add ffmpeg to bright release stage

2025-03-05 03:03:52 -08:00 · 2025-03-05 03:03:52 -08:00 · 1d87177a00
commit 1d87177a00
parent 6c1869bd72
10 changed files with 129 additions and 159 deletions
--- a/.gitea/workflows/builder.yaml
+++ b/.gitea/workflows/builder.yaml
@ -26,59 +26,59 @@ jobs:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

-      - name: Build futureporn/aquatic
-        uses: docker/build-push-action@v6
-        with:
-          context: ./apps/aquatic
-          file: ./apps/aquatic/docker/aquatic_udp_futureporn.Dockerfile
-          push: true
-          tags: gitea.futureporn.net/futureporn/aquatic:latest
-
-      - name: Build futureporn/tracker-helper
-        uses: docker/build-push-action@v6
-        with:
-          context: ./services/tracker-helper
-          push: true
-          tags: gitea.futureporn.net/futureporn/tracker-helper:latest
-          labels: |
-            org.opencontainers.image.description=Custom Aquatic helper service, adding info_hash accesslist operations via HTTP
-            org.opencontainers.image.title=tracker-helper
-            org.opencontainers.image.licenses=unlicense
-            org.opencontainers.image.source=https://gitea.futureporn.net/futureporn/fp
-            org.opencontainers.image.url=https://gitea.futureporn.net/futureporn/-/packages/container/tracker-helper
-          secrets: |
-            TRACKER_HELPER_USERNAME=${{ secrets.TRACKER_HELPER_USERNAME }}
-            TRACKER_HELPER_PASSWORD=${{ secrets.TRACKER_HELPER_PASSWORD }}
-
-      - name: Build futureporn/tracker
-        uses: docker/build-push-action@v6
-        with:
-          context: ./apps/tracker
-          push: true
-          tags: gitea.futureporn.net/futureporn/tracker:latest
-          labels: |
-            org.opencontainers.image.description=Aquatic tracker with custom helper service, adding info_hash accesslist operations via HTTP
-            org.opencontainers.image.title=tracker
-            org.opencontainers.image.licenses=unlicense
-            org.opencontainers.image.source=https://gitea.futureporn.net/futureporn/fp
-            org.opencontainers.image.url=https://gitea.futureporn.net/futureporn/-/packages/container/tracker
-          secrets: |
-            TRACKER_HELPER_USERNAME=${{ secrets.TRACKER_HELPER_USERNAME }}
-            TRACKER_HELPER_PASSWORD=${{ secrets.TRACKER_HELPER_PASSWORD }}
-
-      # - name: Build futureporn/bright
+      # - name: Build futureporn/aquatic
      #   uses: docker/build-push-action@v6
      #   with:
-      #     context: ./apps/bright
+      #     context: ./apps/aquatic
+      #     file: ./apps/aquatic/docker/aquatic_udp_futureporn.Dockerfile
      #     push: true
-      #     tags: gitea.futureporn.net/futureporn/bright:latest
-      #     build-args: |
-      #       MIX_ENV=prod
+      #     tags: gitea.futureporn.net/futureporn/aquatic:latest
+
+      # - name: Build futureporn/tracker-helper
+      #   uses: docker/build-push-action@v6
+      #   with:
+      #     context: ./services/tracker-helper
+      #     push: true
+      #     tags: gitea.futureporn.net/futureporn/tracker-helper:latest
      #     labels: |
-      #       org.opencontainers.image.description=The Galaxy's Best VTuber hentai site
-      #       org.opencontainers.image.title=bright
-      #       org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
-      #       org.opencontainers.image.version={{version}}
+      #       org.opencontainers.image.description=Custom Aquatic helper service, adding info_hash accesslist operations via HTTP
+      #       org.opencontainers.image.title=tracker-helper
      #       org.opencontainers.image.licenses=unlicense
      #       org.opencontainers.image.source=https://gitea.futureporn.net/futureporn/fp
-      #       org.opencontainers.image.url=https://gitea.futureporn.net/futureporn/-/packages/container/bright
+      #       org.opencontainers.image.url=https://gitea.futureporn.net/futureporn/-/packages/container/tracker-helper
+      #     secrets: |
+      #       TRACKER_HELPER_USERNAME=${{ secrets.TRACKER_HELPER_USERNAME }}
+      #       TRACKER_HELPER_PASSWORD=${{ secrets.TRACKER_HELPER_PASSWORD }}
+
+      # - name: Build futureporn/tracker
+      #   uses: docker/build-push-action@v6
+      #   with:
+      #     context: ./apps/tracker
+      #     push: true
+      #     tags: gitea.futureporn.net/futureporn/tracker:latest
+      #     labels: |
+      #       org.opencontainers.image.description=Aquatic tracker with custom helper service, adding info_hash accesslist operations via HTTP
+      #       org.opencontainers.image.title=tracker
+      #       org.opencontainers.image.licenses=unlicense
+      #       org.opencontainers.image.source=https://gitea.futureporn.net/futureporn/fp
+      #       org.opencontainers.image.url=https://gitea.futureporn.net/futureporn/-/packages/container/tracker
+      #     secrets: |
+      #       TRACKER_HELPER_USERNAME=${{ secrets.TRACKER_HELPER_USERNAME }}
+      #       TRACKER_HELPER_PASSWORD=${{ secrets.TRACKER_HELPER_PASSWORD }}
+
+      - name: Build futureporn/bright
+        uses: docker/build-push-action@v6
+        with:
+          context: ./apps/bright
+          push: true
+          tags: gitea.futureporn.net/futureporn/bright:latest
+          build-args: |
+            MIX_ENV=prod
+          labels: |
+            org.opencontainers.image.description=The Galaxy's Best VTuber hentai site
+            org.opencontainers.image.title=bright
+            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
+            org.opencontainers.image.version={{version}}
+            org.opencontainers.image.licenses=unlicense
+            org.opencontainers.image.source=https://gitea.futureporn.net/futureporn/fp
+            org.opencontainers.image.url=https://gitea.futureporn.net/futureporn/-/packages/container/bright
--- a/README.md
+++ b/README.md
@ -21,7 +21,8 @@ The main gist is as follows.
    devbox install


