker-compose.yml",
             name,

drone-starlark/repos/stack/public-secrets.star

@@ -20,5 +20,11 @@ publicSecrets = [
   "gitea-mailer-host",
   "gitea-mailer-from",
   "gitea-mailer-user",
-  "gitea-app-name"
+  "gitea-app-name",
+  "commento-origin",
+  "commento-smtp-host",
+  "commento-smtp-port",
+  "commento-smtp-username",
+  "commento-smtp-from-address",
+  "commento-forbid-new-owners",
 ]

drone-starlark/repos/stack/secret-secrets.star

@@ -11,4 +11,6 @@ secretSecrets = [
   "gitea-security-internal-token",
   "gitea-oauth2-jwt-secret",
   "gitea-mailer-passwd",
+  "commento-smtp-password",
+  "commento-askimet-key",
 ]

init-scale.sh

@@ -1,4 +1,4 @@
 docker service scale $1_chat=1
 docker service scale $1_ngrok=$2
-docker service scale $1_letsencrypt-drone=1
+docker service scale $1_letsencrypt-drone=$2
 docker service scale $1_letsencrypt-git=1

letsencrypt-nginx/conf/git.conf

@@ -145,6 +145,11 @@ server {
     set ${DOLLAR}upstream ${REMOTE_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
     proxy_pass ${DOLLAR}upstream;
   }
+  location ~ ${COMMENTO_LOCATION}(.*) {
+    resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
+    set ${DOLLAR}upstream ${COMMENTO_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
+    proxy_pass ${DOLLAR}upstream;
+  }
   location ~ ${BLOG_LOCATION}(.*) {
     resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
     proxy_set_header Host ${DOLLAR}http_host;