Skip to content

Commit

Permalink
docs: use valkey, update setup guide
Browse files Browse the repository at this point in the history
  • Loading branch information
@Kneemund
Kneemund committed Aug 8, 2024
1 parent 26e08ea commit e52d721
Showing 1 changed file with 70 additions and 24 deletions.
94 changes: 70 additions & 24 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,77 +16,123 @@ A container image can be built by using the provided `Dockerfile`. It supports f

Running the bot with the `--reload-commands` argument will register all slash commands after connecting to the Discord API. This is only necessary on new accounts or after changes to the structure of slash commands.

## Enviornment Variables
## Environment Variables

All environment variables without a default value must be specified, otherwise the application will panic (usually during startup). If a `.env` file exists within the working directory, the location of the file is logged and it will be parsed and loaded while keeping the values of already existing environment variables.
All environment variables without a default value must be specified, otherwise the application will panic (usually during startup). If a `.env` file exists within the working directory, the location of the file is logged, and it will be parsed and loaded while keeping the values of already existing environment variables.

| Name | Default Value | Description |
| ------------------- | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| BOT_TOKEN | NONE | Secret token for the bot account created in the Discord Developer Portal. |
| BLAKE3_KEY_MATERIAL | NONE | Master secret key for deriving other keys using the BLAKE3 KDF, e.g. the key for creating and validating the HMAC in Juxtapose URLs. |
| JUXTAPOSE_BASE_URL | `http://localhost` | Base URL used for viewing juxtaposed images, used for generating URLs for the "Open" button. |
| REDIS_URL | `redis://127.0.0.1/` | URL used for connecting to Redis. Can be either a TCP connection (`redis://` or `rediss://`), or an IPC/UNIX connection (`redis+unix://`). |
| REDIS_URL | `redis://127.0.0.1/` | URL used for connecting to Redis/Valkey. Can be either a TCP connection (`redis://` or `rediss://`), or an IPC/UNIX connection (`redis+unix://`). |
| PORT | NONE | Port number that the HTTP API runs on. |
| SOCKET_PATH | NONE | UNIX Domain Socket path that the HTTP API runs on. Only supported on UNIX systems, takes precendence over PORT. |
| CORS_ORIGIN | `*` | Allowed origin domains for CORS. Allows all domains by default, but is highly recommended to be set to a specific domain in production (typically JUXTAPOSE_BASE_URL). |
| SOCKET_PATH | NONE | UNIX Domain Socket path that the HTTP API runs on. Only supported on UNIX systems, takes precedence over PORT. |
| CORS_ORIGIN | `*` | Allowed origin domains for CORS. Allows all domains by default, but is highly recommended being set to a specific domain in production (typically JUXTAPOSE_BASE_URL). |

## Running Binaries using Podman & Quadlets

You can run the provided [image](https://github.com/Kneemund/previewBOT/pkgs/container/previewbot) using rootless Podman. This section describes how you can use the systemd integration, Quadlets, to setup user-space systemd services for Redis and previewBOT with persistent storage and communication via Unix Domain Sockets.
You can run the provided [image](https://github.com/Kneemund/previewBOT/pkgs/container/previewbot) using rootless Podman. This section describes how you can use the systemd integration, Quadlets, to set up user-space systemd services for Valkey and previewBOT with persistent storage and communication via Unix Domain Sockets. The HTTP API is exposed using a local NGINX installation.

After creating the `.container` files at the bottom of this section, run `systemctl --user daemon-reload` to generate the systemd service files. The configuration makes a few assumptions about the user's home directory.

- All of the folders and files mentioned below are owned and writable by the current user.
- `~/production/previewbot/previewbot.env` is an existing file that contains the environment variables described in the section above. Among other things, it must contain `REDIS_URL=redis+unix:///run/redis/redis.sock`.
- `~/production/redis/data` is an existing folder used to store RDB dumps for persistent storage.
- `~/production/redis/conf/redis.conf` is an existing file with the following content for configuring the Unix Domain Socket.
- All the folders and files mentioned below are owned and writable by the current user.
- `~/production/previewbot/previewbot.env` is an existing file that contains the environment variables described in the section above. Among other things, it must contain `REDIS_URL=redis+unix:///run/valkey/valkey.sock` and `SOCKET_PATH=/run/previewbot/api.sock`.
- `~/production/valkey/data` is an existing folder used to store RDB dumps for persistent storage.
- `~/production/valkey/conf/valkey.conf` is an existing file with the following content for configuring the Unix Domain Socket.

```
unixsocket /run/redis/redis.sock
unixsocketperm 666
unixsocket /run/valkey/valkey.sock
unixsocketperm 777
port 0
```

Then, run previewBOT using `systemctl --user start previewbot.service`. previewBOT will be started automatically after rebooting.
The previewBOT Quadlet below maps the Unix Domain Socket containing the HTTP API to `/opt/previewbot/api.sock`. It can be exposed using the following NGINX configuration.

```nginx
upstream previewbot-api {
server unix:/opt/previewbot/api.sock;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate ...;
ssl_certificate_key ...;
server_tokens off;
server_name ...;
location /juxtapose/url {
proxy_pass http://previewbot-api/url;
}
location / {
return 404;
}
}
```

> When using SELinux, you'll most likely need to configure contexts and policies to allow NGINX to connect to the Unix Domain Socket.
The accompanying website to display the juxtaposed images can be found in [this repository](https://github.com/Kneemund/juxtapose). Note that the domain of the API URL is hard-coded in the JavaScript file and needs to be adapted.

Finally, run previewBOT using `systemctl --user start previewbot.service`. previewBOT will be started automatically after rebooting.

---

`~/.config/containers/systemd/previewbot.container`

```service
```ini
[Unit]
Description=previewBOT container
After=network-online.target
After=network-online.target valkey.service
Requires=valkey.service
StartLimitInterval=200
StartLimitBurst=5

[Container]
Image=ghcr.io/kneemund/previewbot:latest
Volume=redis-unix-socket:/run/redis
Volume=valkey-unix-socket:/run/valkey:Z
Volume=/opt/previewbot:/run/previewbot:Z
EnvironmentFile=%h/production/previewbot/previewbot.env
Network=host
AutoUpdate=registry

[Service]
Restart=always
RestartSec=30

[Install]
WantedBy=default.target
```

---

`~/.config/containers/systemd/redis.container`
`~/.config/containers/systemd/valkey.container`

```service
```ini
[Unit]
Description=Redis container
Description=Valkey container
After=network-online.target
StartLimitInterval=200
StartLimitBurst=5

[Container]
Image=docker.io/redis:alpine
Volume=%h/production/redis/data:/data
Volume=%h/production/redis/conf:/usr/local/etc/redis
Volume=redis-unix-socket:/run/redis
Image=docker.io/valkey/valkey:alpine
Volume=%h/production/valkey/data:/data:Z
Volume=%h/production/valkey/conf:/usr/local/etc/valkey:Z
Volume=valkey-unix-socket:/run/valkey:Z
UserNS=keep-id:uid=999,gid=1000
Network=none
AutoUpdate=registry
Exec=redis-server /usr/local/etc/redis/redis.conf
Exec=valkey-server /usr/local/etc/valkey/valkey.conf

[Service]
Restart=always
RestartSec=30

[Install]
WantedBy=previewbot.service
Expand Down

0 comments on commit e52d721

Please sign in to comment.