-3. Run `docker compose up --watch`
+3. Run database and other accessories with `docker compose up --watch` 
+4. In another terminal, run the phoenix "bright" app with `devbox run bright:dev`
 4. Visit http://localhost:4000

 If all went well, editing source code will automatically affect the website running in your browser.
--- a/apps/bright/Dockerfile
+++ b/apps/bright/Dockerfile
@ -27,6 +27,7 @@ RUN apt-get update -y && apt-get install -y build-essential git inotify-tools ff
    && apt-get clean && rm -f /var/lib/apt/lists/*_*


+
 # prepare build dir
 WORKDIR /app

@ -93,11 +94,17 @@ CMD [ "mix", "phx.server" ]
 # start a new build stage so that the final image will only contain
 # the compiled release and other runtime necessities
 FROM ${RUNNER_IMAGE} AS prod
-RUN mkdir -p ~/.config/futureporn
+RUN mkdir -p /mnt/vfs/futureporn

-RUN apt-get update -y && \
-  apt-get install -y libstdc++6 openssl libncurses5 locales ca-certificates \
-  && apt-get clean && rm -f /var/lib/apt/lists/*_*
+RUN apt-get update -y \
+  && apt-get install -y libstdc++6 openssl libncurses5 locales inotify-tools ffmpeg python3 python3-pip ca-certificates \
+  && pip install torrentfile \
+  && apt-get clean && rm -f /var/lib/apt/lists/*_* \
+  && groupadd bright \
+  && useradd bright \
+    --gid bright \
+    --shell /bin/sh \
+    --create-home

 # Set the locale
 RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
@ -105,7 +112,7 @@ RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8

