gui.do / barazo-deploy
Barazo Docker Compose templates for self-hosting barazo.forum
fork atom
barazo-deploy / README.md
at main 209 lines 8.6 kB view raw view rendered
Guido X Jansen docs: update footer to Singi Labs with EU tagline
a44f2a13
1<div align="center"> 2 3<picture> 4 <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/singi-labs/.github/main/assets/logo-dark.svg"> 5 <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/singi-labs/.github/main/assets/logo-light.svg"> 6 <img alt="Barazo Logo" src="https://raw.githubusercontent.com/singi-labs/.github/main/assets/logo-dark.svg" width="120"> 7</picture> 8 9# Barazo Deploy 10 11**Docker Compose templates for self-hosting Barazo forums.** 12 13[![Status: Alpha](https://img.shields.io/badge/status-alpha-orange)]() 14[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) 15[![Validate](https://github.com/singi-labs/barazo-deploy/actions/workflows/validate-compose.yml/badge.svg)](https://github.com/singi-labs/barazo-deploy/actions/workflows/validate-compose.yml) 16 17</div> 18 19--- 20 21## Overview 22 23Everything you need to self-host a [Barazo](https://github.com/singi-labs) forum. Includes Docker Compose templates for development, production (single community), and global aggregator deployments. Automatic SSL via Caddy, backup/restore scripts, and network segmentation out of the box. 24 25--- 26 27## Docker Compose Templates 28 29| File | Purpose | 30|------|---------| 31| `docker-compose.dev.yml` | Local development -- infrastructure services only (PostgreSQL, Valkey, Tap). Run API and Web separately with `pnpm dev`. | 32| `docker-compose.yml` | Production single-community deployment with automatic SSL via Caddy. Full stack. | 33| `docker-compose.global.yml` | Global aggregator override -- layers on top of `docker-compose.yml` with higher resource limits and PostgreSQL tuning for indexing all communities network-wide. | 34 35--- 36 37## Services 38 39| Service | Image | Description | 40|---------|-------|-------------| 41| PostgreSQL 16 | `pgvector/pgvector:pg16` | Primary database with pgvector for full-text and optional semantic search | 42| Valkey 8 | `valkey/valkey:8-alpine` | Redis-compatible cache for sessions, rate limiting, and queues | 43| Tap | `ghcr.io/bluesky-social/indigo/tap:latest` | AT Protocol firehose consumer, filters `forum.barazo.*` records | 44| Barazo API | `ghcr.io/singi-labs/barazo-api` | AppView backend (Fastify, REST API, firehose indexing) | 45| Barazo Web | `ghcr.io/singi-labs/barazo-web` | Next.js frontend | 46| Caddy | `caddy:2-alpine` | Reverse proxy with automatic SSL via Let's Encrypt, HTTP/3 support | 47 48Production uses two-network segmentation: PostgreSQL and Valkey sit on the `backend` network only and are unreachable from Caddy or the frontend. Only ports 80 and 443 are exposed externally. 49 50--- 51 52## Image Tags 53 54Barazo API and Web images are published to [GitHub Container Registry](https://github.com/orgs/singi-labs/packages) (`ghcr.io/singi-labs/*`). 55 56| Tag | Meaning | When to use | 57|-----|---------|-------------| 58| `:latest` | Latest stable release | **Production.** Self-hosters should pin to this or a specific version. | 59| `:1.0.0`, `:1.0`, `:1` | Semver release tags | **Production.** Pin to a major or minor version for controlled upgrades. | 60| `:edge` | Latest build from `main` | **Staging/testing only.** Rebuilt on every push to `main`. May contain breaking changes. | 61| `:staging-{N}` | Immutable per-build tag | **Debugging.** Trace a specific staging deploy to its build number. | 62| `:sha-{hash}` | Git commit SHA | **Debugging.** Trace an image to its exact source commit. | 63 64**For self-hosters:** Use `:latest` or pin to a semver tag in your `.env`: 65 66```bash 67BARAZO_API_VERSION=1.0.0 68BARAZO_WEB_VERSION=1.0.0 69``` 70 71The production `docker-compose.yml` reads these variables (defaults to `latest` if unset). 72 73--- 74 75## Deployment Modes 76 77**Development:** 78 79Infrastructure services only. Run API and Web locally with `pnpm dev`. 80 81```bash 82cp .env.example .env.dev 83docker compose -f docker-compose.dev.yml up -d 84``` 85 86Services exposed on the host: PostgreSQL (5432), Valkey (6379), Tap (2480). 87 88**Production -- Single Community:** 89 90Full stack deployment for one forum community with automatic SSL. 91 92```bash 93cp .env.example .env 94# Edit .env: set COMMUNITY_DOMAIN, passwords, COMMUNITY_DID, OAuth settings 95docker compose up -d 96``` 97 98The forum will be available at `https://<COMMUNITY_DOMAIN>` once Caddy obtains the SSL certificate. 