 WORKDIR "/app"
-RUN chown nobody /app
+RUN chown bright /app

 # set runner ENV
 ARG MIX_ENV=prod
@ -113,13 +120,12 @@ ENV MIX_ENV=$MIX_ENV
 RUN echo MIX_ENV=$MIX_ENV

 # Only copy the final release from the build stage
-COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/bright ./
+COPY --from=builder --chown=bright:root /app/_build/${MIX_ENV}/rel/bright ./

-USER nobody
+USER bright

 # If using an environment that doesn't automatically reap zombie processes, it is
 # advised to add an init process such as tini via `apt-get install`
 # above and adding an entrypoint. See https://github.com/krallin/tini for details
 # ENTRYPOINT ["/tini", "--"]
-
 CMD ["/app/bin/server"]
--- a/apps/bright/config/runtime.exs
+++ b/apps/bright/config/runtime.exs
@ -94,12 +94,19 @@ if config_env() == :prod do

  # We need to stop the program from running if OAuth client IDs and client secrets are not present in env.
  # We also do this in config.exs, but we wait to raise until here otherwise mix wouldn't be able to run ecto migrations
-  # System.get_env("GITHUB_CLIENT_ID") || raise("environment variable GITHUB_CLIENT_ID is missing.")
-  # System.get_env("GITHUB_CLIENT_SECRET") || raise("environment variable GITHUB_CLIENT_SECRET is missing.")
+  System.get_env("PATREON_CLIENT_ID") ||
+    raise("environment variable PATREON_CLIENT_ID is missing.")

-  # config :ueberauth, Ueberauth.Strategy.Patreon.OAuth,
-  #   client_id: {:system, "PATREON_CLIENT_ID"},
-  #   client_secret: {:system, "PATREON_CLIENT_SECRET"}
+  System.get_env("PATREON_CLIENT_SECRET") ||
+    raise("environment variable PATREON_CLIENT_SECRET is missing.")
+
+  System.get_env("PATREON_REDIRECT_URI") ||
+    raise("environment variable PATREON_REDIRECT_URI is missing.")
+
+  config :ueberauth, Ueberauth.Strategy.Patreon.OAuth,
+    client_id: System.get_env("PATREON_CLIENT_ID"),
+    client_secret: System.get_env("PATREON_CLIENT_SECRET"),
+    redirect_uri: System.get_env("PATREON_REDIRECT_URI")

  # config :ueberauth, Ueberauth.Strategy.Github.OAuth,
  #   client_id: {:system, "GITHUB_CLIENT_ID"},
--- a/apps/bright/lib/bright/cache.ex
+++ b/apps/bright/lib/bright/cache.ex
@ -3,7 +3,8 @@ defmodule Bright.Cache do
  A simple caching module that saves files to the `/tmp` directory.
  """

-  @cache_dir Path.join(System.user_home!(), ".cache/futureporn")
+  # we use Vultr File System to share cache among all Phoenix instances
+  @cache_dir "/mnt/vfs/futureporn"

  require Logger

--- a/apps/bright/lib/bright_web/live/profile/profile_live.ex
+++ b/apps/bright/lib/bright_web/live/profile/profile_live.ex
@ -61,7 +61,7 @@ defmodule BrightWeb.ProfileLive do

    <section class="hero">
      <div class="hero-body">
-        <p class="title">Care to upgrade your Patron Tier?</p>
+        <p class="title">Patron Tiers & Perks</p>
      </div>
    </section>

@ -90,13 +90,13 @@ defmodule BrightWeb.ProfileLive do
          </tr>
          <tr>
            <td>API</td>
-            <td>❌</td>
+            <td>✅</td>
            <td>✅</td>
            <td>✅</td>
          </tr>
          <tr>
            <td>Patron List</td>
-            <td>❌</td>
+            <td>✅</td>
            <td>✅</td>
            <td>✅</td>
          </tr>
--- a/config/deploy.yml
+++ b/config/deploy.yml
@ -7,20 +7,13 @@ image: futureporn/bright
 # Deploy to these servers.
 servers:
  web:
-    - 45.76.57.101
+    - 66.42.125.79

 # Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
 # Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer.
 #
 # Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
-proxy:
-  ssl: true
-  app_port: 4000
-  host: bright.futureporn.net
-  healthcheck:
-    path: /api/health
-    interval: 2
-    timeout: 2
+proxy: false

 # how long to wait for new containers to boot
 deploy_timeout: 30
@ -41,7 +34,9 @@ builder:
  args:
    MIX_ENV: prod
  arch: amd64
-  dockerfile: ./dockerfiles/bright.dockerfile
+  dockerfile: ./apps/bright/Dockerfile
+  context: ./apps/bright
+
  # Pass in additional build args needed for your Dockerfile.
  # args:
  #   RUBY_VERSION: <%= File.read('.ruby-version').strip %>
@ -49,16 +44,22 @@ builder:
 env:
  clear:
    PORT: 4000
-    DATABASE_HOST: futureporn-db
-    MIX_ENV: prod
-    SUPERSTREAMER_URL: http://superstreamer-api
+    DATABASE_HOST: 10.2.128.4
+    MIX_ENV: dev
    PUBLIC_S3_ENDPOINT: https://futureporn-b2.b-cdn.net
+    PATREON_REDIRECT_URI: https://bright.futureporn.net/auth/patreon/callback
+    SITE_URL: https://bright.futureporn.net
+    PHX_HOST: bright.futureporn.net
+    AWS_BUCKET: futureporn
+    AWS_REGION: us-west-000
+    AWS_HOST: s3.us-west-000.backblazeb2.com
  secret:
    - DATABASE_URL
    - SECRET_KEY_BASE
-    - SUPERSTREAMER_AUTH_TOKEN
-    - GITHUB_CLIENT_SECRET
-    - GITHUB_CLIENT_ID
+    - PATREON_CLIENT_SECRET
+    - PATREON_CLIENT_ID
+    - AWS_ACCESS_KEY_ID
+    - AWS_SECRET_ACCESS_KEY

 # Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
 # "bin/kamal logs -r job" will tail logs from the first server in the job section.
@ -68,11 +69,12 @@ env:

 ssh:
  keys: ["~/.ssh/futureporn"]
+  keys_only: true

 # Use a persistent storage volume.
 #
-# volumes:
-#   - "app_storage:/app/storage"
+volumes:
+  - "app_cache:/mnt/vfs/futureporn"

 # Bridge fingerprinted assets, like JS and CSS, between versions to avoid
 # hitting 404 on in-flight requests. Combines all files from new and old
@ -91,7 +93,7 @@ ssh:
 accessories:
  tracker:
    image: gitea.futureporn.net/futureporn/tracker:latest
-    host: 45.76.57.101
+    host: 66.42.125.79
    port: "0.0.0.0:5063:5063"
    env:
      clear:
@ -102,37 +104,15 @@ accessories:
    proxy:
      ssl: true
      forward_headers: false
-      # note: tracker also uses port 6969/udp and 9000/tcp, but the api at 5063/tcp is what we specify here. # @todo @blocking https://github.com/basecamp/kamal-proxy/issues/48
-      app_port: 5063
+      # note: tracker also uses port 6969/udp and 9000/tcp, but the api at 5063/tcp is what we specify here. # @todo @blocking https://github.com/basecamp/kamal-proxy/issues/48      app_port: 5063
      host: tracker.futureporn.net
      healthcheck:
        path: /health