99 100**Global Aggregator:** 101 102Indexes all Barazo communities across the AT Protocol network. 103 104```bash 105cp .env.example .env 106# Edit .env: set COMMUNITY_MODE=global, domain, passwords 107docker compose -f docker-compose.yml -f docker-compose.global.yml up -d 108``` 109 110**Minimum requirements:** 111 112| Mode | CPU | RAM | Storage | Bandwidth | 113|------|-----|-----|---------|-----------| 114| Single Community | 2 vCPU | 4 GB | 20 GB SSD | 1 TB/month | 115| Global Aggregator | 4 vCPU | 8 GB | 100 GB SSD | 5 TB/month | 116 117--- 118 119## Scripts 120 121| Script | Description | 122|--------|-------------| 123| `scripts/backup.sh` | Creates a compressed PostgreSQL backup with timestamp. Supports optional encryption via [age](https://github.com/FiloSottile/age) (`--encrypt` flag). Automatically cleans up backups older than `BACKUP_RETAIN_DAYS` (default: 7). | 124| `scripts/restore.sh` | Restores a PostgreSQL backup from a `.sql.gz` or `.sql.gz.age` file. Stops the API and Web during restore, then restarts them. Supports encrypted backups via `BACKUP_PRIVATE_KEY_FILE`. | 125| `scripts/smoke-test.sh` | Validates a running Barazo instance. Checks Docker service health, database connectivity, API endpoints, frontend response, SSL certificate, and HTTPS redirect. Works locally or against a remote URL. | 126 127--- 128 129## Environment Variables 130 131All variables are documented in [`.env.example`](.env.example). Key groups: 132 133| Group | Variables | Notes | 134|-------|-----------|-------| 135| Community Identity | `COMMUNITY_NAME`, `COMMUNITY_DOMAIN`, `COMMUNITY_DID`, `COMMUNITY_MODE` | `COMMUNITY_MODE` is `single` or `global` | 136| Database | `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB`, `DATABASE_URL` | Change default passwords before production use | 137| Cache | `VALKEY_PASSWORD`, `VALKEY_URL` | Password required in production | 138| AT Protocol | `TAP_RELAY_URL`, `TAP_ADMIN_PASSWORD`, `RELAY_URL` | Default relay: `bsky.network` | 139| OAuth | `OAUTH_CLIENT_ID`, `OAUTH_REDIRECT_URI` | Set to your forum's public URL | 140| Frontend | `API_INTERNAL_URL`, `NEXT_PUBLIC_SITE_URL` | `API_INTERNAL_URL` for SSR (default: `http://localhost:3000`); browser uses relative URLs | 141| Search | `EMBEDDING_URL`, `AI_EMBEDDING_DIMENSIONS` | Optional semantic search via Ollama or compatible API | 142| Encryption | `AI_ENCRYPTION_KEY` | AES-256-GCM key for BYOK API key encryption at rest | 143| Cross-Posting | `FEATURE_CROSSPOST_FRONTPAGE` | Frontpage cross-posting toggle | 144| Plugins | `PLUGINS_ENABLED`, `PLUGIN_REGISTRY_URL` | Plugin system toggle and registry | 145| Monitoring | `GLITCHTIP_DSN`, `LOG_LEVEL` | GlitchTip/Sentry error reporting | 146| Backups | `BACKUP_PUBLIC_KEY` | age public key for encrypted backups | 147 148--- 149 150## Quick Start 151 152```bash 153git clone https://github.com/singi-labs/barazo-deploy.git 154cd barazo-deploy 155 156# Configure 157cp .env.example .env 158nano .env # Set domain, passwords, community DID, OAuth 159 160# Start all services 161docker compose up -d 162 163# Verify 164docker compose ps # All services should show "healthy" 165./scripts/smoke-test.sh # Run smoke tests 166``` 167 168--- 169 170## Documentation 171 172Detailed guides are in the [`docs/`](docs/) directory: 173 174- [Installation](docs/installation.md) -- step-by-step setup 175- [Configuration](docs/configuration.md) -- all configuration options 176- [Administration](docs/administration.md) -- managing your forum 177- [Backups](docs/backups.md) -- backup and restore procedures 178- [Upgrading](docs/upgrading.md) -- version upgrade process 179 180--- 181 182## Related Repositories 183 184| Repository | Description | License | 185|------------|-------------|---------| 186| [barazo-api](https://github.com/singi-labs/barazo-api) | AppView backend (Fastify, firehose, REST API) | AGPL-3.0 | 187| [barazo-web](https://github.com/singi-labs/barazo-web) | Forum frontend (Next.js, Tailwind) | MIT | 188| [barazo-lexicons](https://github.com/singi-labs/barazo-lexicons) | AT Protocol lexicon schemas + generated types | MIT | 189| [barazo-website](https://github.com/singi-labs/barazo-website) | Marketing + documentation site | MIT | 190 191--- 192 193## Community 194 195- **Website:** [barazo.forum](https://barazo.forum) 196- **Discussions:** [GitHub Discussions](https://github.com/orgs/singi-labs/discussions) 197- **Issues:** [Report bugs](https://github.com/singi-labs/barazo-deploy/issues) 198 199--- 200 201## License 202 203**MIT** 204 205See [LICENSE](LICENSE) for full terms. 206 207--- 208 209Made with ♥ in 🇪🇺 by [Singi Labs](https://singi.dev)