-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    host: 45.76.57.101
-    port: "127.0.0.1:8080:8080"
-    env:
-      clear:
-        PUID: "1000"
-        PGID: "1000"
-        TZ: "Etc/UTC"
-        WEBUI_PORT: "8080"
-        TORRENTING_PORT: "6881"
-    proxy:
-      ssl: true
-      forward_headers: true
-      app_port: 8080
-      host: qbittorrent.futureporn.net
-      healthcheck:
-        path: /
-    volumes:
-      - /root/.cache/futureporn:/root/.cache/futureporn
-
  db:
    image: postgres:15
-    host: 45.76.57.101
-    port: "127.0.0.1:5432:5432"
+    host: 45.76.228.113
+    port: "0.0.0.0:5432:5432"
    env:
      clear:
        POSTGRES_USER: postgres
@ -141,28 +121,3 @@ accessories:
        - POSTGRES_PASSWORD
    directories:
      - pg_data:/var/lib/postgresql/data
-
-  redis:
-    image: valkey/valkey:8
-    host: 45.76.57.101
-    port: 6379
-    directories:
-      - data:/data
-
-  pgadmin:
-    image: dpage/pgadmin4
-    host: 45.76.57.101
-    port: "127.0.0.1:5050:5050"
-    env:
-      clear:
-        PGADMIN_LISTEN_PORT: "5050"
-      secret:
-        - PGADMIN_DEFAULT_EMAIL
-        - PGADMIN_DEFAULT_PASSWORD
-    proxy:
-      ssl: true
-      forward_headers: true
-      app_port: 5050
-      host: pgadmin.futureporn.net
-      healthcheck:
-        path: /login
--- a/devbox.json
+++ b/devbox.json
@ -20,9 +20,9 @@
  ],
  "env": {
    "DEVBOX_COREPACK_ENABLED": "true",
-    "ENV":                     "development",
-    "KUBECONFIG":              "$HOME/.kube/futureporn.yaml",
-    "VENV_DIR":                ".venv"
+    "ENV": "development",
+    "KUBECONFIG": "$HOME/.kube/futureporn.yaml",
+    "VENV_DIR": ".venv"
  },
  "shell": {
    "init_hook": [
@ -31,19 +31,19 @@
      "pip install -r requirements.txt"
    ],
    "scripts": {
-      "tunnel":                 "dotenvx run -f ./.kamal/secrets.development -- chisel client bright.fp.sbtp.xyz:9090 R:4000",
-      "backup":                 "docker exec -t postgres_db pg_dumpall -c -U postgres > ./backups/dev_`date +%Y-%m-%d_%H_%M_%S`.sql",
-      "act":                    "dotenvx run -f ./.kamal/secrets.testing -- act -W ./.gitea/workflows --secret-file .kamal/secrets.development",
-      "act:builder":            "dotenvx run -f ./.kamal/secrets.testing -- act -W ./.gitea/workflows/builder.yaml --secret-file .kamal/secrets.testing --var-file .kamal/secrets.testing --insecure-secrets",
-      "act:tests":              "dotenvx run -f ./.kamal/secrets.testing -- act -W ./.gitea/workflows/tests.yaml --secret-file .kamal/secrets.testing --var-file .kamal/secrets.testing --insecure-secrets",
-      "bright:compile:watch":   "cd ./apps/bright && find . -type f -name \"*.ex\" -o -name \"*.exs\" | entr -r mix compile --warnings-as-errors",
-      "bright:compile:watch2":  "cd ./apps/bright && pnpx chokidar-cli \"**/*\" -i \"deps/**\" -i \"_build/**\" -c \"mix compile --warnings-as-errors\"",
-      "bright:dev":             "cd ./apps/bright && dotenvx run -f ../../.kamal/secrets.development -e MIX_ENV=dev -- mix phx.server",
+      "tunnel": "dotenvx run -f ./.kamal/secrets.development -- chisel client bright.fp.sbtp.xyz:9090 R:4000",
+      "backup": "docker exec -t postgres_db pg_dumpall -c -U postgres > ./backups/dev_`date +%Y-%m-%d_%H_%M_%S`.sql",
+      "act": "dotenvx run -f ./.kamal/secrets.testing -- act -W ./.gitea/workflows --secret-file .kamal/secrets.development",
+      "act:builder": "dotenvx run -f ./.kamal/secrets.testing -- act -W ./.gitea/workflows/builder.yaml --secret-file .kamal/secrets.testing --var-file .kamal/secrets.testing --insecure-secrets",
+      "act:tests": "dotenvx run -f ./.kamal/secrets.testing -- act -W ./.gitea/workflows/tests.yaml --secret-file .kamal/secrets.testing --var-file .kamal/secrets.testing --insecure-secrets",
+      "bright:compile:watch": "cd ./apps/bright && find . -type f -name \"*.ex\" -o -name \"*.exs\" | entr -r mix compile --warnings-as-errors",
+      "bright:compile:watch2": "cd ./apps/bright && pnpx chokidar-cli \"**/*\" -i \"deps/**\" -i \"_build/**\" -c \"mix compile --warnings-as-errors\"",
+      "bright:dev": "cd ./apps/bright && dotenvx run -f ../../.kamal/secrets.development -e MIX_ENV=dev -- mix phx.server",
      "bright:test:unit:watch": "cd ./apps/bright && pnpx chokidar-cli '**/*' -i \"deps/**\" -i '_build/**' -c 'mix test --only=unit'",
-      "bright:act":             "cd ./apps/bright && act --env MIX_ENV=test -W ./.gitea/workflows/tests.yaml --secret-file .kamal/secrets.development",
-      "test":                   "act -W ./.gitea/workflows/tests.yaml --secret-file .kamal/secrets.testing --var-file .kamal/secrets.testing && devbox run beep || devbox run boop",
-      "beep":                   "ffplay -nodisp -loglevel quiet -autoexit ./apps/beep/beep2.wav",
-      "boop":                   "ffplay -nodisp -loglevel quiet -autoexit ./apps/beep/beep1.wav"
+      "bright:act": "cd ./apps/bright && act --env MIX_ENV=test -W ./.gitea/workflows/tests.yaml --secret-file .kamal/secrets.development",
+      "test": "act -W ./.gitea/workflows/tests.yaml --secret-file .kamal/secrets.testing --var-file .kamal/secrets.testing && devbox run beep || devbox run boop",
+      "beep": "ffplay -nodisp -loglevel quiet -autoexit ./apps/beep/beep2.wav",
+      "boop": "ffplay -nodisp -loglevel quiet -autoexit ./apps/beep/beep1.wav"
    }
  }
-}
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -3,11 +3,10 @@ services:
  aquatic:
    build:
      context: ./apps/aquatic
+      dockerfile: docker/aquatic_udp_futureporn.Dockerfile
    ports:
-      - "3003:3003/udp"
+      - "6969:6969/udp"
      - "9000:9000/tcp"
-    volumes:
-      - aquatic


  # bright:
@ -87,12 +86,12 @@ services:
      - db
    environment:
      PGADMIN_LISTEN_PORT: "5050"
+      PGADMIN_DISABLE_POSTFIX: "1"
+      PGADMIN_DEFAULT_EMAIL: cj@futureporn.net
+      PGADMIN_DEFAULT_PASSWORD: "password"
    env_file:
      - .kamal/secrets.development

 volumes:
  pg_data:
-  redis_data:
  cache:
-  opentracker-etc:
-  aquatic:
--- a/playbooks/opentofu/capture.tf
+++ b/playbooks/opentofu/capture.tf
@ -61,6 +61,7 @@ resource "vultr_instance" "capture_vps" {
        - chmod +x ~/.local/bin/thumbnail-generator.sh
        - curl -fsSL https://github.com/Backblaze/B2_Command_Line_Tool/releases/download/v4.3.1/b2-linux > ~/.local/bin/b2
        - chmod +x ~/.local/bin/b2
+        - export DIR=/usr/local/bin; curl https://raw.githubusercontent.com/jesseduffield/lazydocker/master/scripts/install_update_linux.sh | bash
        - curl -fsSL https://dist.ipfs.tech/kubo/v0.33.2/kubo_v0.33.2_linux-amd64.tar.gz > ~/kubo_v0.33.2_linux-amd64.tar.gz
        - tar xvzf ~/kubo_v0.33.2_linux-amd64.tar.gz
        - ~/kubo/install.sh